def sign_authpack_native(data, privkey, certificate, wrap_signed=False):
"""
Creating PKCS7 blob which contains the following things:
1. 'data' blob which is an ASN1 encoded "AuthPack" structure
2. the certificate used to sign the data blob
3. the singed 'signed_attrs' structure (ASN1) which points to the "data" structure (in point 1)
"""
da = {'algorithm': algos.DigestAlgorithmId('1.3.14.3.2.26')}
si = {}
si['version'] = 'v1'
si['sid'] = cms.IssuerAndSerialNumber({
'issuer':
certificate.issuer,
'serial_number':
certificate.serial_number,
})
si['digest_algorithm'] = algos.DigestAlgorithm(da)
si['signed_attrs'] = [
cms.CMSAttribute({
'type': 'content_type',
'values': ['1.3.6.1.5.2.3.1']
}),
# indicates that the encap_content_info's authdata struct (marked with OID '1.3.6.1.5.2.3.1' is signed )
cms.CMSAttribute({
'type': 'message_digest',
'values': [hashlib.sha1(data).digest()]
}),
### hash of the data, the data itself will not be signed, but this block of data will be.
]
si['signature_algorithm'] = algos.SignedDigestAlgorithm(
{'algorithm': '1.2.840.113549.1.1.1'})
si['signature'] = rsa_pkcs1v15_sign(
privkey,
cms.CMSAttributes(si['signed_attrs']).dump(), "sha1")
ec = {}
ec['content_type'] = '1.3.6.1.5.2.3.1'
ec['content'] = data
sd = {}
sd['version'] = 'v3'
sd['digest_algorithms'] = [algos.DigestAlgorithm(da)] # must have only one
sd['encap_content_info'] = cms.EncapsulatedContentInfo(ec)
sd['certificates'] = [certificate]
sd['signer_infos'] = cms.SignerInfos([cms.SignerInfo(si)])
if wrap_signed is True:
ci = {}
ci['content_type'] = '1.2.840.113549.1.7.2' # signed data OID
ci['content'] = cms.SignedData(sd)
return cms.ContentInfo(ci).dump()
return cms.SignedData(sd).dump()
def on_get(self, req, resp):
operation = req.get_param("operation", required=True)
if operation.lower() == "getcacert":
resp.body = keys.parse_certificate(
self.authority.certificate_buf).dump()
resp.append_header("Content-Type", "application/x-x509-ca-cert")
return
# If we bump into exceptions later
encrypted_container = b""
attr_list = [
cms.CMSAttribute({
'type': "message_type",
'values': ["3"]
}),
cms.CMSAttribute({
'type': "pki_status",
'values': ["2"] # rejected
})
]
try:
info = cms.ContentInfo.load(
b64decode(req.get_param("message", required=True)))
###############################################
### Verify signature of the outer container ###
###############################################
signed_envelope = info['content']
encap_content_info = signed_envelope['encap_content_info']
encap_content = encap_content_info['content']
# TODO: try except
current_certificate, = signed_envelope["certificates"]
signer, = signed_envelope["signer_infos"]
# TODO: compare cert to current one if we are renewing
assert signer["digest_algorithm"]["algorithm"].native == "md5"
assert signer["signature_algorithm"][
"algorithm"].native == "rsassa_pkcs1v15"
message_digest = None
transaction_id = None
sender_nonce = None
for attr in signer["signed_attrs"]:
if attr["type"].native == "sender_nonce":
sender_nonce, = attr["values"]
elif attr["type"].native == "trans_id":
transaction_id, = attr["values"]
elif attr["type"].native == "message_digest":
message_digest, = attr["values"]
if hashlib.md5(encap_content.native).digest(
) != message_digest.native:
raise SCEPBadMessageCheck()
assert message_digest
msg = signer["signed_attrs"].dump(force=True)
assert msg[0] == 160
# Verify signature
try:
asymmetric.rsa_pkcs1v15_verify(
asymmetric.load_certificate(current_certificate.dump()),
signer["signature"].native,
b"\x31" + msg[1:], # wtf?!
"md5")
except SignatureError:
raise SCEPBadMessageCheck()
###############################
### Decrypt inner container ###
###############################
info = cms.ContentInfo.load(encap_content.native)
encrypted_envelope = info['content']
encrypted_content_info = encrypted_envelope[
'encrypted_content_info']
iv = encrypted_content_info['content_encryption_algorithm'][
'parameters'].native
if encrypted_content_info['content_encryption_algorithm'][
"algorithm"].native != "des":
raise SCEPBadAlgo()
encrypted_content = encrypted_content_info[
'encrypted_content'].native
recipient, = encrypted_envelope['recipient_infos']
if recipient.native["rid"][
"serial_number"] != self.authority.certificate.serial_number:
raise SCEPBadCertId()
# Since CA private key is not directly readable here, we'll redirect it to signer socket
key = asymmetric.rsa_pkcs1v15_decrypt(
self.authority.private_key, recipient.native["encrypted_key"])
if len(key) == 8: key = key * 3 # Convert DES to 3DES
buf = symmetric.tripledes_cbc_pkcs5_decrypt(
key, encrypted_content, iv)
_, _, common_name = self.authority.store_request(buf,
overwrite=True)
cert, buf = self.authority.sign(common_name, overwrite=True)
signed_certificate = asymmetric.load_certificate(buf)
content = signed_certificate.asn1.dump()
except SCEPError as e:
attr_list.append(
cms.CMSAttribute({
'type': "fail_info",
'values': ["%d" % e.code]
}))
else:
##################################
### Degenerate inner container ###
##################################
degenerate = cms.ContentInfo({
'content_type':
"signed_data",
'content':
cms.SignedData({
'version':
"v1",
'certificates': [signed_certificate.asn1],
'digest_algorithms':
[cms.DigestAlgorithm({'algorithm': "md5"})],
'encap_content_info': {
'content_type':
"data",
'content':
cms.ContentInfo({
'content_type': "signed_data",
'content': None
}).dump()
},
'signer_infos': []
})
})
################################
### Encrypt middle container ###
################################
key = os.urandom(8)
iv, encrypted_content = symmetric.des_cbc_pkcs5_encrypt(
key, degenerate.dump(), os.urandom(8))
assert degenerate.dump() == symmetric.tripledes_cbc_pkcs5_decrypt(
key * 3, encrypted_content, iv)
ri = cms.RecipientInfo({
'ktri':
cms.KeyTransRecipientInfo({
'version':
"v0",
'rid':
cms.RecipientIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer':
current_certificate.chosen["tbs_certificate"]
["issuer"],
'serial_number':
current_certificate.chosen["tbs_certificate"]
["serial_number"],
}),
}),
'key_encryption_algorithm': {
'algorithm': "rsa"
},
'encrypted_key':
asymmetric.rsa_pkcs1v15_encrypt(
asymmetric.load_certificate(
current_certificate.chosen.dump()), key)
})
})
encrypted_container = cms.ContentInfo({
'content_type':
"enveloped_data",
'content':
cms.EnvelopedData({
'version': "v1",
'recipient_infos': [ri],
'encrypted_content_info': {
'content_type': "data",
'content_encryption_algorithm': {
'algorithm': "des",
'parameters': iv
},
'encrypted_content': encrypted_content
}
})
}).dump()
attr_list = [
cms.CMSAttribute({
'type':
"message_digest",
'values': [hashlib.sha1(encrypted_container).digest()]
}),
cms.CMSAttribute({
'type': "message_type",
'values': ["3"]
}),
cms.CMSAttribute({
'type': "pki_status",
'values': ["0"] # ok
})
]
finally:
##############################
### Signed outer container ###
##############################
attrs = cms.CMSAttributes(attr_list + [
cms.CMSAttribute({
'type': "recipient_nonce",
'values': [sender_nonce]
}),
cms.CMSAttribute({
'type': "trans_id",
'values': [transaction_id]
})
])
signer = cms.SignerInfo({
"signed_attrs":
attrs,
'version':
"v1",
'sid':
cms.SignerIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer':
self.authority.certificate.issuer,
'serial_number':
self.authority.certificate.serial_number,
}),
}),
'digest_algorithm':
algos.DigestAlgorithm({'algorithm': "sha1"}),
'signature_algorithm':
algos.SignedDigestAlgorithm({'algorithm': "rsassa_pkcs1v15"}),
'signature':
asymmetric.rsa_pkcs1v15_sign(self.authority.private_key,
b"\x31" + attrs.dump()[1:],
"sha1")
})
resp.append_header("Content-Type", "application/x-pki-message")
resp.body = cms.ContentInfo({
'content_type':
"signed_data",
'content':
cms.SignedData({
'version':
"v1",
'certificates': [self.authority.certificate],
'digest_algorithms':
[cms.DigestAlgorithm({'algorithm': "sha1"})],
'encap_content_info': {
'content_type': "data",
'content': encrypted_container
},
'signer_infos': [signer]
})
}).dump()
def sign_message(data_to_sign,
digest_alg,
sign_key,
use_signed_attributes=True):
"""Function signs the data and returns the generated ASN.1
:param data_to_sign: A byte string of the data to be signed.
:param digest_alg:
The digest algorithm to be used for generating the signature.
:param sign_key: The key to be used for generating the signature.
:param use_signed_attributes: Optional attribute to indicate weather the
CMS signature attributes should be included in the signature or not.
:return: A CMS ASN.1 byte string of the signed data.
