file reorganization with top-level module
This commit is contained in:
Janus
191
electrum/pem.py
Normal file
191
electrum/pem.py
Normal file
@@ -0,0 +1,191 @@
|
||||
#!/usr/bin/env python
|
||||
#
|
||||
# Electrum - lightweight Bitcoin client
|
||||
# Copyright (C) 2015 Thomas Voegtlin
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person
|
||||
# obtaining a copy of this software and associated documentation files
|
||||
# (the "Software"), to deal in the Software without restriction,
|
||||
# including without limitation the rights to use, copy, modify, merge,
|
||||
# publish, distribute, sublicense, and/or sell copies of the Software,
|
||||
# and to permit persons to whom the Software is furnished to do so,
|
||||
# subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be
|
||||
# included in all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
||||
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
||||
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
# SOFTWARE.
|
||||
|
||||
|
||||
# This module uses code from TLSLlite
|
||||
# TLSLite Author: Trevor Perrin)
|
||||
|
||||
|
||||
import binascii
|
||||
|
||||
from .x509 import ASN1_Node, bytestr_to_int, decode_OID
|
||||
|
||||
|
||||
def a2b_base64(s):
|
||||
try:
|
||||
b = bytearray(binascii.a2b_base64(s))
|
||||
except Exception as e:
|
||||
raise SyntaxError("base64 error: %s" % e)
|
||||
return b
|
||||
|
||||
def b2a_base64(b):
|
||||
return binascii.b2a_base64(b)
|
||||
|
||||
|
||||
def dePem(s, name):
|
||||
"""Decode a PEM string into a bytearray of its payload.
|
||||
|
||||
The input must contain an appropriate PEM prefix and postfix
|
||||
based on the input name string, e.g. for name="CERTIFICATE":
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBXDCCAUSgAwIBAgIBADANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRUQUNL
|
||||
...
|
||||
KoZIhvcNAQEFBQADAwA5kw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
The first such PEM block in the input will be found, and its
|
||||
payload will be base64 decoded and returned.
|
||||
"""
|
||||
prefix = "-----BEGIN %s-----" % name
|
||||
postfix = "-----END %s-----" % name
|
||||
start = s.find(prefix)
|
||||
if start == -1:
|
||||
raise SyntaxError("Missing PEM prefix")
|
||||
end = s.find(postfix, start+len(prefix))
|
||||
if end == -1:
|
||||
raise SyntaxError("Missing PEM postfix")
|
||||
s = s[start+len("-----BEGIN %s-----" % name) : end]
|
||||
retBytes = a2b_base64(s) # May raise SyntaxError
|
||||
return retBytes
|
||||
|
||||
def dePemList(s, name):
|
||||
"""Decode a sequence of PEM blocks into a list of bytearrays.
|
||||
|
||||
The input must contain any number of PEM blocks, each with the appropriate
|
||||
PEM prefix and postfix based on the input name string, e.g. for
|
||||
name="TACK BREAK SIG". Arbitrary text can appear between and before and
|
||||
after the PEM blocks. For example:
|
||||
|
||||
" Created by TACK.py 0.9.3 Created at 2012-02-01T00:30:10Z -----BEGIN TACK
|
||||
BREAK SIG-----
|
||||
ATKhrz5C6JHJW8BF5fLVrnQss6JnWVyEaC0p89LNhKPswvcC9/s6+vWLd9snYTUv
|
||||
YMEBdw69PUP8JB4AdqA3K6Ap0Fgd9SSTOECeAKOUAym8zcYaXUwpk0+WuPYa7Zmm
|
||||
SkbOlK4ywqt+amhWbg9txSGUwFO5tWUHT3QrnRlE/e3PeNFXLx5Bckg= -----END TACK
|
||||
BREAK SIG----- Created by TACK.py 0.9.3 Created at 2012-02-01T00:30:11Z
|
||||
-----BEGIN TACK BREAK SIG-----
|
||||
ATKhrz5C6JHJW8BF5fLVrnQss6JnWVyEaC0p89LNhKPswvcC9/s6+vWLd9snYTUv
|
||||
YMEBdw69PUP8JB4AdqA3K6BVCWfcjN36lx6JwxmZQncS6sww7DecFO/qjSePCxwM
|
||||
+kdDqX/9/183nmjx6bf0ewhPXkA0nVXsDYZaydN8rJU1GaMlnjcIYxY= -----END TACK
|
||||
BREAK SIG----- "
|
||||
|
||||
All such PEM blocks will be found, decoded, and return in an ordered list
|
||||
of bytearrays, which may have zero elements if not PEM blocks are found.
