def testOpenTypes(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate clearance_sponsor_found = False for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_ce_subjectDirectoryAttributes: assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() ev, rest = der_decode(extn['extnValue'], asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']], decodeOpenTypes=True) assert not rest assert ev.prettyPrint() assert der_encode(ev) == extn['extnValue'] for attr in ev: if attr['type'] == rfc5917.id_clearanceSponsor: hrd = u'Human Resources Department' assert attr['values'][0]['utf8String'] == hrd clearance_sponsor_found = True assert clearance_sponsor_found
def testDerCodec(self): asn1Spec = rfc5280.Certificate() substrate = pem.readBase64fromText(self.kea_cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][ 'algorithm'] assert spki_a['algorithm'] == rfc3279.id_keyExchangeAlgorithm spki_a_p, rest = der_decode(spki_a['parameters'], asn1Spec=rfc3279.KEA_Parms_Id()) assert not rest assert spki_a_p.prettyPrint() assert der_encode(spki_a_p) == spki_a['parameters'] assert spki_a_p == univ.OctetString(hexValue='5cf8f127e6569d6d88b3') assert asn1Object['tbsCertificate']['signature'][ 'algorithm'] == rfc3279.id_dsa_with_sha1 assert asn1Object['signatureAlgorithm'][ 'algorithm'] == rfc3279.id_dsa_with_sha1 sig_value, rest = der_decode(asn1Object['signature'].asOctets(), asn1Spec=rfc3279.Dss_Sig_Value()) assert not rest assert sig_value.prettyPrint() assert der_encode(sig_value) == asn1Object['signature'].asOctets() assert sig_value['r'].hasValue() assert sig_value['s'].hasValue()
def testDerCodec(self): substrate = pem.readBase64fromText(self.dsa_cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate spki_a = asn1Object['tbsCertificate']['subjectPublicKeyInfo'][ 'algorithm'] assert spki_a['algorithm'] == rfc3279.id_dsa spki_a_p, rest = der_decode(spki_a['parameters'], asn1Spec=rfc3279.Dss_Parms()) assert not rest assert spki_a_p.prettyPrint() assert der_encode(spki_a_p) == spki_a['parameters'] q_value = 1260916123897116834511257683105158021801897369967 assert spki_a_p['q'] == q_value sig_value, rest = der_decode(asn1Object['signature'].asOctets(), asn1Spec=rfc3279.Dss_Sig_Value()) assert not rest assert sig_value.prettyPrint() assert der_encode(sig_value) == asn1Object['signature'].asOctets() assert sig_value['r'].hasValue() assert sig_value['s'].hasValue()
def testOpenTypes(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate nai_realm_oid = rfc7585.id_on_naiRealm nai_realm_found = False for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_ce_subjectAltName: extnValue, rest = der_decode(extn['extnValue'], asn1Spec=rfc5280.SubjectAltName(), decodeOpenTypes=True) assert not rest assert extnValue.prettyPrint() assert der_encode(extnValue) == extn['extnValue'] for gn in extnValue: if gn['otherName'].hasValue(): assert gn['otherName']['type-id'] == nai_realm_oid assert 'example' in gn['otherName']['value'] nai_realm_found = True assert nai_realm_found
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_ct_authData ad, rest = der_decode(asn1Object['content'], asn1Spec=rfc5652.AuthenticatedData()) assert not rest assert ad.prettyPrint() assert der_encode(ad) == asn1Object['content'] assert ad['version'] == 0 assert ad['digestAlgorithm'][ 'algorithm'] == rfc6210.id_alg_MD5_XOR_EXPERIMENT mac_alg_p, rest = der_decode(ad['digestAlgorithm']['parameters'], asn1Spec=rfc5280.algorithmIdentifierMap[ ad['digestAlgorithm']['algorithm']]) assert not rest assert mac_alg_p.prettyPrint() assert der_encode(mac_alg_p) == ad['digestAlgorithm']['parameters'] assert mac_alg_p.prettyPrint()[:10] == "0x01020304"
