Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python3
- TheEnd = 'Sonic Rainboom'
- import base64
- import sys
- from cryptography import x509
- from cryptography.exceptions import InvalidSignature
- from cryptography.hazmat.backends import default_backend
- from cryptography.hazmat.primitives import hashes, serialization
- from cryptography.hazmat.primitives.asymmetric import ec, padding, rsa
- from cryptography.hazmat.primitives.serialization import Encoding, NoEncryption, PrivateFormat
- try:
- from pgpy import PGPKey
- from pgpy.constants import EllipticCurveOID, PubKeyAlgorithm
- from pgpy.packet.fields import ECDSAPriv, RSAPriv
- from pgpy.packet.packets import PrivKeyV4
- from pgpy.packet.types import MPI
- except ImportError:
- PGPKey = None
- class PGP:
- def __init__(self, data):
- if PGPKey is None:
- raise ImportError('PGPy')
- self.id = PGPKey()
- self.id.parse(data)
- self.pub = self.id._key.keymaterial.__pubkey__()
- def __repr__(self):
- if len(self.id.userids) > 0 and self.id.userids[0].name != '':
- return self.id.userids[0].name+' <'+self.id.userids[0].email+'>'
- return self.id._key.fingerprint
- def export(self, priv):
- priv = priv.private_numbers()
- key = PGPKey()
- key._uids = self.id._uids
- key._key = PrivKeyV4()
- key._key._created = self.id._key._created
- key._key._pkalg = self.id._key._pkalg
- if key._key._pkalg in (PubKeyAlgorithm.RSAEncryptOrSign, PubKeyAlgorithm.RSAEncrypt, PubKeyAlgorithm.RSASign):
- km = RSAPriv()
- km.e = MPI(priv.public_numbers.e)
- km.n = MPI(priv.public_numbers.n)
- km.d = MPI(priv.d)
- km.p = MPI(priv.p)
- km.q = MPI(priv.q)
- km.u = MPI(rsa.rsa_crt_iqmp(priv.q, priv.p))
- elif key._key._pkalg is PubKeyAlgorithm.ECDSA:
- km = ECDSAPriv()
- km.oid = self.id._key.keymaterial.oid
- km.x = MPI(priv._public_numbers.x)
- km.y = MPI(priv._public_numbers.y)
- km.s = MPI(priv._private_value)
- else:
- raise TypeError
- key._key.keymaterial = km
- key._key.keymaterial._compute_chksum()
- key._key.update_hlen()
- return str(key)
- class SSH:
- def __init__(self, data):
- self.id = data.split()
- self.pub = serialization.load_ssh_public_key(data, default_backend())
- def __repr__(self):
- if len(self.id) > 2 and self.id[2] != '':
- return self.id[2].decode()
- fp = hashes.Hash(hashes.SHA256(), backend=default_backend())
- fp.update(base64.b64decode(self.id[1]))
- return base64.b64encode(fp.finalize()).decode().rstrip('=')
- def export(self, priv):
- return priv.private_bytes(Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption()).decode()
- class SSL:
- def __init__(self, data, fmt='crt'):
- self.fmt = fmt
- if fmt is 'crt':
- self.cert = x509.load_pem_x509_certificate(data, default_backend())
- elif fmt is 'csr':
- self.cert = x509.load_pem_x509_csr(data, default_backend())
- else:
- raise TypeError
- self.pub = self.cert.public_key()
- def __repr__(self):
- cn = self.cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
- if len(cn) > 0:
- return cn[0].value
- org = self.cert.subject.get_attributes_for_oid(x509.NameOID.ORGANIZATION_NAME)
- if len(org) > 0:
- return org[0].value
- if self.fmt == 'crt':
- return self.cert.fingerprint(hashes.SHA256()).hex()
- return 'Unknown'
- def export(self, priv):
- return priv.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()).decode()
- class ECC:
- def __init__(self, tgt):
- self.pub = tgt.pub
- def compute(self, vqc):
- pub = self.pub.public_numbers()
- p = vqc.ecpoint(pub.curve, pub.x, pub.y)
- priv = ec.EllipticCurvePrivateNumbers(p, pub)
- try:
- self.priv = default_backend().load_elliptic_curve_private_numbers(priv)
- except ValueError:
- return False
- return True
- def verify(self):
- m = TheEnd.encode()
- s = self.priv.sign(m, ec.ECDSA(hashes.SHA256()))
- try:
- self.pub.verify(s, m, ec.ECDSA(hashes.SHA256()))
- except InvalidSignature:
- return False
- return True
- class RSA:
- def __init__(self, tgt):
- self.pub = tgt.pub
- def _egcd(self, a, b):
- if a == 0:
- return (b, 0, 1)
- g, y, x = self._egcd(b%a, a)
- return (g, x-y*(b//a), y)
- def _invert(self, a, m):
- g, x, y = self._egcd(a, m)
- if g != 1:
- return None
- return x%m
- def compute(self, vqc):
- pub = self.pub.public_numbers()
- p, q = vqc.factors(pub.n)
- d = self._invert(pub.e, (p-1)*(q-1))
- dmp1 = rsa.rsa_crt_dmp1(d, p)
- dmq1 = rsa.rsa_crt_dmq1(d, q)
- iqmp = rsa.rsa_crt_iqmp(p, q)
- priv = rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, pub)
- try:
- self.priv = default_backend().load_rsa_private_numbers(priv)
- except ValueError:
- return False
- return True
- def verify(self):
- m = TheEnd.encode()
- pad = padding.PSS(padding.MGF1(hashes.SHA256()), padding.PSS.MAX_LENGTH)
- s = self.priv.sign(m, pad, hashes.SHA256())
- try:
- self.pub.verify(s, m, pad, hashes.SHA256())
- except InvalidSignature:
- return False
- return True
- class VQC:
- def factors(self, c):
- # lewd ponies
- return a, b
- def ecpoint(self, curve, x, y):
- raise FutureWarning
- return s
- if __name__ == '__main__':
- f = open(sys.argv[1], 'rb')
- data = f.read()
- if data.startswith(b'-----BEGIN PGP PUBLIC KEY BLOCK-----'):
- tgt = PGP(data)
- elif data.startswith(b'-----BEGIN CERTIFICATE-----'):
- tgt = SSL(data)
- elif data.startswith(b'-----BEGIN CERTIFICATE REQUEST-----'):
- tgt = SSL(data, fmt='csr')
- elif data.startswith(b'ssh-rsa') or data.startswith(b'ecdsa'):
- tgt = SSH(data)
- print(tgt, file=sys.stderr)
- if isinstance(tgt.pub, ec.EllipticCurvePublicKey):
- key = ECC(tgt)
- elif isinstance(tgt.pub, rsa.RSAPublicKey):
- key = RSA(tgt)
- else:
- raise TypeError
- vqc = VQC()
- if not key.compute(vqc) or not key.verify():
- print('No boom make sad pony :(', file=sys.stderr)
- sys.exit(9)
- print(tgt.export(key.priv), end='')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement