def testExportKey8(self):
tup = (self.y, self.g, self.p, self.q, self.x)
key = DSA.construct(tup)
encoded = key.export_key('PEM', pkcs8=False, passphrase="PWDTEST")
key = DSA.importKey(encoded, "PWDTEST")
self.assertEqual(self.y, key.y)
self.assertEqual(self.p, key.p)
self.assertEqual(self.q, key.q)
self.assertEqual(self.g, key.g)
self.assertEqual(self.x, key.x)
def DSAKey(pub=None, priv=None, fd=None):
"""
make DSA KeyPair Object
"""
if fd is not None:
pub = int.from_bytes(fd.read(128), 'big')
priv = int.from_bytes(fd.read(128), 'big')
if priv:
return DSA.construct((pub, dsa_g, dsa_p, dsa_q, priv))
return DSA.construct((pub, dsa_g, dsa_p, dsa_q))
def test_domain1(self):
"""Verify we can generate new keys in a given domain"""
dsa_key_1 = DSA.generate(1024)
domain_params = dsa_key_1.domain()
dsa_key_2 = DSA.generate(1024, domain=domain_params)
self.assertEqual(dsa_key_1.p, dsa_key_2.p)
self.assertEqual(dsa_key_1.q, dsa_key_2.q)
self.assertEqual(dsa_key_1.g, dsa_key_2.g)
self.assertEqual(dsa_key_1.domain(), dsa_key_2.domain())
def keyObject(self):
"""
A C{Crypto.PublicKey} object similar to this key.
As PyCrypto is no longer used for the underlying operations, this
property should be avoided.
"""
# Lazy import to have PyCrypto as a soft dependency.
from Crypto.PublicKey import DSA, RSA
keyObject = None
keyType = self.type()
keyData = self.data()
isPublic = self.isPublic()
if keyType == 'RSA':
if isPublic:
keyObject = RSA.construct((
keyData['n'],
long(keyData['e']),
))
else:
keyObject = RSA.construct((
keyData['n'],
long(keyData['e']),
keyData['d'],
keyData['p'],
keyData['q'],
keyData['u'],
))
elif keyType == 'DSA':
if isPublic:
keyObject = DSA.construct((
keyData['y'],
keyData['g'],
keyData['p'],
keyData['q'],
))
else:
keyObject = DSA.construct((
keyData['y'],
keyData['g'],
keyData['p'],
keyData['q'],
keyData['x'],
))
else:
raise BadKeyError('Unsupported key type.')
return keyObject
def __init__(self, key=None, private=False):
self.priv = self.pub = None
if not isinstance(key, tuple):
raise TypeError('4/5-tuple required for key')
if len(key) == 5 and private:
self.priv = DSA.construct(key)
self.pub = self.priv.publickey()
elif len(key) == 4 and not private:
self.pub = DSA.construct(key)
else:
raise TypeError('wrong number of arguments for ' \
'private={0!r}: got {1} '
.format(private, len(key)))
def strtoprivkey(data, passphrase):
kind = data[0][11: 14]
if data[1].startswith('Proc-Type: 4,ENCRYPTED'): # is an encrypted key
ivdata = data[2].split(',')[1][:-1]
iv = ''.join([chr(int(ivdata[i:i + 2], 16)) for i in range(0, len(ivdata), 2)])
if not passphrase:
raise BadKeyError('encrypted key with no passphrase')
ba = hashlib.md5(passphrase + iv).digest()
bb = hashlib.md5(ba + passphrase + iv).digest()
decKey = (ba + bb)[:24]
b64Data = base64.decodestring(''.join(data[4:-1]))
keyData = DES3.new(decKey, DES3.MODE_CBC, iv).decrypt(b64Data)
removeLen = ord(keyData[-1])
keyData = keyData[:-removeLen]
else:
keyData = base64.decodestring(''.join(data[1:-1]))
decodedKey = asn1parse(keyData)
if isinstance(decodedKey[0], list):
decodedKey = decodedKey[0] # this happens with encrypted keys
if kind == 'RSA':
n, e, d, p, q = decodedKey[1:6]
return RSA.construct((n, e, d, p, q))
elif kind == 'DSA':
p, q, g, y, x = decodedKey[1: 6]
return DSA.construct((y, g, p, q, x))
def sign_DSA(msg, key_tuple, k=None):
"""Create a DSA signature.
:Parameters:
- `msg`: string of data signature applies to
- `key_tuple`: tuple of DSA integers (y, g, p, q, x)
(see `DSA tuple`_)
- `k`: random integer 2 < k < q (automatically generated by
default)
:Returns: tuple (integer, integer) DSA signature values (r, s)
.. _DSA tuple:
DSA tuple:
- `y`: integer DSA public key
- `g`: integer DSA group
- `p`: integer DSA prime
- `q`: integer DSA order
- `x`: integer DSA secret value
"""
import Crypto.PublicKey.DSA as DSA
if k is None: # generate our own k value (2 < k < q)
import Crypto.Util.number as NUM
import Crypto.Util.randpool as RND
rnd = RND.RandomPool()
q = key_tuple[3]
while 1:
k = NUM.getRandomNumber(8*len(STN.int2str(q)), rnd.get_bytes)
if 2 < k < q:
break
dsa = DSA.construct(key_tuple) # note change in ordering
return dsa.sign(msg, k)
def _construct_DSA(self,privkey):
k,x = privkey
return DSA.construct([self.pubkey.y,
self.pubkey.g,
self.pubkey.p,
self.pubkey.q,
x])
def load_unencrypted(pkeyInfo):
version, pkeyAlgo, pkeyData = pkeyInfo[0:3]
if version != 0:
raise PKCSError('unknown PKCS#8 version: {}'.format(version))
algoId, algoParms = pkeyAlgo.get_pos(0,2)
if algoId == OID_PKCS_RSAPKEY:
from Crypto.PublicKey import RSA
rsakey = asn1.loads(pkeyData)
vals = rsakey[1:6] # n, e, d, p, q
pkey = RSA.construct([long(val) for val in vals])
print 'RSA!', vals
elif algoId == OID_PKCS_DSAPKEY:
from Crypto.PublicKey import DSA
p, q, g = algoParms
x = asn1.loads(pkeyData)
y = pow(g, x, p)
vals = (y, g, p, q, x)
pkey = DSA.construct([long(val) for val in vals])
elif algoId == OID_PKCS_DHPKEY:
from Crypto.PublicKey import ElGamal
p, g = algoParms[0:2]
x = asn1.loads(pkeyData)
y = pow(g, x, p)
vals = (p, g, y, x)
pkey = ElGamal.construct([long(val) for val in vals])
else:
raise PKCSError('unknown PKCS#8 key algorithm: {}'.format(algoId))
return pkey
def is_private_key_unprotected(self, key_content_encoded, key_algorithm):
"""
Check if the private key can be loaded without specifying any passphrase.
PyCrypto >= 2.6.1 required in order to have the method importKey() in DSA class.
:param key_content_encoded: Encoded content of the private key to test
:param key_algorithm: Algorithm of the key (RSA or DSA)
:return: True only if the key can be successfuly loaded and is usable
"""
state = False
try:
# Try to load it
if key_algorithm == "RSA":
key = RSA.importKey(key_content_encoded)
else:
key = DSA.importKey(key_content_encoded)
# Validate loading
state = (key is not None and key.can_sign() and key.has_private())
except Exception as e:
print_debug("ERROR", "Cannot validate key protection '%s'" % e)
state = False
pass
return state
def setUp(self):
comps = "Crypto.SelfTest.Signature.test_vectors.wycheproof".split(".")
with open(pycryptodome_filename(comps, "dsa_test.json"), "rt") as file_in:
tv_tree = json.load(file_in)
self.tv = []
for group in tv_tree['testGroups']:
key = DSA.import_key(group['keyPem'])
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "DSAVer"
from collections import namedtuple
TestVector = namedtuple('TestVector', 'id comment msg sig key hash_module valid warning')
for test in group['tests']:
tv = TestVector(
test['tcId'],
test['comment'],
unhexlify(test['msg']),
unhexlify(test['sig']),
key,
hash_module,
test['result'] != "invalid",
test['result'] == "acceptable"
)
self.tv.append(tv)
def make_pkey(keyAlg, keyData, isPublic):
algoId, algoParams = keyAlg.get_slice(0,2)
if algoId == OID_PKCS_RSAKEY:
from Crypto.PublicKey import RSA
vals = asn1.loads(keyData)
if isPublic:
vals = vals[0:2] # n, e
else:
vals = vals[1:6] # n, e, d, p, q
key = RSA.construct([long(val) for val in vals])
elif algoId == OID_X957_DSAKEY:
from Crypto.PublicKey import DSA
p, q, g = algoParams
val = asn1.loads(keyData)
if isPublic:
vals = (val, g, p, q) # y, g, p, q
else:
y = pow(g, val, p)
vals = (y, g, p, q, val) # y, g, p, q, x
key = DSA.construct([long(val) for val in vals])
else:
raise ValueError('unknown key algorithm id: {}'.format(algoId))
# if attrs:
# for attrId, attrValues in attrs:
# if attrId in ATTR_NAMES and attrValues:
# setattr(key, ATTR_NAMES[attrId], attrValues[0])
return key
def testImportKey1(self):
key_obj = DSA.importKey(self.der_public)
self.assertFalse(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
def verify_DSA(msg, sig_tuple, key_tuple):
"""Verify a DSA signature.
