def _version_number():
'''Return p7m version number field (always 1)'''
version_number = Encoder()
version_number.start()
# Always 1
version_number.write(1, Numbers.Integer)
return version_number.output()
def _content_info(content):
'''Return p7m content info field'''
data_content = Encoder()
data_content.start()
data_content.enter(Numbers.Sequence) # 1
data_content.write(PKCS7, Numbers.ObjectIdentifier)
data_content.enter(ZERO_TAG, Classes.Context) # 2
data_content.write(content, Numbers.OctetString)
data_content.leave() # 2
data_content.leave() # 1
return data_content.output()
def _digest_algorithm(algo=SHA256):
'''Return p7m digest algorithm field (default SHA256)'''
digest_algorithm = Encoder()
digest_algorithm.start()
digest_algorithm.enter(Numbers.Sequence) # 1
digest_algorithm.write(algo, Numbers.ObjectIdentifier)
digest_algorithm.write(0, Numbers.Null)
digest_algorithm.leave() # 1
return digest_algorithm.output()
def _get_signed_attributes(content_hash, certificate_hash):
''' Return core signed attributes
to get the p7m field call `encode_signed_attributes` instead
to get the signature input call `bytes_to_sign` instead
Params:
content_hash: content digest
certificate_hash: certificate digest
'''
signed_attributes = Encoder()
signed_attributes.start()
signed_attributes.enter(Numbers.Sequence) # 1
signed_attributes.write(PKCS9_CONTENT_TYPE, Numbers.ObjectIdentifier)
signed_attributes.enter(Numbers.Set) # 2
signed_attributes.write(PKCS7, Numbers.ObjectIdentifier)
signed_attributes.leave() # 2
signed_attributes.leave() # 1
signed_attributes.enter(Numbers.Sequence) # 1
signed_attributes.write(SIGNING_TIME, Numbers.ObjectIdentifier)
signed_attributes.enter(Numbers.Set) # 2
signed_attributes.write(P7mEncoder._get_timestamp(), UTC_TIME)
signed_attributes.leave() # 2
signed_attributes.leave() # 1
signed_attributes.enter(Numbers.Sequence) # 1
signed_attributes.write(PKCS9_MESSAGE_DIGEST, Numbers.ObjectIdentifier)
signed_attributes.enter(Numbers.Set) # 2
signed_attributes.write(content_hash, Numbers.OctetString)
signed_attributes.leave() # 2
signed_attributes.leave() # 1
signed_attributes.enter(Numbers.Sequence) # 1
signed_attributes.write(SIGNING_CERTIFICATE_V2,
Numbers.ObjectIdentifier)
signed_attributes.enter(Numbers.Set) # 2
signed_attributes.enter(Numbers.Sequence) # 3
signed_attributes.enter(Numbers.Sequence) # 4
signed_attributes.enter(Numbers.Sequence) # 5
signed_attributes.enter(Numbers.Sequence) # 6
signed_attributes.write(SHA256, Numbers.ObjectIdentifier)
signed_attributes.leave() # 6
signed_attributes.write(certificate_hash, Numbers.OctetString)
signed_attributes.leave() # 5
signed_attributes.leave() # 4
signed_attributes.leave() # 3
signed_attributes.leave() # 2
signed_attributes.leave() # 1
return signed_attributes.output()
def encode_signed_attributes(content_hash, certificate_hash):
''' Return a well formed signed attributes p7m field
Params:
content_hash: content digest
certificate_hash: certificate digest
'''
signed_attributes = Encoder()
signed_attributes.start()
MyLogger().my_logger().info("encoding signed attributes")
signed_attributes.enter(ZERO_TAG, Classes.Context)
signed_attributes._emit(
P7mEncoder._get_signed_attributes(content_hash, certificate_hash))
signed_attributes.leave()
return signed_attributes.output()
def bytes_to_sign(content_hash, certificate_hash):
''' Return the p7m part that needs to be signed
Params:
content_hash: content digest
certificate_hash: certificate digest
'''