|
||||
"""
|
||||
bList = []
|
||||
prefix = "-----BEGIN %s-----" % name
|
||||
postfix = "-----END %s-----" % name
|
||||
while 1:
|
||||
start = s.find(prefix)
|
||||
if start == -1:
|
||||
return bList
|
||||
end = s.find(postfix, start+len(prefix))
|
||||
if end == -1:
|
||||
raise SyntaxError("Missing PEM postfix")
|
||||
s2 = s[start+len(prefix) : end]
|
||||
retBytes = a2b_base64(s2) # May raise SyntaxError
|
||||
bList.append(retBytes)
|
||||
s = s[end+len(postfix) : ]
|
||||
|
||||
def pem(b, name):
|
||||
"""Encode a payload bytearray into a PEM string.
|
||||
|
||||
The input will be base64 encoded, then wrapped in a PEM prefix/postfix
|
||||
based on the name string, e.g. for name="CERTIFICATE":
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBXDCCAUSgAwIBAgIBADANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRUQUNL
|
||||
...
|
||||
KoZIhvcNAQEFBQADAwA5kw==
|
||||
-----END CERTIFICATE-----
|
||||
"""
|
||||
s1 = b2a_base64(b)[:-1] # remove terminating \n
|
||||
s2 = b""
|
||||
while s1:
|
||||
s2 += s1[:64] + b"\n"
|
||||
s1 = s1[64:]
|
||||
s = ("-----BEGIN %s-----\n" % name).encode('ascii') + s2 + \
|
||||
("-----END %s-----\n" % name).encode('ascii')
|
||||
return s
|
||||
|
||||
def pemSniff(inStr, name):
|
||||
searchStr = "-----BEGIN %s-----" % name
|
||||
return searchStr in inStr
|
||||
|
||||
|
||||
def parse_private_key(s):
|
||||
"""Parse a string containing a PEM-encoded <privateKey>."""
|
||||
if pemSniff(s, "PRIVATE KEY"):
|
||||
bytes = dePem(s, "PRIVATE KEY")
|
||||
return _parsePKCS8(bytes)
|
||||
elif pemSniff(s, "RSA PRIVATE KEY"):
|
||||
bytes = dePem(s, "RSA PRIVATE KEY")
|
||||
return _parseSSLeay(bytes)
|
||||
else:
|
||||
raise SyntaxError("Not a PEM private key file")
|
||||
|
||||
|
||||
def _parsePKCS8(_bytes):
|
||||
s = ASN1_Node(_bytes)
|
||||
root = s.root()
|
||||
version_node = s.first_child(root)
|
||||
version = bytestr_to_int(s.get_value_of_type(version_node, 'INTEGER'))
|
||||
if version != 0:
|
||||
raise SyntaxError("Unrecognized PKCS8 version")
|
||||
rsaOID_node = s.next_node(version_node)
|
||||
ii = s.first_child(rsaOID_node)
|
||||
rsaOID = decode_OID(s.get_value_of_type(ii, 'OBJECT IDENTIFIER'))
|
||||
if rsaOID != '1.2.840.113549.1.1.1':
|
||||
raise SyntaxError("Unrecognized AlgorithmIdentifier")
|
||||
privkey_node = s.next_node(rsaOID_node)
|
||||
value = s.get_value_of_type(privkey_node, 'OCTET STRING')
|
||||
return _parseASN1PrivateKey(value)
|
||||
|
||||
|
||||
def _parseSSLeay(bytes):
|
||||
return _parseASN1PrivateKey(ASN1_Node(bytes))
|
||||
|
||||
|
||||
def bytesToNumber(s):
|
||||
return int(binascii.hexlify(s), 16)
|
||||
|
||||
|
||||
def _parseASN1PrivateKey(s):
|
||||
s = ASN1_Node(s)
|
||||
root = s.root()
|
||||
version_node = s.first_child(root)
|
||||
version = bytestr_to_int(s.get_value_of_type(version_node, 'INTEGER'))
|
||||
if version != 0:
|
||||
raise SyntaxError("Unrecognized RSAPrivateKey version")
|
||||
n = s.next_node(version_node)
|
||||
e = s.next_node(n)
|
||||
d = s.next_node(e)
|
||||
p = s.next_node(d)
|
||||
q = s.next_node(p)
|
||||
dP = s.next_node(q)
|
||||
dQ = s.next_node(dP)
|
||||
qInv = s.next_node(dQ)
|
||||
return list(map(lambda x: bytesToNumber(s.get_value_of_type(x, 'INTEGER')), [n, e, d, p, q, dP, dQ, qInv]))
|
||||
|
||||
Reference in New Issue
Block a user