wip

2022-10-19 00:05:17 +02:00 · 2022-10-19 00:05:17 +02:00 · 97b0f5ed2d
commit 97b0f5ed2d
parent fea2d96077
3 changed files with 45 additions and 22 deletions
--- a/bin/deterministic_rsa_privkey
+++ b/bin/deterministic_rsa_privkey
@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+
+# https://stackoverflow.com/a/18266970
+
+from Crypto.PublicKey import RSA
+from struct import pack
+from hashlib import sha3_512
+from sys import argv
+from base64 import b64decode, b64encode
+
+
+class PRNG(object):
+    def __init__(self, seed):
+        self.index = 0
+        self.seed = sha3_512(seed).digest()
+        self.buffer = b""
+
+    def __call__(self, n):
+        while len(self.buffer) < n:
+            self.buffer += sha3_512(self.seed + pack("<d", self.index)).digest()
+            self.index += 1
+
+        result, self.buffer = self.buffer[:n], self.buffer[n:]
+        return result
+
+
+bits = int(argv[1])
+secret = b64decode(argv[2])
+key = RSA.generate(bits, randfunc=PRNG(secret))
+
+print(
+    b64encode(key.export_key('DER')).decode()
+)
--- a/bundles/opendkim/metadata.py
+++ b/bundles/opendkim/metadata.py
@ -1,8 +1,5 @@
-from os.path import join, exists
 from re import sub
 from cryptography.hazmat.primitives import serialization as crypto_serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
-from cryptography.hazmat.primitives.serialization import load_der_private_key
 from base64 import b64decode


@ -27,6 +24,7 @@ def keys(metadata):

    for domain in metadata.get('mailserver/domains'):
        privkey = repo.libs.rsa.generate_deterministic_rsa_private_key(
+            repo.path,
            b64decode(str(repo.vault.random_bytes_as_base64_for('dkim' + domain)))
        )
        keys[domain] = {
--- a/libs/rsa.py
+++ b/libs/rsa.py
@ -1,29 +1,21 @@
 # https://stackoverflow.com/a/18266970

-from Crypto.PublicKey import RSA
-from Crypto.Hash import HMAC
-from struct import pack
-from hashlib import sha3_512
+from base64 import b64decode, b64encode
 from cryptography.hazmat.primitives.serialization import load_der_private_key
 from functools import cache
-
-
-class PRNG(object):
-    def __init__(self, seed):
-        self.index = 0
-        self.seed = sha3_512(seed).digest()
-        self.buffer = b""
-    def __call__(self, n):
-        while len(self.buffer) < n:
-            self.buffer += sha3_512(self.seed + pack("<d", self.index)).digest()
-            self.index += 1
-        result, self.buffer = self.buffer[:n], self.buffer[n:]
-        return result
+from subprocess import check_output
+from os.path import join


@cache
-def generate_deterministic_rsa_private_key(secret_bytes):
+def generate_deterministic_rsa_private_key(repo_path, secret_bytes):
+    privkey_der = check_output([
+        join(repo_path, 'bin', 'deterministic_rsa_privkey'),
+        '2048',
+        b64encode(secret_bytes),
+    ])
+
    return load_der_private_key(
-        RSA.generate(2048, randfunc=PRNG(secret_bytes)).export_key('DER'),
+        b64decode(privkey_der),
        password=None,
    )