Bug 1935611 - Fix libyuv/libpng link failed for loongarch64. r=glandium,tnikkel,ng
[gecko.git] / security / manager / tools / pykey.py
blobfec8021c2606b011d7dc2ffe437feb4d345bc091
1 #!/usr/bin/env python
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 """
8 Reads a key specification from stdin or a file and outputs a
9 PKCS #8 file representing the (private) key. Also provides
10 methods for signing data and representing the key as a subject
11 public key info for use with pyasn1.
13 The key specification format is as follows:
15 default: a 2048-bit RSA key
16 alternate: a different 2048-bit RSA key
17 ev: a 2048-bit RSA key that, when combined with the right pycert
18 specification, results in a certificate that is enabled for
19 extended validation in debug Firefox (see ExtendedValidation.cpp).
20 evRSA2040: a 2040-bit RSA key that, when combined with the right pycert
21 specification, results in a certificate that is enabled for
22 extended validation in debug Firefox.
23 rsa2040: a 2040-bit RSA key
24 rsa1024: a 1024-bit RSA key
25 rsa1016: a 1016-bit RSA key
26 secp256k1: an ECC key on the curve secp256k1
27 secp244r1: an ECC key on the curve secp244r1
28 secp256r1: an ECC key on the curve secp256r1
29 secp384r1: an ECC key on the curve secp384r1
30 secp521r1: an ECC key on the curve secp521r1
31 """
33 import base64
34 import binascii
35 import hashlib
36 import math
37 import sys
39 import ecdsa
40 import rsa
41 import six
42 from pyasn1.codec.der import encoder
43 from pyasn1.type import namedtype, tag, univ
44 from pyasn1_modules import rfc2459
46 # "constants" to make it easier for consumers to specify hash algorithms
47 HASH_MD5 = "hash:md5"
48 HASH_SHA1 = "hash:sha1"
49 HASH_SHA256 = "hash:sha256"
50 HASH_SHA384 = "hash:sha384"
51 HASH_SHA512 = "hash:sha512"
54 # NOTE: With bug 1621441 we migrated from one library for ecdsa to another.
55 # These libraries differ somewhat in terms of functionality and interface. In
56 # order to ensure there are no diffs and that the generated signatures are
57 # exactly the same between the two libraries, we need to patch some stuff in.
60 def _gen_k(curve):
61 # This calculation is arbitrary, but it matches what we were doing pre-
62 # bug 1621441 (see the above NOTE). Crucially, this generation of k is
63 # non-random; the ecdsa library exposes an option to deterministically
64 # generate a value of k for us, but it doesn't match up to what we were
65 # doing before so we have to inject a custom value.
66 num_bytes = int(math.log(curve.order - 1, 2) + 1) // 8 + 8
67 entropy = int.from_bytes(b"\04" * num_bytes, byteorder="big")
68 p = curve.curve.p()
69 return (entropy % (p - 1)) + 1
72 # As above, the library has built-in logic for truncating digests that are too
73 # large, but they use a slightly different technique than our previous library.
74 # Re-implement that logic here.
75 def _truncate_digest(digest, curve):
76 i = int.from_bytes(digest, byteorder="big")
77 p = curve.curve.p()
78 while i > p:
79 i >>= 1
80 return i.to_bytes(math.ceil(i.bit_length() / 8), byteorder="big")
83 def byteStringToHexifiedBitString(string):
84 """Takes a string of bytes and returns a hex string representing
85 those bytes for use with pyasn1.type.univ.BitString. It must be of
86 the form "'<hex bytes>'H", where the trailing 'H' indicates to
87 pyasn1 that the input is a hex string."""
88 return "'%s'H" % six.ensure_binary(string).hex()
91 class UnknownBaseError(Exception):
92 """Base class for handling unexpected input in this module."""
94 def __init__(self, value):
95 super(UnknownBaseError, self).__init__()
96 self.value = value
97 self.category = "input"
99 def __str__(self):
100 return 'Unknown %s type "%s"' % (self.category, repr(self.value))
103 class UnknownKeySpecificationError(UnknownBaseError):
104 """Helper exception type to handle unknown key specifications."""
106 def __init__(self, value):
107 UnknownBaseError.__init__(self, value)
108 self.category = "key specification"
111 class UnknownHashAlgorithmError(UnknownBaseError):
112 """Helper exception type to handle unknown key specifications."""
114 def __init__(self, value):
115 UnknownBaseError.__init__(self, value)
116 self.category = "hash algorithm"
119 class UnsupportedHashAlgorithmError(Exception):
120 """Helper exception type for unsupported hash algorithms."""
122 def __init__(self, value):
123 super(UnsupportedHashAlgorithmError, self).__init__()
