Exemple #1
0
 def from_pem(cls, ledger, pem) -> 'PrivateKey':
     der = pem_to_der(pem.encode())
     try:
         key_int = ECPrivateKey.load(der).native['private_key']
     except ValueError:
         key_int = PrivateKeyInfo.load(der).native['private_key']['private_key']
     private_key = cPrivateKey.from_int(key_int)
     return cls(ledger, private_key, bytes((0,)*32), 0, 0)
Exemple #2
0
def pk_to_c_array(name, pk_der):
    # parse der format
    pk = ECPrivateKey.load(pk_der)

    # extract private key
    pk_native = pk['private_key'].native

    # translate to hex string
    pk_hex = format(pk_native, '064x')

    # split by pairs of characters
    hex_bytes = ["0x" + pk_hex[i:i + 2] for i in range(0, len(pk_hex), 2)]

    # make string C array declaration
    return "const uint8_t " + name + "[32] = {" + ", ".join(hex_bytes) + "};"
Exemple #3
0
def decode_ec_private_key(der):
    """
    Decode a DER-encoded EC private key as stored by OpenSSL into a dictionary
    of attributes able to be passed to :meth:`pkcs11.Session.create_object`.

    :param bytes der: DER-encoded key
    :rtype: dict(Attribute,*)
    """

    asn1 = ECPrivateKey.load(der)

    return {
        Attribute.KEY_TYPE: KeyType.EC,
        Attribute.CLASS: ObjectClass.PRIVATE_KEY,
        Attribute.EC_PARAMS: asn1['parameters'].dump(),
        Attribute.VALUE: asn1['private_key'],
    }
else:
    offset = fsize - 0x800

# load and parse private key
if not args.key:
    print("Key not modified")
else:
    key_offset = offset
    print("Injecting key from %s at 0x%0X" % (args.key, key_offset))
    if args.key == "stdin":
        stdin = sys.stdin.buffer if hasattr(sys.stdin, "buffer") else sys.stdin
        der = stdin.read()
    else:
        with open(args.key, "rb") as f:
            der = f.read()
    key = ECPrivateKey.load(der)

    # convert key into raw bytes and calculate it's sha256
    key_bytes = bytearray.fromhex(format(key["private_key"].native, '064x'))
    key_hash = hashlib.sha256(key_bytes).digest()
    # pad key to 1KiB
    key_blob = (key_bytes + key_hash).ljust(1024, b"\x00")
    assert len(key_blob) == 1024

    with open(args.bin, 'r+b') as f:
        f.seek(key_offset)
        f.write(key_blob)

if not args.ctr:
    print("Counter not modified")
else: