def signTBSCert(self, tbsCert, h=None): """ Note that this will always copy the signature field from the tbsCertificate into the signatureAlgorithm field of the result, regardless of the coherence between its contents (which might indicate ecdsa-with-SHA512) and the result (e.g. RSA signing MD2). There is a small inheritance trick for the computation of sigVal below: in order to use a sign() method which would apply to both PrivKeyRSA and PrivKeyECDSA, the sign() methods of the subclasses accept any argument, be it from the RSA or ECDSA world, and then they keep the ones they're interested in. Here, t will be passed eventually to pkcs1._DecryptAndSignRSA.sign(), while sigencode will be passed to ecdsa.keys.SigningKey.sign(). """ sigAlg = tbsCert.signature h = h or hash_by_oid[sigAlg.algorithm.val] sigVal = self.sign(str(tbsCert), h=h, t='pkcs', sigencode=ecdsa.util.sigencode_der) c = X509_Cert() c.tbsCertificate = tbsCert c.signatureAlgorithm = sigAlg c.signatureValue = ASN1_BIT_STRING(sigVal, readable=True) return c
class IKEv2_payload_CERT_CRT(IKEv2_payload_CERT): name = "IKEv2 Certificate" fields_desc = [ ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), FieldLenField("length", None, "x509Cert", "H", adjust=lambda pkt, x: x + len(pkt.x509Cert) + 5), ByteEnumField("cert_type", 4, IKEv2CertificateEncodings), PacketLenField("x509Cert", X509_Cert(''), X509_Cert, length_from=lambda x:x.length - 5), ]
def __call__(cls, cert_path): obj = _PKIObjMaker.__call__(cls, cert_path, _MAX_CERT_SIZE, "CERTIFICATE") obj.__class__ = Cert try: cert = X509_Cert(obj.der) except: raise Exception("Unable to import certificate") obj.import_from_asn1pkt(cert) return obj
def xxx_scan_certificates(self, target, starttls=None, test_params=None): """Plugin for identyfing server certificates in DTLS""" # with open("512b-dsa-example-cert.der", "r") as file_handle: # test_packet = file_handle.read().strip() # print("Test packet = ") # print(test_packet) # print("==============") test_packet = "123123123" # print("_scan_certificates") pkt_hello = DTLSRecord( sequence=0, content_type=TLSContentType.HANDSHAKE, version=ENUM_DTLS_VERSIONS.DTLS_1_1, ) / DTLSHandshakes(handshakes=[ DTLSHandshake(fragment_offset=0) / DTLSClientHello( version=ENUM_DTLS_VERSIONS.DTLS_1_1, cipher_suites=list(range(0xFE))[::-1], compression_methods=0, ) ]) pkt = DTLSRecord( sequence=0, content_type=TLSContentType.HANDSHAKE, version=ENUM_DTLS_VERSIONS.DTLS_1_1, ) / DTLSHandshakes(handshakes=[ DTLSHandshake(fragment_offset=0) / TLSCertificateList() / TLS13Certificate( certificates=[TLSCertificate(data=X509_Cert(test_packet))], length=600, ) ]) # show_verbose(test_params, pkt) print(pkt) try: client = DTLSClient(target, starttls=starttls, test_params=test_params) pkt_hello[DTLSClientHello].cookie = client.cookie pkt_hello[DTLSClientHello].cookie_length = client.cookie_length sent_time = test_params.report_sent_packet() client.sendall(pkt_hello) resp = client.recvall(timeout=0.1) test_params.report_received_packet(sent_time) sent_time = test_params.report_sent_packet() client.sendall(pkt) resp = client.recvall(timeout=0.5) test_params.report_received_packet(sent_time) self.capabilities.insert(resp, client=False) except socket.error as sock_err: print(repr(sock_err))
def __init__(self, ip, port): TorSocket.__init__(self) self.get_socket().connect((ip, port)) self.sock = ssl.wrap_socket(self.get_socket(), ssl_version=SSL_VERSION) self.peer_sslcertificate = X509_Cert( self.sock.getpeercert(binary_form=True))