"""
if use_signed_attributes:
digest_func = hashlib.new(digest_alg)
digest_func.update(data_to_sign)
message_digest = digest_func.digest()
class SmimeCapability(core.Sequence):
_fields = [('0', core.Any, {
'optional': True
}), ('1', core.Any, {
'optional': True
}), ('2', core.Any, {
'optional': True
}), ('3', core.Any, {
'optional': True
}), ('4', core.Any, {
'optional': True
})]
class SmimeCapabilities(core.Sequence):
_fields = [
('0', SmimeCapability),
('1', SmimeCapability, {
'optional': True
}),
('2', SmimeCapability, {
'optional': True
}),
('3', SmimeCapability, {
'optional': True
}),
('4', SmimeCapability, {
'optional': True
}),
('5', SmimeCapability, {
'optional': True
}),
]
smime_cap = OrderedDict([
('0',
OrderedDict([('0', core.ObjectIdentifier('1.2.840.113549.3.7'))
])),
('1',
OrderedDict([('0', core.ObjectIdentifier('1.2.840.113549.3.2')),
('1', core.Integer(128))])),
('2',
OrderedDict([('0', core.ObjectIdentifier('1.2.840.113549.3.4')),
('1', core.Integer(128))])),
])
signed_attributes = cms.CMSAttributes([
cms.CMSAttribute({
'type':
cms.CMSAttributeType('content_type'),
'values':
cms.SetOfContentType([cms.ContentType('data')])
}),
cms.CMSAttribute({
'type':
cms.CMSAttributeType('signing_time'),
'values':
cms.SetOfTime(
[cms.Time({'utc_time': core.UTCTime(datetime.now())})])
}),
cms.CMSAttribute({
'type':
cms.CMSAttributeType('message_digest'),
'values':
cms.SetOfOctetString([core.OctetString(message_digest)])
}),
cms.CMSAttribute({
'type':
cms.CMSAttributeType('1.2.840.113549.1.9.15'),
'values':
cms.SetOfAny([core.Any(SmimeCapabilities(smime_cap))])
}),
])
signature = asymmetric.rsa_pkcs1v15_sign(sign_key[0],
signed_attributes.dump(),
digest_alg)
else:
signed_attributes = None
signature = asymmetric.rsa_pkcs1v15_sign(sign_key[0], data_to_sign,
digest_alg)
return cms.ContentInfo({
'content_type':
cms.ContentType('signed_data'),
'content':
cms.SignedData({
'version':
cms.CMSVersion('v1'),
'digest_algorithms':
cms.DigestAlgorithms([
algos.DigestAlgorithm(
{'algorithm': algos.DigestAlgorithmId(digest_alg)})
]),
'encap_content_info':
cms.ContentInfo({'content_type': cms.ContentType('data')}),
'certificates':
cms.CertificateSet(
[cms.CertificateChoices({'certificate': sign_key[1].asn1})]),
'signer_infos':
cms.SignerInfos([
cms.SignerInfo({
'version':
cms.CMSVersion('v1'),
'sid':
cms.SignerIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer':
sign_key[1].asn1['tbs_certificate']['issuer'],
'serial_number':
sign_key[1].asn1['tbs_certificate']
['serial_number']
})
}),
'digest_algorithm':
algos.DigestAlgorithm(
{'algorithm': algos.DigestAlgorithmId(digest_alg)}),
'signed_attrs':
signed_attributes,
'signature_algorithm':
algos.SignedDigestAlgorithm({
'algorithm':
algos.SignedDigestAlgorithmId('rsassa_pkcs1v15')
}),
'signature':
core.OctetString(signature)
})
])
})
}).dump()
def request_tsa_response(self, req: tsp.TimeStampReq) -> tsp.TimeStampResp:
# We pretend that certReq is always true in the request
# TODO generalise my detached signature logic to include cases like this
# (see § 5.4 in RFC 5652)
# TODO does the RFC
status = tsp.PKIStatusInfo({'status': tsp.PKIStatus('granted')})
message_imprint: tsp.MessageImprint = req['message_imprint']
md_algorithm = message_imprint['hash_algorithm']['algorithm'].native
digest_algorithm_obj = algos.DigestAlgorithm({
'algorithm': md_algorithm
})
dt = self.fixed_dt or datetime.now(tz=tzlocal.get_localzone())
tst_info = {
'version': 'v1',
# See http://oidref.com/1.3.6.1.4.1.4146.2.2
# I don't really care too much, this is a testing device anyway
'policy': tsp.ObjectIdentifier('1.3.6.1.4.1.4146.2.2'),
'message_imprint': message_imprint,
# should be sufficiently random (again, this is a testing class)
'serial_number': get_nonce(),
'gen_time': dt,
'tsa': x509.GeneralName(
name='directory_name', value=self.tsa_cert.subject
)
}
try:
tst_info['nonce'] = req['nonce']
except KeyError:
pass
tst_info = tsp.TSTInfo(tst_info)
tst_info_data = tst_info.dump()
message_digest = getattr(hashlib, md_algorithm)(tst_info_data).digest()
signed_attrs = cms.CMSAttributes([
simple_cms_attribute('content_type', 'tst_info'),
simple_cms_attribute(
'signing_time', cms.Time({'utc_time': core.UTCTime(dt)})
),
simple_cms_attribute(
'signing_certificate',
general.as_signing_certificate(self.tsa_cert)
),
simple_cms_attribute('message_digest', message_digest),
])
signature = asymmetric.rsa_pkcs1v15_sign(
asymmetric.load_private_key(self.tsa_key),
signed_attrs.dump(), md_algorithm
)
sig_info = cms.SignerInfo({
'version': 'v1',
'sid': cms.SignerIdentifier({
'issuer_and_serial_number': cms.IssuerAndSerialNumber({
'issuer': self.tsa_cert.issuer,
'serial_number': self.tsa_cert.serial_number,
})
}),
'digest_algorithm': digest_algorithm_obj,
'signature_algorithm': algos.SignedDigestAlgorithm(
{'algorithm': 'rsassa_pkcs1v15'}
),
'signed_attrs': signed_attrs,
'signature': signature
})
certs = set(self.certs_to_embed)
certs.add(self.tsa_cert)
signed_data = {
# must use v3 to get access to the EncapsulatedContentInfo construct
'version': 'v3',
'digest_algorithms': cms.DigestAlgorithms((digest_algorithm_obj,)),
'encap_content_info': cms.EncapsulatedContentInfo({
'content_type': cms.ContentType('tst_info'),
'content': cms.ParsableOctetString(tst_info_data)
}),
'certificates': certs,
'signer_infos': [sig_info]
}
tst = cms.ContentInfo({
'content_type': cms.ContentType('signed_data'),
'content': cms.SignedData(signed_data)
})
return tsp.TimeStampResp({'status': status, 'time_stamp_token': tst})
def sign_message(
data_to_sign,
digest_alg,
sign_key,
sign_alg="rsassa_pkcs1v15",
use_signed_attributes=True,
):
"""Function signs the data and returns the generated ASN.1
:param data_to_sign: A byte string of the data to be signed.
