def verify_elf(elf, key_path):
elf_hash, build_id, current_sig = get_elf_hash(elf)
with open(key_path,'rb') as f:
key = RSA.importKey(f.read())
verifier = PKCS1.PKCS115_SigScheme(key)
res = verifier.verify(elf_hash, current_sig)
if not res:
print "The ELF's signature is invalid!"
exit(0)
print "The ELF's signature is valid"
def sign_elf(elf_path, key_path):
print "Signing ELF..."
elf_hash, build_id, current_sig = get_elf_hash(elf_path)
# Generate new key
if not os.path.exists(key_path):
key = RSA.generate(2048)
with open(key_path,'wb') as f:
f.write(key.exportKey('PEM'))
pubkey = key.publickey()
with open(key_path+'.pub','wb') as f:
f.write(pubkey.exportKey('PEM'))
else:
with open(key_path,'rb') as f:
key = RSA.importKey(f.read())
signer = PKCS1.PKCS115_SigScheme(key)
assert(key.can_sign())
sig = signer.sign(elf_hash)
with os.fdopen(os.open(elf_path, os.O_RDWR | os.O_CREAT), 'rb+') as f:
f.seek(build_id.header.sh_offset + 16)
f.write(sig)
print "ELF has been signed"
def sign(self, message):
"""Signs a message.
Args:
message: string, Message to be signed.
Returns:
string, The signature of the message for the given key.
"""
# SHA256 our message
sha = SHA256.new(message)
# Sign it with our PKCS8 key
signer = PKCS1_v1_5.PKCS115_SigScheme(self._key)
return signer.sign(sha)
def getPeerPkcs(self, peerid):
'''
Return a pkcs15 object for the given peer's cert.
Example:
pkcs = neu.getPeerPkcs(peerid)
if not pkcs.verify(byts,sign):
return
'''
pkcs = self.runinfo[peerid].get('pkcs15')
if pkcs == None:
key = self.getPeerInfo(peerid, 'rsakey')
rsa = RSA.importKey(key)
pkcs = PKCS15.PKCS115_SigScheme(rsa)
self.runinfo[peerid]['pkcs15'] = pkcs
return pkcs
def verify(self, message, signature):
"""Verifies a message against a signature.
Args:
message: string, The message to verify.
signature: string, The signature on the message.
Returns:
True if message was singed by the private key associated with the public
key that this object was constructed with.
"""
try:
logging.info(message)
logging.info(signature)
sha = SHA256.new(message)
verifier = PKCS1_v1_5.PKCS115_SigScheme(self._pubkey)
verifier.verify(sha, signature)
return True
except:
raise
return False
def setrsakey(event):
valu = event[1].get('valu')
self.rsakey = RSA.importKey(valu)
self.pubkey = self.rsakey.publickey()
self.pkcs15 = PKCS15.PKCS115_SigScheme(self.rsakey)
