def test_encode_dss_non_integer():
with pytest.raises(ValueError):
encode_dss_signature("h", 3)
with pytest.raises(ValueError):
encode_dss_signature("3", "2")
with pytest.raises(ValueError):
encode_dss_signature(3, "h")
with pytest.raises(ValueError):
encode_dss_signature(3.3, 1.2)
with pytest.raises(ValueError):
encode_dss_signature("hello", "world")
def verify(self, signature, msg):
"""
Verify whether a given signature is correct for a message.
:param signature: the given signature
:param msg: the given message
"""
length = len(signature) / 2
r = signature[:length]
# remove all "\x00" prefixes
while r and r[0] == "\x00":
r = r[1:]
# prepend "\x00" when the most significant bit is set
if ord(r[0]) & 128:
r = "\x00" + r
s = signature[length:]
# remove all "\x00" prefixes
while s and s[0] == "\x00":
s = s[1:]
# prepend "\x00" when the most significant bit is set
if ord(s[0]) & 128:
s = "\x00" + s
# turn back into int
r = int(hexlify(r), 16)
s = int(hexlify(s), 16)
# verify
try:
self.ec.verifier(encode_dss_signature(r, s),
ec.ECDSA(hashes.SHA1()))
return True
except InvalidSignature:
return False
def extract_signature(auth):
# type: (str) -> Tuple[str, str]
"""Fix the JWT auth token.
The JWA spec defines the signature to be a pair of 32octet encoded
longs.
The `ecdsa` library signs using a raw, 32octet pair of values (s, r).
Cryptography, which uses OpenSSL, uses a DER sequence of (s, r).
This function converts the raw ecdsa to DER.
:param auth: A JWT authorization token.
:type auth: str
:return tuple containing the signature material and signature
"""
payload, asig = auth.encode('utf8').rsplit(".", 1)
sig = base64.urlsafe_b64decode(repad(asig))
if len(sig) != 64:
return payload, sig
encoded = utils.encode_dss_signature(
s=int(binascii.hexlify(sig[32:]), 16),
r=int(binascii.hexlify(sig[:32]), 16)
)
return payload, encoded
def test_signature_failures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(
vector['x'],
vector['y'],
curve_type()
).public_key(backend)
signature = encode_dss_signature(vector['r'], vector['s'])
verifier = key.verifier(
signature,
ec.ECDSA(hash_type())
)
verifier.update(vector['message'])
if vector["fail"] is True:
with pytest.raises(exceptions.InvalidSignature):
verifier.verify()
else:
verifier.verify()
def verify_ssh_sig(self, data, msg):
if len(msg.asbytes()) == 40:
# spies.com bug: signature has no header
sig = msg.asbytes()
else:
kind = msg.get_text()
if kind != 'ssh-dss':
return 0
sig = msg.get_binary()
# pull out (r, s) which are NOT encoded as mpints
sigR = util.inflate_long(sig[:20], 1)
sigS = util.inflate_long(sig[20:], 1)
signature = encode_dss_signature(sigR, sigS)
key = dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p, q=self.q,
g=self.g)).public_key(backend=default_backend())
try:
key.verify(signature, data, hashes.SHA1())
except InvalidSignature:
return False
else:
return True
def ecdsa_verify(data_file, sig_data, pub_key_file):
data_f = open(data_file, "rb")
pay_load = data_f.read()
data_f.close()
sig_f = open(sig_data, "rb")
r_s = sig_f.read()
sig_f.close()
with open(pub_key_file, 'rb') as fpkey:
pem_data = fpkey.read()
cert = load_pem_x509_certificate(pem_data, default_backend())
public_key = cert.public_key()
if isinstance(public_key, ec.EllipticCurvePublicKey):
sig_r = int.from_bytes(r_s[:int(len(r_s) / 2)], byteorder='big')
sig_s = int.from_bytes(r_s[-int(len(r_s) / 2):], byteorder='big')
signature = encode_dss_signature(sig_r, sig_s)
try:
public_key.verify(signature, pay_load, ec.ECDSA(hashes.SHA384()))
print("ECDSA Correct signature detected.. :)\n")
except InvalidSignature:
print("ECDSA Invalid signature detected.. :(\n")
else:
print("RSA not yet supported")
exit()
def _ecc_static_length_signature(key, algorithm, digest):
"""Calculates an elliptic curve signature with a static length using pre-calculated hash.
