def _decode_bitstring(description: str, data: str) -> Tuple[int, base.Asn1Item]: """ Decodes an ASN.1 PER Encoded bitstring object Args: description: The description string of the bitstring (containing constraints, etc) data: The PER unaligned encoded binary string Returns: A tuple containing the PyASN.1 object populated with the decoded data and the length of the data processed (used for error checking) """ dec_constraint = _extract_value_size_constraint(description) if dec_constraint == -1: return 0, univ.BitString( ) # No decoding required if length constrained to zero elif dec_constraint[0] == dec_constraint[1]: decoded_bitstring = '\'' + data[:dec_constraint[0]] + '\'B' return dec_constraint[0], univ.BitString(decoded_bitstring) else: # if ub != lb offset_bitfield_range = len( str(bin(dec_constraint[1] - dec_constraint[0]))[2:]) length = int(data[:offset_bitfield_range], 2) decoded_bitstring = '\'' + data[:length] + '\'B' return offset_bitfield_range + length, univ.BitString( decoded_bitstring)
class _TBSCertificate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'version', univ.Integer().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('serialNumber', univ.Integer()), namedtype.NamedType('signature', univ.Sequence()), namedtype.NamedType('issuer', univ.Sequence()), namedtype.NamedType('validity', univ.Sequence()), namedtype.NamedType('subject', univ.Sequence()), namedtype.NamedType('subjectPublicKeyInfo', univ.Sequence()), namedtype.OptionalNamedType( 'issuerUniquedID', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType( 'subjectUniquedID', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType( 'extensions', univ.Sequence().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 3))), )
class AccessDescription(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'accessMethod', univ.ObjectIdentifier().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'accessLocation', GeneralName().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType( 'b2', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType( 'b3', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType( 'b4', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType( 'b5', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType( 'b6', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 6))))
class POPOPrivKey(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType( 'thisMessage', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType( 'subsequentMessage', SubsequentMessage().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType( 'dhMAC', univ.BitString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))))
def convert_PKCS1_to_PKCS8_pubkey(data: bytes) -> bytes: pubkey_pkcs1_b64 = b''.join(data.split(b'\n')[1:-2]) pubkey_pkcs1, restOfInput = der_decoder.decode( base64.b64decode(pubkey_pkcs1_b64)) bit_str = univ.Sequence() bit_str.setComponentByPosition(0, univ.Integer(pubkey_pkcs1[0])) bit_str.setComponentByPosition(1, univ.Integer(pubkey_pkcs1[1])) bit_str = der_encoder.encode(bit_str) try: bit_str = ''.join([('00000000' + bin(ord(x))[2:])[-8:] for x in list(bit_str)]) except Exception: bit_str = ''.join([('00000000' + bin(x)[2:])[-8:] for x in list(bit_str)]) bit_str = univ.BitString("'%s'B" % bit_str) pubkeyid = univ.Sequence() pubkeyid.setComponentByPosition( 0, univ.ObjectIdentifier( '1.2.840.113549.1.1.1')) # == OID for rsaEncryption pubkeyid.setComponentByPosition(1, univ.Null('')) pubkey_seq = univ.Sequence() pubkey_seq.setComponentByPosition(0, pubkeyid) pubkey_seq.setComponentByPosition(1, bit_str) pubkey = der_encoder.encode(pubkey_seq) return b'-----BEGIN PUBLIC KEY-----\n' + base64.encodebytes( pubkey) + b'-----END PUBLIC KEY-----\n'
class PubKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('b', univ.BitString("'0'B")), namedtype.NamedType('c', univ.Integer(32)), namedtype.NamedType('x', univ.Integer(0)), namedtype.NamedType('y', univ.Integer(0)), )
