def _importKeyDER(self, externKey):
der = DerSequence()
der.decode(externKey, True)
if len(der)==9 and der.hasOnlyInts() and der[0]==0:
# ASN.1 RSAPrivateKey element
del der[6:] # Remove d mod (p-1), d mod (q-1), and q^{-1} mod p
der.append(inverse(der[4],der[5])) # Add p^{-1} mod q
del der[0] # Remove version
return self.construct(der[:])
if len(der)==2:
# The DER object is a SEQUENCE with two elements:
# a SubjectPublicKeyInfo SEQUENCE and an opaque BIT STRING.
#
# The first element is always the same:
# 0x30 0x0D SEQUENCE, 12 bytes of payload
# 0x06 0x09 OBJECT IDENTIFIER, 9 bytes of payload
# 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x01 0x01
# rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1)
# 0x05 0x00 NULL
#
# The second encapsulates the actual ASN.1 RSAPublicKey element.
if der[0]==b('\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00'):
bitmap = DerObject()
bitmap.decode(der[1], True)
if bitmap.typeTag==b('\x03')[0] and bitmap.payload[0]==b('\x00')[0]:
der.decode(bitmap.payload[1:], True)
if len(der)==2 and der.hasOnlyInts():
return self.construct(der[:])
raise ValueError("RSA key format is not supported")
def get_signature_bytes(x509):
der = DerSequence()
der.decode(dump_certificate(FILETYPE_ASN1, x509))
der_tbs = der[0]
der_algo = der[1]
der_sig = der[2]
der_sig_in = DerObject()
der_sig_in.decode(der_sig)
sig = der_sig_in.payload[1:] #skip leading zeros
return sig.encode('hex')
def testObjDecode4(self):
# Decode implicit tag (primitive)
der = DerObject(0x02, constructed=False, implicit=0xF)
self.assertRaises(ValueError, der.decode, b('\x02\x02\x01\x02'))
der.decode(b('\x8F\x01\x00'))
self.assertEquals(der.payload, b('\x00'))
# Decode implicit tag (constructed)
der = DerObject(0x02, constructed=True, implicit=0xF)
self.assertRaises(ValueError, der.decode, b('\x02\x02\x01\x02'))
der.decode(b('\xAF\x01\x00'))
self.assertEquals(der.payload, b('\x00'))
def testObjDecode4(self):
# Decode implicit tag (primitive)
der = DerObject(0x02, constructed=False, implicit=0xF)
self.assertRaises(ValueError, der.decode, b('\x02\x02\x01\x02'))
der.decode(b('\x8F\x01\x00'))
self.assertEqual(der.payload, b('\x00'))
# Decode implicit tag (constructed)
der = DerObject(0x02, constructed=True, implicit=0xF)
self.assertRaises(ValueError, der.decode, b('\x02\x02\x01\x02'))
der.decode(b('\xAF\x01\x00'))
self.assertEqual(der.payload, b('\x00'))
def testObjDecode7(self):
# Decode explicit tag
der = DerObject(0x10, explicit=5)
der.decode(b("\xa5\x06\x10\x04xxll"))
self.assertEqual(der._tag_octet, 0x10)
self.assertEqual(der.payload, b('xxll'))
# Explicit tag may be 0
der = DerObject(0x10, explicit=0)
der.decode(b("\xa0\x06\x10\x04xxll"))
self.assertEqual(der._tag_octet, 0x10)
self.assertEqual(der.payload, b('xxll'))
def testObjDecode7(self):
# Decode explicit tag
der = DerObject(0x10, explicit=5)
der.decode(b("\xa5\x06\x10\x04xxll"))
self.assertEquals(der._tag_octet, 0x10)
self.assertEquals(der.payload, b('xxll'))
# Explicit tag may be 0
der = DerObject(0x10, explicit=0)
der.decode(b("\xa0\x06\x10\x04xxll"))
self.assertEquals(der._tag_octet, 0x10)
self.assertEquals(der.payload, b('xxll'))
def parse_EncryptedPrivateKeyInfo(self, der):
from Crypto.Util.asn1 import DerObject, DerSequence, DerOctetString, DerObjectId
encryptedPrivateKeyInfo = DerSequence()
encryptedPrivateKeyInfo.decode(der)
encryptionAlgorithm = DerSequence()
algorithm = DerObjectId()
encryptedData = DerOctetString()
encryptionAlgorithm.decode(encryptedPrivateKeyInfo[0])
DerObject.decode(algorithm, encryptionAlgorithm[0])
DerObject.decode(encryptedData, encryptedPrivateKeyInfo[1])
if algorithm.payload != self.oid_aesKeyWrap:
raise ValueError
return encryptedData.payload
def _importKeyDER(self, externKey):
"""Import an RSA key (public or private half), encoded in DER form."""