def testDerCodec(self): substrate = pem.readBase64fromText(self.mud_cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc8520.id_pe_mudsigner: mudsigner, rest = der_decode(extn['extnValue'], rfc8520.MUDsignerSyntax()) assert der_encode(mudsigner) == extn['extnValue'] c = rfc5280.X520countryName(value="CH") assert mudsigner[0][0][0]['value'] == der_encode(c) e = rfc5280.EmailAddress(value="*****@*****.**") assert mudsigner[0][1][0]['value'] == der_encode(e) cn = rfc5280.X520CommonName() cn['printableString'] = "Eliot Lear" assert mudsigner[0][2][0]['value'] == der_encode(cn) if extn['extnID'] == rfc8520.id_pe_mud_url: mudurl, rest = der_decode(extn['extnValue'], rfc8520.MUDURLSyntax()) assert der_encode(mudurl) == extn['extnValue'] assert mudurl[-5:] == ".json"
def testDerCodec(self): substrate = pem.readBase64fromText(self.xmpp_server_cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate count = 0 for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_ce_subjectAltName: extnValue, rest = der_decode(extn['extnValue'], asn1Spec=rfc5280.SubjectAltName()) assert not rest assert extnValue.prettyPrint() assert der_encode(extnValue) == extn['extnValue'] for gn in extnValue: if gn['otherName'].hasValue(): gn_on = gn['otherName'] if gn_on['type-id'] == rfc6120.id_on_xmppAddr: assert gn_on['type-id'] in rfc5280.anotherNameMap.keys() spec = rfc5280.anotherNameMap[gn['otherName']['type-id']] on, rest = der_decode(gn_on['value'], asn1Spec=spec) assert not rest assert on.prettyPrint() assert der_encode(on) == gn_on['value'] assert on == u'im.example.com' count += 1 assert count == 1
def testDerCodec(self): substrate = pem.readBase64fromText(self.encrypted_key_pkg_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc6032.id_ct_KP_encryptedKeyPkg content, rest = der_decode(asn1Object['content'], rfc6032.EncryptedKeyPackage()) assert not rest assert content.prettyPrint() assert der_encode(content) == asn1Object['content'] assert content.getName() == 'encrypted' eci = content['encrypted']['encryptedContentInfo'] assert eci['contentType'] == rfc6032.id_ct_KP_encryptedKeyPkg attrType = content['encrypted']['unprotectedAttrs'][0]['attrType'] assert attrType == rfc6032.id_aa_KP_contentDecryptKeyID attrVal0 = content['encrypted']['unprotectedAttrs'][0]['attrValues'][0] keyid, rest = der_decode(attrVal0, rfc6032.ContentDecryptKeyID()) assert not rest assert keyid.prettyPrint() assert der_encode(keyid) == attrVal0 assert keyid == b'ptf-kdc-812374'
def testDerCodec(self): smimeCapMap = { univ.ObjectIdentifier('1.2.3.4.5.6.77'): univ.OctetString(), } smimeCapMap.update(rfc5751.smimeCapabilityMap) substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData assert asn1Object['content']['version'] == 1 for si in asn1Object['content']['signerInfos']: assert si['version'] == 1 for attr in si['signedAttrs']: if attr['attrType'] == rfc5751.smimeCapabilities: for scap in attr['attrValues'][0]: if scap['capabilityID'] in smimeCapMap.keys(): scap_p, rest = der_decode( scap['parameters'], asn1Spec=smimeCapMap[scap['capabilityID']]) assert not rest assert der_encode(scap_p) == scap['parameters'] assert 'parameters' in scap_p.prettyPrint() if attr['attrType'] == rfc5751.id_aa_encrypKeyPref: ekp_issuer_serial = attr['attrValues'][0][ 'issuerAndSerialNumber'] assert ekp_issuer_serial['serialNumber'] == 173360179
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate extn_list = [] for extn in asn1Object['tbsCertificate']['extensions']: extn_list.append(extn['extnID']) if extn['extnID'] == rfc7773.id_ce_authContext: s = extn['extnValue'] acs, rest = der_decode( s, asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) assert not rest assert acs.prettyPrint() assert s == der_encode(acs) assert u'id.elegnamnden.se' in acs[0]['contextType'] assert u'AuthContextInfo IdentityProvider' in acs[0][ 'contextInfo'] assert rfc7773.id_ce_authContext in extn_list
def testOpenTypes(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate perm_id_oid = rfc4043.id_on_permanentIdentifier assigner_oid = univ.ObjectIdentifier('1.3.6.1.4.1.22112.48') permanent_identifier_found = False for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_ce_subjectAltName: extnValue, rest = der_decode(extn['extnValue'], asn1Spec=rfc5280.SubjectAltName(), decodeOpenTypes=True) assert not rest assert extnValue.prettyPrint() assert der_encode(extnValue) == extn['extnValue'] for gn in extnValue: if gn['otherName'].hasValue(): on = gn['otherName'] assert on['type-id'] == perm_id_oid assert on['value']['assigner'] == assigner_oid permanent_identifier_found = True assert permanent_identifier_found
def testDerCodec(self): substrate = pem.readBase64fromText(self.ocsp_resp_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['responseStatus'] == 0 rb = asn1Object['responseBytes'] assert rb['responseType'] in rfc6960.ocspResponseMap.keys() resp, rest = der_decode( rb['response'], asn1Spec=rfc6960.ocspResponseMap[rb['responseType']]) assert not rest assert resp.prettyPrint() assert der_encode(resp) == rb['response'] resp['tbsResponseData']['version'] == 0 count = 0 for extn in resp['tbsResponseData']['responseExtensions']: assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys() ev, rest = der_decode( extn['extnValue'], asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) assert not rest assert ev.prettyPrint() assert der_encode(ev) == extn['extnValue'] count += 1 assert count == 1
def testOpenTypes(self): substrate = pem.readBase64fromText(self.ocsp_resp_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['responseStatus'] == 0 rb = asn1Object['responseBytes'] assert rb['responseType'] in rfc6960.ocspResponseMap.keys() resp, rest = der_decode( rb['response'], asn1Spec=rfc6960.ocspResponseMap[rb['responseType']], decodeOpenTypes=True) assert not rest assert resp.prettyPrint() assert der_encode(resp) == rb['response'] resp['tbsResponseData']['version'] == 0 for rdn in resp['tbsResponseData']['responderID']['byName'][ 'rdnSequence']: for attr in rdn: if attr['type'] == rfc5280.id_emailAddress: assert attr['value'] == '*****@*****.**' for r in resp['tbsResponseData']['responses']: ha = r['certID']['hashAlgorithm'] assert ha['algorithm'] == rfc4055.id_sha1 assert ha['parameters'] == univ.Null("")
def testOpenTypes(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate cat_value_found = False for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5913.id_pe_clearanceConstraints: assert extn['extnID'] in rfc5280.certificateExtensionsMap.keys( ) ev, rest = der_decode( extn['extnValue'], asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']], decodeOpenTypes=True) assert not rest assert ev.prettyPrint() assert der_encode(ev) == extn['extnValue'] for c in ev: if c['policyId'] == rfc3114.id_tsp_TEST_Whirlpool: for sc in c['securityCategories']: assert sc[ 'type'] in rfc5755.securityCategoryMap.keys() for cat in sc['value']: assert u'USE ONLY' in cat cat_value_found = True assert cat_value_found
def testDerCodec(self): access_methods = [ rfc6487.id_ad_rpkiManifest, rfc6487.id_ad_signedObject, ] substrate = pem.readBase64fromText(self.rpki_cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate count = 0 for extn in asn1Object['tbsCertificate']['extensions']: if extn['extnID'] == rfc5280.id_pe_subjectInfoAccess: extnValue, rest = der_decode( extn['extnValue'], asn1Spec=rfc5280.SubjectInfoAccessSyntax()) for ad in extnValue: if ad['accessMethod'] in access_methods: uri = ad['accessLocation']['uniformResourceIdentifier'] assert 'rpki.apnic.net' in uri count += 1 assert count == 1