:param key: Elliptic curve private key
:type key: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey
:param algorithm: Master algorithm to use
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param bytes digest: Pre-calculated hash digest
:returns: Signature with required length
:rtype: bytes
"""
pre_hashed_algorithm = ec.ECDSA(Prehashed(algorithm.signing_hash_type()))
signature = b''
while len(signature) != algorithm.signature_len:
_LOGGER.debug(
'Signature length %d is not desired length %d. Recalculating.',
len(signature), algorithm.signature_len)
signature = key.sign(digest, pre_hashed_algorithm)
if len(signature) != algorithm.signature_len:
# Most of the time, a signature of the wrong length can be fixed
# by negating s in the signature relative to the group order.
_LOGGER.debug(
'Signature length %d is not desired length %d. Negating s.',
len(signature), algorithm.signature_len)
r, s = decode_dss_signature(signature)
s = _ECC_CURVE_PARAMETERS[
algorithm.signing_algorithm_info.name].order - s
signature = encode_dss_signature(r, s)
return signature
def verify(self, key, payload, signature):
pkey = key.get_op_key('verify', self._curve)
r = signature[:len(signature) // 2]
s = signature[len(signature) // 2:]
enc_signature = ec_utils.encode_dss_signature(
int(hexlify(r), 16), int(hexlify(s), 16))
pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn))
def test__ecdsa_sha256_response(self, load_key_mock):
challenge = b'challenge'
# success case
private_key = ec.generate_private_key(ec.SECP384R1(), default_backend())
load_key_mock.return_value = private_key
r, s = self.manager._ecdsa_sha256_response(challenge)
r = int.from_bytes(r, 'big')
s = int.from_bytes(s, 'big')
signature = encode_dss_signature(r, s)
private_key.public_key().verify(
signature, challenge, ec.ECDSA(hashes.SHA256()))
# no key found
load_key_mock.reset_mock()
load_key_mock.side_effect = IOError
with self.assertRaises(bm.BootstrapError):
self.manager._ecdsa_sha256_response(challenge)
# wrong type of key, e.g. rsa
load_key_mock.reset_mock()
load_key_mock.return_value = rsa.generate_private_key(
65537, 2048, default_backend())
with self.assertRaises(
bm.BootstrapError,
msg='Challenge key cannot be used for ECDSA signature'):
self.manager._ecdsa_sha256_response(challenge)
def test_dsa_verification(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
if (
not backend.dsa_parameters_supported(
vector['p'], vector['q'], vector['g']
) or not backend.dsa_hash_supported(algorithm)
):
pytest.skip(
"{0} does not support the provided parameters".format(backend)
)
public_key = dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector['p'], vector['q'], vector['g']
),
y=vector['y']
).public_key(backend)
sig = encode_dss_signature(vector['r'], vector['s'])
verifier = public_key.verifier(sig, algorithm())
verifier.update(vector['msg'])
if vector['result'] == "F":
with pytest.raises(InvalidSignature):
verifier.verify()
else:
verifier.verify()
def verify_ssh_sig(self, data, msg):
if len(msg.asbytes()) == 40:
# spies.com bug: signature has no header
sig = msg.asbytes()
else:
kind = msg.get_text()
if kind != 'ssh-dss':
return 0
sig = msg.get_binary()
# pull out (r, s) which are NOT encoded as mpints
sigR = util.inflate_long(sig[:20], 1)
sigS = util.inflate_long(sig[20:], 1)
signature = encode_dss_signature(sigR, sigS)
key = dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p,
q=self.q,
g=self.g
)
).public_key(backend=default_backend())
verifier = key.verifier(signature, hashes.SHA1())
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def test_signature_failures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(