def ExportRsaX509(params): oid = ASN1Sequence(RSA_OID, univ.Null()) key = ASN1Sequence(univ.Integer(params['n']), univ.Integer(params['e'])) binkey = BytesToBin(encoder.encode(key)) pubkey = univ.BitString("'%s'B" % binkey) # needs to be a BIT STRING seq = ASN1Sequence(oid, pubkey) return Base64WSEncode(encoder.encode(seq))
def _build_signature(key, tbs, network): ''' Takes a utility.ECPrivateKey() as key, tbs as rfc2459.TBSCertificate, and network as pycoin.NETWORK_NAMES ''' secret_exponent = encoding.to_long(256, encoding.byte_to_int, key[0][1].asOctets())[0] coin = Key(secret_exponent=secret_exponent, netcode=network) public_pair = coin.public_pair() coin_address = coin.address() print "building signature for %s address %s" % (network, coin_address) pubkeybitstring = (key[0].getComponentByPosition(2), key[0].getComponentByPosition(3)) tbsder = encoder.encode(tbs) hashvalue = SHA256.new(tbsder) dgst = hashvalue.digest() dgstaslong = encoding.to_long(256, encoding.byte_to_int, dgst)[0] order2 = pycoin.ecdsa.generator_secp256k1.order() ## random sign generator = pycoin.ecdsa.generator_secp256k1 rawsig2 = randomsign(generator, secret_exponent, dgstaslong) # deterministic sign ##rawsig2 = pycoin.ecdsa.sign(pycoin.ecdsa.generator_secp256k1, secret_exponent, dgstaslong) r2, s2 = rawsig2 print "signature: r: %x s: %x" % (r2, s2) if not pycoin.ecdsa.verify(generator, coin.public_pair(), dgstaslong, rawsig2): raise SignatureVerifyException( "Generated signature r: %x s: %x does not verify against public key %s" % (r2, s2, public_pair)) signature = utility.ECDSASigValue() signature.setComponentByName('r', r2) signature.setComponentByName('s', s2) dersig = encoder.encode(signature) signaturevalue = "'{0}'H".format(binascii.hexlify(dersig)) bitstring = univ.BitString(value=signaturevalue) return rfc2314.Signature(bitstring)
class _CertificationRequest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certificationRequestInfo', _CertificationRequestInfo()), namedtype.NamedType('signatureAlgorithm', univ.Sequence()), namedtype.NamedType('signatureValue', univ.BitString()), )
def getRSAPublicKey(self): """ Gets an ASN.1-encoded form of this RSA key's public key. """ # Get a RSAPublicKey structure pkinfo = univ.Sequence() rsakey = self.getRSAKey() pkinfo.setComponentByPosition(0, univ.Integer(rsakey.n)) pkinfo.setComponentByPosition(1, univ.Integer(rsakey.e)) # Encode the public key info as a bit string pklong = long(encoder.encode(pkinfo).encode('hex'), 16) pkbitstring = univ.BitString("'00%s'B" % self.toBitString_(pklong)) # Get the rsaEncryption identifier: idrsaencryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1') # Get the AlgorithmIdentifier for rsaEncryption idinfo = univ.Sequence() idinfo.setComponentByPosition(0, idrsaencryption) idinfo.setComponentByPosition(1, univ.Null('')) # Get the SubjectPublicKeyInfo structure publickeyinfo = univ.Sequence() publickeyinfo.setComponentByPosition(0, idinfo) publickeyinfo.setComponentByPosition(1, pkbitstring) # Encode the public key structure publickey = encoder.encode(publickeyinfo) return publickey
class KeyAgreePublicKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('algorithm', AlgorithmIdentifier()), namedtype.NamedType('publicKey', univ.BitString()), namedtype.NamedType('macAlgorithm', AlgorithmIdentifier()), namedtype.OptionalNamedType('kDF', AlgorithmIdentifier()) )
def convert_RSA_to_PEM(rsa_key): print(rsa_key) keydata = base64.b64decode(rsa_key.split()[1]) parts = [] while keydata: dlen = struct.unpack('>I', keydata[:4])[0] data, keydata = keydata[4:dlen + 4], keydata[4 + dlen:] parts.append(data) e_val = int(parts[1].hex(), 16) n_val = int(parts[2].hex(), 16) pkcs1_seq = univ.Sequence() pkcs1_seq.setComponentByPosition(0, univ.Integer(n_val)) pkcs1_seq.setComponentByPosition(1, univ.Integer(e_val)) pkcs1_val = der_encoder.encode(pkcs1_seq) head_seq = univ.Sequence() head_seq.setComponentByPosition( 0, univ.ObjectIdentifier('1.2.840.113549.1.1.1')) head_seq.setComponentByPosition(1, univ.Null('')) out_seq = univ.Sequence() out_seq.setComponentByPosition(0, head_seq) out_seq.setComponentByPosition(1, univ.BitString("'%s'H" % pkcs1_val.hex())) out = '-----BEGIN PUBLIC KEY-----\n' out += base64.encodebytes(der_encoder.encode(out_seq)).strip().decode() out += '\n-----END PUBLIC KEY-----\n' return out
def convertPKCS1toPKCS8pubKey(bitsdata): pubkey_pkcs1_b64 = b''.join(bitsdata.split(b'\n')[1:-2]) pubkey_pkcs1, restOfInput = der_decoder.decode( base64.b64decode(pubkey_pkcs1_b64)) bitstring = univ.Sequence() bitstring.setComponentByPosition(0, univ.Integer(pubkey_pkcs1[0])) bitstring.setComponentByPosition(1, univ.Integer(pubkey_pkcs1[1])) bitstring = der_encoder.encode(bitstring) try: bitstring = ''.join([('00000000' + bin(ord(x))[2:])[-8:] for x in list(bitstring)]) except: bitstring = ''.join([('00000000' + bin(x)[2:])[-8:] for x in list(bitstring)]) bitstring = univ.BitString("'%s'B" % bitstring) pubkeyid = univ.Sequence() pubkeyid.setComponentByPosition( 0, univ.ObjectIdentifier( '1.2.840.113549.1.1.1')) # == OID for rsaEncryption pubkeyid.setComponentByPosition(1, univ.Null('')) pubkey_seq = univ.Sequence() pubkey_seq.setComponentByPosition(0, pubkeyid) pubkey_seq.setComponentByPosition(1, bitstring) base64.MAXBINSIZE = (64 // 4) * 3 res = b"-----BEGIN PUBLIC KEY-----\n" res += base64.encodestring(der_encoder.encode(pubkey_seq)) res += b"-----END PUBLIC KEY-----\n" return res
class Signature(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()), namedtype.OptionalNamedType('certs', univ.SequenceOf(componentType=rfc2459.Certificate()).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) )
def addNSCertType(self, certType, critical): if certType != "sslServer": raise UnknownNSCertTypeError(certType) self.addExtension( univ.ObjectIdentifier("2.16.840.1.113730.1.1"), univ.BitString("'01'B"), critical, )
class ASN1_X9_63_Private_Key(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('flags', univ.BitString()), namedtype.NamedType('size', univ.Integer()), namedtype.NamedType('x', univ.Integer()), # public x namedtype.NamedType('y', univ.Integer()), namedtype.NamedType('k', univ.Integer()) # private key )
class BasicOCSPResponse(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('tbsResponseData', ResponseData()), namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()), namedtype.OptionalNamedType('certs', Certs().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))
class POPOSigningKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'poposkInput', POPOSigningKeyInput().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()))
class BitStringDecoder(AbstractSimpleDecoder): protoComponent = univ.BitString(()) tagFormats = (tag.tagFormatSimple, tag.tagFormatConstructed) supportConstructedForm = True def valueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet, length, state, decodeFun, substrateFun): head, tail = substrate[:length], substrate[length:] if tagSet[ 0].tagFormat == tag.tagFormatSimple: # XXX what tag to check? if not head: raise error.PyAsn1Error('Empty substrate') trailingBits = oct2int(head[0]) if trailingBits > 7: raise error.PyAsn1Error('Trailing bits overflow %s' % trailingBits) head = head[1:] value = self.protoComponent.fromOctetString(head, trailingBits) return self._createComponent(asn1Spec, tagSet, value), tail if not self.supportConstructedForm: raise error.PyAsn1Error( 'Constructed encoding form prohibited at %s' % self.__class__.