:param digest_alg: The digest algorithm to be used for generating the signature.
:param sign_key: The key to be used for generating the signature.
:param sign_alg: The algorithm to be used for signing the message.
:param use_signed_attributes: Optional attribute to indicate weather the
CMS signature attributes should be included in the signature or not.
:return: A CMS ASN.1 byte string of the signed data.
"""
if use_signed_attributes:
digest_func = hashlib.new(digest_alg)
digest_func.update(data_to_sign)
message_digest = digest_func.digest()
class SmimeCapability(core.Sequence):
_fields = [
("0", core.Any, {
"optional": True
}),
("1", core.Any, {
"optional": True
}),
("2", core.Any, {
"optional": True
}),
("3", core.Any, {
"optional": True
}),
("4", core.Any, {
"optional": True
}),
]
class SmimeCapabilities(core.Sequence):
_fields = [
("0", SmimeCapability),
("1", SmimeCapability, {
"optional": True
}),
("2", SmimeCapability, {
"optional": True
}),
("3", SmimeCapability, {
"optional": True
}),
("4", SmimeCapability, {
"optional": True
}),
("5", SmimeCapability, {
"optional": True
}),
]
smime_cap = OrderedDict([
(
"0",
OrderedDict([
("0", core.ObjectIdentifier("2.16.840.1.101.3.4.1.42"))
]),
),
(
"1",
OrderedDict([
("0", core.ObjectIdentifier("2.16.840.1.101.3.4.1.2"))
]),
),
(
"2",
OrderedDict([("0", core.ObjectIdentifier("1.2.840.113549.3.7"))
]),
),
(
"3",
OrderedDict([
("0", core.ObjectIdentifier("1.2.840.113549.3.2")),
("1", core.Integer(128)),
]),
),
(
"4",
OrderedDict([
("0", core.ObjectIdentifier("1.2.840.113549.3.4")),
("1", core.Integer(128)),
]),
),
])
signed_attributes = cms.CMSAttributes([
cms.CMSAttribute({
"type":
cms.CMSAttributeType("content_type"),
"values":
cms.SetOfContentType([cms.ContentType("data")]),
}),
cms.CMSAttribute({
"type":
cms.CMSAttributeType("signing_time"),
"values":
cms.SetOfTime([
cms.Time({
"utc_time":
core.UTCTime(
datetime.utcnow().replace(tzinfo=timezone.utc))
})
]),
}),
cms.CMSAttribute({
"type":
cms.CMSAttributeType("message_digest"),
"values":
cms.SetOfOctetString([core.OctetString(message_digest)]),
}),
cms.CMSAttribute({
"type":
cms.CMSAttributeType("1.2.840.113549.1.9.15"),
"values":
cms.SetOfAny([core.Any(SmimeCapabilities(smime_cap))]),
}),
])
else:
signed_attributes = None
# Generate the signature
data_to_sign = signed_attributes.dump(
) if signed_attributes else data_to_sign
if sign_alg == "rsassa_pkcs1v15":
signature = asymmetric.rsa_pkcs1v15_sign(sign_key[0], data_to_sign,
digest_alg)
elif sign_alg == "rsassa_pss":
signature = asymmetric.rsa_pss_sign(sign_key[0], data_to_sign,
digest_alg)
else:
raise AS2Exception("Unsupported Signature Algorithm")
return cms.ContentInfo({
"content_type":
cms.ContentType("signed_data"),
"content":
cms.SignedData({
"version":
cms.CMSVersion("v1"),
"digest_algorithms":
cms.DigestAlgorithms([
algos.DigestAlgorithm(
{"algorithm": algos.DigestAlgorithmId(digest_alg)})
]),
"encap_content_info":
cms.ContentInfo({"content_type": cms.ContentType("data")}),
"certificates":
cms.CertificateSet(
[cms.CertificateChoices({"certificate": sign_key[1].asn1})]),
"signer_infos":
cms.SignerInfos([
cms.SignerInfo({
"version":
cms.CMSVersion("v1"),
"sid":
cms.SignerIdentifier({
"issuer_and_serial_number":
cms.IssuerAndSerialNumber({
"issuer":
sign_key[1].asn1["tbs_certificate"]["issuer"],
"serial_number":
sign_key[1].asn1["tbs_certificate"]
["serial_number"],
})
}),
"digest_algorithm":
algos.DigestAlgorithm(
{"algorithm": algos.DigestAlgorithmId(digest_alg)}),
"signed_attrs":
signed_attributes,
"signature_algorithm":
algos.SignedDigestAlgorithm(
{"algorithm":
algos.SignedDigestAlgorithmId(sign_alg)}),
"signature":
core.OctetString(signature),
})
]),
}),
}).dump()
def request_tsa_response(self, req: tsp.TimeStampReq) -> tsp.TimeStampResp:
# We pretend that certReq is always true in the request
status = tsp.PKIStatusInfo({'status': tsp.PKIStatus('granted')})
message_imprint: tsp.MessageImprint = req['message_imprint']
md_algorithm = self.md_algorithm
digest_algorithm_obj = algos.DigestAlgorithm({
'algorithm': md_algorithm
})
dt = self.fixed_dt or datetime.now(tz=tzlocal.get_localzone())
tst_info = {
'version': 'v1',
'policy': self.policy,
'message_imprint': message_imprint,
'serial_number': get_nonce(),
'gen_time': dt,
'tsa': x509.GeneralName(
name='directory_name', value=self.tsa_cert.subject
)
}
try:
tst_info['nonce'] = req['nonce']
except KeyError:
pass
tst_info = tsp.TSTInfo(tst_info)
tst_info_data = tst_info.dump()
message_digest = getattr(hashlib, md_algorithm)(tst_info_data).digest()
signing_cert_id = tsp.ESSCertID({
'cert_hash': hashlib.sha1(self.tsa_cert.dump()).digest()
})
signed_attrs = cms.CMSAttributes([
simple_cms_attribute('content_type', 'tst_info'),
simple_cms_attribute(
'signing_time', cms.Time({'utc_time': core.UTCTime(dt)})
),
simple_cms_attribute(
'signing_certificate',
tsp.SigningCertificate({'certs': [signing_cert_id]})
),
simple_cms_attribute('message_digest', message_digest),
])
signature = generic_sign(
self.tsa_key, signed_attrs.dump(), self.signature_algo
)
sig_info = cms.SignerInfo({
'version': 'v1',
'sid': cms.SignerIdentifier({
'issuer_and_serial_number': cms.IssuerAndSerialNumber({
'issuer': self.tsa_cert.issuer,
'serial_number': self.tsa_cert.serial_number,
})
}),
'digest_algorithm': digest_algorithm_obj,
'signature_algorithm': self.signature_algo,
'signed_attrs': signed_attrs,
'signature': signature
})
certs = set(self.certs_to_embed)
certs.add(self.tsa_cert)
signed_data = {
# must use v3 to get access to the EncapsulatedContentInfo construct
'version': 'v3',
'digest_algorithms': cms.DigestAlgorithms((digest_algorithm_obj,)),
'encap_content_info': cms.EncapsulatedContentInfo({
'content_type': cms.ContentType('tst_info'),
'content': cms.ParsableOctetString(tst_info_data)
}),
'certificates': certs,
'signer_infos': [sig_info]
}
tst = cms.ContentInfo({
'content_type': cms.ContentType('signed_data'),
'content': cms.SignedData(signed_data)
})
return tsp.TimeStampResp({'status': status, 'time_stamp_token': tst})
def on_get(self, req, resp):
operation = req.get_param("operation", required=True)
if operation == "GetCACert":
resp.body = keys.parse_certificate(
self.authority.certificate_buf).dump()
resp.append_header("Content-Type", "application/x-x509-ca-cert")
return
elif operation == "GetCACaps":
# TODO: return renewal flag based on renewal subnets config option
resp.body = "Renewal\nMD5\nSHA-1\nSHA-256\nSHA-512\nDES3\n"
return
elif operation == "PKIOperation":
pass
else:
raise falcon.HTTPBadRequest("Bad request",
"Unknown operation %s" % operation)
# If we bump into exceptions later
encrypted_container = b""
attr_list = [
cms.CMSAttribute({
'type': "message_type",
'values': ["3"]
}),
cms.CMSAttribute({
'type': "pki_status",
'values': ["2"] # rejected
})
]
try:
info = cms.ContentInfo.load(
b64decode(req.get_param("message", required=True)))
###############################################
### Verify signature of the outer container ###
###############################################
signed_envelope = info['content']
encap_content_info = signed_envelope['encap_content_info']
encap_content = encap_content_info['content']
# TODO: try except
current_certificate, = signed_envelope["certificates"]
signer, = signed_envelope["signer_infos"]
# TODO: compare cert to current one if we are renewing
digest_algorithm = signer["digest_algorithm"]["algorithm"].native
signature_algorithm = signer["signature_algorithm"][
"algorithm"].native
if digest_algorithm not in ("md5", "sha1", "sha256", "sha512"):
raise SCEPBadAlgo()
if signature_algorithm != "rsassa_pkcs1v15":
raise SCEPBadAlgo()
message_digest = None
transaction_id = None
sender_nonce = None
for attr in signer["signed_attrs"]:
if attr["type"].native == "sender_nonce":
sender_nonce, = attr["values"]
elif attr["type"].native == "trans_id":
transaction_id, = attr["values"]
elif attr["type"].native == "message_digest":
message_digest, = attr["values"]
if getattr(hashlib,
digest_algorithm)(encap_content.native).digest(
) != message_digest.native:
raise SCEPDigestMismatch()
if not sender_nonce:
raise SCEPBadRequest()
if not transaction_id:
raise SCEPBadRequest()
assert message_digest
msg = signer["signed_attrs"].dump(force=True)
assert msg[0] == 160
# Verify signature
try:
asymmetric.rsa_pkcs1v15_verify(
asymmetric.load_certificate(current_certificate.dump()),
signer["signature"].native,
b"\x31" + msg[1:], # wtf?!
