Replace magic number with magic dict
This commit is contained in:
Timotej Lazar
parent
8af9546e60
commit
bfaa9c2565
17
margfools
17
margfools
|
|
@ -23,16 +23,17 @@ def sign(data, key, pin=None, engine=None):
|
||||||
env = None
|
env = None
|
||||||
elif engine == 'pkcs11':
|
elif engine == 'pkcs11':
|
||||||
# key on smartcard
|
# key on smartcard
|
||||||
|
digest_info = { # from RFC 3447
|
||||||
|
'MD2': '3020300c06082a864886f70d020205000410',
|
||||||
|
'MD5': '3020300c06082a864886f70d020505000410',
|
||||||
|
'SHA-1': '3021300906052b0e03021a05000414',
|
||||||
|
'SHA-256': '3031300d060960864801650304020105000420',
|
||||||
|
'SHA-384': '3041300d060960864801650304020205000430',
|
||||||
|
'SHA-512': '3051300d060960864801650304020305000440'
|
||||||
|
}
|
||||||
cmd = ['pkcs11-tool', '--id', key, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN']
|
cmd = ['pkcs11-tool', '--id', key, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN']
|
||||||
env = {'PIN': pin}
|
env = {'PIN': pin}
|
||||||
"""magic_prefix is ASN.1 DER for
|
raw_data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(data)
|
||||||
DigestInfo ::= SEQUENCE {
|
|
||||||
digestAlgorithm DigestAlgorithm,
|
|
||||||
digest OCTET STRING
|
|
||||||
}
|
|
||||||
"""
|
|
||||||
magic_prefix = bytes.fromhex("3031300d060960864801650304020105000420")
|
|
||||||
raw_data = magic_prefix + base64.b64decode(data)
|
|
||||||
p = subprocess.run(cmd, env=env, input=raw_data, capture_output=True)
|
p = subprocess.run(cmd, env=env, input=raw_data, capture_output=True)
|
||||||
return base64.b64encode(p.stdout).decode()
|
return base64.b64encode(p.stdout).decode()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue