def main():
attributes = AuthenticatedAttributes()
attributes.setComponentByName("target", "test")
attributes.setComponentByName("length", 1024)
data = der_encoder.encode(attributes)
print "attributes " + binascii.hexlify(data)
ident = x509.AlgorithmIdentifier()
ident.setComponentByName("algorithm", sha256WithRSAEncryptionOID)
data = der_encoder.encode(ident)
print "ident " + binascii.hexlify(data)
sig = AndroidVerifiedBootSignature()
sig.setComponentByName('formatVersion', 1)
sig.setComponentByName('algorithmId', ident)
sig.setComponentByName('attributes', attributes)
sig.setComponentByName('signature', univ.OctetString('abcdef0123456789'))
data = der_encoder.encode(sig)
print "sig " + binascii.hexlify(data)
material = pkcs1.RSAPublicKey()
material.setComponentByName('modulus', 'abc123')
material.setComponentByName('publicExponent', (1 << 16) + 1)
keyinfo = KeyInfo()
keyinfo.setComponentByName('algorithm', ident)
keyinfo.setComponentByName('keyMaterial', material)
bag = KeyBag()
bag.setComponentByPosition(0, keyinfo)
keystore = AndroidVerifiedBootKeystore()
keystore.setComponentByName('formatVersion', 1)
keystore.setComponentByName('bag', bag)
keystore.setComponentByName('signature', sig)
def __call__(self, data=None, digest=None, include_tsa_certificate=None, nonce=None):
algorithm_identifier = rfc2459.AlgorithmIdentifier()
algorithm_identifier.setComponentByPosition(0, get_hash_oid(self.hashname))
message_imprint = rfc3161.MessageImprint()
message_imprint.setComponentByPosition(0, algorithm_identifier)
hashobj = hashlib.new(self.hashname)
if data:
hashobj.update(data)
digest = hashobj.digest()
elif digest:
assert len(digest) == hashobj.digest_size, 'digest length is wrong'
else:
raise ValueError('You must pass some data to digest, or the digest')
message_imprint.setComponentByPosition(1, digest)
request = rfc3161.TimeStampReq()
request.setComponentByPosition(0, 'v1')
request.setComponentByPosition(1, message_imprint)
if nonce is not None:
request.setComponentByPosition(3, int(nonce))
request.setComponentByPosition(4, include_tsa_certificate if include_tsa_certificate is not None else self.include_tsa_certificate)
binary_request = encoder.encode(request)
headers = { 'Content-Type': 'application/timestamp-query' }
if self.username != None:
base64string = base64.standard_b64encode('%s:%s' % (self.username, self.password))
headers['Authorization'] = "Basic %s" % base64string
try:
response = requests.post(self.url, data=binary_request,
timeout=self.timeout, headers=headers)
except request.RequestException, e:
raise TimestampingError('Unable to send the request to %r' % self.url, e)
def sign(self, key, md="sha1"):
"""Sign the current object."""
md = md.upper()
if key is None:
raise errors.X509Error("Key required")
if isinstance(key, rsa.RSAPrivateKey):
encryption = 'RSA'
elif isinstance(key, dsa.DSAPrivateKey):
encryption = 'DSA'
else:
raise errors.X509Error("Unknown key type: %s" % (key.__class__, ))
signature_type = SIGNING_ALGORITHMS.get((encryption, md))
if signature_type is None:
raise errors.X509Error(
"Unknown encryption/hash combination %s/%s" % (encryption, md))
algo_id = rfc2459.AlgorithmIdentifier()
algo_id['algorithm'] = signature_type
algo_params = ALGORITHM_PARAMETERS[signature_type]
if algo_params is not None:
algo_id['parameters'] = algo_params
self._embed_signature_algorithm(algo_id)
to_sign = self._get_bytes_to_sign()
signer = SIGNER_CONSTRUCTION[signature_type](key)
signer.update(to_sign)
signature = signer.finalize()
self._embed_signature(algo_id, signature)
def __call__(self, data=None, sha1=None):
algorithm_identifier = rfc2459.AlgorithmIdentifier()
algorithm_identifier.setComponentByPosition(
0, get_hash_oid(self.hashobj.name))
message_imprint = rfc3161.MessageImprint()
message_imprint.setComponentByPosition(0, algorithm_identifier)
if data:
self.hashobj.update(data)
sha1 = self.hashobj.digest()
elif sha1:
assert len(sha1) == self.hashobj.digest_size
else:
raise ValueError(
'You must pass some data to digest, or the sha1 digest')
message_imprint.setComponentByPosition(1, sha1)
request = rfc3161.TimeStampReq()
request.setComponentByPosition(0, 'v1')
request.setComponentByPosition(1, message_imprint)
request.setComponentByPosition(4)
binary_request = encoder.encode(request)
http_request = urllib2.Request(
self.url, binary_request,
{'Content-Type': 'application/timestamp-query'})
if self.username != None:
base64string = base64.standard_b64encode(
'%s:%s' % (self.username, self.password))
http_request.add_header("Authorization", "Basic %s" % base64string)
try:
response = urllib2.urlopen(http_request).read()
except (IOError, socket.error), e:
raise TimestampingError(
'Unable to send the request to %s' % self.url, e)
def getSubjectPublicKeyInfo(self):
algorithmIdentifier = rfc2459.AlgorithmIdentifier()
algorithmIdentifier.setComponentByName('algorithm',
rfc2459.rsaEncryption)
algorithmIdentifier.setComponentByName('parameters', univ.Null())
spki = rfc2459.SubjectPublicKeyInfo()
spki.setComponentByName('algorithm', algorithmIdentifier)
spki.setComponentByName('subjectPublicKey', self.getSubjectPublicKey())
return spki
def asSubjectPublicKeyInfo(self):
"""Returns a subject public key info representing
this key for use by pyasn1."""
algorithmIdentifier = rfc2459.AlgorithmIdentifier()
algorithmIdentifier['algorithm'] = ecPublicKey
algorithmIdentifier['parameters'] = self.keyOID
spki = rfc2459.SubjectPublicKeyInfo()
spki['algorithm'] = algorithmIdentifier
spki['subjectPublicKey'] = univ.BitString(self.getPublicKeyHexifiedString())
return spki
class PKIHeader(univ.Sequence):
"""
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
recipient GeneralName,
messageTime [0] GeneralizedTime OPTIONAL,
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
transactionID [4] OCTET STRING OPTIONAL,
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
freeText [7] PKIFreeText OPTIONAL,
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
}
"""
componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer(
namedValues=namedval.NamedValues(
('cmp1999', 1),
('cmp2000', 2)
)
)
),
namedtype.NamedType('sender', rfc2459.GeneralName()),
namedtype.NamedType('recipient', rfc2459.GeneralName()),
namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
namedtype.OptionalNamedType('generalInfo',
univ.SequenceOf(
componentType=InfoTypeAndValue().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
)
)
)
)
def stringToAlgorithmIdentifier(string):
"""Helper function that converts a description of an algorithm
to a representation usable by the pyasn1 package"""
algorithmIdentifier = rfc2459.AlgorithmIdentifier()
algorithm = None
if string == 'sha256WithRSAEncryption':
algorithm = univ.ObjectIdentifier('1.2.840.113549.1.1.11')
elif string == 'ecdsaWithSHA256':
algorithm = univ.ObjectIdentifier('1.2.840.10045.4.3.2')
else:
raise UnknownAlgorithmTypeError(string)
algorithmIdentifier.setComponentByName('algorithm', algorithm)
return algorithmIdentifier
