def __init__(self, **kargs): seq = [ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_PACKET("subjectPublicKey", ECDSAPublicKey(), ECDSAPublicKey)] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class NEGOEX_EXCHANGE_NTLM_ITEM(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE(ASN1F_SEQUENCE(ASN1F_OID("oid", ""), ASN1F_PRINTABLE_STRING("token", ""), explicit_tag=0x31), explicit_tag=0x80))
class SPNEGO_negTokenResp(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_optional( ASN1F_ENUMERATED("negResult", 0, { 0: "accept-completed", 1: "accept-incomplete", 2: "reject", 3: "request-mic" }, explicit_tag=0xa0), ), ASN1F_optional( ASN1F_PACKET("supportedMech", SPNEGO_MechType(), SPNEGO_MechType, explicit_tag=0xa1), ), ASN1F_optional( ASN1F_PACKET("responseToken", None, SPNEGO_Token, explicit_tag=0xa2)), ASN1F_optional( ASN1F_PACKET("mechListMIC", None, SPNEGO_MechListMIC, implicit_tag=0xa3))))
def __init__(self, **kargs): seq = [ ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING("subjectPublicKey", None) ] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs): seq = [ ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList), ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING("signatureValue", "defaultsignature" * 2) ] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs): seq = [ASN1F_OID("extnID", "2.5.29.19"), ASN1F_optional( ASN1F_BOOLEAN("critical", False)), ASN1F_PACKET("extnValue", X509_ExtBasicConstraints(), X509_ExtBasicConstraints, explicit_tag=0x04)] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs): seq = [ ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList), ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING_ENCAPS("signatureValue", ECDSASignature(), ECDSASignature) ] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class NEGOEX_EXCHANGE_NTLM(ASN1_Packet): """ GSSAPI NegoEX Exchange metadata blob This was reversed and may be meaningless """ ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE(ASN1F_SEQUENCE_OF("items", [], NEGOEX_EXCHANGE_NTLM_ITEM), implicit_tag=0xa0), )
def __init__(self, **kargs): seq = [ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList), ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING("signatureValue", "defaultsignature" * 2)] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs): seq = [ ASN1F_PACKET("tbsResponseData", OCSP_ResponseData(), OCSP_ResponseData), ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING("signature", "defaultsignature" * 2), ASN1F_optional( ASN1F_SEQUENCE_OF("certs", None, X509_Cert, explicit_tag=0xa0)) ] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs): seq = [ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList), ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING_ENCAPS("signatureValue", ECDSASignature(), ECDSASignature)] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
def __init__(self, **kargs): seq = [ASN1F_PACKET("tbsResponseData", OCSP_ResponseData(), OCSP_ResponseData), ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_BIT_STRING("signature", "defaultsignature" * 2), ASN1F_optional( ASN1F_SEQUENCE_OF("certs", None, X509_Cert, explicit_tag=0xa0))] ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class CLDAP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( LDAP.ASN1_root.seq[0], # messageID ASN1F_optional(LDAPDN("user", ""), ), LDAP.ASN1_root.seq[1] # protocolOp )
class LDAP_Control(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( LDAPOID("controlType", ""), ASN1F_optional(ASN1F_BOOLEAN("criticality", False), ), ASN1F_optional(ASN1F_STRING("controlValue", "")), )
class X509_ExtNoticeReference(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_CHOICE("organization", ASN1_UTF8_STRING("Dummy Organization"), ASN1F_IA5_STRING, ASN1F_ISO646_STRING, ASN1F_BMP_STRING, ASN1F_UTF8_STRING), ASN1F_SEQUENCE_OF("noticeNumbers", [], ASN1P_INTEGER))
class X509_Attribute(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("type", "2.5.4.6"), ASN1F_SET_OF("values", [X509_AttributeValue()], X509_AttributeValue))
class X509_ExtPolicyInformation(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("policyIdentifier", "2.5.29.32.0"), ASN1F_optional( ASN1F_SEQUENCE_OF("policyQualifiers", None, X509_ExtPolicyQualifierInfo)))
class X509_RevokedCertificate(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_INTEGER("serialNumber", 1), ASN1F_UTC_TIME("revocationDate", str(ZuluTime(+86400))), ASN1F_optional( ASN1F_SEQUENCE_OF("crlEntryExtensions", None, X509_Extension)))
class X509_Validity(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_CHOICE("not_before", ASN1_UTC_TIME(str(ZuluTime(-600))), ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME), ASN1F_CHOICE("not_after", ASN1_UTC_TIME(str(ZuluTime(+86400))), ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME))