try:
der = DerSequence()
der.decode(externKey, True)
# Try PKCS#1 first, for a private key
if len(der) == 9 and der.hasOnlyInts() and der[0] == 0:
# ASN.1 RSAPrivateKey element
del der[
6:] # Remove d mod (p-1), d mod (q-1), and q^{-1} mod p
der.append(inverse(der[4], der[5])) # Add p^{-1} mod q
del der[0] # Remove version
return self.construct(der[:])
# Keep on trying PKCS#1, but now for a public key
if len(der) == 2:
# The DER object is an RSAPublicKey SEQUENCE with two elements
if der.hasOnlyInts():
return self.construct(der[:])
# The DER object is a SubjectPublicKeyInfo SEQUENCE with two elements:
# an 'algorithm' (or 'algorithmIdentifier') SEQUENCE and a 'subjectPublicKey' BIT STRING.
# 'algorithm' takes the value given a few lines above.
# 'subjectPublicKey' encapsulates the actual ASN.1 RSAPublicKey element.
if der[0] == algorithmIdentifier:
bitmap = DerObject()
bitmap.decode(der[1], True)
if bitmap.isType('BIT STRING') and bord(
bitmap.payload[0]) == 0x00:
der.decode(bitmap.payload[1:], True)
if len(der) == 2 and der.hasOnlyInts():
return self.construct(der[:])
# Try unencrypted PKCS#8
if der[0] == 0:
# The second element in the SEQUENCE is algorithmIdentifier.
# It must say RSA (see above for description).
if der[1] == algorithmIdentifier:
privateKey = DerObject()
privateKey.decode(der[2], True)
if privateKey.isType('OCTET STRING'):
return self._importKeyDER(privateKey.payload)
except (ValueError, IndexError):
pass
raise ValueError("RSA key format is not supported")
def _importKeyDER(self, externKey):
"""Import an RSA key (public or private half), encoded in DER form."""
try:
der = DerSequence()
der.decode(externKey, True)
# Try PKCS#1 first, for a private key
if len(der)==9 and der.hasOnlyInts() and der[0]==0:
# ASN.1 RSAPrivateKey element
del der[6:] # Remove d mod (p-1), d mod (q-1), and q^{-1} mod p
der.append(inverse(der[4],der[5])) # Add p^{-1} mod q
del der[0] # Remove version
return self.construct(der[:])
# Keep on trying PKCS#1, but now for a public key
if len(der)==2:
# The DER object is an RSAPublicKey SEQUENCE with two elements
if der.hasOnlyInts():
return self.construct(der[:])
# The DER object is a SubjectPublicKeyInfo SEQUENCE with two elements:
# an 'algorithm' (or 'algorithmIdentifier') SEQUENCE and a 'subjectPublicKey' BIT STRING.
# 'algorithm' takes the value given a few lines above.
# 'subjectPublicKey' encapsulates the actual ASN.1 RSAPublicKey element.
if der[0]==algorithmIdentifier:
bitmap = DerObject()
bitmap.decode(der[1], True)
if bitmap.isType('BIT STRING') and bord(bitmap.payload[0])==0x00:
der.decode(bitmap.payload[1:], True)
if len(der)==2 and der.hasOnlyInts():
return self.construct(der[:])
# Try unencrypted PKCS#8
if der[0]==0:
