Ejemplos de encode_dss_signature en Python

Ejemplo n.º 1

Archivo: test_asym_utils.py Proyecto: Sp1l/cryptography

def test_encode_dss_non_integer():
    with pytest.raises(ValueError):
        encode_dss_signature("h", 3)

    with pytest.raises(ValueError):
        encode_dss_signature("3", "2")

    with pytest.raises(ValueError):
        encode_dss_signature(3, "h")

    with pytest.raises(ValueError):
        encode_dss_signature(3.3, 1.2)

    with pytest.raises(ValueError):
        encode_dss_signature("hello", "world")

Ejemplo n.º 2

Archivo: m2crypto.py Proyecto: egbertbouman/py-ipv8

    def verify(self, signature, msg):
        """
        Verify whether a given signature is correct for a message.

        :param signature: the given signature
        :param msg: the given message
        """
        length = len(signature) / 2
        r = signature[:length]
        # remove all "\x00" prefixes
        while r and r[0] == "\x00":
            r = r[1:]
        # prepend "\x00" when the most significant bit is set
        if ord(r[0]) & 128:
            r = "\x00" + r

        s = signature[length:]
        # remove all "\x00" prefixes
        while s and s[0] == "\x00":
            s = s[1:]
        # prepend "\x00" when the most significant bit is set
        if ord(s[0]) & 128:
            s = "\x00" + s
        # turn back into int
        r = int(hexlify(r), 16)
        s = int(hexlify(s), 16)
        # verify
        try:
            self.ec.verifier(encode_dss_signature(r, s),
                             ec.ECDSA(hashes.SHA1()))
            return True
        except InvalidSignature:
            return False

Ejemplo n.º 3

    def extract_signature(auth):
        # type: (str) -> Tuple[str, str]
        """Fix the JWT auth token.

        The JWA spec defines the signature to be a pair of 32octet encoded
        longs.
        The `ecdsa` library signs using a raw, 32octet pair of values (s, r).
        Cryptography, which uses OpenSSL, uses a DER sequence of (s, r).
        This function converts the raw ecdsa to DER.

        :param auth: A JWT authorization token.
        :type auth: str

        :return tuple containing the signature material and signature

        """
        payload, asig = auth.encode('utf8').rsplit(".", 1)
        sig = base64.urlsafe_b64decode(repad(asig))
        if len(sig) != 64:
            return payload, sig

        encoded = utils.encode_dss_signature(
            s=int(binascii.hexlify(sig[32:]), 16),
            r=int(binascii.hexlify(sig[:32]), 16)
        )
        return payload, encoded

Ejemplo n.º 4

Archivo: test_ec.py Proyecto: cloudera/hue

    def test_signature_failures(self, backend, vector):
        hash_type = _HASH_TYPES[vector['digest_algorithm']]
        curve_type = ec._CURVE_TYPES[vector['curve']]

        _skip_ecdsa_vector(backend, curve_type, hash_type)

        key = ec.EllipticCurvePublicNumbers(
            vector['x'],
            vector['y'],
            curve_type()
        ).public_key(backend)

        signature = encode_dss_signature(vector['r'], vector['s'])

        verifier = key.verifier(
            signature,
            ec.ECDSA(hash_type())
        )
        verifier.update(vector['message'])

        if vector["fail"] is True:
            with pytest.raises(exceptions.InvalidSignature):
                verifier.verify()
        else:
            verifier.verify()

Ejemplo n.º 5

Archivo: dsskey.py Proyecto: intgr/paramiko

    def verify_ssh_sig(self, data, msg):
        if len(msg.asbytes()) == 40:
            # spies.com bug: signature has no header
            sig = msg.asbytes()
        else:
            kind = msg.get_text()
            if kind != 'ssh-dss':
                return 0
            sig = msg.get_binary()

        # pull out (r, s) which are NOT encoded as mpints
        sigR = util.inflate_long(sig[:20], 1)
        sigS = util.inflate_long(sig[20:], 1)

        signature = encode_dss_signature(sigR, sigS)

        key = dsa.DSAPublicNumbers(
            y=self.y,
            parameter_numbers=dsa.DSAParameterNumbers(
                p=self.p, q=self.q,
                g=self.g)).public_key(backend=default_backend())
        try:
            key.verify(signature, data, hashes.SHA1())
        except InvalidSignature:
            return False
        else:
            return True

Ejemplo n.º 6

def ecdsa_verify(data_file, sig_data, pub_key_file):

    data_f = open(data_file, "rb")
    pay_load = data_f.read()
    data_f.close()

    sig_f = open(sig_data, "rb")
    r_s = sig_f.read()
    sig_f.close()

    with open(pub_key_file, 'rb') as fpkey:
        pem_data = fpkey.read()
    cert = load_pem_x509_certificate(pem_data, default_backend())
    public_key = cert.public_key()

    if isinstance(public_key, ec.EllipticCurvePublicKey):

        sig_r = int.from_bytes(r_s[:int(len(r_s) / 2)], byteorder='big')
        sig_s = int.from_bytes(r_s[-int(len(r_s) / 2):], byteorder='big')

        signature = encode_dss_signature(sig_r, sig_s)
        try:
            public_key.verify(signature, pay_load, ec.ECDSA(hashes.SHA384()))
            print("ECDSA Correct signature detected.. :)\n")
        except InvalidSignature:
            print("ECDSA Invalid signature detected.. :(\n")
    else:
        print("RSA not yet supported")
        exit()

Ejemplo n.º 7

def _ecc_static_length_signature(key, algorithm, digest):
    """Calculates an elliptic curve signature with a static length using pre-calculated hash.

    :param key: Elliptic curve private key
    :type key: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey
    :param algorithm: Master algorithm to use
    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
    :param bytes digest: Pre-calculated hash digest
    :returns: Signature with required length
    :rtype: bytes
    """
    pre_hashed_algorithm = ec.ECDSA(Prehashed(algorithm.signing_hash_type()))
    signature = b''
    while len(signature) != algorithm.signature_len:
        _LOGGER.debug(
            'Signature length %d is not desired length %d.  Recalculating.',
            len(signature), algorithm.signature_len)
        signature = key.sign(digest, pre_hashed_algorithm)
        if len(signature) != algorithm.signature_len:
            # Most of the time, a signature of the wrong length can be fixed
            # by negating s in the signature relative to the group order.
            _LOGGER.debug(
                'Signature length %d is not desired length %d.  Negating s.',
                len(signature), algorithm.signature_len)
            r, s = decode_dss_signature(signature)
            s = _ECC_CURVE_PARAMETERS[
                algorithm.signing_algorithm_info.name].order - s
            signature = encode_dss_signature(r, s)
    return signature

Ejemplo n.º 8

Archivo: jwa.py Proyecto: redrocket-ctf/csr-2020-tasks

 def verify(self, key, payload, signature):
     pkey = key.get_op_key('verify', self._curve)
     r = signature[:len(signature) // 2]
     s = signature[len(signature) // 2:]
     enc_signature = ec_utils.encode_dss_signature(
         int(hexlify(r), 16), int(hexlify(s), 16))
     pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn))

Ejemplo n.º 9

    def test__ecdsa_sha256_response(self, load_key_mock):
        challenge = b'challenge'

        # success case
        private_key = ec.generate_private_key(ec.SECP384R1(), default_backend())
        load_key_mock.return_value = private_key
        r, s = self.manager._ecdsa_sha256_response(challenge)
        r = int.from_bytes(r, 'big')
        s = int.from_bytes(s, 'big')
        signature = encode_dss_signature(r, s)
        private_key.public_key().verify(
            signature, challenge, ec.ECDSA(hashes.SHA256()))

        # no key found
        load_key_mock.reset_mock()
        load_key_mock.side_effect = IOError
        with self.assertRaises(bm.BootstrapError):
            self.manager._ecdsa_sha256_response(challenge)

        # wrong type of key, e.g. rsa
        load_key_mock.reset_mock()
        load_key_mock.return_value = rsa.generate_private_key(
            65537, 2048, default_backend())
        with self.assertRaises(
                bm.BootstrapError,
                msg='Challenge key cannot be used for ECDSA signature'):
            self.manager._ecdsa_sha256_response(challenge)

Ejemplo n.º 10

Archivo: test_dsa.py Proyecto: balabit-deps/balabit-os-6-python-cryptography

    def test_dsa_verification(self, vector, backend):
        digest_algorithm = vector['digest_algorithm'].replace("-", "")
        algorithm = self._algorithms_dict[digest_algorithm]
        if (
            not backend.dsa_parameters_supported(
                vector['p'], vector['q'], vector['g']
            ) or not backend.dsa_hash_supported(algorithm)
        ):
            pytest.skip(
                "{0} does not support the provided parameters".format(backend)
            )

        public_key = dsa.DSAPublicNumbers(
            parameter_numbers=dsa.DSAParameterNumbers(
                vector['p'], vector['q'], vector['g']
            ),
            y=vector['y']
        ).public_key(backend)
        sig = encode_dss_signature(vector['r'], vector['s'])
        verifier = public_key.verifier(sig, algorithm())
        verifier.update(vector['msg'])
        if vector['result'] == "F":
            with pytest.raises(InvalidSignature):
                verifier.verify()
        else:
            verifier.verify()

