Home Explore Help
Sign In
g
/
prolin-xcb-client
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 94d105e9bc
Branches Tags
prolin-xcb-clie...
/
adb
/
sign_pythonrsa.py

sign_pythonrsa.py 2.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. # Copyright 2014 Google Inc. All rights reserved.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. 

  15. import rsa
    16. 

  16. 

  17. from pyasn1.codec.der import decoder
    18. 

  18. from pyasn1.type import univ
    19. 

  19. from rsa import pkcs1
    20. 

  20. 

  21. 

  22. # python-rsa lib hashes all messages it signs. ADB does it already, we just
    23. 

  23. # need to slap a signature on top of already hashed message. Introduce "fake"
    24. 

  24. # hashing algo for this.
    25. 

  25. class _Accum(object):
    26. 

  26.     def __init__(self):
    27. 

  27.         self._buf = b''
    28. 

  28. 

  29.     def update(self, msg):
    30. 

  30.         self._buf += msg
    31. 

  31. 

  32.     def digest(self):
    33. 

  33.         return self._buf
    34. 

  34. 

  35. 

  36. pkcs1.HASH_METHODS['SHA-1-PREHASHED'] = _Accum
    37. 

  37. pkcs1.HASH_ASN1['SHA-1-PREHASHED'] = pkcs1.HASH_ASN1['SHA-1']
    38. 

  38. 

  39. 

  40. def _load_rsa_private_key(pem):
    41. 

  41.     """PEM encoded PKCS#8 private key -> rsa.PrivateKey."""
    42. 

  42.     # ADB uses private RSA keys in pkcs#8 format. 'rsa' library doesn't support
    43. 

  43.     # them natively. Do some ASN unwrapping to extract naked RSA key
    44. 

  44.     # (in der-encoded form). See https://www.ietf.org/rfc/rfc2313.txt.
    45. 

  45.     # Also http://superuser.com/a/606266.
    46. 

  46.     try:
    47. 

  47.         der = rsa.pem.load_pem(pem, 'PRIVATE KEY')
    48. 

  48.         keyinfo, _ = decoder.decode(der)
    49. 

  49.         if keyinfo[1][0] != univ.ObjectIdentifier(
    50. 

  50.                 '1.2.840.113549.1.1.1'):  # pragma: no cover
    51. 

  51.             raise ValueError('Not a DER-encoded OpenSSL private RSA key')
    52. 

  52.         private_key_der = keyinfo[2].asOctets()
    53. 

  53.     except IndexError:  # pragma: no cover
    54. 

  54.         raise ValueError('Not a DER-encoded OpenSSL private RSA key')
    55. 

  55.     return rsa.PrivateKey.load_pkcs1(private_key_der, format='DER')
    56. 

  56. 

  57. 

  58. class PythonRSASigner(object):
    59. 

  59.     """Implements adb_protocol.AuthSigner using http://stuvel.eu/rsa."""
    60. 

  60. 

  61.     @classmethod
    62. 

  62.     def FromRSAKeyPath(cls, rsa_key_path):
    63. 

  63.         with open(rsa_key_path + '.pub') as f:
    64. 

  64.             pub = f.read()
    65. 

  65.         with open(rsa_key_path) as f:
    66. 

  66.             priv = f.read()
    67. 

  67.         return cls(pub, priv)
    68. 

  68. 

  69.     def __init__(self, pub=None, priv=None):
    70. 

  70.         self.priv_key = _load_rsa_private_key(priv)
    71. 

  71.         self.pub_key = pub
    72. 

  72. 

  73.     def Sign(self, data):
    74. 

  74.         return rsa.sign(data, self.priv_key, 'SHA-1-PREHASHED')
    75. 

  75. 

  76.     def GetPublicKey(self):
    77. 

  77.         return self.pub_key
    78.