124 self.value = value
126 def __str__(self):
127 return 'Unsupported hash algorithm "%s"' % repr(self.value)
130 class RSAPublicKey(univ.Sequence):
131 """Helper type for encoding an RSA public key"""
133 componentType = namedtype.NamedTypes(
134 namedtype.NamedType("N", univ.Integer()),
135 namedtype.NamedType("E", univ.Integer()),
139 class RSAPrivateKey(univ.Sequence):
140 """Helper type for encoding an RSA private key"""
142 componentType = namedtype.NamedTypes(
143 namedtype.NamedType("version", univ.Integer()),
144 namedtype.NamedType("modulus", univ.Integer()),
145 namedtype.NamedType("publicExponent", univ.Integer()),
146 namedtype.NamedType("privateExponent", univ.Integer()),
147 namedtype.NamedType("prime1", univ.Integer()),
148 namedtype.NamedType("prime2", univ.Integer()),
149 namedtype.NamedType("exponent1", univ.Integer()),
150 namedtype.NamedType("exponent2", univ.Integer()),
151 namedtype.NamedType("coefficient", univ.Integer()),
155 class ECPrivateKey(univ.Sequence):
156 """Helper type for encoding an EC private key
157 ECPrivateKey ::= SEQUENCE {
158 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
159 privateKey OCTET STRING,
160 parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
161 (NOTE: parameters field is not supported)
162 publicKey [1] BIT STRING OPTIONAL
163 }"""
165 componentType = namedtype.NamedTypes(
166 namedtype.NamedType("version", univ.Integer()),
167 namedtype.NamedType("privateKey", univ.OctetString()),
168 namedtype.OptionalNamedType(
169 "publicKey",
170 univ.BitString().subtype(
171 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)
177 class ECPoint(univ.Sequence):
178 """Helper type for encoding a EC point"""
180 componentType = namedtype.NamedTypes(
181 namedtype.NamedType("x", univ.Integer()),
182 namedtype.NamedType("y", univ.Integer()),
186 class PrivateKeyInfo(univ.Sequence):
187 """Helper type for encoding a PKCS #8 private key info"""
189 componentType = namedtype.NamedTypes(
190 namedtype.NamedType("version", univ.Integer()),
191 namedtype.NamedType("privateKeyAlgorithm", rfc2459.AlgorithmIdentifier()),
192 namedtype.NamedType("privateKey", univ.OctetString()),
196 class RSAKey(object):
197 # For reference, when encoded as a subject public key info, the
198 # base64-encoded sha-256 hash of this key is
199 # VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=
200 sharedRSA_N = int(
201 "00ba8851a8448e16d641fd6eb6880636103d3c13d9eae4354ab4ecf56857"
202 "6c247bc1c725a8e0d81fbdb19c069b6e1a86f26be2af5a756b6a6471087a"
203 "a55aa74587f71cd5249c027ecd43fc1e69d038202993ab20c349e4dbb94c"
204 "c26b6c0eed15820ff17ead691ab1d3023a8b2a41eea770e00f0d8dfd660b"
205 "2bb02492a47db988617990b157903dd23bc5e0b8481fa837d38843ef2716"
206 "d855b7665aaa7e02902f3a7b10800624cc1c6c97ad96615bb7e29612c075"
207 "31a30c91ddb4caf7fcad1d25d309efb9170ea768e1b37b2f226f69e3b48a"
208 "95611dee26d6259dab91084e36cb1c24042cbf168b2fe5f18f991731b8b3"
209 "fe4923fa7251c431d503acda180a35ed8d",
212 sharedRSA_E = 65537
213 sharedRSA_D = int(
214 "009ecbce3861a454ecb1e0fe8f85dd43c92f5825ce2e997884d0e1a949da"
215 "a2c5ac559b240450e5ac9fe0c3e31c0eefa6525a65f0c22194004ee1ab46"
216 "3dde9ee82287cc93e746a91929c5e6ac3d88753f6c25ba5979e73e5d8fb2"
217 "39111a3cdab8a4b0cdf5f9cab05f1233a38335c64b5560525e7e3b92ad7c"
218 "7504cf1dc7cb005788afcbe1e8f95df7402a151530d5808346864eb370aa"
219 "79956a587862cb533791307f70d91c96d22d001a69009b923c683388c9f3"
220 "6cb9b5ebe64302041c78d908206b87009cb8cabacad3dbdb2792fb911b2c"
221 "f4db6603585be9ae0ca3b8e6417aa04b06e470ea1a3b581ca03a6781c931"
222 "5b62b30e6011f224725946eec57c6d9441",
225 sharedRSA_P = int(
226 "00dd6e1d4fffebf68d889c4d114cdaaa9caa63a59374286c8a5c29a717bb"
227 "a60375644d5caa674c4b8bc7326358646220e4550d7608ac27d55b6db74f"
228 "8d8127ef8fa09098b69147de065573447e183d22fe7d885aceb513d9581d"
229 "d5e07c1a90f5ce0879de131371ecefc9ce72e9c43dc127d238190de81177"
230 "3ca5d19301f48c742b",
233 sharedRSA_Q = int(
234 "00d7a773d9ebc380a767d2fec0934ad4e8b5667240771acdebb5ad796f47"
235 "8fec4d45985efbc9532968289c8d89102fadf21f34e2dd4940eba8c09d6d"
236 "1f16dcc29729774c43275e9251ddbe4909e1fd3bf1e4bedf46a39b8b3833"
237 "28ef4ae3b95b92f2070af26c9e7c5c9b587fedde05e8e7d86ca57886fb16"
238 "5810a77b9845bc3127",
241 sharedRSA_exp1 = int(
242 "0096472b41a610c0ade1af2266c1600e3671355ba42d4b5a0eb4e9d7eb35"
243 "81400ba5dd132cdb1a5e9328c7bbc0bbb0155ea192972edf97d12751d8fc"
244 "f6ae572a30b1ea309a8712dd4e33241db1ee455fc093f5bc9b592d756e66"
245 "21474f32c07af22fb275d340792b32ba2590bbb261aefb95a258eea53765"
246 "5315be9c24d191992d",
249 sharedRSA_exp2 = int(
250 "28b450a7a75a856413b2bda6f7a63e3d964fb9ecf50e3823ef6cc8e8fa26"
251 "ee413f8b9d1205540f12bbe7a0c76828b7ba65ad83cca4d0fe2a220114e1"
252 "b35d03d5a85bfe2706bd50fce6cfcdd571b46ca621b8ed47d605bbe765b0"
253 "aa4a0665ac25364da20154032e1204b8559d3e34fb5b177c9a56ff93510a"
254 "5a4a6287c151de2d",
257 sharedRSA_coef = int(
258 "28067b9355801d2ef52dfa96d8adb589673cf8ee8a9c6ff72aeeabe9ef6b"
259 "e58a4f4abf05f788947dc851fdaa34542147a71a246bfb054ee76aa346ab"
260 "cd2692cfc9e44c51e6f069c735e073ba019f6a7214961c91b26871caeabf"
261 "8f064418a02690e39a8d5ff3067b7cdb7f50b1f53418a703966c4fc774bf"
262 "7402af6c43247f43",
266 # For reference, when encoded as a subject public key info, the
267 # base64-encoded sha-256 hash of this key is
268 # MQj2tt1yGAfwFpWETYUCVrZxk2CD2705NKBQUlAaKJI=
269 alternateRSA_N = int(
270 "00c175c65266099f77082a6791f1b876c37f5ce538b06c4acd22b1cbd46f"
271 "a65ada2add41c8c2498ac4a3b3c1f61487f41b698941bd80a51c3c120244"
272 "c584a4c4483305e5138c0106cf08be9a862760bae6a2e8f36f23c5d98313"
273 "b9dfaf378345dace51d4d6dcd2a6cb3cc706ebcd3070ec98cce40aa591d7"
274 "295a7f71c5be66691d2b2dfec84944590bc5a3ea49fd93b1d753405f1773"
275 "7699958666254797ed426908880811422069988a43fee48ce68781dd22b6"
276 "a69cd28375131f932b128ce286fa7d251c062ad27ef016f187cdd54e832b"
277 "35b8930f74ba90aa8bc76167242ab1fd6d62140d18c4c0b8c68fc3748457"
278 "324ad7de86e6552f1d1e191d712168d3bb",
281 alternateRSA_E = 65537
282 alternateRSA_D = int(
283 "7e3f6d7cb839ef66ae5d7dd92ff5410bb341dc14728d39034570e1a37079"
284 "0f30f0681355fff41e2ad4e9a9d9fcebfbd127bdfab8c00affb1f3cea732"
285 "7ead47aa1621f2ac1ee14ca02f04b3b2786017980b181a449d03b03e69d1"
286 "12b83571e55434f012056575d2832ed6731dce799e37c83f6d51c55ab71e"
287 "b58015af05e1af15c747603ef7f27d03a6ff049d96bbf854c1e4e50ef5b0"
288 "58d0fb08180e0ac7f7be8f2ff1673d97fc9e55dba838077bbf8a7cff2962"
289 "857785269cd9d5bad2b57469e4afcd33c4ca2d2f699f11e7c8fbdcd484f0"
290 "8d8efb8a3cb8a972eb24bed972efaae4bb712093e48fe94a46eb629a8750"
291 "78c4021a9a2c93c9a70390e9d0a54401",
294 alternateRSA_P = int(
295 "00e63fc725a6ba76925a7ff8cb59c4f56dd7ec83fe85bf1f53e11cac9a81"
296 "258bcfc0ae819077b0f2d1477aaf868de6a8ecbeaf7bb22b196f2a9ad82d"
297 "3286f0d0cc29de719e5f2be8e509b7284d5963edd362f927887a4c4a8979"
298 "9d340d51b301ac7601ab27179024fcaadd38bf6522af63eb16461ec02a7f"
299 "27b06fe09ddda7c0a1",
302 alternateRSA_Q = int(
303 "00d718b1fe9f8f99f00e832ae1fbdc6fe2ab27f34e049c498010fa0eb708"
304 "4852182346083b5c96c3eee5592c014a410c6b930b165c13b5c26aa32eac"
305 "6e7c925a8551c25134f2f4a72c6421f19a73148a0edfaba5d3a6888b35cb"
306 "a18c00fd38ee5aaf0b545731d720761bbccdee744a52ca415e98e4de01cd"
307 "fe764c1967b3e8cadb",
310 alternateRSA_exp1 = int(
311 "01e5aca266c94a88d22e13c2b92ea247116c657a076817bdfd30db4b3a9d"
312 "3095b9a4b6749647e2f84e7a784fc7838b08c85971cf7a036fa30e3b91c3"
313 "c4d0df278f80c1b6e859d8456adb137defaa9f1f0ac5bac9a9184fd4ea27"
314 "9d722ea626f160d78aad7bc83845ccb29df115c83f61b7622b99bd439c60"
315 "9b5790a63c595181",
318 alternateRSA_exp2 = int(
319 "0080cc45d10d2484ee0d1297fc07bf80b3beff461ea27e1f38f371789c3a"
320 "f66b4a0edd2192c227791db4f1c77ae246bf342f31856b0f56581b58a95b"
321 "1131c0c5396db2a8c3c6f39ea2e336bc205ae6a2a0b36869fca98cbba733"
322 "cf01319a6f9bb26b7ca23d3017fc551cd8da8afdd17f6fa2e30d34868798"
323 "1cd6234d571e90b7df",
326 alternateRSA_coef = int(
327 "6f77c0c1f2ae7ac169561cca499c52bdfbe04cddccdbdc12aec5a85691e8"
328 "594b7ee29908f30e7b96aa6254b80ed4aeec9b993782bdfc79b69d8d58c6"
329 "8870fa4be1bc0c3527288c5c82bb4aebaf15edff110403fc78e6ace6a828"
330 "27bf42f0cfa751e507651c5638db9393dd23dd1f6b295151de44b77fe55a"
331 "7b0df271e19a65c0",
335 evRSA_N = int(
336 "00b549895c9d00108d11a1f99f87a9e3d1a5db5dfaecf188da57bf641368"
337 "8f2ce4722cff109038c17402c93a2a473dbd286aed3fdcd363cf5a291477"
338 "01bdd818d7615bf9356bd5d3c8336aaa8c0971368a06c3cd4461b93e5142"
339 "4e1744bb2eaad46aab38ce196821961f87714a1663693f09761cdf4d6ba1"
340 "25eacec7be270d388f789f6cdf78ae3144ed28c45e79293863a7a22a4898"
341 "0a36a40e72d579c9b925dff8c793362ffd6897a7c1754c5e97c967c3eadd"
342 "1aae8aa2ccce348a0169b80e28a2d70c1a960c6f335f2da09b9b643f5abf"
343 "ba49e8aaa981e960e27d87480bdd55dd9417fa18509fbb554ccf81a4397e"
344 "8ba8128a34bdf27865c189e5734fb22905",
347 evRSA_E = 65537
348 evRSA_D = int(
349 "00983d54f94d6f4c76eb23d6f93d78523530cf73b0d16254c6e781768d45"
350 "f55681d1d02fb2bd2aac6abc1c389860935c52a0d8f41482010394778314"
351 "1d864bff30803638a5c0152570ae9d18f3d8ca163efb475b0dddf32e7e16"
352 "ec7565e6bb5e025c41c5c66e57a03cede554221f83045347a2c4c451c3dc"
353 "e476b787ce0c057244be9e04ef13118dbbb3d5e0a6cc87029eafd4a69ed9"
354 "b14759b15e39d8a9884e56f54d2f9ab013f0d15f318a9ab6b2f73d1ec3c9"
355 "fe274ae89431a10640be7899b0011c5e5093a1834708689de100634dabde"
356 "60fbd6aaefa3a33df34a1f36f60c043036b748d1c9ee98c4031a0afec60e"
357 "fda0a990be524f5614eac4fdb34a52f951",
360 evRSA_P = int(
361 "00eadc2cb33e5ff1ca376bbd95bd6a1777d2cf4fac47545e92d11a6209b9"
362 "d5e4ded47834581c169b3c884742a09ea187505c1ca55414d8d25b497632"
363 "d5ec2aaa05233430fad49892777a7d68e038f561a3b8969e60b0a263defb"
364 "fda48a9b0ff39d95bc88b15267c8ade97b5107948e41e433249d87f7db10"
365 "9d5d74584d86bcc1d7",
368 evRSA_Q = int(
369 "00c59ae576a216470248d944a55b9e9bf93299da341ec56e558eba821abc"
370 "e1bf57b79cf411d2904c774f9dba1f15185f607b0574a08205d6ec28b66a"
371 "36d634232eaaf2fea37561abaf9d644b68db38c9964cb8c96ec0ac61eba6"
372 "4d05b446542f423976f5acde4ecc95536d2df578954f93f0cfd9c58fb78b"
373 "a2a76dd5ac284dc883",
376 evRSA_exp1 = int(
377 "00c1d2ef3906331c52aca64811f9fe425beb2898322fb3db51032ce8d7e9"
378 "fc32240be92019cf2480fcd5e329837127118b2a59a1bfe06c883e3a4447"
379 "f3f031cd9aebd0b8d368fc79740d2cce8eadb324df7f091eafe1564361d5"
380 "4920b01b0471230e5e47d93f8ed33963c517bc4fc78f6d8b1f9eba85bcce"
381 "db7033026508db6285",
384 evRSA_exp2 = int(
385 "008521b8db5694dfbe804a315f9efc9b65275c5490acf2a3456d65e6e610"
386 "bf9f647fc67501d4f5772f232ac70ccdef9fc2a6dfa415c7c41b6afc7af9"
387 "d07c3ca03f7ed93c09f0b99f2c304434322f1071709bbc1baa4c91575fa6"
388 "a959e07d4996956d95e22b57938b6e47c8d51ffedfc9bf888ce0d1a3e42b"
389 "65a89bed4b91d3e5f5",
392 evRSA_coef = int(
393 "00dc497b06b920c8be0b0077b798e977eef744a90ec2c5d7e6cbb22448fa"
394 "c72da81a33180e0d8a02e831460c7fc7fd3a612f7b9930b61b799f8e908e"
395 "632e9ba0409b6aa70b03a3ba787426263b5bd5843df8476edb5d14f6a861"
396 "3ebaf5b9cd5ca42f5fbd2802e08e4e49e5709f5151510caa5ab2c1c6eb3e"
397 "fe9295d16e8c25c916",
401 evRSA2040_N = int(
402 "00ca7020dc215f57914d343fae4a015111697af997a5ece91866499fc23f"
403 "1b88a118cbd30b10d91c7b9a0d4ee8972fcae56caf57f25fc1275a2a4dbc"
404 "b982428c32ef587bf2387410330a0ffb16b8029bd783969ef675f6de38c1"
405 "8f67193cb6c072f8b23d0b3374112627a57b90055771d9e62603f53788d7"
406 "f63afa724f5d108096df31f89f26b1eb5f7c4357980e008fcd55d827dd26"
407 "2395ca2f526a07897cc40c593b38716ebc0caa596719c6f29ac9b73a7a94"
408 "4748a3aa3e09e9eb4d461ea0027e540926614728b9d243975cf9a0541bef"
409 "d25e76b51f951110b0e7644fc7e38441791b6d2227384cb8004e23342372"
410 "b1cf5cc3e73e31b7bbefa160e6862ebb",
413 evRSA2040_E = 65537
414 evRSA2040_D = int(
415 "00b2db74bce92362abf72955a638ae8720ba3033bb7f971caf39188d7542"
416 "eaa1c1abb5d205b1e2111f4791c08911a2e141e8cfd7054702d23100b564"
417 "2c06e1a31b118afd1f9a2f396cced425c501d91435ca8656766ced2b93bb"
418 "b8669fce9bacd727d1dacb3dafabc3293e35389eef8ea0b58e1aeb1a20e6"
419 "a61f9fcd453f7567fe31d123b616a26fef4df1d6c9f7490111d028eefd1d"
420 "972045b1a242273dd7a67ebf111db2741a5a93c7b2289cc4a236f5a99a6e"
421 "c7a8206fdae1c1d04bdbb1980d4a298c5a17dae4186474a5f7835d882bce"
422 "f24aef4ed6f149f94d96c9f7d78e647fc778a9017ff208d3b4a1768b1821"
423 "62102cdab032fabbab38d5200a324649",
426 evRSA2040_P = int(
427 "0f3844d0d4d4d6a21acd76a6fc370b8550e1d7ec5a6234172e790f0029ae"
428 "651f6d5c59330ab19802b9d7a207de7a1fb778e3774fdbdc411750633d8d"
429 "1b3fe075006ffcfd1d10e763c7a9227d2d5f0c2dade1c9e659c350a159d3"
430 "6bb986f12636d4f9942b288bc0fe21da8799477173144249ca2e389e6c5c"
431 "25aa78c8cad7d4df",
434 evRSA2040_Q = int(
435 "0d4d0bedd1962f07a1ead6b23a4ed67aeaf1270f052a6d29ba074945c636"
436 "1a5c4f8f07bf859e067aed3f4e6e323ef2aa8a6acd340b0bdc7cfe4fd329"
437 "e3c97f870c7f7735792c6aa9d0f7e7542a28ed6f01b0e55a2b8d9c24a65c"
438 "6da314c95484f5c7c3954a81bb016b07ed17ee9b06039695bca059a79f8d"
439 "c2423d328d5265a5",
442 evRSA2040_exp1 = int(
443 "09f29a2ff05be8a96d614ba31b08935420a86c6bc42b99a6692ea0da5763"
444 "f01e596959b7ddce73ef9c2e4f6e5b40710887500d44ba0c3cd3132cba27"
445 "475f39c2df7552e2d123a2497a4f97064028769a48a3624657f72bf539f3"
446 "d0de234feccd3be8a0aa90c6bf6e9b0bed43070a24d061ff3ed1751a3ef2"
447 "ff7f6b90b9dbd5fb",
450 evRSA2040_exp2 = int(
451 "01a659e170cac120a03be1cf8f9df1caa353b03593bd7476e5853bd874c2"
452 "87388601c6c341ce9d1d284a5eef1a3a669d32b816a5eaecd8b7844fe070"