def testDerCodec(self): substrate = pem.readBase64fromText(self.message1_pem_text) asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData sd, rest = der_decode (asn1Object['content'], asn1Spec=rfc5652.SignedData()) for sa in sd['signerInfos'][0]['signedAttrs']: sat = sa['attrType'] sav0 = sa['attrValues'][0] if sat == rfc7191.id_aa_KP_keyPkgIdAndReceiptReq: sav, rest = der_decode(sav0, asn1Spec=rfc7191.KeyPkgIdentifierAndReceiptReq()) assert not rest assert sav.prettyPrint() assert der_encode(sav) == sav0 package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" package_id = pem.readBase64fromText(package_id_pem_text) assert sav['pkgID'] == package_id
def testOpenTypes(self): substrate = pem.readBase64fromText(self.tau_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate eci = asn1Object['content']['encapContentInfo'] assert eci['eContentType'] in rfc5652.cmsContentTypesMap.keys() assert eci['eContentType'] == rfc5934.id_ct_TAMP_update tau, rest = der_decode( eci['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']], decodeOpenTypes=True) assert not rest assert tau.prettyPrint() assert der_encode(tau) == eci['eContent'] assert tau['version'] == 2 assert tau['msgRef']['target'] == univ.Null("") assert tau['msgRef']['seqNum'] == 1568307088 count = 0 for u in tau['updates']: count += 1 assert count == 1
def testOpenTypes(self): substrate = pem.readBase64fromText(self.pfx_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate digest_alg = asn1Object['macData']['mac']['digestAlgorithm'] assert not digest_alg['parameters'].hasValue() authsafe, rest = der_decode(asn1Object['authSafe']['content'], asn1Spec=rfc7292.AuthenticatedSafe(), decodeOpenTypes=True) assert not rest assert authsafe.prettyPrint() assert der_encode(authsafe) == asn1Object['authSafe']['content'] for ci in authsafe: assert ci['contentType'] == rfc5652.id_data sc, rest = der_decode(ci['content'], asn1Spec=rfc7292.SafeContents(), decodeOpenTypes=True) assert not rest assert sc.prettyPrint() assert der_encode(sc) == ci['content'] for sb in sc: if sb['bagId'] == rfc7292.id_pkcs8ShroudedKeyBag: bv = sb['bagValue'] enc_alg = bv['encryptionAlgorithm']['algorithm'] assert enc_alg == rfc7292.pbeWithSHAAnd3_KeyTripleDES_CBC enc_alg_param = bv['encryptionAlgorithm']['parameters'] assert enc_alg_param['iterations'] == 2000
def testDerCodec(self): substrate = pem.readBase64fromText(self.signed_receipt_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData sd, rest = der_decode(asn1Object['content'], asn1Spec=rfc5652.SignedData()) assert not rest assert sd.prettyPrint() assert der_encode(sd) == asn1Object['content'] assert sd['encapContentInfo']['eContentType'] == rfc5035.id_ct_receipt receipt, rest = der_decode(sd['encapContentInfo']['eContent'], asn1Spec=rfc5035.Receipt()) assert not rest assert receipt.prettyPrint() assert der_encode(receipt) == sd['encapContentInfo']['eContent'] for sa in sd['signerInfos'][0]['signedAttrs']: sat = sa['attrType'] sav0 = sa['attrValues'][0] if sat in rfc5035.ESSAttributeMap.keys(): sav, rest = der_decode(sav0, asn1Spec=rfc5035.ESSAttributeMap[sat]) assert not rest assert sav.prettyPrint() assert der_encode(sav) == sav0
def testOpenTypes(self): substrate = pem.readBase64fromText(self.signed_receipt_pem_text) rfc5652.cmsContentTypesMap.update(rfc5035.cmsContentTypesMapUpdate) rfc5652.cmsAttributesMap.update(rfc5035.ESSAttributeMap) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] in rfc5652.cmsContentTypesMap.keys() assert asn1Object['contentType'] == rfc5652.id_signedData sd = asn1Object['content'] assert sd['version'] == rfc5652.CMSVersion().subtype(value='v3') assert sd['encapContentInfo'][ 'eContentType'] in rfc5652.cmsContentTypesMap.keys() assert sd['encapContentInfo']['eContentType'] == rfc5035.id_ct_receipt for sa in sd['signerInfos'][0]['signedAttrs']: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() if sa['attrType'] == rfc5035.id_aa_msgSigDigest: sa['attrValues'][0].prettyPrint()[:10] == '0x167378' # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot # automatically decode it receipt, rest = der_decode(sd['encapContentInfo']['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[ sd['encapContentInfo']['eContentType']]) assert receipt['version'] == rfc5035.ESSVersion().subtype(value='v1')