signed_attributes = Encoder()
signed_attributes.start()
MyLogger().my_logger().info("building bytes to sign")
signed_attributes.enter(Numbers.Set)
signed_attributes._emit(
P7mEncoder._get_signed_attributes(content_hash, certificate_hash))
signed_attributes.leave()
return signed_attributes.output()
def encode(self):
encoder = Encoder()
encoder.start()
encoder.write(self.chain_id, Numbers.OctetString)
encoder.write(self.expiration, Numbers.OctetString)
encoder.write(self.ref_block_num, Numbers.OctetString)
encoder.write(self.ref_block_prefix, Numbers.OctetString)
encoder.write(self.net_usage_words, Numbers.OctetString)
encoder.write(self.max_cpu_usage_ms, Numbers.OctetString)
encoder.write(self.delay_sec, Numbers.OctetString)
encoder.write(self.ctx_free_actions_size, Numbers.OctetString)
encoder.write(self.actions_size, Numbers.OctetString)
encoder.write(self.account, Numbers.OctetString)
encoder.write(self.name, Numbers.OctetString)
encoder.write(self.auth_size, Numbers.OctetString)
for auth in self.auth:
(auth_actor, permission) = auth
encoder.write(auth_actor, Numbers.OctetString)
encoder.write(permission, Numbers.OctetString)
encoder.write(self.data_size, Numbers.OctetString)
encoder.write(self.data, Numbers.OctetString)
encoder.write(self.tx_ext, Numbers.OctetString)
encoder.write(self.cfd, Numbers.OctetString)
return encoder.output()
def encode(self):
encoder = Encoder()
encoder.start()
encoder.write(self.chain_id)
encoder.write(self.ref_block_num, Numbers.OctetString)
encoder.write(self.ref_block_prefix, Numbers.OctetString)
encoder.write(self.expiration, Numbers.OctetString)
encoder.write(self.op_data, Numbers.OctetString)
encoder.write(self.ex_data, Numbers.OctetString)
return encoder.output()
def _digest_algorithm():
"""Return p7m digest algorithm field (SHA256)"""
digest_algorithm = Encoder()
digest_algorithm.start()
digest_algorithm.enter(Numbers.Sequence) # 1
digest_algorithm.write(SHA256, Numbers.ObjectIdentifier)
digest_algorithm.write(0, Numbers.Null)
digest_algorithm.leave() # 1
return digest_algorithm.output()
def encode(self):
encoder = Encoder()
sha = hashlib.sha256()
sha.update(self.chain_id)
sha.update(self.expiration)
sha.update(self.ref_block_num)
sha.update(self.ref_block_prefix)
sha.update(self.net_usage_words)
sha.update(self.max_cpu_usage_ms)
sha.update(self.delay_sec)
sha.update(self.ctx_free_actions_size)
sha.update(self.actions_size)
for action in self.actions:
sha.update(action.account)
sha.update(action.name)
sha.update(action.auth_size)
for auth in action.auth:
(auth_actor, permission) = auth
sha.update(auth_actor)
sha.update(permission)
sha.update(action.data_size)
sha.update(action.data)
sha.update(self.tx_ext)
sha.update(self.cfd)
print 'Signing digest ' + sha.hexdigest()
encoder.start()
encoder.write(self.chain_id, Numbers.OctetString)
encoder.write(self.expiration, Numbers.OctetString)
encoder.write(self.ref_block_num, Numbers.OctetString)
encoder.write(self.ref_block_prefix, Numbers.OctetString)
encoder.write(self.net_usage_words, Numbers.OctetString)
encoder.write(self.max_cpu_usage_ms, Numbers.OctetString)
encoder.write(self.delay_sec, Numbers.OctetString)
encoder.write(self.ctx_free_actions_size, Numbers.OctetString)
encoder.write(self.actions_size, Numbers.OctetString)
for action in self.actions:
encoder.write(action.account, Numbers.OctetString)
encoder.write(action.name, Numbers.OctetString)
encoder.write(action.auth_size, Numbers.OctetString)
for auth in action.auth:
(auth_actor, permission) = auth
encoder.write(auth_actor, Numbers.OctetString)
encoder.write(permission, Numbers.OctetString)
encoder.write(action.data_size, Numbers.OctetString)
encoder.write(action.data, Numbers.OctetString)
encoder.write(self.tx_ext, Numbers.OctetString)
encoder.write(self.cfd, Numbers.OctetString)
return encoder.output()
def bytes_to_sign(content_hash, certificate_hash, timestamp):
""" Return the p7m part that needs to be signed
Params:
content_hash: content digest
certificate_hash: certificate digest
"""
signed_attributes = Encoder()
signed_attributes.start()
log.info("building bytes to sign")
signed_attributes.enter(Numbers.Set)
signed_attributes._emit(
P7mEncoder._get_signed_attributes(content_hash, certificate_hash,
timestamp.encode()))
signed_attributes.leave()
return signed_attributes.output()
def encode_signed_attributes(content_hash, certificate_hash, timestamp):
""" Return a well formed signed attributes p7m field
Params:
content_hash: content digest
certificate_hash: certificate digest
"""
signed_attributes = Encoder()
signed_attributes.start()
log.info("encoding signed attributes")
signed_attributes.enter(ZERO_TAG, Classes.Context)
signed_attributes._emit(
P7mEncoder._get_signed_attributes(content_hash, certificate_hash,
timestamp.encode()))
signed_attributes.leave()
return signed_attributes.output()
def encode2(self):
encoder = Encoder()
sha = hashlib.sha256()
buffer = io.BytesIO()
buffer.write(self.chain_id)
buffer.write(self.expiration)
buffer.write(self.ref_block_num)
buffer.write(self.ref_block_prefix)
buffer.write(self.net_usage_words)
buffer.write(self.max_cpu_usage_ms)
buffer.write(self.delay_sec)
buffer.write(self.ctx_free_actions_size)
buffer.write(self.actions_size)
for action in self.actions:
buffer.write(action.account)
buffer.write(action.name)
buffer.write(action.auth_size)
for auth in action.auth:
(auth_actor, permission) = auth
buffer.write(auth_actor)
buffer.write(permission)
buffer.write(action.data_size)
buffer.write(action.data)
buffer.write(self.tx_ext)
buffer.write(self.cfd)
value = buffer.getvalue()
sha.update(value)
print('Signing digest ' + sha.hexdigest())
encoder.start()
encoder.write(self.chain_id, Numbers.OctetString)
encoder.write(self.expiration, Numbers.OctetString)
encoder.write(self.ref_block_num, Numbers.OctetString)
encoder.write(self.ref_block_prefix, Numbers.OctetString)
encoder.write(self.net_usage_words, Numbers.OctetString)
encoder.write(self.max_cpu_usage_ms, Numbers.OctetString)
encoder.write(self.delay_sec, Numbers.OctetString)
encoder.write(self.ctx_free_actions_size, Numbers.OctetString)
encoder.write(self.actions_size, Numbers.OctetString)
for action in self.actions:
encoder.write(action.account, Numbers.OctetString)
encoder.write(action.name, Numbers.OctetString)
encoder.write(action.auth_size, Numbers.OctetString)
for auth in action.auth:
(auth_actor, permission) = auth
encoder.write(auth_actor, Numbers.OctetString)
encoder.write(permission, Numbers.OctetString)
encoder.write(action.data_size, Numbers.OctetString)
encoder.write(action.data, Numbers.OctetString)
encoder.write(self.tx_ext, Numbers.OctetString)
encoder.write(self.cfd, Numbers.OctetString)
return [encoder.output()]
def make_a_p7m(content, certificate_value, signer_info,
p7m_sig_attrs: P7mAttributes):
'''
Return a well formed complete p7m
Param:
content: file content to sign
certificate_value: value field of the smart card certificate
signer_info: signer info in asn1 form