453 "64b9bca0c2b318d540277b3f7f1510d386bb36e03b04771e5d229e88893e"
454 "13b753bfb94518bb638e2404bd6e6a993c1668d93fc0b82ff08aaf34347d"
455 "3fe8397108c87ca5",
458 evRSA2040_coef = int(
459 "040257c0d4a21c0b9843297c65652db66304fb263773d728b6abfa06d37a"
460 "c0ca62c628023e09e37dc0a901e4ce1224180e2582a3aa4b6a1a7b98e2bd"
461 "70077aec14ac8ab66a755c71e0fc102471f9bbc1b46a95aa0b645f2c38e7"
462 "6450289619ea3f5e8ae61037bffcf8249f22aa4e76e2a01909f3feb290ce"
463 "93edf57b10ebe796",
467 rsa2040_N = int(
468 "00bac0652fdfbc0055882ffbaeaceec88fa2d083c297dd5d40664dd3d90f"
469 "52f9aa02bd8a50fba16e0fd991878ef475f9b350d9f8e3eb2abd717ce327"
470 "b09788531f13df8e3e4e3b9d616bb8a41e5306eed2472163161051180127"
471 "6a4eb66f07331b5cbc8bcae7016a8f9b3d4f2ac4553c624cf5263bcb348e"
472 "8840de6612870960a792191b138fb217f765cec7bff8e94f16b39419bf75"
473 "04c59a7e4f79bd6d173e9c7bf3d9d2a4e73cc180b0590a73d584fb7fc9b5"
474 "4fa544607e53fc685c7a55fd44a81d4142b6af51ea6fa6cea52965a2e8c5"
475 "d84f3ca024d6fbb9b005b9651ce5d9f2ecf40ed404981a9ffc02636e311b"
476 "095c6332a0c87dc39271b5551481774b",
479 rsa2040_E = 65537
480 rsa2040_D = int(
481 "603db267df97555cbed86b8df355034af28f1eb7f3e7829d239bcc273a7c"
482 "7a69a10be8f21f1b6c4b02c6bae3731c3158b5bbff4605f57ab7b7b2a0cb"
483 "a2ec005a2db5b1ea6e0aceea5bc745dcd2d0e9d6b80d7eb0ea2bc08127bc"
484 "e35fa50c42cc411871ba591e23ba6a38484a33eff1347f907ee9a5a92a23"
485 "11bb0b435510020f78e3bb00099db4d1182928096505fcba84f3ca1238fd"
486 "1eba5eea1f391bbbcc5424b168063fc17e1ca6e1912ccba44f9d0292308a"
487 "1fedb80612529b39f59d0a3f8180b5ba201132197f93a5815ded938df8e7"
488 "d93c9b15766588f339bb59100afda494a7e452d7dd4c9a19ce2ec3a33a18"
489 "b20f0b4dade172bee19f26f0dcbe41",
492 rsa2040_P = int(
493 "0ec3869cb92d406caddf7a319ab29448bc505a05913707873361fc5b986a"
494 "499fb65eeb815a7e37687d19f128087289d9bb8818e7bcca502c4900ad9a"
495 "ece1179be12ff3e467d606fc820ea8f07ac9ebffe2236e38168412028822"
496 "3e42dbe68dfd972a85a6447e51695f234da7911c67c9ab9531f33df3b994"
497 "32d4ee88c9a4efbb",
500 rsa2040_Q = int(
501 "0ca63934549e85feac8e0f5604303fd1849fe88af4b7f7e1213283bbc7a2"
502 "c2a509f9273c428c68de3db93e6145f1b400bd6d4a262614e9043ad362d4"
503 "eba4a6b995399c8934a399912199e841d8e8dbff0489f69e663796730b29"
504 "80530b31cb70695a21625ea2adccc09d930516fa872211a91e22dd89fd9e"
505 "b7da8574b72235b1",
508 rsa2040_exp1 = int(
509 "0d7d3a75e17f65f8a658a485c4095c10a4f66979e2b73bca9cf8ef21253e"
510 "1facac6d4791f58392ce8656f88f1240cc90c29653e3100c6d7a38ed44b1"
511 "63b339e5f3b6e38912126c69b3ceff2e5192426d9649b6ffca1abb75d2ba"
512 "2ed6d9a26aa383c5973d56216ff2edb90ccf887742a0f183ac92c94cf187"
513 "657645c7772d9ad7",
516 rsa2040_exp2 = int(
517 "03f550194c117f24bea285b209058032f42985ff55acebe88b16df9a3752"
518 "7b4e61dc91a68dbc9a645134528ce5f248bda2893c96cb7be79ee73996c7"
519 "c22577f6c2f790406f3472adb3b211b7e94494f32c5c6fcc0978839fe472"
520 "4c31b06318a2489567b4fca0337acb1b841227aaa5f6c74800a2306929f0"
521 "2ce038bad943df41",
524 rsa2040_coef = int(
525 "080a7dbfa8c2584814c71664c56eb62ce4caf16afe88d4499159d674774a"
526 "3a3ecddf1256c02fc91525c527692422d0aba94e5c41ee12dc71bb66f867"
527 "9fa17e096f28080851ba046eb31885c1414e8985ade599d907af17453d1c"
528 "caea2c0d06443f8367a6be154b125e390ee0d90f746f08801dd3f5367f59"
529 "fba2e5a67c05f375",
533 rsa1024_N = int(
534 "00d3a97440101eba8c5df9503e6f935eb52ffeb3ebe9d0dc5cace26f973c"
535 "a94cbc0d9c31d66c0c013bce9c82d0d480328df05fb6bcd7990a5312ddae"
536 "6152ad6ee61c8c1bdd8663c68bd36224a9882ae78e89f556dfdbe6f51da6"
537 "112cbfc27c8a49336b41afdb75321b52b24a7344d1348e646351a551c757"
538 "1ccda0b8fe35f61a75",
541 rsa1024_E = 65537
542 rsa1024_D = int(
543 "5b6708e185548fc07ff062dba3792363e106ff9177d60ee3227162391024"
544 "1813f958a318f26db8b6a801646863ebbc69190d6c2f5e7723433e99666d"
545 "76b3987892cd568f1f18451e8dc05477c0607ee348380ebb7f4c98d0c036"
546 "a0260bc67b2dab46cbaa4ce87636d839d8fddcbae2da3e02e8009a21225d"
547 "d7e47aff2f82699d",
550 rsa1024_P = int(
551 "00fcdee570323e8fc399dbfc63d8c1569546fb3cd6886c628668ab1e1d0f"
552 "ca71058febdf76d702970ad6579d80ac2f9521075e40ef8f3f39983bd819"
553 "07e898bad3",
556 rsa1024_Q = int(
557 "00d64801c955b4eb75fbae230faa8b28c9cc5e258be63747ff5ac8d2af25"
558 "3e9f6d6ce03ea2eb13ae0eb32572feb848c32ca00743635374338fedacd8"
559 "c5885f7897",
562 rsa1024_exp1 = int(
563 "76c0526d5b1b28368a75d5d42a01b9a086e20b9310241e2cd2d0b166a278"
564 "c694ff1e9d25d9193d47789b52bb0fa194de1af0b77c09007f12afdfeef9"
565 "58d108c3",
568 rsa1024_exp2 = int(