"md5")
except SignatureError:
raise SCEPSignatureMismatch()
###############################
### Decrypt inner container ###
###############################
info = cms.ContentInfo.load(encap_content.native)
encrypted_envelope = info['content']
encrypted_content_info = encrypted_envelope[
'encrypted_content_info']
iv = encrypted_content_info['content_encryption_algorithm'][
'parameters'].native
if encrypted_content_info['content_encryption_algorithm'][
"algorithm"].native != "des":
raise SCEPBadAlgo()
encrypted_content = encrypted_content_info[
'encrypted_content'].native
recipient, = encrypted_envelope['recipient_infos']
if recipient.native["rid"][
"serial_number"] != self.authority.certificate.serial_number:
raise SCEPBadCertId()
key = asymmetric.rsa_pkcs1v15_decrypt(
self.authority.private_key, recipient.native["encrypted_key"])
if len(key) == 8: key = key * 3 # Convert DES to 3DES
buf = symmetric.tripledes_cbc_pkcs5_decrypt(
key, encrypted_content, iv)
_, _, common_name = self.authority.store_request(buf,
overwrite=True)
logger.info(
"SCEP client from %s requested with %s digest algorithm, %s signature",
req.context["remote_addr"], digest_algorithm,
signature_algorithm)
cert, buf = self.authority.sign(common_name,
profile=config.PROFILES["gw"],
overwrite=True)
signed_certificate = asymmetric.load_certificate(buf)
content = signed_certificate.asn1.dump()
except SCEPError as e:
attr_list.append(
cms.CMSAttribute({
'type': "fail_info",
'values': ["%d" % e.code]
}))
logger.info("Failed to sign SCEP request due to: %s" %
e.explaination)
else:
##################################
### Degenerate inner container ###
##################################
degenerate = cms.ContentInfo({
'content_type':
"signed_data",
'content':
cms.SignedData({
'version':
"v1",
'certificates': [signed_certificate.asn1],
'digest_algorithms':
[cms.DigestAlgorithm({'algorithm': digest_algorithm})],
'encap_content_info': {
'content_type':
"data",
'content':
cms.ContentInfo({
'content_type': "signed_data",
'content': None
}).dump()
},
'signer_infos': []
})
})
################################
### Encrypt middle container ###
################################
key = os.urandom(8)
iv, encrypted_content = symmetric.des_cbc_pkcs5_encrypt(
key, degenerate.dump(), os.urandom(8))
assert degenerate.dump() == symmetric.tripledes_cbc_pkcs5_decrypt(
key * 3, encrypted_content, iv)
ri = cms.RecipientInfo({
'ktri':
cms.KeyTransRecipientInfo({
'version':
"v0",
'rid':
cms.RecipientIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer':
current_certificate.chosen["tbs_certificate"]
["issuer"],
'serial_number':
current_certificate.chosen["tbs_certificate"]
["serial_number"],
}),
}),
'key_encryption_algorithm': {
'algorithm': "rsa"
},
'encrypted_key':
asymmetric.rsa_pkcs1v15_encrypt(
asymmetric.load_certificate(
current_certificate.chosen.dump()), key)
})
})
encrypted_container = cms.ContentInfo({
'content_type':
"enveloped_data",
'content':
cms.EnvelopedData({
'version': "v1",
'recipient_infos': [ri],
'encrypted_content_info': {
'content_type': "data",
'content_encryption_algorithm': {
'algorithm': "des",
'parameters': iv
},
'encrypted_content': encrypted_content
}
})
}).dump()
attr_list = [
cms.CMSAttribute({
'type':
"message_digest",
'values': [
getattr(
hashlib,
digest_algorithm)(encrypted_container).digest()
]
}),
cms.CMSAttribute({
'type': "message_type",
'values': ["3"]
}),
cms.CMSAttribute({
'type': "pki_status",
'values': ["0"] # ok
})
]
finally:
##############################
### Signed outer container ###
##############################
attrs = cms.CMSAttributes(attr_list + [
cms.CMSAttribute({
'type': "recipient_nonce",
'values': [sender_nonce]
}),
cms.CMSAttribute({
'type': "trans_id",
'values': [transaction_id]
})
])
signer = cms.SignerInfo({
"signed_attrs":
attrs,
'version':
"v1",
'sid':
cms.SignerIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer':
self.authority.certificate.issuer,
'serial_number':
self.authority.certificate.serial_number,
}),
}),
'digest_algorithm':
algos.DigestAlgorithm({'algorithm': digest_algorithm}),
'signature_algorithm':
algos.SignedDigestAlgorithm({'algorithm': "rsassa_pkcs1v15"}),
'signature':
asymmetric.rsa_pkcs1v15_sign(self.authority.private_key,
b"\x31" + attrs.dump()[1:],
digest_algorithm)
})
resp.append_header("Content-Type", "application/x-pki-message")
resp.body = cms.ContentInfo({
'content_type':
"signed_data",
'content':
cms.SignedData({
'version':
"v1",
'certificates': [self.authority.certificate],
'digest_algorithms':
[cms.DigestAlgorithm({'algorithm': digest_algorithm})],
'encap_content_info': {
'content_type': "data",
'content': encrypted_container
},
'signer_infos': [signer]
})
}).dump()
def request_tsa_response(self, req: tsp.TimeStampReq) \
-> tsp.TimeStampResp:
# We pretend that certReq is always true in the request
# TODO generalise my detached signature logic to include cases like this
# (see § 5.4 in RFC 5652)
# TODO does the RFC
status = tsp.PKIStatusInfo({'status': tsp.PKIStatus('granted')})
message_imprint: tsp.MessageImprint = req['message_imprint']
md_algorithm = self.override_md
if md_algorithm is None:
md_algorithm = message_imprint['hash_algorithm'][
'algorithm'].native
digest_algorithm_obj = algos.DigestAlgorithm(
{'algorithm': md_algorithm})
dt = self.fixed_dt or datetime.now(tz=tzlocal.get_localzone())
tst_info = {
'version':
'v1',
# See http://oidref.com/1.3.6.1.4.1.4146.2.2
# I don't really care too much, this is a testing device anyway
'policy':
tsp.ObjectIdentifier('1.3.6.1.4.1.4146.2.2'),
'message_imprint':
message_imprint,
# should be sufficiently random (again, this is a testing class)
'serial_number':
get_nonce(),
'gen_time':
dt,
'tsa':
x509.GeneralName(name='directory_name',
value=self.tsa_cert.subject)
}
if req['nonce'].native is not None:
tst_info['nonce'] = req['nonce']
tst_info = tsp.TSTInfo(tst_info)
tst_info_data = tst_info.dump()
md_spec = get_pyca_cryptography_hash(md_algorithm)
md = hashes.Hash(md_spec)
md.update(tst_info_data)
message_digest_value = md.finalize()
signed_attrs = cms.CMSAttributes([
simple_cms_attribute('content_type', 'tst_info'),
simple_cms_attribute('signing_time',
cms.Time({'utc_time': core.UTCTime(dt)})),
simple_cms_attribute('signing_certificate',
general.as_signing_certificate(
self.tsa_cert)),
simple_cms_attribute('message_digest', message_digest_value),
])
priv_key = serialization.load_der_private_key(self.tsa_key.dump(),
password=None)
if not isinstance(priv_key, RSAPrivateKey):
raise NotImplementedError("Dummy timestamper is RSA-only.")
