def main():
attributes = AuthenticatedAttributes()
attributes.setComponentByName("target", "test")
attributes.setComponentByName("length", 1024)
data = der_encoder.encode(attributes)
print "attributes " + binascii.hexlify(data)
ident = x509.AlgorithmIdentifier()
ident.setComponentByName("algorithm", sha256WithRSAEncryptionOID)
data = der_encoder.encode(ident)
print "ident " + binascii.hexlify(data)
sig = AndroidVerifiedBootSignature()
sig.setComponentByName('formatVersion', 1)
sig.setComponentByName('algorithmId', ident)
sig.setComponentByName('attributes', attributes)
sig.setComponentByName('signature', univ.OctetString('abcdef0123456789'))
data = der_encoder.encode(sig)
print "sig " + binascii.hexlify(data)
material = pkcs1.RSAPublicKey()
material.setComponentByName('modulus', 'abc123')
material.setComponentByName('publicExponent', (1 << 16) + 1)
keyinfo = KeyInfo()
keyinfo.setComponentByName('algorithm', ident)
keyinfo.setComponentByName('keyMaterial', material)
bag = KeyBag()
bag.setComponentByPosition(0, keyinfo)
keystore = AndroidVerifiedBootKeystore()
keystore.setComponentByName('formatVersion', 1)
keystore.setComponentByName('bag', bag)
keystore.setComponentByName('signature', sig)
def parse_cert(raw_bytes):
result = CertInfo()
certType = rfc2459.Certificate()
cert, rest = decoder.decode(raw_bytes, asn1Spec=certType)
subj_pub_key_bytes = frombits(
cert.getComponentByName('tbsCertificate').getComponentByName(
'subjectPublicKeyInfo').getComponentByName('subjectPublicKey'))
SUBJECT = cert.getComponentByName('tbsCertificate').getComponentByName(
'subject')
for rdn in SUBJECT[0]:
for nv in rdn:
name = nv.getComponentByName('type')
value = nv.getComponentByName('value')
# could pick up regular OUs too
if name == rfc2459.id_at_organizationalUnitName:
#print 'name: %s' % name
#print 'value: [%s] (%s)' % (str(value).strip(), type(value))
result.control_fields.append(str(value).strip())
rsaType = rfc2437.RSAPublicKey()
rsadata, rsadata_rest = decoder.decode(subj_pub_key_bytes,
asn1Spec=rsaType)
mod = rsadata.getComponentByName("modulus")
pub_exp = rsadata.getComponentByName("publicExponent")
result.pub_key = rsa.PublicKey(long(mod), long(pub_exp))
return result
def from_subject_pubkey_info(cls, pk_alg, params_asn1, pubkey_data):
pubkey = ASN1Tools.safe_decode(pubkey_data,
asn1_spec=rfc2437.RSAPublicKey())
if pubkey.asn1 is not None:
accessible_parameters = {
"n": int(pubkey.asn1["modulus"]),
"e": int(pubkey.asn1["publicExponent"]),
"params": params_asn1 if params_asn1.hasValue() else None,
}
else:
accessible_parameters = None
return cls(accessible_parameters=accessible_parameters,
decoding_details=pubkey)
def create(cls, parameters):
asn1 = rfc2459.SubjectPublicKeyInfo()
asn1["algorithm"] = rfc2459.AlgorithmIdentifier()
asn1["algorithm"][
"algorithm"] = OIDDB.KeySpecificationAlgorithms.inverse(
"rsaEncryption").to_asn1()
asn1["algorithm"]["parameters"] = pyasn1.type.univ.Any(
value=pyasn1.codec.der.encoder.encode(pyasn1.type.univ.Null()))
inner_key = rfc2437.RSAPublicKey()
inner_key["modulus"] = pyasn1.type.univ.Integer(parameters["n"])
inner_key["publicExponent"] = pyasn1.type.univ.Integer(parameters["e"])
inner_key = pyasn1.codec.der.encoder.encode(inner_key)
asn1["subjectPublicKey"] = ASN1Tools.bytes2bitstring(inner_key)
return asn1
class KeyInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('algorithm', x509.AlgorithmIdentifier()),
namedtype.NamedType('keyMaterial', pkcs1.RSAPublicKey())
)