569 "008a41898d8b14217c4d782cbd15ef95d0a660f45ed09a4884f4e170367b"
570 "946d2f20398b907896890e88fe17b54bd7febe133ebc7720c86fe0649cca"
571 "7ca121e05f",
574 rsa1024_coef = int(
575 "22db133445f7442ea2a0f582031ee214ff5f661972986f172651d8d6b4ec"
576 "3163e99bff1c82fe58ec3d075c6d8f26f277020edb77c3ba821b9ba3ae18"
577 "ff8cb2cb",
581 rsa1016_N = int(
582 "00d29bb12fb84fddcd29b3a519cb66c43b8d8f8be545ba79384ce663ed03"
583 "df75991600eb920790d2530cece544db99a71f05896a3ed207165534aa99"
584 "057e47c47e3bc81ada6fa1e12e37268b5046a55268f9dad7ccb485d81a2e"
585 "19d50d4f0b6854acaf6d7be69d9a083136e15afa8f53c1c8c84fc6077279"
586 "dd0e55d7369a5bdd",
589 rsa1016_E = 65537
590 rsa1016_D = int(
591 "3c4965070bf390c251d5a2c5277c5b5fd0bdee85cad7fe2b27982bb28511"
592 "4a507004036ae1cf8ae54b25e4db39215abd7e903f618c2d8b2f08cc6cd1"
593 "2dbccd72205e4945b6b3df389e5e43de0a148bb2c84e2431fdbe5920b044"
594 "bb272f45ecff0721b7dfb60397fc613a9ea35c22300530cae8f9159c534d"
595 "f3bf0910951901",
598 rsa1016_P = int(
599 "0f9f17597c85b8051b9c69afb55ef576c996dbd09047d0ccde5b9d60ea5c"
600 "67fe4fac67be803f4b6ac5a3f050f76b966fb14f5cf105761e5ade6dd960"
601 "b183ba55",
604 rsa1016_Q = int(
605 "0d7b637112ce61a55168c0f9c9386fb279ab40cba0d549336bba65277263"
606 "aac782611a2c81d9b635cf78c40018859e018c5e9006d12e3d2ee6f346e7"
607 "9fa43369",
610 rsa1016_exp1 = int(
611 "09fd6c9a3ea6e91ae32070f9fc1c210ff9352f97be5d1eeb951bb39681e9"
612 "dc5b672a532221b3d8900c9a9d99b9d0a4e102dc450ca1b87b0b1389de65"
613 "16c0ae0d",
616 rsa1016_exp2 = int(
617 "0141b832491b7dd4a83308920024c79cae64bd447df883bb4c5672a96bab"
618 "48b7123b34f26324452cdceb17f21e570e347cbe2fd4c2d8f9910eac2cb6"
619 "d895b8c9",
622 rsa1016_coef = int(
623 "0458dd6aee18c88b2f9b81f1bc3075ae20dc1f9973d20724f20b06043d61"
624 "47c8789d4a07ae88bc82c8438c893e017b13947f62e0b18958a31eb664b1"
625 "9e64d3e0",
629 def __init__(self, specification):
630 if specification == "default":
631 self.RSA_N = self.sharedRSA_N
632 self.RSA_E = self.sharedRSA_E
633 self.RSA_D = self.sharedRSA_D
634 self.RSA_P = self.sharedRSA_P
635 self.RSA_Q = self.sharedRSA_Q
636 self.RSA_exp1 = self.sharedRSA_exp1
637 self.RSA_exp2 = self.sharedRSA_exp2
638 self.RSA_coef = self.sharedRSA_coef
639 elif specification == "alternate":
640 self.RSA_N = self.alternateRSA_N
641 self.RSA_E = self.alternateRSA_E
642 self.RSA_D = self.alternateRSA_D
643 self.RSA_P = self.alternateRSA_P
644 self.RSA_Q = self.alternateRSA_Q
645 self.RSA_exp1 = self.alternateRSA_exp1
646 self.RSA_exp2 = self.alternateRSA_exp2
647 self.RSA_coef = self.alternateRSA_coef
648 elif specification == "ev":
649 self.RSA_N = self.evRSA_N
650 self.RSA_E = self.evRSA_E
651 self.RSA_D = self.evRSA_D
652 self.RSA_P = self.evRSA_P
653 self.RSA_Q = self.evRSA_Q
654 self.RSA_exp1 = self.evRSA_exp1
655 self.RSA_exp2 = self.evRSA_exp2
656 self.RSA_coef = self.evRSA_coef
657 elif specification == "evRSA2040":
658 self.RSA_N = self.evRSA2040_N
659 self.RSA_E = self.evRSA2040_E
660 self.RSA_D = self.evRSA2040_D
661 self.RSA_P = self.evRSA2040_P
662 self.RSA_Q = self.evRSA2040_Q
663 self.RSA_exp1 = self.evRSA2040_exp1
664 self.RSA_exp2 = self.evRSA2040_exp2
665 self.RSA_coef = self.evRSA2040_coef
666 elif specification == "rsa2040":
667 self.RSA_N = self.rsa2040_N
668 self.RSA_E = self.rsa2040_E
669 self.RSA_D = self.rsa2040_D
670 self.RSA_P = self.rsa2040_P
671 self.RSA_Q = self.rsa2040_Q
672 self.RSA_exp1 = self.rsa2040_exp1
673 self.RSA_exp2 = self.rsa2040_exp2
674 self.RSA_coef = self.rsa2040_coef
675 elif specification == "rsa1024":
676 self.RSA_N = self.rsa1024_N
677 self.RSA_E = self.rsa1024_E
678 self.RSA_D = self.rsa1024_D
679 self.RSA_P = self.rsa1024_P
680 self.RSA_Q = self.rsa1024_Q
681 self.RSA_exp1 = self.rsa1024_exp1
682 self.RSA_exp2 = self.rsa1024_exp2
683 self.RSA_coef = self.rsa1024_coef
684 elif specification == "rsa1016":
685 self.RSA_N = self.rsa1016_N
686 self.RSA_E = self.rsa1016_E
687 self.RSA_D = self.rsa1016_D
688 self.RSA_P = self.rsa1016_P
689 self.RSA_Q = self.rsa1016_Q
690 self.RSA_exp1 = self.rsa1016_exp1
691 self.RSA_exp2 = self.rsa1016_exp2
692 self.RSA_coef = self.rsa1016_coef
693 else:
694 raise UnknownKeySpecificationError(specification)
696 def toDER(self):
697 privateKeyInfo = PrivateKeyInfo()
698 privateKeyInfo["version"] = 0
699 algorithmIdentifier = rfc2459.AlgorithmIdentifier()
700 algorithmIdentifier["algorithm"] = rfc2459.rsaEncryption
701 # Directly setting parameters to univ.Null doesn't currently work.