p7m_sig_attrs: existing p7m signatures attributes
'''
p7m = Encoder()
p7m.start()
MyLogger().my_logger().info("encoding p7m")
p7m.enter(Numbers.Sequence) # 1
p7m.write(PKCS7_SIGNED_DATA, Numbers.ObjectIdentifier)
p7m.enter(ZERO_TAG, Classes.Context) # 2
p7m.enter(Numbers.Sequence) # 3
p7m._emit(P7mEncoder._version_number())
p7m.enter(Numbers.Set) # 4
p7m._emit(P7mEncoder._digest_algorithm() + p7m_sig_attrs.algos)
p7m.leave() # 4
p7m._emit(P7mEncoder._content_info(content))
p7m.enter(ZERO_TAG, Classes.Context) # 4
p7m._emit(certificate_value + p7m_sig_attrs.certificates)
p7m.leave() # 4
p7m._emit(signer_info)
p7m.leave() # 3
p7m.leave() # 2
p7m.leave() # 1
return p7m.output()
def encodeTlvTx(chain_id, tx):
encoder = Encoder()
encoder.start()
encoder.write(struct.pack(str(len(chain_id)) + 's', chain_id), Numbers.OctetString)
encoder.write(bytes(tx['ref_block_num']), Numbers.OctetString)
encoder.write(bytes(tx['ref_block_prefix']), Numbers.OctetString)
encoder.write(bytes(tx['expiration']), Numbers.OctetString)
encoder.write(bytes(tx['operations'].length), Numbers.OctetString)
for opIdx in range(0, len(tx.toJson()['operations'])):
encoder.write(bytes([tx['operations'].data[opIdx].opId]), Numbers.OctetString)
encoder.write(bytes(tx['operations'].data[opIdx].op), Numbers.OctetString)
if 'extension' in tx:
encoder.write(bytes(tx['extension']), Numbers.OctetString)
else:
encoder.write(bytes([0]), Numbers.OctetString)
return encoder.output()
def encode_signer_info(issuer, serial_number, signed_attributes,
signed_bytes, existing_sig_infos):
''' Return a well formed signer info p7m field
Params:
issuer: smart card certificate issuer (bytes)
serial_number: smart card serial number (int)
signed_attributes: signed attributes p7m field
signed_bytes: signature (bytes)
'''
signer_info = Encoder()
signer_info.start()
MyLogger().my_logger().info("encoding signer info")
signer_info.enter(Numbers.Set) # 1
signer_info.enter(Numbers.Sequence) # 2
signer_info._emit(P7mEncoder._version_number())
signer_info.enter(Numbers.Sequence) # 3
signer_info._emit(issuer)
signer_info.write(serial_number, Numbers.Integer)
signer_info.leave() # 3
signer_info.enter(Numbers.Sequence) # 3
signer_info.write(SHA256, Numbers.ObjectIdentifier)
signer_info.write(0, Numbers.Null)
signer_info.leave() # 3
signer_info._emit(signed_attributes)
signer_info.enter(Numbers.Sequence) # 3
signer_info.write(RSA, Numbers.ObjectIdentifier)
signer_info.write(0, Numbers.Null)
signer_info.leave() # 3
signer_info.write(signed_bytes, Numbers.OctetString)
signer_info.leave() # 2
if existing_sig_infos != b'':
signer_info._emit(existing_sig_infos)
signer_info.leave() # 1
return signer_info.output()
def encode(self):
encoder = Encoder()
sha = hashlib.sha256()
sha.update(self.chain_id)
sha.update(self.ref_block_num)
sha.update(self.ref_block_prefix)
sha.update(self.expiration)
sha.update(self.operations_count)
for operation in self.operations:
sha.update(operation.data)
sha.update(self.extensions_size)
print 'Signing digest ' + sha.hexdigest()
encoder.start()
encoder.write(self.chain_id, Numbers.OctetString)
encoder.write(self.ref_block_num, Numbers.OctetString)
encoder.write(self.ref_block_prefix, Numbers.OctetString)
encoder.write(self.expiration, Numbers.OctetString)
encoder.write(self.operations_count, Numbers.OctetString)
for operation in self.operations:
encoder.write(operation.data, Numbers.OctetString)
encoder.write(self.extensions_size, Numbers.OctetString)
return encoder.output()
