Example #1
0
    def create(cls, parameters):
        asn1 = rfc2459.SubjectPublicKeyInfo()
        asn1["algorithm"] = rfc2459.AlgorithmIdentifier()
        asn1["algorithm"][
            "algorithm"] = OIDDB.KeySpecificationAlgorithms.inverse(
                "id-dsa").to_asn1()
        asn1["algorithm"]["algorithm"] = parameters["curve"].oid.to_asn1()

        inner_key = parameters["curve"].point(parameters["x"],
                                              parameters["y"]).encode()
        asn1["subjectPublicKey"] = ASN1Tools.bytes2bitstring(inner_key)
        return asn1
Example #2
0
	def _forge_cert(self, cert_issuer_id, issuer, cert_subject_id, subject):
		self._log.debug("Forging chain element %d -> %d: %s -> %s", cert_issuer_id, cert_subject_id, issuer, subject)
		issuer_key_filename = self._args.key_template % (cert_issuer_id)
		key_filename = self._args.key_template % (cert_subject_id)
		crt_filename = self._args.cert_template % (cert_subject_id)

		if (not os.path.isfile(key_filename)) or self._args.force:
			OpenSSLTools.create_private_key(PrivateKeyStorage(storage_form = PrivateKeyStorageForm.PEM_FILE, filename = key_filename), subject.pubkey.keyspec)

		# Read new private key and convert to public key
		with tempfile.NamedTemporaryFile(prefix = "pubkey_", suffix = ".pem") as pubkey_file:
			OpenSSLTools.private_to_public(key_filename, pubkey_file.name)
			subject_pubkey = PublicKey.read_pemfile(pubkey_file.name)[0]

		# Do the same for the issuer key to get the issuer key ID
		with tempfile.NamedTemporaryFile(prefix = "pubkey_", suffix = ".pem") as pubkey_file:
			OpenSSLTools.private_to_public(issuer_key_filename, pubkey_file.name)
			issuer_pubkey = PublicKey.read_pemfile(pubkey_file.name)[0]

		# Replace public key first
		forged_cert_asn1 = subject.asn1_clone
		forged_cert_asn1["tbsCertificate"]["subjectPublicKeyInfo"] = subject_pubkey.asn1

		# Do identifiers need to be recalculated?
		if self._args.recalculate_keyids:
			if subject.extensions.has(OIDDB.X509Extensions.inverse("SubjectKeyIdentifier")):
				# Replace subject key identifier
				new_key_id = subject_pubkey.keyid()
				replacement_extension = X509SubjectKeyIdentifierExtension.construct(new_key_id)
				subject.extensions.filter(OIDDB.X509Extensions.inverse("SubjectKeyIdentifier"), replacement_extension)

			if subject.extensions.has(OIDDB.X509Extensions.inverse("AuthorityKeyIdentifier")):
				# Replace authority key identifier
				new_key_id = issuer_pubkey.keyid()
				replacement_extension = X509AuthorityKeyIdentifierExtension.construct(new_key_id)
				subject.extensions.filter(OIDDB.X509Extensions.inverse("AuthorityKeyIdentifier"), replacement_extension)

			forged_cert_asn1["tbsCertificate"]["extensions"] = subject.extensions.to_asn1()

		# Re-serialize certificate
		forged_cert = X509Certificate.from_asn1(forged_cert_asn1)

		# Then sign the modified certifiate
		signature = OpenSSLTools.sign_data(subject.signature_algorithm, issuer_key_filename, forged_cert.signed_payload)

		# Finally, place the signature into the certificate
		forged_cert_asn1["signatureValue"] = ASN1Tools.bytes2bitstring(signature)
		forged_cert = X509Certificate.from_asn1(forged_cert_asn1)
		forged_cert.write_pemfile(crt_filename)
Example #3
0
    def create(cls, parameters):
        asn1 = rfc2459.SubjectPublicKeyInfo()
        asn1["algorithm"] = rfc2459.AlgorithmIdentifier()
        asn1["algorithm"][
            "algorithm"] = OIDDB.KeySpecificationAlgorithms.inverse(
                "rsaEncryption").to_asn1()
        asn1["algorithm"]["parameters"] = pyasn1.type.univ.Any(
            value=pyasn1.codec.der.encoder.encode(pyasn1.type.univ.Null()))

        inner_key = rfc2437.RSAPublicKey()
        inner_key["modulus"] = pyasn1.type.univ.Integer(parameters["n"])
        inner_key["publicExponent"] = pyasn1.type.univ.Integer(parameters["e"])
        inner_key = pyasn1.codec.der.encoder.encode(inner_key)
        asn1["subjectPublicKey"] = ASN1Tools.bytes2bitstring(inner_key)
        return asn1
Example #4
0
    def create(cls, parameters):
        asn1 = rfc2459.SubjectPublicKeyInfo()
        asn1["algorithm"] = rfc2459.AlgorithmIdentifier()
        asn1["algorithm"][
            "algorithm"] = OIDDB.KeySpecificationAlgorithms.inverse(
                "id-dsa").to_asn1()
        asn1["algorithm"]["parameters"] = rfc3279.Dss_Parms()
        asn1["algorithm"]["parameters"]["p"] = parameters["p"]
        asn1["algorithm"]["parameters"]["q"] = parameters["q"]
        asn1["algorithm"]["parameters"]["g"] = parameters["g"]

        inner_key = rfc3279.DSAPublicKey(parameters["pubkey"])
        inner_key = pyasn1.codec.der.encoder.encode(inner_key)
        asn1["subjectPublicKey"] = ASN1Tools.bytes2bitstring(inner_key)

        return asn1
Example #5
0
    def create(cls, parameters):
        asn1 = rfc2459.SubjectPublicKeyInfo()

        asn1["algorithm"][
            "algorithm"] = OIDDB.KeySpecificationAlgorithms.inverse(
                "ecPublicKey").to_asn1()
        if parameters["curve"].oid is not None:
            asn1["algorithm"]["parameters"] = pyasn1.codec.der.encoder.encode(
                parameters["curve"].oid.to_asn1())
        else:
            # TODO not implemented
            #domain_params = SpecifiedECDomain()
            #domain_params["version"] = 1
            #asn1["algorithm"]["parameters"] = domain_params
            raise NotImplementedError(
                "Creation of explicitly specified elliptic curve domain parameters (i.e., non-named curves) is not implemented in x509sak"
            )

        inner_key = parameters["curve"].point(parameters["x"],
                                              parameters["y"]).encode()
        asn1["subjectPublicKey"] = ASN1Tools.bytes2bitstring(inner_key)
        return asn1