702 nullEncapsulated = encoder.encode(univ.Null())
703 algorithmIdentifier["parameters"] = univ.Any(nullEncapsulated)
704 privateKeyInfo["privateKeyAlgorithm"] = algorithmIdentifier
705 rsaPrivateKey = RSAPrivateKey()
706 rsaPrivateKey["version"] = 0
707 rsaPrivateKey["modulus"] = self.RSA_N
708 rsaPrivateKey["publicExponent"] = self.RSA_E
709 rsaPrivateKey["privateExponent"] = self.RSA_D
710 rsaPrivateKey["prime1"] = self.RSA_P
711 rsaPrivateKey["prime2"] = self.RSA_Q
712 rsaPrivateKey["exponent1"] = self.RSA_exp1
713 rsaPrivateKey["exponent2"] = self.RSA_exp2
714 rsaPrivateKey["coefficient"] = self.RSA_coef
715 rsaPrivateKeyEncoded = encoder.encode(rsaPrivateKey)
716 privateKeyInfo["privateKey"] = univ.OctetString(rsaPrivateKeyEncoded)
717 return encoder.encode(privateKeyInfo)
719 def toPEM(self):
720 output = "-----BEGIN PRIVATE KEY-----"
721 der = self.toDER()
722 b64 = six.ensure_text(base64.b64encode(der))
723 while b64:
724 output += "\n" + b64[:64]
725 b64 = b64[64:]
726 output += "\n-----END PRIVATE KEY-----"
727 return output
729 def asSubjectPublicKeyInfo(self):
730 """Returns a subject public key info representing
731 this key for use by pyasn1."""
732 algorithmIdentifier = rfc2459.AlgorithmIdentifier()
733 algorithmIdentifier["algorithm"] = rfc2459.rsaEncryption
734 # Directly setting parameters to univ.Null doesn't currently work.
735 nullEncapsulated = encoder.encode(univ.Null())
736 algorithmIdentifier["parameters"] = univ.Any(nullEncapsulated)
737 spki = rfc2459.SubjectPublicKeyInfo()
738 spki["algorithm"] = algorithmIdentifier
739 rsaKey = RSAPublicKey()
740 rsaKey["N"] = univ.Integer(self.RSA_N)
741 rsaKey["E"] = univ.Integer(self.RSA_E)
742 subjectPublicKey = univ.BitString(
743 byteStringToHexifiedBitString(encoder.encode(rsaKey))
745 spki["subjectPublicKey"] = subjectPublicKey
746 return spki
748 def sign(self, data, hashAlgorithm):
749 """Returns a hexified bit string representing a
750 signature by this key over the specified data.
751 Intended for use with pyasn1.type.univ.BitString"""
752 hashAlgorithmName = None
753 if hashAlgorithm == HASH_MD5:
754 hashAlgorithmName = "MD5"
755 elif hashAlgorithm == HASH_SHA1:
756 hashAlgorithmName = "SHA-1"
757 elif hashAlgorithm == HASH_SHA256:
758 hashAlgorithmName = "SHA-256"
759 elif hashAlgorithm == HASH_SHA384:
760 hashAlgorithmName = "SHA-384"
761 elif hashAlgorithm == HASH_SHA512:
762 hashAlgorithmName = "SHA-512"
763 else:
764 raise UnknownHashAlgorithmError(hashAlgorithm)
765 rsaPrivateKey = rsa.PrivateKey(
766 self.RSA_N, self.RSA_E, self.RSA_D, self.RSA_P, self.RSA_Q
768 signature = rsa.sign(data, rsaPrivateKey, hashAlgorithmName)
769 return byteStringToHexifiedBitString(signature)
772 ecPublicKey = univ.ObjectIdentifier("1.2.840.10045.2.1")
773 secp256k1 = univ.ObjectIdentifier("1.3.132.0.10")
774 secp224r1 = univ.ObjectIdentifier("1.3.132.0.33")
775 secp256r1 = univ.ObjectIdentifier("1.2.840.10045.3.1.7")
776 secp384r1 = univ.ObjectIdentifier("1.3.132.0.34")
777 secp521r1 = univ.ObjectIdentifier("1.3.132.0.35")
780 def longToEvenLengthHexString(val):
781 h = format(val, "x")
782 if not len(h) % 2 == 0:
783 h = "0" + h
784 return h
787 class ECCKey(object):
788 secp256k1KeyPair = (
789 "35ee7c7289d8fef7a86afe5da66d8bc2ebb6a8543fd2fead089f45ce7acd0fa6"
790 + "4382a9500c41dad770ffd4b511bf4b492eb1238800c32c4f76c73a3f3294e7c5",
791 "67cebc208a5fa3df16ec2bb34acc59a42ab4abb0538575ca99b92b6a2149a04f",
794 secp224r1KeyPair = (
795 "668d72cca6fd6a1b3557b5366104d84408ecb637f08e8c86bbff82cc"
796 + "00e88f0066d7af63c3298ba377348a1202b03b37fd6b1ff415aa311e",
797 "04389459926c3296c242b83e10a6cd2011c8fe2dae1b772ea5b21067",
800 secp256r1KeyPair = (
801 "4fbfbbbb61e0f8f9b1a60a59ac8704e2ec050b423e3cf72e923f2c4f794b455c"
802 + "2a69d233456c36c4119d0706e00eedc8d19390d7991b7b2d07a304eaa04aa6c0",
803 "2191403d5710bf15a265818cd42ed6fedf09add92d78b18e7a1e9feb95524702",
806 secp384r1KeyPair = (
807 "a1687243362b5c7b1889f379154615a1c73fb48dee863e022915db608e252de4b71"
808 + "32da8ce98e831534e6a9c0c0b09c8d639ade83206e5ba813473a11fa330e05da8c9"
809 + "6e4383fe27873da97103be2888cff002f05af71a1fddcc8374aa6ea9ce",
810 "035c7a1b10d9fafe837b64ad92f22f5ced0789186538669b5c6d872cec3d926122b"
811 + "393772b57602ff31365efe1393246",
814 secp521r1KeyPair = (
815 "014cdc9cacc47941096bc9cc66752ec27f597734fa66c62b792f88c519d6d37f0d1"
816 + "6ea1c483a1827a010b9128e3a08070ca33ef5f57835b7c1ba251f6cc3521dc42b01"
817 + "0653451981b445d343eed3782a35d6cff0ff484f5a883d209f1b9042b726703568b"
818 + "2f326e18b833bdd8aa0734392bcd19501e10d698a79f53e11e0a22bdd2aad90",
819 "014f3284fa698dd9fe1118dd331851cdfaac5a3829278eb8994839de9471c940b85"
820 + "8c69d2d05e8c01788a7d0b6e235aa5e783fc1bee807dcc3865f920e12cf8f2d29",
823 def __init__(self, specification):
824 if specification == "secp256k1":
825 key_pair = self.secp256k1KeyPair
826 self.keyOID = secp256k1
827 self.curve = ecdsa.SECP256k1
828 elif specification == "secp224r1":
829 key_pair = self.secp224r1KeyPair
830 self.keyOID = secp224r1
831 self.curve = ecdsa.NIST224p
832 elif specification == "secp256r1":
833 key_pair = self.secp256r1KeyPair
834 self.keyOID = secp256r1
835 self.curve = ecdsa.NIST256p
836 elif specification == "secp384r1":
837 key_pair = self.secp384r1KeyPair
838 self.keyOID = secp384r1
839 self.curve = ecdsa.NIST384p
840 elif specification == "secp521r1":
841 key_pair = self.secp521r1KeyPair
842 self.keyOID = secp521r1
843 self.curve = ecdsa.NIST521p
844 else:
845 raise UnknownKeySpecificationError(specification)
847 self.public_key, self.private_key = (
848 binascii.unhexlify(key_pair[0]),
849 binascii.unhexlify(key_pair[1]),
851 self.key = ecdsa.SigningKey.from_string(self.private_key, curve=self.curve)
853 def getPublicKeyHexifiedString(self):
854 """Returns the EC public key as a hex string using the uncompressed
855 point representation. This is intended to be used in the encoder
856 functions, as it surrounds the value with ''H to indicate its type."""