Ejemplo n.º 11

Archivo: dsskey.py Proyecto: reaperhulk/paramiko

    def verify_ssh_sig(self, data, msg):
        if len(msg.asbytes()) == 40:
            # spies.com bug: signature has no header
            sig = msg.asbytes()
        else:
            kind = msg.get_text()
            if kind != 'ssh-dss':
                return 0
            sig = msg.get_binary()

        # pull out (r, s) which are NOT encoded as mpints
        sigR = util.inflate_long(sig[:20], 1)
        sigS = util.inflate_long(sig[20:], 1)

        signature = encode_dss_signature(sigR, sigS)

        key = dsa.DSAPublicNumbers(
            y=self.y,
            parameter_numbers=dsa.DSAParameterNumbers(
                p=self.p,
                q=self.q,
                g=self.g
            )
        ).public_key(backend=default_backend())
        verifier = key.verifier(signature, hashes.SHA1())
        verifier.update(data)
        try:
            verifier.verify()
        except InvalidSignature:
            return False
        else:
            return True

Ejemplo n.º 12

Archivo: test_ec.py Proyecto: yishuihanhan/cryptography

    def test_signature_failures(self, backend, vector):
        hash_type = _HASH_TYPES[vector['digest_algorithm']]
        curve_type = ec._CURVE_TYPES[vector['curve']]

        _skip_ecdsa_vector(backend, curve_type, hash_type)

        key = ec.EllipticCurvePublicNumbers(
            vector['x'],
            vector['y'],
            curve_type()
        ).public_key(backend)

        signature = encode_dss_signature(vector['r'], vector['s'])

        if vector["fail"] is True:
            with pytest.raises(exceptions.InvalidSignature):
                key.verify(
                    signature,
                    vector['message'],
                    ec.ECDSA(hash_type())
                )
        else:
            key.verify(
                signature,
                vector['message'],
                ec.ECDSA(hash_type())
            )

Ejemplo n.º 13

    def test_signatures(self, backend, subtests):
        vectors = itertools.chain(
            load_vectors_from_file(
                os.path.join(
                    "asymmetric", "ECDSA", "FIPS_186-3", "SigGen.txt"
                ),
                load_fips_ecdsa_signing_vectors,
            ),
            load_vectors_from_file(
                os.path.join("asymmetric", "ECDSA", "SECP256K1", "SigGen.txt"),
                load_fips_ecdsa_signing_vectors,
            ),
        )
        for vector in vectors:
            with subtests.test():
                hash_type = _HASH_TYPES[vector["digest_algorithm"]]
                curve_type: typing.Type[ec.EllipticCurve] = ec._CURVE_TYPES[
                    vector["curve"]
                ]

                _skip_ecdsa_vector(backend, curve_type, hash_type)

                key = ec.EllipticCurvePublicNumbers(
                    vector["x"], vector["y"], curve_type()
                ).public_key(backend)

                signature = encode_dss_signature(vector["r"], vector["s"])

                key.verify(signature, vector["message"], ec.ECDSA(hash_type()))

Ejemplo n.º 14

    def test_dsa_verification(self, backend, subtests):
        vectors = load_vectors_from_file(
            os.path.join("asymmetric", "DSA", "FIPS_186-3", "SigVer.rsp"),
            load_fips_dsa_sig_vectors,
        )
        for vector in vectors:
            with subtests.test():
                digest_algorithm = vector["digest_algorithm"].replace("-", "")
                algorithm = _ALGORITHMS_DICT[digest_algorithm]()

                _skip_if_dsa_not_supported(backend, algorithm, vector["p"],
                                           vector["q"], vector["g"])

                public_key = dsa.DSAPublicNumbers(
                    parameter_numbers=dsa.DSAParameterNumbers(
                        vector["p"], vector["q"], vector["g"]),
                    y=vector["y"],
                ).public_key(backend)
                sig = encode_dss_signature(vector["r"], vector["s"])

                if vector["result"] == "F":
                    with pytest.raises(InvalidSignature):
                        public_key.verify(sig, vector["msg"], algorithm)
                else:
                    public_key.verify(sig, vector["msg"], algorithm)

