def test_encode_rfc6979_non_integer():
with pytest.raises(ValueError):
encode_rfc6979_signature("h", 3)
with pytest.raises(ValueError):
encode_rfc6979_signature("3", "2")
with pytest.raises(ValueError):
encode_rfc6979_signature(3, "h")
with pytest.raises(ValueError):
encode_rfc6979_signature(3.3, 1.2)
with pytest.raises(ValueError):
encode_rfc6979_signature("hello", "world")
def test_encode_rfc6979_non_integer():
with pytest.raises(ValueError):
encode_rfc6979_signature("h", 3)
with pytest.raises(ValueError):
encode_rfc6979_signature("3", "2")
with pytest.raises(ValueError):
encode_rfc6979_signature(3, "h")
with pytest.raises(ValueError):
encode_rfc6979_signature(3.3, 1.2)
with pytest.raises(ValueError):
encode_rfc6979_signature("hello", "world")
def test_deprecated_rfc6979_signature():
with pytest.warns(CryptographyDeprecationWarning):
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
with pytest.warns(CryptographyDeprecationWarning):
decoded = decode_rfc6979_signature(sig)
assert decoded == (1, 1)
def verify_ssh_sig(self, data, msg):
if len(msg.asbytes()) == 40:
# spies.com bug: signature has no header
sig = msg.asbytes()
else:
kind = msg.get_text()
if kind != 'ssh-dss':
return 0
sig = msg.get_binary()
# pull out (r, s) which are NOT encoded as mpints
sigR = util.inflate_long(sig[:20], 1)
sigS = util.inflate_long(sig[20:], 1)
signature = encode_rfc6979_signature(sigR, sigS)
key = dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p, q=self.q,
g=self.g)).public_key(backend=default_backend())
verifier = key.verifier(signature, hashes.SHA1())
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def test_deprecated_rfc6979_signature():
with pytest.warns(CryptographyDeprecationWarning):
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
with pytest.warns(CryptographyDeprecationWarning):
decoded = decode_rfc6979_signature(sig)
assert decoded == (1, 1)
def test_dsa_verification(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
if (
not backend.dsa_parameters_supported(
vector['p'], vector['q'], vector['g']
) or not backend.dsa_hash_supported(algorithm)
):
pytest.skip(
"{0} does not support the provided parameters".format(backend)
)
public_key = dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector['p'], vector['q'], vector['g']
),
y=vector['y']
).public_key(backend)
sig = encode_rfc6979_signature(vector['r'], vector['s'])
verifier = public_key.verifier(sig, algorithm())
verifier.update(vector['msg'])
if vector['result'] == "F":
with pytest.raises(InvalidSignature):
verifier.verify()
else:
verifier.verify()
def test_dsa_verification(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
if (
not backend.dsa_parameters_supported(
vector['p'], vector['q'], vector['g']
) or not backend.dsa_hash_supported(algorithm)
):
pytest.skip(
"{0} does not support the provided parameters".format(backend)
)
public_key = dsa.DSAPublicNumbers(
parameter_numbers=dsa.DSAParameterNumbers(
vector['p'], vector['q'], vector['g']
),
y=vector['y']
).public_key(backend)
sig = encode_rfc6979_signature(vector['r'], vector['s'])
verifier = public_key.verifier(sig, algorithm())
verifier.update(vector['msg'])
if vector['result'] == "F":
with pytest.raises(InvalidSignature):
verifier.verify()
else:
verifier.verify()
def test_signature_failures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(
vector['x'],
vector['y'],
curve_type()
).public_key(backend)
signature = encode_rfc6979_signature(vector['r'], vector['s'])
verifier = key.verifier(
signature,
ec.ECDSA(hash_type())
)
verifier.update(vector['message'])
if vector["fail"] is True:
with pytest.raises(exceptions.InvalidSignature):
verifier.verify()
else:
verifier.verify()
def verify(self, key, payload, signature):
pkey = key.get_op_key('verify', self._curve)
r = signature[:len(signature) // 2]
s = signature[len(signature) // 2:]
enc_signature = ec_utils.encode_rfc6979_signature(
int(hexlify(r), 16), int(hexlify(s), 16))
pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn))
def verify_ssh_sig(self, data, msg):
if len(msg.asbytes()) == 40:
# spies.com bug: signature has no header
sig = msg.asbytes()
else:
kind = msg.get_text()
if kind != 'ssh-dss':
return 0
sig = msg.get_binary()
# pull out (r, s) which are NOT encoded as mpints
sigR = util.inflate_long(sig[:20], 1)
sigS = util.inflate_long(sig[20:], 1)
signature = encode_rfc6979_signature(sigR, sigS)
key = dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p,
q=self.q,
g=self.g
)
).public_key(backend=default_backend())
verifier = key.verifier(signature, hashes.SHA1())
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def test_signature_failures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(
vector['x'],
vector['y'],
curve_type()
).public_key(backend)
signature = encode_rfc6979_signature(vector['r'], vector['s'])
verifier = key.verifier(
signature,
ec.ECDSA(hash_type())
)
verifier.update(vector['message'])
