def load_unencrypted(pkeyInfo):
version, pkeyAlgo, pkeyData = pkeyInfo[0:3]
if version != 0:
raise PKCSError('unknown PKCS#8 version: {}'.format(version))
algoId, algoParms = pkeyAlgo.get_pos(0,2)
if algoId == OID_PKCS_RSAPKEY:
from Crypto.PublicKey import RSA
rsakey = asn1.loads(pkeyData)
vals = rsakey[1:6] # n, e, d, p, q
pkey = RSA.construct([long(val) for val in vals])
print 'RSA!', vals
elif algoId == OID_PKCS_DSAPKEY:
from Crypto.PublicKey import DSA
p, q, g = algoParms
x = asn1.loads(pkeyData)
y = pow(g, x, p)
vals = (y, g, p, q, x)
pkey = DSA.construct([long(val) for val in vals])
elif algoId == OID_PKCS_DHPKEY:
from Crypto.PublicKey import ElGamal
p, g = algoParms[0:2]
x = asn1.loads(pkeyData)
y = pow(g, x, p)
vals = (p, g, y, x)
pkey = ElGamal.construct([long(val) for val in vals])
else:
raise PKCSError('unknown PKCS#8 key algorithm: {}'.format(algoId))
return pkey
def make_pkey(keyAlg, keyData, isPublic):
algoId, algoParams = keyAlg.get_slice(0,2)
if algoId == OID_PKCS_RSAKEY:
from Crypto.PublicKey import RSA
vals = asn1.loads(keyData)
if isPublic:
vals = vals[0:2] # n, e
else:
vals = vals[1:6] # n, e, d, p, q
key = RSA.construct([long(val) for val in vals])
elif algoId == OID_X957_DSAKEY:
from Crypto.PublicKey import DSA
p, q, g = algoParams
val = asn1.loads(keyData)
if isPublic:
vals = (val, g, p, q) # y, g, p, q
else:
y = pow(g, val, p)
vals = (y, g, p, q, val) # y, g, p, q, x
key = DSA.construct([long(val) for val in vals])
else:
raise ValueError('unknown key algorithm id: {}'.format(algoId))
# if attrs:
# for attrId, attrValues in attrs:
# if attrId in ATTR_NAMES and attrValues:
# setattr(key, ATTR_NAMES[attrId], attrValues[0])
return key
def load_x509(cert):
def make_attrlist(value):
return [{ATTR_NAMES.get(id, id): val} for item in value for id, val in item.iteritems()]
cert, signAlg, signData = cert
idx = cert.find_tag(0)
pkeyAlgo, pkeyData = cert[idx+6]
algoId, algoParms = pkeyAlgo.get_pos(0,2)
if algoId == OID_PKCS_RSAPKEY:
from Crypto.PublicKey import RSA
rsakey = asn1.loads(pkeyData)
vals = rsakey[0:2] # n, e
pkey = RSA.construct([long(val) for val in rsakey])
elif algoId == OID_PKCS_DSAPKEY:
from Crypto.PublicKey import DSA
p, q, g = algoParms
y = asn1.loads(pkeyData)
vals = (y, g, p, q)
pkey = DSA.construct([long(val) for val in vals])
elif algoId == OID_PKCS_DHPUBNUM:
from Crypto.PublicKey import ElGamal
p, g, q = algoParms[0:3]
y = asn1.loads(pkeyData)
vals = (p, g, y)
pkey = ElGamal.construct([long(val) for val in vals])
else:
raise PKCSError('unknown X.509 key algorithm: {}'.format(algoId))
pkey.serialNumber = cert[idx+1]
pkey.signature = cert[idx+2]
pkey.issuer = make_attrlist(cert[idx+3])
pkey.validFrom, pkey.validTo = cert[idx+4]
pkey.subject = make_attrlist(cert[idx+5])
pkey.version = cert.get_tag(0, None, 0) + 1
if pkey.version >= 2:
pkey.issuerUniqueID = cert.get_tag(1, asn1.BIT_STRING)
pkey.subjectUniqueID = cert.get_tag(2, asn1.BIT_STRING)
if pkey.version >= 3:
# pkey.extensions = cert.get_tag(3, None, [])
extensions = cert.get_tag(3, None, [])
pkey.extensions = {}
for extension in extensions:
extnId = extension[0]
if extension[1] == True:
extnVal = (True, asn1.loads(extension[2]))
else:
extnVal = (False, asn1.loads(extension[1]))
pkey.extensions[ATTR_NAMES.get(extnId, extnId)] = extnVal
return pkey
def make_certkey(certId, certValue):
if certId == OID_PKCS_X590CERT:
cert = asn1.loads(certValue)
pass
elif certId == OID_PKCS_SDSICERT:
cert = b64decode(certValue.value)
print "======== SDSI CERT =============="
asn1.pr(cert)
print "==================================="
else:
raise ValueError('unknown certificate type id: {}'.format(certId))
return key
def load_encrypted(pkeyInfo, passwd): encrAlgo, encrData = pkeyInfo[0:2] cipher = _pbecipher_fromAlgoInfo(passwd, encrAlgo) pkeyData = cipher.decrypt(encrData) pkeyInfo = asn1.loads(pkeyData) return load_unencrypted(pkeyInfo)