Ejemplo n.º 15

 def verify(self, dnskey):
     """
     Verify signature with specified key. Raises a crypto key
     specific exception on failure.
     """
     pubkey = dnskey.key
     hashalg = HASHFUNC[dnskey.algorithm]
     if dnskey.algorithm in [5, 7, 8, 10]:
         _ = pubkey.verify(self.rdata.signature, self.indata,
                           padding.PKCS1v15(), hashalg())
     elif dnskey.algorithm in [13, 14]:
         if dnskey.algorithm == 13:
             sig_r = self.rdata.signature[0:32]
             sig_s = self.rdata.signature[32:]
         elif dnskey.algorithm == 14:
             sig_r = self.rdata.signature[0:48]
             sig_s = self.rdata.signature[48:]
         sig_r = int.from_bytes(sig_r, byteorder='big')
         sig_s = int.from_bytes(sig_s, byteorder='big')
         encoded_sig = utils.encode_dss_signature(sig_r, sig_s)
         _ = pubkey.verify(encoded_sig, self.indata, ec.ECDSA(hashalg()))
     elif dnskey.algorithm in [15, 16]:
         _ = pubkey.verify(self.rdata.signature, self.indata)
     else:
         raise ResError("Unknown key type: {}".format(type(pubkey)))

Ejemplo n.º 16

Archivo: test_dsa.py Proyecto: alex/cryptography

    def test_dsa_verification(self, vector, backend):
        digest_algorithm = vector['digest_algorithm'].replace("-", "")
        algorithm = self._algorithms_dict[digest_algorithm]

        _skip_if_dsa_not_supported(
            backend, algorithm, vector['p'], vector['q'], vector['g']
        )

        public_key = dsa.DSAPublicNumbers(
            parameter_numbers=dsa.DSAParameterNumbers(
                vector['p'], vector['q'], vector['g']
            ),
            y=vector['y']
        ).public_key(backend)
        sig = encode_dss_signature(vector['r'], vector['s'])
        verifier = pytest.deprecated_call(
            public_key.verifier, sig, algorithm()
        )

        verifier.update(vector['msg'])
        if vector['result'] == "F":
            with pytest.raises(InvalidSignature):
                verifier.verify()
        else:
            verifier.verify()

Ejemplo n.º 17

Archivo: ecdsalib.py Proyecto: knut0815/virtualchain

def verify_digest(hash_hex, pubkey_hex, sigb64, hashfunc=hashlib.sha256):
    """
    Given a digest, public key (as hex), and a base64 signature,
    verify that the public key signed the digest.
    Return True if so
    Return False if not
    """
    if not isinstance(hash_hex, (str, unicode)):
        raise ValueError("hash hex is not a string")

    hash_hex = str(hash_hex)
    pubk_uncompressed_hex = keylib.key_formatting.decompress(pubkey_hex)
    sig_r, sig_s = decode_signature(sigb64)

    pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(
        ec.SECP256K1(),
        pubk_uncompressed_hex.decode('hex')).public_key(default_backend())
    signature = encode_dss_signature(sig_r, sig_s)

    try:
        pubk.verify(signature, hash_hex.decode('hex'),
                    ec.ECDSA(utils.Prehashed(hashes.SHA256())))
        return True
    except InvalidSignature:
        return False

Ejemplo n.º 18

def verify_signature_ecc(signature, key, halg, data):
    sig = signature.signature
    rbytes = buffer_to_bytes(sig.ecdsa.signatureR)
    r = int.from_bytes(rbytes, 'big')
    sbytes = buffer_to_bytes(sig.ecdsa.signatureS)
    s = int.from_bytes(sbytes, 'big')
    dersig = encode_dss_signature(r, s)
    key.verify(dersig, data, ECDSA(halg()))

Ejemplo n.º 19

Archivo: ecdsalib.py Proyecto: Redd-ID/virtualchain

 def __init__(self, pubkey_hex, sigb64):
     """
     Instantiate the verifier with a hex-encoded public key and a base64-encoded signature
     """
     sig_r, sig_s = decode_signature(sigb64)
     pubkey_hex_decompressed = keylib.key_formatting.decompress(pubkey_hex)
     pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), pubkey_hex_decompressed.decode('hex')).public_key(default_backend())
     signature = encode_dss_signature(sig_r, sig_s)
     self.verifier = pubk.verifier(signature, ec.ECDSA(hashes.SHA256()))