vector['x'],
vector['y'],
curve_type()
).public_key(backend)
signature = encode_dss_signature(vector['r'], vector['s'])
if vector["fail"] is True:
with pytest.raises(exceptions.InvalidSignature):
key.verify(
signature,
vector['message'],
ec.ECDSA(hash_type())
)
else:
key.verify(
signature,
vector['message'],
ec.ECDSA(hash_type())
)
def test_signatures(self, backend, subtests):
vectors = itertools.chain(
load_vectors_from_file(
os.path.join(
"asymmetric", "ECDSA", "FIPS_186-3", "SigGen.txt"
),
load_fips_ecdsa_signing_vectors,
),
load_vectors_from_file(
os.path.join("asymmetric", "ECDSA", "SECP256K1", "SigGen.txt"),
load_fips_ecdsa_signing_vectors,
),
)
for vector in vectors:
with subtests.test():
hash_type = _HASH_TYPES[vector["digest_algorithm"]]
curve_type: typing.Type[ec.EllipticCurve] = ec._CURVE_TYPES[
vector["curve"]
]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(
vector["x"], vector["y"], curve_type()
).public_key(backend)
signature = encode_dss_signature(vector["r"], vector["s"])
key.verify(signature, vector["message"], ec.ECDSA(hash_type()))
def test_dsa_verification(self, backend, subtests):
vectors = load_vectors_from_file(
os.path.join("asymmetric", "DSA", "FIPS_186-3", "SigVer.rsp"),
load_fips_dsa_sig_vectors,
)
for vector in vectors:
with subtests.test():
digest_algorithm = vector["digest_algorithm"].replace("-", "")
algorithm = _ALGORITHMS_DICT[digest_algorithm]()
_skip_if_dsa_not_supported(backend, algorithm, vector["p"],
vector["q"], vector["g"])
public_key = dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector["p"], vector["q"], vector["g"]),
y=vector["y"],
).public_key(backend)
sig = encode_dss_signature(vector["r"], vector["s"])
if vector["result"] == "F":
with pytest.raises(InvalidSignature):
public_key.verify(sig, vector["msg"], algorithm)
else:
public_key.verify(sig, vector["msg"], algorithm)
def verify(self, dnskey):
"""
Verify signature with specified key. Raises a crypto key
specific exception on failure.
"""
pubkey = dnskey.key
hashalg = HASHFUNC[dnskey.algorithm]
if dnskey.algorithm in [5, 7, 8, 10]:
_ = pubkey.verify(self.rdata.signature, self.indata,
padding.PKCS1v15(), hashalg())
elif dnskey.algorithm in [13, 14]:
if dnskey.algorithm == 13:
sig_r = self.rdata.signature[0:32]
sig_s = self.rdata.signature[32:]
elif dnskey.algorithm == 14:
sig_r = self.rdata.signature[0:48]
sig_s = self.rdata.signature[48:]
sig_r = int.from_bytes(sig_r, byteorder='big')
sig_s = int.from_bytes(sig_s, byteorder='big')
encoded_sig = utils.encode_dss_signature(sig_r, sig_s)
_ = pubkey.verify(encoded_sig, self.indata, ec.ECDSA(hashalg()))
elif dnskey.algorithm in [15, 16]:
_ = pubkey.verify(self.rdata.signature, self.indata)
else:
raise ResError("Unknown key type: {}".format(type(pubkey)))
def test_dsa_verification(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
_skip_if_dsa_not_supported(
backend, algorithm, vector['p'], vector['q'], vector['g']
)
public_key = dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector['p'], vector['q'], vector['g']
),
y=vector['y']
).public_key(backend)
sig = encode_dss_signature(vector['r'], vector['s'])
verifier = pytest.deprecated_call(
public_key.verifier, sig, algorithm()
)
verifier.update(vector['msg'])
if vector['result'] == "F":
with pytest.raises(InvalidSignature):
verifier.verify()
else:
verifier.verify()
def verify_digest(hash_hex, pubkey_hex, sigb64, hashfunc=hashlib.sha256):
"""
Given a digest, public key (as hex), and a base64 signature,
verify that the public key signed the digest.