signature = priv_key.sign(
signed_attrs.dump(), PKCS1v15(),
get_pyca_cryptography_hash(md_algorithm.upper()))
sig_info = cms.SignerInfo({
'version':
'v1',
'sid':
cms.SignerIdentifier({
'issuer_and_serial_number':
cms.IssuerAndSerialNumber({
'issuer':
self.tsa_cert.issuer,
'serial_number':
self.tsa_cert.serial_number,
})
}),
'digest_algorithm':
digest_algorithm_obj,
'signature_algorithm':
algos.SignedDigestAlgorithm({'algorithm': 'rsassa_pkcs1v15'}),
'signed_attrs':
signed_attrs,
'signature':
signature
})
certs = set(self.certs_to_embed)
certs.add(self.tsa_cert)
signed_data = {
# must use v3 to get access to the EncapsulatedContentInfo construct
'version':
'v3',
'digest_algorithms':
cms.DigestAlgorithms((digest_algorithm_obj, )),
'encap_content_info':
cms.EncapsulatedContentInfo({
'content_type':
cms.ContentType('tst_info'),
'content':
cms.ParsableOctetString(tst_info_data)
}),
'certificates':
certs,
'signer_infos': [sig_info]
}
tst = cms.ContentInfo({
'content_type': cms.ContentType('signed_data'),
'content': cms.SignedData(signed_data)
})
return tsp.TimeStampResp({'status': status, 'time_stamp_token': tst})
def sign_file(
file_path,
signature_file_path,
certificate_file_path,
private_key_file_path,
dev_passphrase=None
):
print(
"Signing %s using %s certificate and %s private key"
% (file_path, certificate_file_path, private_key_file_path)
)
with open(private_key_file_path, "rb") as fp:
private_key = serialization.load_pem_private_key(
fp.read(),
password=dev_passphrase.encode() if dev_passphrase else None,
backend=default_backend()
)
sha256 = hashes.SHA256()
hasher = hashes.Hash(sha256)
with open(file_path, "rb") as fp:
buf = fp.read(CHUNK_SIZE)
while len(buf) > 0:
hasher.update(buf)
buf = fp.read(CHUNK_SIZE)
signature = private_key.sign(
hasher.finalize(), padding.PKCS1v15(), utils.Prehashed(sha256)
)
signed_data = cms.SignedData()
signed_data["version"] = "v1"
signed_data["encap_content_info"] = util.OrderedDict(
[("content_type", "data"), ("content", None)]
)
signed_data["digest_algorithms"] = [
util.OrderedDict([("algorithm", "sha256"), ("parameters", None)])
]
with open(certificate_file_path, "rb") as fp:
der_bytes = fp.read()
if pem.detect(der_bytes):
type_name, headers, der_bytes = pem.unarmor(der_bytes)
else:
print("Wrong certificate format, expected PEM, aborting!")
raise dtcliutils.ExtensionBuildError()
cert = x509.Certificate.load(der_bytes)
signed_data["certificates"] = [
cert,
]
signer_info = cms.SignerInfo()
signer_info["version"] = 1
signer_info["digest_algorithm"] = util.OrderedDict(
[("algorithm", "sha256"), ("parameters", None)]
)
signer_info["signature_algorithm"] = util.OrderedDict(
[("algorithm", "rsassa_pkcs1v15"), ("parameters", core.Null)]
)
signer_info["signature"] = signature
signer_info["sid"] = cms.SignerIdentifier(
{
"issuer_and_serial_number": util.OrderedDict(
[
("issuer", cert.issuer),
("serial_number", cert.serial_number),
]
)
}
)
signed_data["signer_infos"] = [
signer_info,
]
# TODO timestamping?
# dump ASN.1 object
asn1obj = cms.ContentInfo()
asn1obj["content_type"] = "signed_data"
asn1obj["content"] = signed_data
with open(signature_file_path, "wb+") as fp:
der_bytes = asn1obj.dump()
pem_bytes = pem.armor("CMS", der_bytes)
fp.write(pem_bytes)
print("Wrote signature file %s" % signature_file_path)
def _cms_signature(self, zulu: datetime, data: bytes) -> bytes:
"""Sign provided data and return CMS signature.
:param zulu: current UTC time+date
:param data: to be signed
:return: CMS signature (binary)
"""
assert self.certificate is not None
assert self.private_key_pem_data is not None
# signed data (main section)
signed_data = cms.SignedData()
signed_data['version'] = 'v1'
signed_data['encap_content_info'] = util.OrderedDict([
('content_type', 'data')
])
signed_data['digest_algorithms'] = [util.OrderedDict([
('algorithm', 'sha256'),
('parameters', None)])]
# signer info sub-section
signer_info = cms.SignerInfo()
signer_info['version'] = 'v1'
signer_info['digest_algorithm'] = util.OrderedDict([
('algorithm', 'sha256'),
('parameters', None)])
signer_info['signature_algorithm'] = util.OrderedDict([
('algorithm', 'rsassa_pkcs1v15'),
('parameters', b'')])
# signed identifier: issuer amd serial number
asn1cert = x509.Certificate.load(self.certificate.public_bytes(Encoding.DER))
signer_info['sid'] = cms.SignerIdentifier({
'issuer_and_serial_number': cms.IssuerAndSerialNumber({
'issuer': asn1cert.issuer,
'serial_number': asn1cert.serial_number
})
})
# signed attributes
signed_attrs = cms.CMSAttributes()
signed_attrs.append(cms.CMSAttribute({
'type': 'content_type',
'values': [cms.ContentType('data')],
}))
# check time-zone is assigned (expected UTC+0)
assert zulu.tzinfo
signed_attrs.append(cms.CMSAttribute({
'type': 'signing_time',
'values': [cms.Time(name='utc_time', value=zulu.strftime('%y%m%d%H%M%SZ'))],
}))
signed_attrs.append(cms.CMSAttribute({
'type': 'message_digest',
'values': [cms.OctetString(crypto_backend().hash(data))], # digest
}))
signer_info['signed_attrs'] = signed_attrs
# create signature
signer_info['signature'] = crypto_backend().rsa_sign(self.private_key_pem_data, signed_attrs.dump())
# Adding SignerInfo object to SignedData object
signed_data['signer_infos'] = [signer_info]
# content info
content_info = cms.ContentInfo()
content_info['content_type'] = 'signed_data'
content_info['content'] = signed_data
return content_info.dump()