Ejemplo n.º 20

Archivo: crypto.py Proyecto: y0zg/ansible-collection

 def sign(self, private_key, message):
     hash = hashlib.sha256(message).digest()
     signature = private_key.private_key.sign(hash,
                                              mechanism=Mechanism.ECDSA)
     encoded_signature = encode_ecdsa_signature(signature)
     r, s = decode_dss_signature(encoded_signature)
     if s > self.half_order:
         s = self.order - s
     return encode_dss_signature(r, s)

Ejemplo n.º 21

def test_dss_signature():
    sig = encode_dss_signature(1, 1)
    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
    assert decode_dss_signature(sig) == (1, 1)

    r_s1 = (
        1037234182290683143945502320610861668562885151617,
        559776156650501990899426031439030258256861634312,
    )
    sig2 = encode_dss_signature(*r_s1)
    assert sig2 == (
        b"0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b"
        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08')
    assert decode_dss_signature(sig2) == r_s1

    sig3 = encode_dss_signature(0, 0)
    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
    assert decode_dss_signature(sig3) == (0, 0)

Ejemplo n.º 22

Archivo: crypto.py Proyecto: williamcroberts/tpm2-pytss

def verify_signature_ecc(signature, key, data):
    dt = _get_digest(signature.signature.any.hashAlg)
    if dt is None:
        raise ValueError(
            f"unsupported digest algorithm: {signature.signature.ecdsa.hash}")
    r = int.from_bytes(signature.signature.ecdsa.signatureR, byteorder="big")
    s = int.from_bytes(signature.signature.ecdsa.signatureS, byteorder="big")
    sig = encode_dss_signature(r, s)
    key.verify(sig, data, ec.ECDSA(dt()))

Ejemplo n.º 23

def raw_to_der_signature(raw_sig, curve):
    length = (curve.key_size + 7) // 8

    if len(raw_sig) != 2 * length:
        raise ValueError('Invalid signature')

    r = bytes_to_number(raw_sig[:length])
    s = bytes_to_number(raw_sig[length:])
    return encode_dss_signature(r, s)

Ejemplo n.º 24

 def verify(self, msg, sig, key):
     try:
         # cryptography uses ASN.1-encoded signature data; split JWS signature (r||s) and encode before verification
         (r, s) = self._split_raw_signature(sig)
         asn1sig = encode_dss_signature(r, s)
         key.verify(asn1sig, msg, ec.ECDSA(self.hash_algorithm()))
     except InvalidSignature as err:
         raise BadSignature(err)
     else:
         return True

Ejemplo n.º 25

Archivo: cryptography_backend.py Proyecto: mpdavis/python-jose

    def _raw_to_der(self, raw_signature):
        """Convert signature from RAW encoding to DER encoding."""
        component_length = self._sig_component_length()
        if len(raw_signature) != int(2 * component_length):
            raise ValueError("Invalid signature")

        r_bytes = raw_signature[:component_length]
        s_bytes = raw_signature[component_length:]
        r = int_from_bytes(r_bytes, "big")
        s = int_from_bytes(s_bytes, "big")
        return encode_dss_signature(r, s)

Ejemplo n.º 26

Archivo: test_asym_utils.py Proyecto: reaperhulk/cryptography

def test_dss_signature():
    sig = encode_dss_signature(1, 1)
    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
    assert decode_dss_signature(sig) == (1, 1)

    r_s1 = (1037234182290683143945502320610861668562885151617, 559776156650501990899426031439030258256861634312)
    sig2 = encode_dss_signature(*r_s1)
    assert sig2 == (
        b"0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b"
        b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
    )
    assert decode_dss_signature(sig2) == r_s1

    sig3 = encode_dss_signature(0, 0)
    assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
    assert decode_dss_signature(sig3) == (0, 0)

    sig4 = encode_dss_signature(-1, 0)
    assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
    assert decode_dss_signature(sig4) == (-1, 0)