Return True if so
Return False if not
"""
if not isinstance(hash_hex, (str, unicode)):
raise ValueError("hash hex is not a string")
hash_hex = str(hash_hex)
pubk_uncompressed_hex = keylib.key_formatting.decompress(pubkey_hex)
sig_r, sig_s = decode_signature(sigb64)
pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(
ec.SECP256K1(),
pubk_uncompressed_hex.decode('hex')).public_key(default_backend())
signature = encode_dss_signature(sig_r, sig_s)
try:
pubk.verify(signature, hash_hex.decode('hex'),
ec.ECDSA(utils.Prehashed(hashes.SHA256())))
return True
except InvalidSignature:
return False
def verify_signature_ecc(signature, key, halg, data):
sig = signature.signature
rbytes = buffer_to_bytes(sig.ecdsa.signatureR)
r = int.from_bytes(rbytes, 'big')
sbytes = buffer_to_bytes(sig.ecdsa.signatureS)
s = int.from_bytes(sbytes, 'big')
dersig = encode_dss_signature(r, s)
key.verify(dersig, data, ECDSA(halg()))
def __init__(self, pubkey_hex, sigb64):
"""
Instantiate the verifier with a hex-encoded public key and a base64-encoded signature
"""
sig_r, sig_s = decode_signature(sigb64)
pubkey_hex_decompressed = keylib.key_formatting.decompress(pubkey_hex)
pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), pubkey_hex_decompressed.decode('hex')).public_key(default_backend())
signature = encode_dss_signature(sig_r, sig_s)
self.verifier = pubk.verifier(signature, ec.ECDSA(hashes.SHA256()))
def sign(self, private_key, message):
hash = hashlib.sha256(message).digest()
signature = private_key.private_key.sign(hash,
mechanism=Mechanism.ECDSA)
encoded_signature = encode_ecdsa_signature(signature)
r, s = decode_dss_signature(encoded_signature)
if s > self.half_order:
s = self.order - s
return encode_dss_signature(r, s)
def test_dss_signature():
sig = encode_dss_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
assert decode_dss_signature(sig) == (1, 1)
r_s1 = (
1037234182290683143945502320610861668562885151617,
559776156650501990899426031439030258256861634312,
)
sig2 = encode_dss_signature(*r_s1)
assert sig2 == (
b"0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b"
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08')
assert decode_dss_signature(sig2) == r_s1
sig3 = encode_dss_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
assert decode_dss_signature(sig3) == (0, 0)
def verify_signature_ecc(signature, key, data):
dt = _get_digest(signature.signature.any.hashAlg)
if dt is None:
raise ValueError(
f"unsupported digest algorithm: {signature.signature.ecdsa.hash}")
r = int.from_bytes(signature.signature.ecdsa.signatureR, byteorder="big")
s = int.from_bytes(signature.signature.ecdsa.signatureS, byteorder="big")
sig = encode_dss_signature(r, s)
key.verify(sig, data, ec.ECDSA(dt()))
def raw_to_der_signature(raw_sig, curve):
length = (curve.key_size + 7) // 8
if len(raw_sig) != 2 * length:
raise ValueError('Invalid signature')
r = bytes_to_number(raw_sig[:length])
s = bytes_to_number(raw_sig[length:])
return encode_dss_signature(r, s)
def verify(self, msg, sig, key):
try:
# cryptography uses ASN.1-encoded signature data; split JWS signature (r||s) and encode before verification
(r, s) = self._split_raw_signature(sig)
asn1sig = encode_dss_signature(r, s)
key.verify(asn1sig, msg, ec.ECDSA(self.hash_algorithm()))
except InvalidSignature as err:
raise BadSignature(err)
else:
return True
def _raw_to_der(self, raw_signature):
"""Convert signature from RAW encoding to DER encoding."""
component_length = self._sig_component_length()
if len(raw_signature) != int(2 * component_length):
raise ValueError("Invalid signature")
r_bytes = raw_signature[:component_length]
s_bytes = raw_signature[component_length:]
r = int_from_bytes(r_bytes, "big")
s = int_from_bytes(s_bytes, "big")
return encode_dss_signature(r, s)
def test_dss_signature():
sig = encode_dss_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
assert decode_dss_signature(sig) == (1, 1)
r_s1 = (1037234182290683143945502320610861668562885151617, 559776156650501990899426031439030258256861634312)
sig2 = encode_dss_signature(*r_s1)
assert sig2 == (
b"0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b"
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
)
assert decode_dss_signature(sig2) == r_s1
sig3 = encode_dss_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
assert decode_dss_signature(sig3) == (0, 0)
sig4 = encode_dss_signature(-1, 0)
assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
assert decode_dss_signature(sig4) == (-1, 0)
def ecdsa_sig_from_agent_signed_response(response):
msg = Message(response)
algo = msg.get_text()
sig = msg.get_binary()
sig_msg = Message(sig)
r = sig_msg.get_mpint()
s = sig_msg.get_mpint()
signature = encode_dss_signature(r, s)
return signature
def verify(public_key, data, signature):
"""
verify a signature based on the public key and data
"""
deserialized_public_key = serialization.load_pem_public_key(public_key.encode('utf-8'), default_backend())
(r , s) = signature
try:
deserialized_public_key.verify(encode_dss_signature(r, s), json.dumps(data).encode('utf-8'), ec.ECDSA(hashes.SHA256()))
return True
except InvalidSignature :
return False
def verify(self, key: ec.EllipticCurvePublicKey, msg: bytes,
sig: bytes) -> bool:
"""Verify the ``msg` and ``sig`` using ``key``."""
rlen = jwk.JWKEC.expected_length_for_curve(key.curve)
if len(sig) != 2 * rlen:
# Format error - rfc7518 - 3.4 … MUST NOT be shortened to omit any leading zero octets
return False
asn1sig = encode_dss_signature(
int.from_bytes(sig[0:rlen], byteorder='big'),
int.from_bytes(sig[rlen:], byteorder='big'))
return self._verify(key, msg, asn1sig)
def ecdsa_sig_from_agent_signed_response(response):
msg = Message(response)
algo = msg.get_text()
sig = msg.get_binary()
sig_msg = Message(sig)
r = sig_msg.get_mpint()
s = sig_msg.get_mpint()
signature = encode_dss_signature(r, s)
return signature
def raw_to_der_signature(raw_sig, curve):
num_bits = curve.key_size
num_bytes = (num_bits + 7) // 8
if len(raw_sig) != 2 * num_bytes:
raise ValueError("Invalid signature")
r = bytes_to_number(raw_sig[:num_bytes])
s = bytes_to_number(raw_sig[num_bytes:])
return encode_dss_signature(r, s)
def _raw_to_der(self, raw_signature):
"""Convert signature from RAW encoding to DER encoding."""
component_length = self._sig_component_length()
if len(raw_signature) != int(2 * component_length):
raise ValueError("Invalid signature")
r_bytes = raw_signature[:component_length]
s_bytes = raw_signature[component_length:]
r = int_from_bytes(r_bytes, "big")
s = int_from_bytes(s_bytes, "big")
return encode_dss_signature(r, s)
def ecdsa_to_asn1_der(signature):
"""ASN.1 DER encode an ECDSA signature.