__name__) bitString = self._createComponent(asn1Spec, tagSet) if substrateFun: return substrateFun(bitString, substrate, length) while head: component, head = decodeFun(head, self.protoComponent) bitString += component return bitString, tail def indefLenValueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet, length, state, decodeFun, substrateFun): bitString = self._createComponent(asn1Spec, tagSet) if substrateFun: return substrateFun(bitString, substrate, length) while substrate: component, substrate = decodeFun(substrate, self.protoComponent, allowEoo=True) if eoo.endOfOctets.isSameTypeWith( component) and component == eoo.endOfOctets: break bitString += component else: raise error.SubstrateUnderrunError( 'No EOO seen before substrate ends') return bitString, substrate
class BitStringDecoder(AbstractSimpleDecoder): protoComponent = univ.BitString(()) tagFormats = (tag.tagFormatSimple, tag.tagFormatConstructed) supportConstructedForm = True def valueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet, length, state, decodeFun, substrateFun): head, tail = substrate[:length], substrate[length:] if tagSet[0][1] == tag.tagFormatSimple: # XXX what tag to check? if not head: raise error.PyAsn1Error('Empty substrate') trailingBits = oct2int(head[0]) if trailingBits > 7: raise error.PyAsn1Error('Trailing bits overflow %s' % trailingBits) head = head[1:] lsb = p = 0 l = len(head) - 1 b = [] while p <= l: if p == l: lsb = trailingBits j = 7 o = oct2int(head[p]) while j >= lsb: b.append((o >> j) & 0x01) j -= 1 p += 1 return self._createComponent(asn1Spec, tagSet, b), tail if not self.supportConstructedForm: raise error.PyAsn1Error( 'Constructed encoding form prohibited at %s' % self.__class__.__name__) r = self._createComponent(asn1Spec, tagSet, ()) if substrateFun: return substrateFun(r, substrate, length) while head: component, head = decodeFun(head, self.protoComponent) r = r + component return r, tail def indefLenValueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet, length, state, decodeFun, substrateFun): r = self._createComponent(asn1Spec, tagSet, '') if substrateFun: return substrateFun(r, substrate, length) while substrate: component, substrate = decodeFun(substrate, self.protoComponent, allowEoo=True) if eoo.endOfOctets.isSameTypeWith(component) and \ component == eoo.endOfOctets: break r = r + component else: raise error.SubstrateUnderrunError( 'No EOO seen before substrate ends') return r, substrate
def ExportDsaX509(params): alg_params = ASN1Sequence(univ.Integer(params['p']), univ.Integer(params['q']), univ.Integer(params['g'])) oid = ASN1Sequence(DSA_OID, alg_params) binkey = BytesToBin(encoder.encode(univ.Integer(params['y']))) pubkey = univ.BitString("'%s'B" % binkey) # needs to be a BIT STRING seq = ASN1Sequence(oid, pubkey) return Base64WSEncode(encoder.encode(seq))
def getPubkey(self, privkey): k = gdata.tlslite.utils.keyfactory.parsePEMKey(privkey, private=True) oid = ASN1Sequence(univ.ObjectIdentifier('1.2.840.113549.1.1.1'), univ.Null()) key = ASN1Sequence(univ.Integer(k.n), univ.Integer(k.e)) binkey = BytesToBin(encoder.encode(key)) pubkey = univ.BitString("'%s'B" % binkey) seq = ASN1Sequence(oid, pubkey) pubkeydata = encoder.encode(seq) return pubkeydata
def asSubjectPublicKeyInfo(self): """Returns a subject public key info representing this key for use by pyasn1.""" algorithmIdentifier = rfc2459.AlgorithmIdentifier() algorithmIdentifier['algorithm'] = ecPublicKey algorithmIdentifier['parameters'] = self.keyOID spki = rfc2459.SubjectPublicKeyInfo() spki['algorithm'] = algorithmIdentifier spki['subjectPublicKey'] = univ.BitString(self.getPublicKeyHexifiedString()) return spki
def _build_subject_publickey_info(key): pubkeybitstring = key[0].getComponentByPosition(3) algorithm = univ.Sequence() algorithm.setComponentByPosition(0, utility.OID_idEcPublicKey) algorithm.setComponentByPosition(1, utility.OID_SECP256K1) subjectPublicKeyInfo = SubjectPublicKeyInfo() subjectPublicKeyInfo.setComponentByName('algorithm', algorithm) subjectPublicKeyInfo.setComponentByName( 'subjectPublicKey', univ.BitString(value=pubkeybitstring)) # print subjectPublicKeyInfo return subjectPublicKeyInfo
class KdcReqBody(univ.Sequence): componentType = namedtype.NamedTypes( _sequence_component('kdc-options', 0, univ.BitString()), _sequence_optional_component('cname', 1, PrincipalName()), _sequence_component('realm', 2, char.GeneralString()), _sequence_optional_component('sname', 3, PrincipalName()), _sequence_optional_component('from', 4, useful.GeneralizedTime()), _sequence_component('till', 5, useful.GeneralizedTime()), _sequence_component('nonce', 7, univ.Integer()), _sequence_component('etype', 8, univ.SequenceOf(componentType=univ.Integer())))
class OOBCertHash(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType( 'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('hashVal', univ.BitString()))
class ECPrivateKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer()), namedtype.NamedType('privateKey', univ.OctetString()), namedtype.NamedType('namedCurve', univ.ObjectIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('publicKey', univ.BitString().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) )
class KdcReqBody(univ.Sequence): tagSet = univ.Sequence.tagSet + tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4) componentType = namedtype.NamedTypes( namedtype.NamedType('kdc-options', _c(0, univ.BitString())), namedtype.OptionalNamedType('cname', _c(1, PrincipalName())), namedtype.NamedType('realm', _c(2, char.GeneralString())), namedtype.OptionalNamedType('sname', _c(3, PrincipalName())), namedtype.NamedType('till', _c(5, useful.GeneralizedTime())), namedtype.NamedType('nonce', _c(7, univ.Integer())), namedtype.NamedType( 'etype', _c(8, univ.SequenceOf(componentType=univ.Integer()))))
class ECPublicKey(univ.Sequence): """RFC 5480: Elliptic Curve Cryptography Subject Public Key Information SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } """ componentType = namedtype.NamedTypes( namedtype.NamedType("algorithm", AlgorithmIdentifier()), namedtype.NamedType("subjectPublicKey", univ.BitString()), )
def convert_from_sshrsa_to_pkcs8(pubkey): """Convert a ssh public key to openssl format Equivalent to the ssh-keygen's -m option """ # get the second field from the public key file. try: keydata = base64.b64decode(pubkey.split(None)[1]) except IndexError: msg = _("Unable to find the key") raise exception.EncryptionFailure(reason=msg) # decode the parts of the key parts = [] while keydata: dlen = struct.unpack('>I', keydata[:4])[0] data = keydata[4:dlen + 4] keydata = keydata[4 + dlen:] parts.append(data) # Use asn to build the openssl key structure # # SEQUENCE(2 elem) # +- SEQUENCE(2 elem) # | +- OBJECT IDENTIFIER (1.2.840.113549.1.1.1) # | +- NULL # +- BIT STRING(1 elem) # +- SEQUENCE(2 elem) # +- INTEGER(2048 bit) # +- INTEGER 65537 # Build the sequence for the bit string n_val = eval('0x' + ''.join(['%02X' % struct.unpack('B', x)[0] for x in parts[2]])) e_val = eval('0x' + ''.join(['%02X' % struct.unpack('B', x)[0] for x in parts[1]])) pkinfo = _to_sequence(univ.Integer(n_val), univ.Integer(e_val)) # Convert the sequence into a bit string pklong = long(der_encoder.encode(pkinfo).encode('hex'), 16) pkbitstring = univ.BitString("'00%s'B" % bin(pklong)[2:]) # Build the key data structure oid = _to_sequence(_RSA_OID, univ.Null()) pkcs1_seq = _to_sequence(oid, pkbitstring) pkcs8 = base64.encodestring(der_encoder.encode(pkcs1_seq)) # Remove the embedded new line and format the key, each line # should be 64 characters long return ('-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n' % re.sub("(.{64})", "\\1\n", pkcs8.replace('\n', ''), re.DOTALL))