Ejemplo n.º 27

Archivo: auth.py Proyecto: joyent/python-manta

def ecdsa_sig_from_agent_signed_response(response):
    msg = Message(response)
    algo = msg.get_text()
    sig = msg.get_binary()

    sig_msg = Message(sig)
    r = sig_msg.get_mpint()
    s = sig_msg.get_mpint()
    signature = encode_dss_signature(r, s)

    return signature

Ejemplo n.º 28

Archivo: wallet.py Proyecto: yashdatir/simple-blockchain-implementation-using-python

 def verify(public_key, data, signature):
     """
     verify a signature based on the public key and data
     """
     deserialized_public_key = serialization.load_pem_public_key(public_key.encode('utf-8'), default_backend())
     (r , s) = signature
     try:
         deserialized_public_key.verify(encode_dss_signature(r, s), json.dumps(data).encode('utf-8'), ec.ECDSA(hashes.SHA256()))
         return True
     except InvalidSignature :
         return False

Ejemplo n.º 29

 def verify(self, key: ec.EllipticCurvePublicKey, msg: bytes,
            sig: bytes) -> bool:
     """Verify the ``msg` and ``sig`` using ``key``."""
     rlen = jwk.JWKEC.expected_length_for_curve(key.curve)
     if len(sig) != 2 * rlen:
         # Format error - rfc7518 - 3.4 … MUST NOT be shortened to omit any leading zero octets
         return False
     asn1sig = encode_dss_signature(
         int.from_bytes(sig[0:rlen], byteorder='big'),
         int.from_bytes(sig[rlen:], byteorder='big'))
     return self._verify(key, msg, asn1sig)

Ejemplo n.º 30

Archivo: auth.py Proyecto: trentm/python-manta

def ecdsa_sig_from_agent_signed_response(response):
    msg = Message(response)
    algo = msg.get_text()
    sig = msg.get_binary()

    sig_msg = Message(sig)
    r = sig_msg.get_mpint()
    s = sig_msg.get_mpint()
    signature = encode_dss_signature(r, s)

    return signature

Ejemplo n.º 31

Archivo: utils.py Proyecto: vishwaks/pyjwt

def raw_to_der_signature(raw_sig, curve):
    num_bits = curve.key_size
    num_bytes = (num_bits + 7) // 8

    if len(raw_sig) != 2 * num_bytes:
        raise ValueError("Invalid signature")

    r = bytes_to_number(raw_sig[:num_bytes])
    s = bytes_to_number(raw_sig[num_bytes:])

    return encode_dss_signature(r, s)

Ejemplo n.º 32

Archivo: cryptography_backend.py Proyecto: MatTerra/python-jose

    def _raw_to_der(self, raw_signature):
        """Convert signature from RAW encoding to DER encoding."""
        component_length = self._sig_component_length()
        if len(raw_signature) != int(2 * component_length):
            raise ValueError("Invalid signature")

        r_bytes = raw_signature[:component_length]
        s_bytes = raw_signature[component_length:]
        r = int_from_bytes(r_bytes, "big")
        s = int_from_bytes(s_bytes, "big")
        return encode_dss_signature(r, s)

Ejemplo n.º 33

Archivo: _internal.py Proyecto: zolvarga/azure-sdk-for-python

def ecdsa_to_asn1_der(signature):
    """ASN.1 DER encode an ECDSA signature.

    :param bytes signature: ECDSA signature encoded according to RFC 7518, i.e. the concatenated big-endian bytes of
      two integers (as produced by Key Vault)
    :return: signature, ASN.1 DER encoded (as expected by ``cryptography``)
    """
    mid = len(signature) // 2
    r = _bytes_to_int(signature[:mid])
    s = _bytes_to_int(signature[mid:])
    return utils.encode_dss_signature(r, s)

Ejemplo n.º 34

 def _encode_dss_signature(self, raw_signature, key_size_bits):
     want_raw_signature_len = key_size_bits // 8 * 2
     if len(raw_signature) != want_raw_signature_len:
         raise InvalidSignature(
             "Expected %d byte SignatureValue, got %d"
             % (want_raw_signature_len, len(raw_signature))
         )
     int_len = len(raw_signature) // 2
     r = bytes_to_long(raw_signature[:int_len])
     s = bytes_to_long(raw_signature[int_len:])
     return utils.encode_dss_signature(r, s)

Ejemplo n.º 35

Archivo: cryptography.py Proyecto: brivadeneira/python-otr

 def verify(self, signature, data, hash_context):
     if not isinstance(hash_context, hashes.HashContext):
         raise TypeError("hash_context must be an instance of hashes.HashContext.")
     size = self.public_numbers.parameter_numbers.q.bit_length() // 8
     r, s = (bytes_to_long(value) for value in read_content(signature, '{0}s{0}s'.format(size)))
     # r, s = (bytes_to_long(value) for value in read_content(signature, '20s20s'))
     hash_context.update(data)
     digest = hash_context.finalize()
     try:
         self._key.verify(encode_dss_signature(r, s), digest, Prehashed(SHA256HMAC160()))
     except InvalidSignature:
         raise ValueError("invalid signature")