:param bytes signature: ECDSA signature encoded according to RFC 7518, i.e. the concatenated big-endian bytes of
two integers (as produced by Key Vault)
:return: signature, ASN.1 DER encoded (as expected by ``cryptography``)
"""
mid = len(signature) // 2
r = _bytes_to_int(signature[:mid])
s = _bytes_to_int(signature[mid:])
return utils.encode_dss_signature(r, s)
def _encode_dss_signature(self, raw_signature, key_size_bits):
want_raw_signature_len = key_size_bits // 8 * 2
if len(raw_signature) != want_raw_signature_len:
raise InvalidSignature(
"Expected %d byte SignatureValue, got %d"
% (want_raw_signature_len, len(raw_signature))
)
int_len = len(raw_signature) // 2
r = bytes_to_long(raw_signature[:int_len])
s = bytes_to_long(raw_signature[int_len:])
return utils.encode_dss_signature(r, s)
def verify(self, signature, data, hash_context):
if not isinstance(hash_context, hashes.HashContext):
raise TypeError("hash_context must be an instance of hashes.HashContext.")
size = self.public_numbers.parameter_numbers.q.bit_length() // 8
r, s = (bytes_to_long(value) for value in read_content(signature, '{0}s{0}s'.format(size)))
# r, s = (bytes_to_long(value) for value in read_content(signature, '20s20s'))
hash_context.update(data)
digest = hash_context.finalize()
try:
self._key.verify(encode_dss_signature(r, s), digest, Prehashed(SHA256HMAC160()))
except InvalidSignature:
raise ValueError("invalid signature")
def test_signatures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(vector['x'], vector['y'],
curve_type()).public_key(backend)
signature = encode_dss_signature(vector['r'], vector['s'])
key.verify(signature, vector['message'], ec.ECDSA(hash_type()))
def forge(data, pk, r, s, k):
p, q, g, y = pk['p'], pk['q'], pk['g'], pk['y']
h1 = int(hashlib.sha1(data.encode()).hexdigest(), 16)
h2 = int(hashlib.sha256(data.encode()).hexdigest(), 16)
kinv = _modinv(k, q)
x = ((s * k - h1) * _modinv(r, q)) % q
assert y == pow(g, x, p), 'Error extracting private key'
forge_s = kinv * (h2 + r * x) % q
signature = encode_dss_signature(r, forge_s).hex()
return signature, data
def verify(self, signature, data, hash_context):
if not isinstance(hash_context, hashes.HashContext):
raise TypeError("hash_context must be an instance of hashes.HashContext.")
size = self.public_numbers.parameter_numbers.q.bit_length() // 8
r, s = (bytes_to_long(value) for value in read_content(signature, '{0}s{0}s'.format(size)))
# r, s = (bytes_to_long(value) for value in read_content(signature, '20s20s'))
verifier = self._key.verifier(encode_dss_signature(r, s), hashes.SHA256())
verifier._hash_ctx = hash_context
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
raise ValueError("invalid signature")
def verify(self, signature, data):
"""
Verify a signature using this key.
@type signature: L{bytes}
@param signature: The signature to verify.
@type data: L{bytes}
@param data: The signed data.
@rtype: L{bool}
@return: C{True} if the signature is valid.
"""
if len(signature) == 40:
# DSA key with no padding
signatureType, signature = b'ssh-dss', common.NS(signature)
else:
signatureType, signature = common.getNS(signature)
if signatureType != self.sshType():
return False
if self.type() == 'RSA':
k = self._keyObject
if not self.isPublic():
k = k.public_key()
verifier = k.verifier(
common.getNS(signature)[0],
padding.PKCS1v15(),
hashes.SHA1(),
)
elif self.type() == 'DSA':
concatenatedSignature = common.getNS(signature)[0]
r = int_from_bytes(concatenatedSignature[:20], 'big')
s = int_from_bytes(concatenatedSignature[20:], 'big')
signature = encode_dss_signature(r, s)
k = self._keyObject
if not self.isPublic():
k = k.public_key()
verifier = k.verifier(
signature, hashes.SHA1())
else:
raise BadKeyError("unknown key type %s" % (self.type(),))
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def verify_ssh_sig(self, data, msg):
if msg.get_text() != self.ecdsa_curve.key_format_identifier:
return False
sig = msg.get_binary()
sigR, sigS = self._sigdecode(sig)
signature = encode_dss_signature(sigR, sigS)
try:
self.verifying_key.verify(
signature, data, ec.ECDSA(self.ecdsa_curve.hash_object())
)
except InvalidSignature:
return False
else:
return True
def der_encode(signature_bin_asn):
"""
This encodes a raw signature to DER.