if vector["fail"] is True:
with pytest.raises(exceptions.InvalidSignature):
verifier.verify()
else:
verifier.verify()
def verify(self, key, payload, signature):
pkey = key.get_op_key('verify', self.curve)
r = signature[:len(signature)//2]
s = signature[len(signature)//2:]
enc_signature = ec_utils.encode_rfc6979_signature(
int(hexlify(r), 16), int(hexlify(s), 16))
verifier = pkey.verifier(enc_signature, ec.ECDSA(self.hashfn))
verifier.update(payload)
verifier.verify()
def test_rfc6979_signature():
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
assert decode_rfc6979_signature(sig) == (1, 1)
r_s1 = (1037234182290683143945502320610861668562885151617,
559776156650501990899426031439030258256861634312)
sig2 = encode_rfc6979_signature(*r_s1)
assert sig2 == (
b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08')
assert decode_rfc6979_signature(sig2) == r_s1
sig3 = encode_rfc6979_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
assert decode_rfc6979_signature(sig3) == (0, 0)
sig4 = encode_rfc6979_signature(-1, 0)
assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
assert decode_rfc6979_signature(sig4) == (-1, 0)
def raw_to_der_signature(raw_sig, curve):
num_bits = curve.key_size
num_bytes = (num_bits + 7) // 8
if len(raw_sig) != 2 * num_bytes:
raise ValueError('Invalid signature')
r = bytes_to_number(raw_sig[:num_bytes])
s = bytes_to_number(raw_sig[num_bytes:])
return encode_rfc6979_signature(r, s)
def raw_to_der_signature(raw_sig, curve):
num_bits = curve.key_size
num_bytes = (num_bits + 7) // 8
if len(raw_sig) != 2 * num_bytes:
raise ValueError('Invalid signature')
r = bytes_to_number(raw_sig[:num_bytes])
s = bytes_to_number(raw_sig[num_bytes:])
return encode_rfc6979_signature(r, s)
def test_signatures(self, backend, vector):
hash_type = _HASH_TYPES[vector["digest_algorithm"]]
curve_type = ec._CURVE_TYPES[vector["curve"]]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(vector["x"], vector["y"], curve_type()).public_key(backend)
signature = encode_rfc6979_signature(vector["r"], vector["s"])
verifier = key.verifier(signature, ec.ECDSA(hash_type()))
verifier.update(vector["message"])
assert verifier.verify()
def test_rfc6979_signature():
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
assert decode_rfc6979_signature(sig) == (1, 1)
r_s1 = (
1037234182290683143945502320610861668562885151617,
559776156650501990899426031439030258256861634312
)
sig2 = encode_rfc6979_signature(*r_s1)
assert sig2 == (
b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
)
assert decode_rfc6979_signature(sig2) == r_s1
sig3 = encode_rfc6979_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
assert decode_rfc6979_signature(sig3) == (0, 0)
sig4 = encode_rfc6979_signature(-1, 0)
assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
assert decode_rfc6979_signature(sig4) == (-1, 0)
def test_signatures(self, backend, vector):
hash_type = _HASH_TYPES[vector['digest_algorithm']]
curve_type = ec._CURVE_TYPES[vector['curve']]
_skip_ecdsa_vector(backend, curve_type, hash_type)
key = ec.EllipticCurvePublicNumbers(vector['x'], vector['y'],
curve_type()).public_key(backend)
signature = encode_rfc6979_signature(vector['r'], vector['s'])
verifier = key.verifier(signature, ec.ECDSA(hash_type()))
verifier.update(vector['message'])
assert verifier.verify()
def verify_one_vector(vector):
digest_algorithm = vector['digest_algorithm']
message = vector['message']
x = vector['x']
y = vector['y']
signature = encode_rfc6979_signature(vector['r'], vector['s'])
numbers = ec.EllipticCurvePublicNumbers(x, y, ec.SECP256K1())
key = numbers.public_key(default_backend())
verifier = key.verifier(
signature, ec.ECDSA(CRYPTOGRAPHY_HASH_TYPES[digest_algorithm]()))
verifier.update(message)
return verifier.verify()
def verify_ssh_sig(self, data, msg):
if msg.get_text() != 'ecdsa-sha2-nistp256':
return False
sig = msg.get_binary()
sigR, sigS = self._sigdecode(sig)
signature = encode_rfc6979_signature(sigR, sigS)
verifier = self.verifying_key.verifier(signature,
ec.ECDSA(hashes.SHA256()))
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def verify_ssh_sig(self, data, msg):
if msg.get_text() != 'ecdsa-sha2-nistp256':
return False
sig = msg.get_binary()
sigR, sigS = self._sigdecode(sig)
signature = encode_rfc6979_signature(sigR, sigS)
verifier = self.verifying_key.verifier(
signature, ec.ECDSA(hashes.SHA256())
)
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True
def verify_one_vector(vector):
digest_algorithm = vector['digest_algorithm']
message = vector['message']
x = vector['x']
y = vector['y']
signature = encode_rfc6979_signature(vector['r'], vector['s'])
numbers = ec.EllipticCurvePublicNumbers(
x, y,
ec.SECP256K1()
)
key = numbers.public_key(default_backend())
verifier = key.verifier(
signature,
ec.ECDSA(CRYPTOGRAPHY_HASH_TYPES[digest_algorithm]())
)
verifier.update(message)
return verifier.verify()