Ejemplo n.º 36

    def test_signatures(self, backend, vector):
        hash_type = _HASH_TYPES[vector['digest_algorithm']]
        curve_type = ec._CURVE_TYPES[vector['curve']]

        _skip_ecdsa_vector(backend, curve_type, hash_type)

        key = ec.EllipticCurvePublicNumbers(vector['x'], vector['y'],
                                            curve_type()).public_key(backend)

        signature = encode_dss_signature(vector['r'], vector['s'])

        key.verify(signature, vector['message'], ec.ECDSA(hash_type()))

Ejemplo n.º 37

def forge(data, pk, r, s, k):
    p, q, g, y = pk['p'], pk['q'], pk['g'], pk['y']
    h1 = int(hashlib.sha1(data.encode()).hexdigest(), 16)
    h2 = int(hashlib.sha256(data.encode()).hexdigest(), 16)
    kinv = _modinv(k, q)

    x = ((s * k - h1) * _modinv(r, q)) % q
    assert y == pow(g, x, p), 'Error extracting private key'

    forge_s = kinv * (h2 + r * x) % q
    signature = encode_dss_signature(r, forge_s).hex()
    return signature, data

Ejemplo n.º 38

Archivo: cryptography.py Proyecto: AGProjects/python-otr

 def verify(self, signature, data, hash_context):
     if not isinstance(hash_context, hashes.HashContext):
         raise TypeError("hash_context must be an instance of hashes.HashContext.")
     size = self.public_numbers.parameter_numbers.q.bit_length() // 8
     r, s = (bytes_to_long(value) for value in read_content(signature, '{0}s{0}s'.format(size)))
     # r, s = (bytes_to_long(value) for value in read_content(signature, '20s20s'))
     verifier = self._key.verifier(encode_dss_signature(r, s), hashes.SHA256())
     verifier._hash_ctx = hash_context
     verifier.update(data)
     try:
         verifier.verify()
     except InvalidSignature:
         raise ValueError("invalid signature")

Ejemplo n.º 39

Archivo: keys.py Proyecto: daweasel27/PhobiaEnemy

    def verify(self, signature, data):
        """
        Verify a signature using this key.

        @type signature: L{bytes}
        @param signature: The signature to verify.

        @type data: L{bytes}
        @param data: The signed data.

        @rtype: L{bool}
        @return: C{True} if the signature is valid.
        """
        if len(signature) == 40:
            # DSA key with no padding
            signatureType, signature = b'ssh-dss', common.NS(signature)
        else:
            signatureType, signature = common.getNS(signature)
        if signatureType != self.sshType():
            return False
        if self.type() == 'RSA':
            k = self._keyObject
            if not self.isPublic():
                k = k.public_key()
            verifier = k.verifier(
                common.getNS(signature)[0],
                padding.PKCS1v15(),
                hashes.SHA1(),
            )
        elif self.type() == 'DSA':
            concatenatedSignature = common.getNS(signature)[0]
            r = int_from_bytes(concatenatedSignature[:20], 'big')
            s = int_from_bytes(concatenatedSignature[20:], 'big')
            signature = encode_dss_signature(r, s)
            k = self._keyObject
            if not self.isPublic():
                k = k.public_key()
            verifier = k.verifier(
                signature, hashes.SHA1())
        else:
            raise BadKeyError("unknown key type %s" % (self.type(),))

        verifier.update(data)
        try:
            verifier.verify()
        except InvalidSignature:
            return False
        else:
            return True

Ejemplo n.º 40

Archivo: ecdsakey.py Proyecto: OmniDB/OmniDB

    def verify_ssh_sig(self, data, msg):
        if msg.get_text() != self.ecdsa_curve.key_format_identifier:
            return False
        sig = msg.get_binary()
        sigR, sigS = self._sigdecode(sig)
        signature = encode_dss_signature(sigR, sigS)

        try:
            self.verifying_key.verify(
                signature, data, ec.ECDSA(self.ecdsa_curve.hash_object())
            )
        except InvalidSignature:
            return False
        else:
            return True

Ejemplo n.º 41

Archivo: u2f.py Proyecto: privacyidea/privacyidea

def der_encode(signature_bin_asn):
    """
    This encodes a raw signature to DER.
    It uses the encode_dss_signature() function from cryptography.