It uses the encode_dss_signature() function from cryptography.
:param signature_bin_asn: RAW signature
:type signature_bin_asn: bytes
:return: DER encoded signature
:rtype: bytes
"""
if len(signature_bin_asn) != 64:
raise Exception("The signature needs to be 64 bytes.")
vr = int(binascii.hexlify(signature_bin_asn[:32]), 16)
vs = int(binascii.hexlify(signature_bin_asn[32:]), 16)
signature_bin = encode_dss_signature(vr, vs)
return signature_bin
def test_signatures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(
vector['x'],
vector['y'],
curve_type()
).public_key(backend)
signature = encode_dss_signature(vector['r'], vector['s'])
key.verify(
signature,
vector['message'],
ec.ECDSA(hash_type())
)
def extract_signature(auth):
"""Extracts the payload and signature from a JWT, converting from RFC7518
to RFC 3279
:param auth: A JWT Authorization Token.
:type auth: str
:return tuple containing the signature material and signature
"""
payload, asig = auth.encode('utf8').rsplit(b'.', 1)
sig = b64urldecode(asig)
if len(sig) != 64:
raise InvalidSignature()
encoded = utils.encode_dss_signature(
s=int(binascii.hexlify(sig[32:]), 16),
r=int(binascii.hexlify(sig[:32]), 16)
)
return payload, encoded
def verify_one_vector(vector):
digest_algorithm = vector['digest_algorithm']
message = vector['message']
x = vector['x']
y = vector['y']
signature = encode_dss_signature(vector['r'], vector['s'])
numbers = ec.EllipticCurvePublicNumbers(
x, y,
ec.SECP256K1()
)
key = numbers.public_key(default_backend())
verifier = key.verifier(
signature,
ec.ECDSA(CRYPTOGRAPHY_HASH_TYPES[digest_algorithm]())
)
verifier.update(message)
return verifier.verify()
def verify(self, payload, signature):
"""
Verify that the token signed the data
:type payload: String
:param payload: message that was signed and needs verified
:type signature: Base64 URL Safe
:param signature: Signature that can verify the sender\'s identity and payload
:return:
"""
raw_sig = utils.base64url_decode(signature)
sig_r_bin = raw_sig[:len(raw_sig)//2]
sig_s_bin = raw_sig[len(raw_sig)//2:]
sig_r = unpack_bytes(sig_r_bin)
sig_s = unpack_bytes(sig_s_bin)
sig = encode_dss_signature(sig_r, sig_s)
signer = self.public_key.verifier(sig, ec.ECDSA(hashes.SHA256()))
signer.update(utils.to_bytes(payload))
return signer.verify()
def verify_token(self, validation_token, verification_token):
"""Internally used to verify the verification token is correct.
:param validation_token: Provided validation token string
:type validation_token: str
:param verification_token: Generated verification token
:type verification_token: str
:returns: Boolean indicating if verifictation token is valid.
:rtype: boolean
"""
hsig = b64urldecode(verification_token.encode('utf8'))
r = int(binascii.hexlify(hsig[:32]), 16)
s = int(binascii.hexlify(hsig[32:]), 16)
try:
self.public_key.verify(
ecutils.encode_dss_signature(r, s),
validation_token,
signature_algorithm=ec.ECDSA(hashes.SHA256())
)
return True
except InvalidSignature:
return False