def main(): attributes = AuthenticatedAttributes() attributes.setComponentByName("target", "test") attributes.setComponentByName("length", 1024) data = der_encoder.encode(attributes) print "attributes " + binascii.hexlify(data) ident = x509.AlgorithmIdentifier() ident.setComponentByName("algorithm", sha256WithRSAEncryptionOID) data = der_encoder.encode(ident) print "ident " + binascii.hexlify(data) sig = AndroidVerifiedBootSignature() sig.setComponentByName('formatVersion', 1) sig.setComponentByName('algorithmId', ident) sig.setComponentByName('attributes', attributes) sig.setComponentByName('signature', univ.OctetString('abcdef0123456789')) data = der_encoder.encode(sig) print "sig " + binascii.hexlify(data) material = pkcs1.RSAPublicKey() material.setComponentByName('modulus', 'abc123') material.setComponentByName('publicExponent', (1 << 16) + 1) keyinfo = KeyInfo() keyinfo.setComponentByName('algorithm', ident) keyinfo.setComponentByName('keyMaterial', material) bag = KeyBag() bag.setComponentByPosition(0, keyinfo) keystore = AndroidVerifiedBootKeystore() keystore.setComponentByName('formatVersion', 1) keystore.setComponentByName('bag', bag) keystore.setComponentByName('signature', sig)
def __call__(self, data=None, digest=None, include_tsa_certificate=None, nonce=None): algorithm_identifier = rfc2459.AlgorithmIdentifier() algorithm_identifier.setComponentByPosition(0, get_hash_oid(self.hashname)) message_imprint = rfc3161.MessageImprint() message_imprint.setComponentByPosition(0, algorithm_identifier) hashobj = hashlib.new(self.hashname) if data: hashobj.update(data) digest = hashobj.digest() elif digest: assert len(digest) == hashobj.digest_size, 'digest length is wrong' else: raise ValueError('You must pass some data to digest, or the digest') message_imprint.setComponentByPosition(1, digest) request = rfc3161.TimeStampReq() request.setComponentByPosition(0, 'v1') request.setComponentByPosition(1, message_imprint) if nonce is not None: request.setComponentByPosition(3, int(nonce)) request.setComponentByPosition(4, include_tsa_certificate if include_tsa_certificate is not None else self.include_tsa_certificate) binary_request = encoder.encode(request) headers = { 'Content-Type': 'application/timestamp-query' } if self.username != None: base64string = base64.standard_b64encode('%s:%s' % (self.username, self.password)) headers['Authorization'] = "Basic %s" % base64string try: response = requests.post(self.url, data=binary_request, timeout=self.timeout, headers=headers) except request.RequestException, e: raise TimestampingError('Unable to send the request to %r' % self.url, e)
def sign(self, key, md="sha1"): """Sign the current object.""" md = md.upper() if key is None: raise errors.X509Error("Key required") if isinstance(key, rsa.RSAPrivateKey): encryption = 'RSA' elif isinstance(key, dsa.DSAPrivateKey): encryption = 'DSA' else: raise errors.X509Error("Unknown key type: %s" % (key.__class__, )) signature_type = SIGNING_ALGORITHMS.get((encryption, md)) if signature_type is None: raise errors.X509Error( "Unknown encryption/hash combination %s/%s" % (encryption, md)) algo_id = rfc2459.AlgorithmIdentifier() algo_id['algorithm'] = signature_type algo_params = ALGORITHM_PARAMETERS[signature_type] if algo_params is not None: algo_id['parameters'] = algo_params self._embed_signature_algorithm(algo_id) to_sign = self._get_bytes_to_sign() signer = SIGNER_CONSTRUCTION[signature_type](key) signer.update(to_sign) signature = signer.finalize() self._embed_signature(algo_id, signature)
def __call__(self, data=None, sha1=None): algorithm_identifier = rfc2459.AlgorithmIdentifier() algorithm_identifier.setComponentByPosition( 0, get_hash_oid(self.hashobj.name)) message_imprint = rfc3161.MessageImprint() message_imprint.setComponentByPosition(0, algorithm_identifier) if data: self.hashobj.update(data) sha1 = self.hashobj.digest() elif sha1: assert len(sha1) == self.hashobj.digest_size else: raise ValueError( 'You must pass some data to digest, or the sha1 digest') message_imprint.setComponentByPosition(1, sha1) request = rfc3161.TimeStampReq() request.setComponentByPosition(0, 'v1') request.setComponentByPosition(1, message_imprint) request.setComponentByPosition(4) binary_request = encoder.encode(request) http_request = urllib2.Request( self.url, binary_request, {'Content-Type': 'application/timestamp-query'}) if self.username != None: base64string = base64.standard_b64encode( '%s:%s' % (self.username, self.password)) http_request.add_header("Authorization", "Basic %s" % base64string) try: response = urllib2.urlopen(http_request).read() except (IOError, socket.error), e: raise TimestampingError( 'Unable to send the request to %s' % self.url, e)
def getSubjectPublicKeyInfo(self): algorithmIdentifier = rfc2459.AlgorithmIdentifier() algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption) algorithmIdentifier.setComponentByName('parameters', univ.Null()) spki = rfc2459.SubjectPublicKeyInfo() spki.setComponentByName('algorithm', algorithmIdentifier) spki.setComponentByName('subjectPublicKey', self.getSubjectPublicKey()) return spki
def asSubjectPublicKeyInfo(self): """Returns a subject public key info representing this key for use by pyasn1.""" algorithmIdentifier = rfc2459.AlgorithmIdentifier() algorithmIdentifier['algorithm'] = ecPublicKey algorithmIdentifier['parameters'] = self.keyOID spki = rfc2459.SubjectPublicKeyInfo() spki['algorithm'] = algorithmIdentifier spki['subjectPublicKey'] = univ.BitString(self.getPublicKeyHexifiedString()) return spki
class PKIHeader(univ.Sequence): """ PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('pvno', univ.Integer( namedValues=namedval.NamedValues( ('cmp1999', 1), ('cmp2000', 2) ) ) ), namedtype.NamedType('sender', rfc2459.GeneralName()), namedtype.NamedType('recipient', rfc2459.GeneralName()), namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType('generalInfo', univ.SequenceOf( componentType=InfoTypeAndValue().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) ) ) ) )
def stringToAlgorithmIdentifier(string): """Helper function that converts a description of an algorithm to a representation usable by the pyasn1 package""" algorithmIdentifier = rfc2459.AlgorithmIdentifier() algorithm = None if string == 'sha256WithRSAEncryption': algorithm = univ.ObjectIdentifier('1.2.840.113549.1.1.11') elif string == 'ecdsaWithSHA256': algorithm = univ.ObjectIdentifier('1.2.840.10045.4.3.2') else: raise UnknownAlgorithmTypeError(string) algorithmIdentifier.setComponentByName('algorithm', algorithm) return algorithmIdentifier