    :param signature_bin_asn: RAW signature
    :type signature_bin_asn: bytes
    :return: DER encoded signature
    :rtype: bytes
    """
    if len(signature_bin_asn) != 64:
        raise Exception("The signature needs to be 64 bytes.")
    vr = int(binascii.hexlify(signature_bin_asn[:32]), 16)
    vs = int(binascii.hexlify(signature_bin_asn[32:]), 16)
    signature_bin = encode_dss_signature(vr, vs)
    return signature_bin

Ejemplo n.º 42

Archivo: test_ec.py Proyecto: pyca/cryptography

    def test_signatures(self, backend, vector):
        hash_type = _HASH_TYPES[vector['digest_algorithm']]
        curve_type = ec._CURVE_TYPES[vector['curve']]

        _skip_ecdsa_vector(backend, curve_type, hash_type)

        key = ec.EllipticCurvePublicNumbers(
            vector['x'],
            vector['y'],
            curve_type()
        ).public_key(backend)

        signature = encode_dss_signature(vector['r'], vector['s'])

        key.verify(
            signature,
            vector['message'],
            ec.ECDSA(hash_type())
        )

Ejemplo n.º 43

Archivo: jwt.py Proyecto: web-push-libs/vapid

def extract_signature(auth):
    """Extracts the payload and signature from a JWT, converting from RFC7518
    to RFC 3279

    :param auth: A JWT Authorization Token.
    :type auth: str

    :return tuple containing the signature material and signature

    """
    payload, asig = auth.encode('utf8').rsplit(b'.', 1)
    sig = b64urldecode(asig)
    if len(sig) != 64:
        raise InvalidSignature()

    encoded = utils.encode_dss_signature(
        s=int(binascii.hexlify(sig[32:]), 16),
        r=int(binascii.hexlify(sig[:32]), 16)
    )
    return payload, encoded

Ejemplo n.º 44

Archivo: verify_secp256k1.py Proyecto: 18600597055/hue

def verify_one_vector(vector):
    digest_algorithm = vector['digest_algorithm']
    message = vector['message']
    x = vector['x']
    y = vector['y']
    signature = encode_dss_signature(vector['r'], vector['s'])

    numbers = ec.EllipticCurvePublicNumbers(
        x, y,
        ec.SECP256K1()
    )

    key = numbers.public_key(default_backend())

    verifier = key.verifier(
        signature,
        ec.ECDSA(CRYPTOGRAPHY_HASH_TYPES[digest_algorithm]())
    )
    verifier.update(message)
    return verifier.verify()

Ejemplo n.º 45

Archivo: keychain.py Proyecto: carldunham/oneID-connect-python

    def verify(self, payload, signature):
        """
        Verify that the token signed the data
        :type payload: String
        :param payload: message that was signed and needs verified
        :type signature: Base64 URL Safe
        :param signature: Signature that can verify the sender\'s identity and payload
        :return:

        """
        raw_sig = utils.base64url_decode(signature)
        sig_r_bin = raw_sig[:len(raw_sig)//2]
        sig_s_bin = raw_sig[len(raw_sig)//2:]

        sig_r = unpack_bytes(sig_r_bin)
        sig_s = unpack_bytes(sig_s_bin)

        sig = encode_dss_signature(sig_r, sig_s)
        signer = self.public_key.verifier(sig, ec.ECDSA(hashes.SHA256()))
        signer.update(utils.to_bytes(payload))
        return signer.verify()

Ejemplo n.º 46

Archivo: __init__.py Proyecto: web-push-libs/vapid

    def verify_token(self, validation_token, verification_token):
        """Internally used to verify the verification token is correct.

        :param validation_token: Provided validation token string
        :type validation_token: str
        :param verification_token: Generated verification token
        :type verification_token: str
        :returns: Boolean indicating if verifictation token is valid.
        :rtype: boolean

        """
        hsig = b64urldecode(verification_token.encode('utf8'))
        r = int(binascii.hexlify(hsig[:32]), 16)
        s = int(binascii.hexlify(hsig[32:]), 16)
        try:
            self.public_key.verify(
                ecutils.encode_dss_signature(r, s),
                validation_token,
                signature_algorithm=ec.ECDSA(hashes.SHA256())
            )
            return True
        except InvalidSignature:
            return False