| 
									
										
										
										
											2009-02-28 20:54:37 -05:00
										 |  |  | # -*- coding: utf-8 -*- | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # =================================================================== | 
					
						
							|  |  |  | # The contents of this file are dedicated to the public domain.  To | 
					
						
							|  |  |  | # the extent that dedication to the public domain is not available, | 
					
						
							|  |  |  | # everyone is granted a worldwide, perpetual, royalty-free, | 
					
						
							|  |  |  | # non-exclusive license to exercise all rights associated with the | 
					
						
							|  |  |  | # contents of this file for any purpose whatsoever. | 
					
						
							|  |  |  | # No rights are reserved. | 
					
						
							|  |  |  | # | 
					
						
							|  |  |  | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | 
					
						
							|  |  |  | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | 
					
						
							|  |  |  | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | 
					
						
							|  |  |  | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | 
					
						
							|  |  |  | # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | 
					
						
							|  |  |  | # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | 
					
						
							|  |  |  | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 
					
						
							|  |  |  | # SOFTWARE. | 
					
						
							|  |  |  | # =================================================================== | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2002-05-24 14:16:22 -07:00
										 |  |  | """Public-key encryption and signature algorithms.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Public-key encryption uses two different keys, one for encryption and | 
					
						
							|  |  |  | one for decryption.  The encryption key can be made public, and the | 
					
						
							|  |  |  | decryption key is kept private.  Many public-key algorithms can also | 
					
						
							|  |  |  | be used to sign messages, and some can *only* be used for signatures. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-04-12 00:49:32 +02:00
										 |  |  | ========================  ============================================= | 
					
						
							|  |  |  | Module                    Description | 
					
						
							|  |  |  | ========================  ============================================= | 
					
						
							|  |  |  | Crypto.PublicKey.DSA      Digital Signature Algorithm (Signature only) | 
					
						
							| 
									
										
										
										
											2002-05-24 14:16:22 -07:00
										 |  |  | Crypto.PublicKey.ElGamal  (Signing and encryption) | 
					
						
							| 
									
										
										
										
											2003-04-03 21:27:13 -07:00
										 |  |  | Crypto.PublicKey.RSA      (Signing, encryption, and blinding) | 
					
						
							| 
									
										
										
										
											2012-04-12 00:49:32 +02:00
										 |  |  | ========================  ============================================= | 
					
						
							| 
									
										
										
										
											2012-04-12 23:16:52 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-12-05 21:33:56 +01:00
										 |  |  | :undocumented: _DSA | 
					
						
							| 
									
										
										
										
											2002-05-24 14:16:22 -07:00
										 |  |  | """
 | 
					
						
							| 
									
										
										
										
											1998-12-13 19:19:48 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2012-05-24 07:32:07 -04:00
										 |  |  | __all__ = ['RSA', 'DSA', 'ElGamal'] | 
					
						
							| 
									
										
										
										
											1998-12-13 19:19:48 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-07-13 22:55:19 +02:00
										 |  |  | def _extract_sp_info(x509_certificate): | 
					
						
							|  |  |  |     """Extract subjectPublicKeyInfo from a DER X.509 certificate.""" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     from Crypto.Util.asn1 import DerSequence, DerInteger | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try: | 
					
						
							|  |  |  |         # This code will partially parse tbsCertificate | 
					
						
							|  |  |  |         # to get to subjectPublicKeyInfo. | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # However, the first 2 elements of tbsCertificate are: | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         #   version [0]  Version DEFAULT v1, | 
					
						
							|  |  |  |         #   serialNumber         CertificateSerialNumber, | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # where: | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         #   Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  } | 
					
						
							|  |  |  |         #   CertificateSerialNumber  ::=  INTEGER | 
					
						
							|  |  |  |         # | 
					
						
							|  |  |  |         # In order to know the position of subjectPublicKeyInfo | 
					
						
							|  |  |  |         # in the tbsCertificate SEQUENCE, we try to see if the | 
					
						
							|  |  |  |         # first element is an untagged INTEGER (that is, the | 
					
						
							|  |  |  |         # certificate serial number). | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         x509_tbs_cert = DerSequence() | 
					
						
							|  |  |  |         x509_tbs_cert.decode(x509_certificate[0]) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         index = -1  # Sentinel | 
					
						
							|  |  |  |         try: | 
					
						
							|  |  |  |             _ = x509_tbs_cert[0] + 1 | 
					
						
							|  |  |  |             # Still here? There was no version then | 
					
						
							|  |  |  |             index = 5 | 
					
						
							|  |  |  |         except TypeError: | 
					
						
							|  |  |  |             # Landed here? Version was there | 
					
						
							|  |  |  |             x509_version = DerInteger(explicit=0) | 
					
						
							|  |  |  |             x509_version.decode(x509_tbs_cert[0]) | 
					
						
							|  |  |  |             index = 6 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if index in (5, 6): | 
					
						
							|  |  |  |             return x509_tbs_cert[index] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     except (TypeError, IndexError, ValueError, EOFError): | 
					
						
							|  |  |  |         pass | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     raise ValueError("Cannot extract subjectPublicKeyInfo") | 
					
						
							|  |  |  | 
 |