# The second element in the SEQUENCE is algorithmIdentifier.
# It must say RSA (see above for description).
if der[1]==algorithmIdentifier:
privateKey = DerObject()
privateKey.decode(der[2], True)
if privateKey.isType('OCTET STRING'):
return self._importKeyDER(privateKey.payload)
except (ValueError, IndexError):
pass
raise ValueError("RSA key format is not supported")
def _importKeyDER(self, externKey):
der = DerSequence()
der.decode(externKey, True)
if len(der)==9 and der.hasOnlyInts() and der[0]==0:
# ASN.1 RSAPrivateKey element
del der[6:8] # Remove d mod (p-1) and d mod (q-1)
del der[0] # Remove version
return self.construct(der[:])
if len(der)==2:
# ASN.1 SubjectPublicKeyInfo element
if der[0]==b('\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00'):
bitmap = DerObject()
bitmap.decode(der[1], True)
if bitmap.typeTag==b('\x03')[0] and bitmap.payload[0]==b('\x00')[0]:
der.decode(bitmap.payload[1:], True)
if len(der)==2 and der.hasOnlyInts():
return self.construct(der[:])
raise ValueError("RSA key format is not supported")
def testObjDecode1(self):
# Decode short payload
der = DerObject()
der.decode('\x20\x02\x01\x02')
self.assertEquals(der.payload, "\x01\x02")
self.assertEquals(der.typeTag, "\x20")
def testObjDecode1(self):
# Decode short payload
der = DerObject(0x02)
der.decode(b('\x02\x02\x01\x02'))
self.assertEquals(der.payload, b("\x01\x02"))
self.assertEquals(der._tag_octet, 0x02)
def testObjDecode8(self):
# Verify that decode returns the object
der = DerObject(0x02)
self.assertEqual(der, der.decode(b('\x02\x02\x01\x02')))
def testObjDecode1(self):
# Decode short payload
der = DerObject()
der.decode(b('\x20\x02\x01\x02'))
self.assertEqual(der.payload, b("\x01\x02"))
self.assertEqual(der.typeTag, 0x20)
def testObjDecode2(self):
# Decode long payload
der = DerObject(0x02)
der.decode(b('\x02\x81\x80' + "1"*128))
self.assertEqual(der.payload, b("1")*128)
self.assertEqual(der._tag_octet, 0x02)
def testObjDecode2(self):
# Decode short payload
der = DerObject()
der.decode(b('\x22\x81\x80' + "1"*128))
self.assertEqual(der.payload, b("1")*128)
self.assertEqual(der.typeTag, 0x22)
def testObjDecode2(self):
# Decode long payload
der = DerObject(0x02)
der.decode(b('\x02\x81\x80' + "1" * 128))
self.assertEquals(der.payload, b("1") * 128)
self.assertEquals(der._tag_octet, 0x02)
def testObjDecode1(self):
# Decode short payload
der = DerObject()
der.decode(b('\x20\x02\x01\x02'))
self.assertEqual(der.payload, b("\x01\x02"))
self.assertEqual(der.typeTag, 0x20)
def testObjDecode1(self):
# Decode short payload
der = DerObject(0x02)
der.decode(b('\x02\x02\x01\x02'))
self.assertEqual(der.payload, b("\x01\x02"))
self.assertEqual(der._tag_octet, 0x02)
def testObjDecode8(self):
# Verify that decode returns the object
der = DerObject(0x02)
self.assertEqual(der, der.decode(b('\x02\x02\x01\x02')))
def testObjDecode2(self):
# Decode short payload
der = DerObject()
der.decode('\x22\x81\x80' + ("1"*128))
self.assertEquals(der.payload, "1"*128)
self.assertEquals(der.typeTag, "\x22")
def testObjDecode6(self):
# Arbitrary DER object
der = DerObject()
der.decode(b('\x65\x01\x88'))
self.assertEquals(der._tag_octet, 0x65)
self.assertEquals(der.payload, b('\x88'))
def testObjDecode2(self):
# Decode short payload
der = DerObject()
der.decode(b('\x22\x81\x80' + "1" * 128))
self.assertEqual(der.payload, b("1") * 128)
self.assertEqual(der.typeTag, 0x22)
def testObjDecode6(self):
# Arbitrary DER object
der = DerObject()
der.decode(b('\x65\x01\x88'))
self.assertEqual(der._tag_octet, 0x65)
self.assertEqual(der.payload, b('\x88'))
