Beispiel #1
0
    def Verify(self, data, sig):
        """
    Verifies whether the signature corresponds to the given data. This is a
    stanard signature (i.e. HMAC-SHA1, RSA-SHA1, DSA-SHA1) that contains no
    version information, so this will try to verify with each key in a keyset.

    @param data: message that has been signed with sig
    @type data: string

    @param sig: Base64 string formatted as Header|Signature
    @type sig: string

    @return: True if sig corresponds to data, False otherwise.
    @rtype: boolean
    """
        sig_bytes = util.Decode(sig)

        for version in self.versions:
            key = self._keys[version]
            # Try to verify with each key
            result = key.Verify(data, sig_bytes)
            if result:
                return True

        # None of the keys verified the signature
        return False
Beispiel #2
0
  def Read(key):
    """
    Reads a RSA public key from a JSON string representation of it.

    @param key: a JSON representation of a RSA public key
    @type key: string

    @return: a RSA public key
    @rtype: L{RsaPublicKey}
    """
    rsa = json.loads(key)
    params = {'modulus' : util.Decode(rsa['modulus']),
              'publicExponent' : util.Decode(rsa['publicExponent'])}

    pubkey = RSA.construct((util.BytesToLong(params['modulus']),
                            util.BytesToLong(params['publicExponent'])))
    return RsaPublicKey(params, pubkey, rsa['size'])
Beispiel #3
0
  def Read(key):
    """
    Reads a DSA public key from a JSON string representation of it.

    @param key: a JSON representation of a DSA public key
    @type key: string

    @return: a DSA public key
    @rtype: L{DsaPublicKey}
    """

    dsa = json.loads(key)
    params = {'y' : util.Decode(dsa['y']),
              'p' : util.Decode(dsa['p']),
              'g' : util.Decode(dsa['g']),
              'q' : util.Decode(dsa['q'])}
    pubkey = DSA.construct((util.BytesToLong(params['y']),
                            util.BytesToLong(params['g']),
                            util.BytesToLong(params['p']),
                            util.BytesToLong(params['q'])))
    return DsaPublicKey(params, pubkey, dsa['size'])
Beispiel #4
0
  def Read(key):
    """
    Reads a RSA private key from a JSON string representation of it.

    @param key: a JSON representation of a RSA private key
    @type key: string

    @return: a RSA private key
    @rtype: L{RsaPrivateKey}
    """
    rsa = json.loads(key)
    pub = RsaPublicKey.Read(json.dumps(rsa['publicKey']))
    params = {'privateExponent': util.Decode(rsa['privateExponent']),
              'primeP': util.Decode(rsa['primeP']),
              'primeQ': util.Decode(rsa['primeQ']),
              'primeExponentP': util.Decode(rsa['primeExponentP']),
              'primeExponentQ': util.Decode(rsa['primeExponentQ']),
              'crtCoefficient': util.Decode(rsa['crtCoefficient'])
              }

    key = RSA.construct((util.BytesToLong(pub.params['modulus']),
                         util.BytesToLong(pub.params['publicExponent']),
                         util.BytesToLong(params['privateExponent']),
                         util.BytesToLong(params['primeQ']),
                         util.BytesToLong(params['primeP']),
                         util.BytesToLong(params['crtCoefficient'])))
    return RsaPrivateKey(params, pub, key, rsa['size'])
Beispiel #5
0
    def Verify(self, data, sig):
        """
    Verifies whether the signature corresponds to the given data.

    @param data: message that has been signed with sig
    @type data: string

    @param sig: Base64 string formatted as Header|Signature
    @type sig: string

    @return: True if sig corresponds to data, False otherwise.
    @rtype: boolean
    """
        sig_bytes = util.Decode(sig)
        if len(sig_bytes) < HEADER_SIZE:
            raise errors.ShortSignatureError(len(sig_bytes))
        key = self._ParseHeader(sig_bytes[:HEADER_SIZE])
        return key.Verify(data + VERSION_BYTE, sig_bytes[HEADER_SIZE:])
Beispiel #6
0
  def Read(key):
    """
    Reads a DSA private key from a JSON string representation of it.

    @param key: a JSON representation of a DSA private key
    @type key: string

    @return: an DSA private key
    @rtype: L{DsaPrivateKey}
    """
    dsa = json.loads(key)
    pub = DsaPublicKey.Read(json.dumps(dsa['publicKey']))
    params = { 'x' : util.Decode(dsa['x']) }
    key = DSA.construct((util.BytesToLong(pub._params['y']),
                         util.BytesToLong(pub._params['g']),
                         util.BytesToLong(pub._params['p']),
                         util.BytesToLong(pub._params['q']),
                         util.BytesToLong(params['x'])))
    return DsaPrivateKey(params, pub, key, dsa['size'])
Beispiel #7
0
class Key(object):

  """Parent class for Keyczar Keys."""

  def __init__(self, type):
    self.type = type
    self.__size = self.type.default_size  # initially default

  def __eq__(self, other):
    return (self.type == other.type and
            self.size == other.size and
            self.key_string == other.key_string)

  def __SetSize(self, new_size):
    if self.type.IsValidSize(new_size):
      self.__size = new_size

  def _GetKeyString(self):
    """Return the key as a string. Abstract method."""

  def __GetKeyString(self):
    """Indirect getter for the key string."""
    return self._GetKeyString()

  def _Hash(self):
    """Compute and return the hash id of this key. Can override default hash."""
    fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)), self.key_bytes)
    return util.Encode(fullhash[:keyczar.KEY_HASH_SIZE])

  def __Hash(self):
    """Indirect getter for hash."""
    return self._Hash()

  hash = property(__Hash, doc="""The hash id of the key.""")
  size = property(lambda self: self.__size, __SetSize,
                  doc="""The size of the key in bits.""")
  key_string = property(__GetKeyString, doc="""The key as a Base64 string.""")
  key_bytes = property(lambda self: util.Decode(self.key_string),
                       doc="""The key as bytes.""")

  def Header(self):
    """Return the 5-byte header string including version byte, 4-byte hash."""
    return chr(keyczar.VERSION) + util.Decode(self.hash)
Beispiel #8
0
    def Decrypt(self, ciphertext):
        """
    Decrypts the given ciphertext and returns the plaintext.

    @param ciphertext: Base64 encoded string ciphertext to be decrypted.
    @type ciphertext: string

    @return: plaintext message
    @rtype: string

    @raise ShortCiphertextError: if length is too short to have Header, IV, Sig
    @raise BadVersionError: if header specifies an illegal version
    @raise BadFormatError: if header specifies an illegal format
    @raise KeyNotFoundError: if key specified in header doesn't exist
    @raise InvalidSignatureError: if the signature can't be verified
    """
        data_bytes = util.Decode(ciphertext)
        if len(data_bytes) < HEADER_SIZE:
            raise errors.ShortCiphertextError(len(data_bytes))
        key = self._ParseHeader(data_bytes[:HEADER_SIZE])
        return key.Decrypt(data_bytes)
Beispiel #9
0
 def Header(self):
   """Return the 5-byte header string including version byte, 4-byte hash."""
   return chr(keyczar.VERSION) + util.Decode(self.hash)