def recover_key(c1, sig1, c2, sig2): #using the same variable names as in: #http://en.wikipedia.org/wiki/Elliptic_Curve_DSA n = curve_order # s1 = string_to_number(sig1[0:47]) # s2 = string_to_number(sig2[0:47]) sig, _ = der_decode(sig1, asn1Spec=EcSignature()) s1 = int(sig["s"]) r = int(sig["r"]) sig, _ = der_decode(sig2, asn1Spec=EcSignature()) s2 = int(sig["s"]) # r = string_to_number(sig1[48:95]) print s2 print r z1 = string_to_number(sha256(c1)) z2 = string_to_number(sha256(c2)) sdiff_inv = inverse_mod(((s1 - s2) % n), n) k = (((z1 - z2) % n) * sdiff_inv) % n r_inv = inverse_mod(r, n) da = (((((s1 * k) % n) - z1) % n) * r_inv) % n recovered_private_key_ec = SigningKey.from_secret_exponent(da, curve=SECP256k1) print recovered_private_key_ec.privkey.secret_multiplier return recovered_private_key_ec.to_pem()
def getKey(directory: Path, masterPassword=""): dbfile: Path = directory / "key4.db" if not dbfile.exists(): raise NoDatabase() # firefox 58.0.2 / NSS 3.35 with key4.db in SQLite conn = sqlite3.connect(dbfile.as_posix()) c = conn.cursor() # first check password c.execute("SELECT item1,item2 FROM metadata WHERE id = 'password';") row = next(c) globalSalt = row[0] # item1 item2 = row[1] decodedItem2, _ = der_decode(item2) entrySalt = decodedItem2[0][1][0].asOctets() cipherT = decodedItem2[1].asOctets() clearText = decrypt3DES(globalSalt, masterPassword, entrySalt, cipherT) # usual Mozilla PBE if clearText != b"password-check\x02\x02": raise WrongPassword() #if args.verbose: # print("password checked", file=sys.stderr) # decrypt 3des key to decrypt "logins.json" content c.execute("SELECT a11,a102 FROM nssPrivate;") for row in c: if row[1] == MAGIC1: break a11 = row[0] # CKA_VALUE assert row[1] == MAGIC1 # CKA_ID decodedA11, _ = der_decode(a11) entrySalt = decodedA11[0][1][0].asOctets() cipherT = decodedA11[1].asOctets() key = decrypt3DES(globalSalt, masterPassword, entrySalt, cipherT) #if args.verbose: # print("3deskey", key.hex(), file=sys.stderr) return key[:24]
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate ea = asn1Object['encryptionAlgorithm'] assert ea['algorithm'] == rfc8018.id_PBES2 assert ea['algorithm'] in rfc5280.algorithmIdentifierMap.keys() params, rest = der_decode(ea['parameters'], asn1Spec=rfc5280.algorithmIdentifierMap[ea['algorithm']]) assert not rest assert params.prettyPrint() assert der_encode(params) == ea['parameters'] kdf = params['keyDerivationFunc'] assert kdf['algorithm'] == rfc7914.id_scrypt assert kdf['algorithm'] in rfc5280.algorithmIdentifierMap.keys() kdfp, rest = der_decode(kdf['parameters'], asn1Spec=rfc5280.algorithmIdentifierMap[kdf['algorithm']]) assert not rest assert kdfp.prettyPrint() assert der_encode(kdfp) == kdf['parameters'] assert kdfp['costParameter'] == 1048576
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['acinfo']['version'] == 1 attributeMap = { rfc3281.id_at_role: rfc3281.RoleSyntax(), rfc3281.id_aca_authenticationInfo: rfc3281.SvceAuthInfo(), rfc3281.id_aca_accessIdentity: rfc3281.SvceAuthInfo(), rfc3281.id_aca_chargingIdentity: rfc3281.IetfAttrSyntax(), rfc3281.id_aca_group: rfc3281.IetfAttrSyntax(), } count = 0 for attr in asn1Object['acinfo']['attributes']: assert attr['type'] in attributeMap av, rest = der_decode(attr['values'][0], asn1Spec=attributeMap[attr['type']]) assert not rest assert av.prettyPrint() assert der_encode(av) == attr['values'][0] count += 1 assert count == 5
def testDerCodec(self): substrate = pem.readBase64fromText(self.message3_pem_text) asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData sd, rest = der_decode (asn1Object['content'], asn1Spec=rfc5652.SignedData()) assert not rest assert sd.prettyPrint() assert der_encode(sd) == asn1Object['content'] oid = sd['encapContentInfo']['eContentType'] assert oid == rfc7191.id_ct_KP_keyPackageError kpe, rest = der_decode(sd['encapContentInfo']['eContent'], asn1Spec=rfc7191.KeyPackageError()) assert not rest assert kpe.prettyPrint() assert der_encode(kpe) == sd['encapContentInfo']['eContent'] package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" package_id = pem.readBase64fromText(package_id_pem_text) assert kpe['errorOf']['pkgID'] == package_id assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.message3_pem_text) asn1Object, rest = der_decode (substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData v3 = rfc5652.CMSVersion().subtype(value='v3') assert asn1Object['content']['version'] == v3 for sa in asn1Object['content']['signerInfos'][0]['signedAttrs']: assert sa['attrType'] in rfc5652.cmsAttributesMap.keys() if sa['attrType'] == rfc5652.id_messageDigest: assert '0xa05c54d4737' in sa['attrValues'][0].prettyPrint() ct_oid = asn1Object['content']['encapContentInfo']['eContentType'] assert ct_oid in rfc5652.cmsContentTypesMap.keys() assert ct_oid == rfc7191.id_ct_KP_keyPackageError # Since receipt is inside an OCTET STRING, decodeOpenTypes=True cannot # automatically decode it sd_eci = asn1Object['content']['encapContentInfo'] kpe, rest = der_decode(sd_eci['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[sd_eci['eContentType']]) package_id_pem_text = "J7icVjsWIlGdF4cceb+siG3f+D0=" package_id = pem.readBase64fromText(package_id_pem_text) assert kpe['errorOf']['pkgID'] == package_id assert kpe['errorCode'] == rfc7191.EnumeratedErrorCode(value=10)
def testOpenTypes(self): substrate = pem.readBase64fromText(self.cert_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate extn_list = [] for extn in asn1Object['tbsCertificate']['extensions']: extn_list.append(extn['extnID']) if extn['extnID'] in rfc5280.certificateExtensionsMap.keys(): extnValue, rest = der_decode( extn['extnValue'], asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']]) assert der_encode(extnValue) == extn['extnValue'] if extn['extnID'] == rfc4334.id_pe_wlanSSID: assert str2octs('Example') in extnValue if extn['extnID'] == rfc5280.id_ce_extKeyUsage: assert rfc4334.id_kp_eapOverLAN in extnValue assert rfc4334.id_kp_eapOverPPP in extnValue assert rfc4334.id_pe_wlanSSID in extn_list assert rfc5280.id_ce_extKeyUsage in extn_list
def testOpenTypes(self): substrate = pem.readBase64fromText(self.tsr_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=rfc5652.ContentInfo(), decodeOpenTypes=True) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate eci = asn1Object['content']['encapContentInfo'] assert eci['eContentType'] in rfc5652.cmsContentTypesMap.keys() assert eci['eContentType'] == rfc5934.id_ct_TAMP_statusResponse tsr, rest = der_decode( eci['eContent'], asn1Spec=rfc5652.cmsContentTypesMap[eci['eContentType']], decodeOpenTypes=True) assert not rest assert tsr.prettyPrint() assert der_encode(tsr) == eci['eContent'] assert tsr['version'] == 2 assert tsr['query']['target'] == univ.Null("") assert tsr['query']['seqNum'] == 1568307071 assert tsr['usesApex'] == False count = 0 for tai in tsr['response']['verboseResponse']['taInfo']: count += 1 assert tai['taInfo']['version'] == 1 assert count == 3
