def testDecode4(self): # One very long integer der = DerSequence() der.decode(b('0\x82\x01\x05')+ b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+ b('\x00\x00\x00\x00\x00\x00\x00\x00\x00')) self.assertEquals(len(der),1) self.assertEquals(der[0],2L**2048)
def testDecode6(self): # Two integers der = DerSequence() der.decode(b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff')) self.assertEquals(len(der),2) self.assertEquals(der[0],0x180L) self.assertEquals(der[1],0xFFL)
def testDecode4(self): # One very long integer der = DerSequence() der.decode( b('0\x82\x01\x05') + b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + b('\x00\x00\x00\x00\x00\x00\x00\x00\x00')) self.assertEquals(len(der), 1) self.assertEquals(der[0], 2**2048)
def rsa_public_from_der_certificate(certificate): # Extract subject_public_key_info field from X.509 certificate (see RFC3280) try: # try to extract pubkey from scapy.layers.x509 X509Cert type in case # der_certificate is of type X509Cert # Note: der_certificate may not be of type X509Cert if it wasn't # received completely, in that case, we'll try to extract it anyway # using the old method. # TODO: get rid of the old method and always expect X509Cert obj ? return RSA.importKey(str(certificate.tbsCertificate.subjectPublicKeyInfo)) except AttributeError: pass # Fallback method, may pot. allow to extract pubkey from incomplete der streams cert = DerSequence() cert.decode(certificate) tbs_certificate = DerSequence() tbs_certificate.decode(cert[0]) # first DER SEQUENCE # search for pubkey OID: rsaEncryption: "1.2.840.113549.1.1.1" # hex: 06 09 2A 86 48 86 F7 0D 01 01 01 subject_public_key_info = None for seq in tbs_certificate: if not isinstance(seq, basestring): continue # skip numerics and non sequence stuff if "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" in seq: subject_public_key_info = seq if subject_public_key_info is None: raise ValueError("could not find OID rsaEncryption 1.2.840.113549.1.1.1 in certificate") # Initialize RSA key return RSA.importKey(subject_public_key_info)
def testDecode6(self): # Two integers der = DerSequence() der.decode(b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff')) self.assertEquals(len(der), 2) self.assertEquals(der[0], 0x180) self.assertEquals(der[1], 0xFF)
def testDecode7(self): # One integer and 2 other types der = DerSequence() der.decode(b('0\x0A\x02\x02\x01\x80\x24\x02\xb6\x63\x12\x00')) self.assertEquals(len(der), 3) self.assertEquals(der[0], 0x180) self.assertEquals(der[1], b('\x24\x02\xb6\x63')) self.assertEquals(der[2], b('\x12\x00'))
def testDecode7(self): # One integer and 2 other types der = DerSequence() der.decode(b('0\x0A\x02\x02\x01\x80\x24\x02\xb6\x63\x12\x00')) self.assertEquals(len(der),3) self.assertEquals(der[0],0x180L) self.assertEquals(der[1],b('\x24\x02\xb6\x63')) self.assertEquals(der[2],b('\x12\x00'))
def der2rsa(der): # Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280) cert = DerSequence() cert.decode(der) tbs_certificate = DerSequence() tbs_certificate.decode(cert[0]) subject_public_key_info = tbs_certificate[6] # Initialize RSA key return RSA.importKey(subject_public_key_info)
def testDecode8(self): # Only 2 other types der = DerSequence() der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00')) self.assertEquals(len(der),2) self.assertEquals(der[0],b('\x24\x02\xb6\x63')) self.assertEquals(der[1],b('\x12\x00')) self.assertEquals(der.hasInts(), 0) self.assertEquals(der.hasInts(False), 0) self.failIf(der.hasOnlyInts()) self.failIf(der.hasOnlyInts(False))
def testDecode8(self): # Only 2 other types der = DerSequence() der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00')) self.assertEquals(len(der), 2) self.assertEquals(der[0], b('\x24\x02\xb6\x63')) self.assertEquals(der[1], b('\x12\x00')) self.assertEquals(der.hasInts(), 0) self.assertEquals(der.hasInts(False), 0) self.failIf(der.hasOnlyInts()) self.failIf(der.hasOnlyInts(False))
def rsa_public_from_der_certificate(certificate): # Extract subject_public_key_info field from X.509 certificate (see RFC3280) try: # try to extract pubkey from scapy.layers.x509 X509Cert type in case # der_certificate is of type X509Cert # Note: der_certificate may not be of type X509Cert if it wasn't # received completely, in that case, we'll try to extract it anyway # using the old method. # TODO: get rid of the old method and always expect X509Cert obj ? """ Rebuild ASN1 SubjectPublicKeyInfo since X509Cert does not provide the full struct ASN1F_SEQUENCE( ASN1F_SEQUENCE(ASN1F_OID("pubkey_algo","1.2.840.113549.1.1.1"), ASN1F_field("pk_value",ASN1_NULL(0))), ASN1F_BIT_STRING("pubkey","") ), """ subject_public_key_info = ASN1_SEQUENCE([ ASN1_SEQUENCE([certificate.pubkey_algo, certificate.pk_value]), certificate.pubkey ]) return RSA.importKey(str(subject_public_key_info)) except AttributeError: pass # Fallback method, may pot. allow to extract pubkey from incomplete der streams cert = DerSequence() cert.decode(certificate) tbs_certificate = DerSequence() tbs_certificate.decode(cert[0]) # first DER SEQUENCE # search for pubkey OID: rsaEncryption: "1.2.840.113549.1.1.1" # hex: 06 09 2A 86 48 86 F7 0D 01 01 01 subject_public_key_info = None for seq in tbs_certificate: if not isinstance(seq, basestring): continue # skip numerics and non sequence stuff if "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" in seq: subject_public_key_info = seq if subject_public_key_info is None: raise ValueError( "could not find OID rsaEncryption 1.2.840.113549.1.1.1 in certificate" ) # Initialize RSA key return RSA.importKey(subject_public_key_info)
def get_public_key_from_file(file_name): with open(file_name) as f: pem = f.read() lines = pem.replace(" ", '').split() der = a2b_base64(''.join(lines[1:-1])) # Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280) cert = DerSequence() cert.decode(der) tbsCertificate = DerSequence() tbsCertificate.decode(cert[0]) subjectPublicKeyInfo = tbsCertificate[6] # Initialize RSA key publicKey = RSA.importKey(subjectPublicKeyInfo) return publicKey.publickey()
def rsa_public_from_der_certificate(certificate): # Extract subject_public_key_info field from X.509 certificate (see RFC3280) try: # try to extract pubkey from scapy.layers.x509 X509Cert type in case # der_certificate is of type X509Cert # Note: der_certificate may not be of type X509Cert if it wasn't # received completely, in that case, we'll try to extract it anyway # using the old method. # TODO: get rid of the old method and always expect X509Cert obj ? return RSA.importKey( str(certificate.tbsCertificate.subjectPublicKeyInfo)) except AttributeError: pass # Fallback method, may pot. allow to extract pubkey from incomplete der streams cert = DerSequence() cert.decode(certificate) tbs_certificate = DerSequence() tbs_certificate.decode(cert[0]) # first DER SEQUENCE # search for pubkey OID: rsaEncryption: "1.2.840.113549.1.1.1" # hex: 06 09 2A 86 48 86 F7 0D 01 01 01 subject_public_key_info = None for seq in tbs_certificate: if not isinstance(seq, bytes) and not isinstance(seq, str): continue # skip numerics and non sequence stuff if b"\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" in seq: subject_public_key_info = seq if subject_public_key_info is None: raise ValueError( "could not find OID rsaEncryption 1.2.840.113549.1.1.1 in certificate" ) # Initialize RSA key return RSA.importKey(subject_public_key_info)
def public_key_import_from_x509_certificate_string(certificate_string): if certificate_string.find('-----BEGIN CERTIFICATE-----') \ and not certificate_string.find('-----BEGIN CERTIFICATE-----\n') \ and not certificate_string.find('-----BEGIN CERTIFICATE-----\r\n'): certificate_string = certificate_string.replace( '-----BEGIN CERTIFICATE-----', '-----BEGIN CERTIFICATE-----\n') if certificate_string.find('\n-----END CERTIFICATE-----') \ and not certificate_string.find('\n-----END CERTIFICATE-----') \ and not certificate_string.find('\r\n-----END CERTIFICATE-----'): certificate_string = certificate_string.replace( '-----END CERTIFICATE-----', '\n-----END CERTIFICATE-----') lines = certificate_string.replace(" ", '').split() der = a2b_base64(''.join(lines[1:-1])) # Extract subjectPublicKeyInfo field from X.509 certificate (see RFC3280) cert = DerSequence() cert.decode(der) tbs_certificate = DerSequence() tbs_certificate.decode(cert[0]) subject_public_key_info = tbs_certificate[6] # Initialize RSA key public_key = RSA.importKey(subject_public_key_info) return public_key.publickey()
def testDecode1(self): # Empty sequence der = DerSequence() der.decode(b('0\x00')) self.assertEquals(len(der),0) # One single-byte integer (zero) der.decode(b('0\x03\x02\x01\x00')) self.assertEquals(len(der),1) self.assertEquals(der[0],0) # Invariant der.decode(b('0\x03\x02\x01\x00')) self.assertEquals(len(der),1) self.assertEquals(der[0],0)
def testDecode1(self): # Empty sequence der = DerSequence() der.decode(b('0\x00')) self.assertEquals(len(der), 0) # One single-byte integer (zero) der.decode(b('0\x03\x02\x01\x00')) self.assertEquals(len(der), 1) self.assertEquals(der[0], 0) # Invariant der.decode(b('0\x03\x02\x01\x00')) self.assertEquals(len(der), 1) self.assertEquals(der[0], 0)
def testDecode9(self): # Verify that decode returns itself der = DerSequence() self.assertEqual(der, der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00')))
def testDecode2(self): # One single-byte integer (non-zero) der = DerSequence() der.decode(b('0\x03\x02\x01\x7f')) self.assertEquals(len(der), 1) self.assertEquals(der[0], 127)
def testDecode2(self): # One single-byte integer (non-zero) der = DerSequence() der.decode(b('0\x03\x02\x01\x7f')) self.assertEquals(len(der),1) self.assertEquals(der[0],127)