cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
cronekorkn 2022-10-19 00:05:17 +02:00
parent fea2d96077
commit 97b0f5ed2d
Signed by: cronekorkn
SSH key fingerprint: SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
3 changed files with 45 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
bin/deterministic_rsa_privkey Executable file
View file

@ -0,0 +1,33 @@
#!/usr/bin/env python3
# https://stackoverflow.com/a/18266970
from Crypto.PublicKey import RSA
from struct import pack
from hashlib import sha3_512
from sys import argv
from base64 import b64decode, b64encode
class PRNG(object):
def __init__(self, seed):
self.index = 0
self.seed = sha3_512(seed).digest()
self.buffer = b""
def __call__(self, n):
while len(self.buffer) < n:
self.buffer += sha3_512(self.seed + pack("<d", self.index)).digest()
self.index += 1
result, self.buffer = self.buffer[:n], self.buffer[n:]
return result
bits = int(argv[1])
secret = b64decode(argv[2])
key = RSA.generate(bits, randfunc=PRNG(secret))
print(
b64encode(key.export_key('DER')).decode()
)

4
bundles/opendkim/metadata.py
View file

@ -1,8 +1,5 @@
from os.path import join, exists
from re import sub from re import sub
from cryptography.hazmat.primitives import serialization as crypto_serialization from cryptography.hazmat.primitives import serialization as crypto_serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import load_der_private_key
from base64 import b64decode from base64 import b64decode
@ -27,6 +24,7 @@ def keys(metadata):
for domain in metadata.get('mailserver/domains'): for domain in metadata.get('mailserver/domains'):
privkey = repo.libs.rsa.generate_deterministic_rsa_private_key( privkey = repo.libs.rsa.generate_deterministic_rsa_private_key(
repo.path,
b64decode(str(repo.vault.random_bytes_as_base64_for('dkim' + domain))) b64decode(str(repo.vault.random_bytes_as_base64_for('dkim' + domain)))
) )
keys[domain] = { keys[domain] = {

30
libs/rsa.py
View file

@ -1,29 +1,21 @@
# https://stackoverflow.com/a/18266970 # https://stackoverflow.com/a/18266970
from Crypto.PublicKey import RSA from base64 import b64decode, b64encode
from Crypto.Hash import HMAC
from struct import pack
from hashlib import sha3_512
from cryptography.hazmat.primitives.serialization import load_der_private_key from cryptography.hazmat.primitives.serialization import load_der_private_key
from functools import cache from functools import cache
from subprocess import check_output
from os.path import join
class PRNG(object):
def __init__(self, seed):
self.index = 0
self.seed = sha3_512(seed).digest()
self.buffer = b""
def __call__(self, n):
while len(self.buffer) < n:
self.buffer += sha3_512(self.seed + pack("<d", self.index)).digest()
self.index += 1
result, self.buffer = self.buffer[:n], self.buffer[n:]
return result
@cache @cache
def generate_deterministic_rsa_private_key(secret_bytes): def generate_deterministic_rsa_private_key(repo_path, secret_bytes):
privkey_der = check_output([
join(repo_path, 'bin', 'deterministic_rsa_privkey'),
'2048',
b64encode(secret_bytes),
])
return load_der_private_key( return load_der_private_key(
RSA.generate(2048, randfunc=PRNG(secret_bytes)).export_key('DER'), b64decode(privkey_der),
password=None, password=None,
) )