async def get_old_timestamp(signature, timestamp_url=None): """Retrieve an old style timestamp countersignature. Args: signature (str): the signature to get a counter signature for. This is usally the encryptedDigest of our file's signerInfo section. timestamp_url (str): what service to use to fetch the timestamp countersignature from. defaults to 'http://timestamp.digicert.com'. Returns: SignedData object """ req = OldTimeStampReq() req["type"] = univ.ObjectIdentifier("1.3.6.1.4.1.311.3.2.1") req["blob"]["signature"] = signature req["blob"]["type"] = univ.ObjectIdentifier("1.2.840.113549.1.7.1") encoded_req = der_encode(req) b64_req = base64.b64encode(encoded_req) url = timestamp_url or "http://timestamp.digicert.com" async with aiohttp.request( "POST", url, data=b64_req, headers={"Content-Type": "application/octet-stream"} ) as resp: # Uncomment below to capture a real response # open('old-ts.dat', 'wb').write(resp.content) ci, _ = der_decode(base64.b64decode(await resp.read()), ContentInfo()) ts, _ = der_decode(ci["content"], SignedData()) return ts
def testDerCodec(self): substrate = pem.readBase64fromText(self.constrained_pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['extnID'] == rfc6010.id_pe_cmsContentConstraints evalue, rest = der_decode(asn1Object['extnValue'], asn1Spec=rfc6010.CMSContentConstraints()) assert not rest assert evalue.prettyPrint() assert der_encode(evalue) == asn1Object['extnValue'] constraint_count = 0 attribute_count = 0 cannot_count = 0 for ccc in evalue: constraint_count += 1 if ccc['canSource'] == 1: cannot_count += 1 if ccc['attrConstraints'].hasValue(): for attr in ccc['attrConstraints']: attribute_count += 1 assert constraint_count == 4 assert attribute_count == 3 assert cannot_count == 1
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['attrType'] == rfc6019.id_aa_binarySigningTime bintime, rest = der_decode(asn1Object['attrValues'][0], asn1Spec=rfc6019.BinaryTime()) assert bintime == 0x5cbf8654
def __init__ (self, b64val, challenge = None, *extensions, ** kw) : """ This gets a base64 encoded value as returned by a browser when filling in a form with a keygen element. The optional challenge is the challenge string issued by the web server and is checked against the signed challenge value returned by the browser (inside the b64val). We generally return a SPKAC_Decode_Error in case something cannot be parsed. The base64 encoded value is ASN.1 and stores the following Netscape SPKI/SPKAC data structure: ASN.1 notation of this (see HTML-5 keygen docs) PublicKeyAndChallenge ::= SEQUENCE { spki SubjectPublicKeyInfo, challenge IA5STRING } SignedPublicKeyAndChallenge ::= SEQUENCE { publicKeyAndChallenge PublicKeyAndChallenge, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } """ try : seq, rest = der_decode (b64decode (b64val)) except PyAsn1Error, e : raise SPKAC_Decode_Error (e)
def __init__(self, subject, last_update=None, next_update=None): self.asn1_subject, rest = der_decode(subject.as_der()) assert not rest self.crl = [] lu = last_update or long(time()) nu = next_update or lu + 60 * 60 * 24 * 31 self.last_update = UTCTime(strftime(self.time_fmt, gmtime(lu))) self.next_update = UTCTime(strftime(self.time_fmt, gmtime(nu)))
def testDerCodec(self): substrate = pem.readBase64fromText(self.pem_text) asn1Object, rest = der_decode(substrate, asn1Spec=self.asn1Spec) assert not rest assert asn1Object.prettyPrint() assert der_encode(asn1Object) == substrate assert asn1Object['contentType'] == rfc5652.id_signedData inner, rest = der_decode(asn1Object['content'], asn1Spec=rfc5652.SignedData()) assert inner['encapContentInfo']['eContentType'] == rfc4108.id_ct_firmwarePackage assert inner['encapContentInfo']['eContent'] found_target_hardware_identifier_attribute = False for attr in inner['signerInfos'][0]['signedAttrs']: if attr['attrType'] == rfc4108.id_aa_targetHardwareIDs: found_target_hardware_identifier_attribute = True assert found_target_hardware_identifier_attribute
def from_binary(data): """ Create a Condition object from a binary blob. This method will parse a stream of binary data and construct a corresponding Condition object. Args: data (bytes): Binary data representing the condition. Returns: Condition: Resulting object """ asn1_condtion_obj, residue = der_decode(data, asn1Spec=Asn1Condition()) asn1_condition_dict = nat_encode(asn1_condtion_obj) return Condition.from_asn1_dict(asn1_condition_dict)
def from_binary(data): """ Create a Fulfillment object from a DER encoded binary representation of a fulfillment. Args: data (bytes): DER encoded fulfillment in bytes. Returns: Fulfillment: :class:`~.Fulfillment` instance. """ try: asn1_obj, _ = der_decode(data, asn1Spec=Asn1Fulfillment()) except (SubstrateUnderrunError, PyAsn1Error, TypeError) as exc: raise ASN1DecodeError('Failed to decode fulfillment.') from exc asn1_dict = nat_encode(asn1_obj) return Fulfillment.from_asn1_dict(asn1_dict)
def decrypt_blob(self, blob): if blob == None: return "" if len(blob) < 48: print "keychain blob length must be >= 48" return version, clas = struct.unpack("<LL", blob[0:8]) clas &= 0xF self.clas = clas if version == 0: wrappedkey = blob[8 : 8 + 40] encrypted_data = blob[48:] elif version == 2: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12 : 12 + l] encrypted_data = blob[12 + l : -16] elif version == 3: l = struct.unpack("<L", blob[8:12])[0] wrappedkey = blob[12 : 12 + l] encrypted_data = blob[12 + l : -16] else: raise Exception("unknown keychain verson ", version) return unwrappedkey = self.keybag.unwrapKeyForClass(clas, wrappedkey, False) if not unwrappedkey: return if version == 0: return AESdecryptCBC(encrypted_data, unwrappedkey, padding=True) elif version == 2: binaryplist = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) return BPlistReader(binaryplist).parse() elif version == 3: der = gcm_decrypt(unwrappedkey, "", encrypted_data, "", blob[-16:]) stuff = der_decode(der)[0] rval = {} for k, v in stuff: k = str(k) # NB - this is binary and may not be valid UTF8 data v = str(v) rval[k] = v return rval
def parse_pem_to_certs(pem): """ Convert PEM formatted certificates into DER format. :param pem: String containing a list of PEM encoded certificates :returns: List of Python objects representing certificates """ certs_der = [] acc = "" state = "PRE" for line in pem.split("\n"): if state == "PRE" and line == "-----BEGIN CERTIFICATE-----": state = "BODY_OR_META" elif state == "PRE" and not line: pass elif state == "BODY_OR_META" and ":" in line: state = "META" elif state == "BODY" and line == "-----END CERTIFICATE-----": certs_der.append(base64.b64decode(acc)) acc = "" state = "PRE" elif state == "META" and not line: state = "BODY" elif state == "BODY" or state == "BODY_OR_META": acc += line state = "BODY" else: raise CertificateParseError(f'Unexpected input "{line}" in state "{state}"') if acc: raise CertificateParseError(f"Unexpected end of input. Leftover: {acc}") certs_py = [] for der in certs_der: cert, rest_of_input = der_decode(der, asn1Spec=rfc5280.Certificate()) assert not rest_of_input # assert no left over input certs_py.append(python_encode(cert)) return certs_py
def ParseIt(self, data, tblname, export): record = {} Decoded = der_decode(data)[0] for k, v in Decoded: #self.datadict.items(): data = '%s'%v if k == 'atyp': data = self.GetAuthType(data) elif k == 'pdmn': data = self.GetAccessibleName(data) elif k == 'cdat' or k == 'mdat': data = self.Getdate(data) elif k == 'ptcl': data = self.GetProtoFullName(data) elif k == 'klbl': data = data.encode('hex') if export == 0: k = self.GetColumnFullName('%s'%k) record[k] = data return record