857 p1, p2 = (
858 self.public_key[: len(self.public_key) // 2],
859 self.public_key[len(self.public_key) // 2 :],
861 # We don't want leading zeroes.
862 p1, p2 = (p1.lstrip(b"\0"), p2.lstrip(b"\0"))
863 # '04' indicates that the points are in uncompressed form.
864 return byteStringToHexifiedBitString(b"\04" + p1 + p2)
866 def toPEM(self):
867 """Return the EC private key in PEM-encoded form."""
868 output = "-----BEGIN EC PRIVATE KEY-----"
869 der = self.toDER()
870 b64 = six.ensure_text(base64.b64encode(der))
871 while b64:
872 output += "\n" + b64[:64]
873 b64 = b64[64:]
874 output += "\n-----END EC PRIVATE KEY-----"
875 return output
877 def toDER(self):
878 """Return the EC private key in DER-encoded form, encoded per SEC 1
879 section C.4 format."""
880 privateKeyInfo = PrivateKeyInfo()
881 privateKeyInfo["version"] = 0
882 algorithmIdentifier = rfc2459.AlgorithmIdentifier()
883 algorithmIdentifier["algorithm"] = ecPublicKey
884 algorithmIdentifier["parameters"] = self.keyOID
885 privateKeyInfo["privateKeyAlgorithm"] = algorithmIdentifier
886 ecPrivateKey = ECPrivateKey()
887 ecPrivateKey["version"] = 1
888 ecPrivateKey["privateKey"] = self.private_key
889 ecPrivateKey["publicKey"] = univ.BitString(
890 self.getPublicKeyHexifiedString()
891 ).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))
892 ecPrivateKeyEncoded = encoder.encode(ecPrivateKey)
893 privateKeyInfo["privateKey"] = univ.OctetString(ecPrivateKeyEncoded)
894 return encoder.encode(privateKeyInfo)
896 def asSubjectPublicKeyInfo(self):
897 """Returns a subject public key info representing
898 this key for use by pyasn1."""
899 algorithmIdentifier = rfc2459.AlgorithmIdentifier()
900 algorithmIdentifier["algorithm"] = ecPublicKey
901 algorithmIdentifier["parameters"] = self.keyOID
902 spki = rfc2459.SubjectPublicKeyInfo()
903 spki["algorithm"] = algorithmIdentifier
904 spki["subjectPublicKey"] = univ.BitString(self.getPublicKeyHexifiedString())
905 return spki
907 def signRaw(self, data, hashAlgorithm):
908 """Performs the ECDSA signature algorithm over the given data.
909 The returned value is a string representing the bytes of the
910 resulting point when encoded by left-padding each of (r, s) to
911 the key size and concatenating them.
913 assert hashAlgorithm.startswith("hash:")
914 hashAlgorithm = hashAlgorithm[len("hash:") :]
915 k = _gen_k(self.curve)
916 digest = hashlib.new(hashAlgorithm, six.ensure_binary(data)).digest()
917 digest = _truncate_digest(digest, self.curve)
918 # NOTE: Under normal circumstances it's advisable to use
919 # sign_digest_deterministic. In this case we don't want the library's
920 # default generation of k, so we call the normal "sign" method and
921 # inject it here.
922 return self.key.sign_digest(digest, sigencode=ecdsa.util.sigencode_string, k=k)
924 def sign(self, data, hashAlgorithm):
925 """Returns a hexified bit string representing a
926 signature by this key over the specified data.
927 Intended for use with pyasn1.type.univ.BitString"""
928 # signRaw returns an encoded point, which is useful in some situations.
929 # However, for signatures on X509 certificates, we need to decode it so
930 # we can encode it as a BITSTRING consisting of a SEQUENCE of two
931 # INTEGERs.
932 raw = self.signRaw(data, hashAlgorithm)
933 point = ECPoint()
934 point["x"] = int.from_bytes(raw[: len(raw) // 2], byteorder="big")
935 point["y"] = int.from_bytes(raw[len(raw) // 2 :], byteorder="big")
936 return byteStringToHexifiedBitString(encoder.encode(point))
939 def keyFromSpecification(specification):
940 """Pass in a specification, get the appropriate key back."""
941 if specification.startswith("secp"):
942 return ECCKey(specification)
943 return RSAKey(specification)
946 # The build harness will call this function with an output file-like
947 # object and a path to a file containing a specification. This will
948 # read the specification and output the key as ASCII-encoded PKCS #8.
949 def main(output, inputPath):
950 with open(inputPath) as configStream:
951 output.write(keyFromSpecification(configStream.read().strip()).toPEM() + "\n")
954 # When run as a standalone program, this will read a specification from
955 # stdin and output the certificate as PEM to stdout.
956 if __name__ == "__main__":
957 print(keyFromSpecification(sys.stdin.read().strip()).toPEM())