class PKCS12_PBE1_Parameters(ASN1_Packet): """PKCS12 PBE1 Parameters""" ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_STRING("salt", ""), ASN1F_INTEGER("iterations", 2048), )
class X509_AlgorithmIdentifier(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"), ASN1F_optional( ASN1F_CHOICE("parameters", ASN1_NULL(0), ASN1F_NULL, ECParameters)))
class X509_ExtPolicyConstraints(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( ASN1F_INTEGER("requireExplicitPolicy", None, implicit_tag=0x80)), ASN1F_optional( ASN1F_INTEGER("inhibitPolicyMapping", None, implicit_tag=0x81)))
class X509_ExtGeneralSubtree(ASN1_Packet): # 'minimum' is not optional in RFC 5280, yet it is in some implementations. ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_PACKET("base", X509_GeneralName(), X509_GeneralName), ASN1F_optional(ASN1F_INTEGER("minimum", None, implicit_tag=0x80)), ASN1F_optional(ASN1F_INTEGER("maximum", None, implicit_tag=0x81)))
class ECCurve(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_STRING("a", ""), ASN1F_STRING("b", ""), ASN1F_optional( ASN1F_BIT_STRING("seed", None)))
class X509_EDIPartyName(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( ASN1F_X509_DirectoryString("nameAssigner", None, explicit_tag=0xa0)), ASN1F_X509_DirectoryString("partyName", None, explicit_tag=0xa1))
class OCSP_CertID(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_PACKET("hashAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_STRING("issuerNameHash", ""), ASN1F_STRING("issuerKeyHash", ""), ASN1F_INTEGER("serialNumber", 0))
class ASN1P_PRIVSEQ(ASN1_Packet): # This class gets used in x509.uts # It showcases the private high-tag decoding capacities of scapy. ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE(ASN1F_IA5_STRING("str", ""), ASN1F_STRING("int", 0), explicit_tag=0, flexible_tag=True)
class X509_OtherName(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("type_id", "0"), ASN1F_CHOICE("value", None, ASN1F_IA5_STRING, ASN1F_ISO646_STRING, ASN1F_BMP_STRING, ASN1F_UTF8_STRING, explicit_tag=0xa0))
class X509_ExtBasicConstraints(ASN1_Packet): # The cA field should not be optional, but some certs omit it for False. ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( ASN1F_BOOLEAN("cA", False)), ASN1F_optional( ASN1F_INTEGER("pathLenConstraint", None)))
class OCSP_RevokedInfo(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_GENERALIZED_TIME("revocationTime", ""), ASN1F_optional( ASN1F_PACKET("revocationReason", None, X509_ExtReasonCode, explicit_tag=0x80)))
class ECSpecifiedDomain(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_enum_INTEGER("version", 1, {1: "ecpVer1"}), ASN1F_PACKET("fieldID", ECFieldID(), ECFieldID), ASN1F_PACKET("curve", ECCurve(), ECCurve), ASN1F_STRING("base", ""), ASN1F_INTEGER("order", 0), ASN1F_optional(ASN1F_INTEGER("cofactor", None)))
class SAPPSE_Obj_PKRoot(ASN1_Packet): """SAP PSEv2 PKRoot Object definition""" ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_PACKET("ca", X509_DirectoryName(), X509_DirectoryName), ASN1F_PACKET("new_key", SAPPSE_Root_Key(), SAPPSE_Root_Key), ASN1F_PACKET("old_key", SAPPSE_Root_Key(), SAPPSE_Root_Key, explicit_tag=0xa0), )
def m2i(self, pkt, x): c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname if "rsa" in sigtype.lower(): return c, s elif "ecdsa" in sigtype.lower(): return ASN1F_X509_CertECDSA().m2i(pkt, x) else: raise Exception("could not parse certificate")
def m2i(self, pkt, x): c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname if "rsa" in sigtype.lower(): return c, s elif "ecdsa" in sigtype.lower(): return ASN1F_X509_CRLECDSA().m2i(pkt, x) else: raise Exception("could not parse certificate")
def m2i(self, pkt, x): c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) keytype = pkt.fields["signatureAlgorithm"].algorithm.oidname if "rsa" in keytype.lower(): return ASN1F_X509_SubjectPublicKeyInfoRSA().m2i(pkt, x) elif keytype == "ecPublicKey": return ASN1F_X509_SubjectPublicKeyInfoECDSA().m2i(pkt, x) else: raise Exception("could not parse subjectPublicKeyInfo")
def m2i(self, pkt, x): c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname if "rsa" in sigtype.lower(): return c, s elif "ecdsa" in sigtype.lower(): return ASN1F_OCSP_BasicResponseECDSA().m2i(pkt, x) else: raise Exception("could not parse OCSP basic response")
def build(self, pkt): if "signatureAlgorithm" in pkt.fields: sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname else: sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname # noqa: E501 if "rsa" in sigtype.lower(): return ASN1F_SEQUENCE.build(self, pkt) elif "ecdsa" in sigtype.lower(): pkt.default_fields["signatureValue"] = ECDSASignature() return ASN1F_OCSP_BasicResponseECDSA().build(pkt) else: raise Exception("could not build OCSP basic response")