:Parameters:
- `msg`: string of data signature applies to
- `sig_tuple`: tuple of DSA signature integers (r, s)
(see `DSA signature tuple`_)
- `key_tuple`: tuple of DSA key integers (y, g, p, q)
(see `DSA key tuple`_)
:Returns: integer 1 or 0, for verification true or false
.. _DSA signature tuple:
DSA signature tuple:
- `r`: integer DSA "r"
- `s`: integer DSA "s"
.. _DSA key tuple:
DSA key tuple:
- `y`: integer DSA public key
- `g`: integer DSA group
- `p`: integer DSA prime
- `q`: integer DSA order
"""
import Crypto.PublicKey.DSA as DSA
dsa = DSA.construct(key_tuple) # note change in ordering
return dsa.verify(msg, sig_tuple)
def strtoprivkey(data, password):
kind = data[0][11: 14]
if data[1].startswith('Proc-Type: 4,ENCRYPTED'): # encrypted key
if not password:
raise BadKeyPassword("password required")
enc_type, salt = data[2].split(": ")[1].split(",")
salt = unhexlify(salt.strip())
b64Data = base64.decodestring(''.join(data[4:-1]))
if enc_type == "DES-EDE3-CBC":
key = get_key_data(salt, password, 24)
keyData = DES3.new(key, DES3.MODE_CBC, salt).decrypt(b64Data)
elif enc_type == "AES-128-CBC":
key = get_key_data(salt, password, 16)
keyData = AES.new(key, AES.MODE_CBC, salt).decrypt(b64Data)
else:
raise BadKeyError("unknown encryption")
removeLen = ord(keyData[-1])
keyData = keyData[:-removeLen]
else:
keyData = base64.decodestring(''.join(data[1:-1]))
decodedKey = asn1parse(keyData)
if isinstance(decodedKey[0], list):
decodedKey = decodedKey[0] # this happens with encrypted keys
if kind == 'RSA':
n, e, d, p, q = decodedKey[1:6]
return RSA.construct((n, e, d, p, q))
elif kind == 'DSA':
p, q, g, y, x = decodedKey[1: 6]
return DSA.construct((y, g, p, q, x))
def dsa_verify(pub, msg, sig):
if isinstance(msg, int):
msg = msg.to_bytes((msg.bit_length() // 8) + 1, 'big')
msg = sha512(msg).digest()
dsa = DSA.construct((pub, G, P, Q))
if not dsa.verify(msg, sig):
raise ValueError("dsa verification failed")
def _fromString_PRIVATE_LSH(Class, data):
"""
Return a private key corresponding to this LSH private key string.
The LSH private key string format is::
<s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q.
The names for a DSA (key type 'dsa') key are: y, g, p, q, x.
@type data: C{str}
@return: a {Crypto.PublicKey.pubkey.pubkey} object
@raises BadKeyError: if the key type is unknown
"""
sexp = sexpy.parse(data)
assert sexp[0] == 'private-key'
kd = {}
for name, data in sexp[1][1:]:
kd[name] = common.getMP(common.NS(data))[0]
if sexp[1][0] == 'dsa':
assert len(kd) == 5, len(kd)
return Class(DSA.construct((kd['y'], kd['g'], kd['p'],
kd['q'], kd['x'])))
elif sexp[1][0] == 'rsa-pkcs1':
assert len(kd) == 8, len(kd)
if kd['p'] > kd['q']: # make p smaller than q
kd['p'], kd['q'] = kd['q'], kd['p']
return Class(RSA.construct((kd['n'], kd['e'], kd['d'],
kd['p'], kd['q'])))
else:
raise BadKeyError('unknown lsh key type %s' % sexp[1][0])
def testExportKey5(self):
tup = (self.y, self.g, self.p, self.q, self.x)
key = DSA.construct(tup)
encoded = key.exportKey('DER')
self.assertEqual(self.der_pkcs8, encoded)
encoded = key.exportKey('DER', pkcs8=True)
self.assertEqual(self.der_pkcs8, encoded)
def _fromString_BLOB(Class, blob):
"""
Return a public key object corresponding to this public key blob.
The format of a RSA public key blob is::
string 'ssh-rsa'
integer e
integer n
The format of a DSA public key blob is::
string 'ssh-dss'
integer p
integer q
integer g
integer y
@type blob: C{str}
@return: a C{Crypto.PublicKey.pubkey.pubkey} object
@raises BadKeyError: if the key type (the first string) is unknown.
"""
keyType, rest = common.getNS(blob)
if keyType == 'ssh-rsa':
e, n, rest = common.getMP(rest, 2)
return Class(RSA.construct((n, e)))
elif keyType == 'ssh-dss':
p, q, g, y, rest = common.getMP(rest, 4)
return Class(DSA.construct((y, g, p, q)))
else:
raise BadKeyError('unknown blob type: %s' % keyType)
def validate_dsa_key_pair(public_key, private_key):
""" Validates a pair of dsa keys """
# FIXME: Make this function validate private key too
# Construct DSA key
keystring = binascii.a2b_base64(public_key.split(" ")[1])
keyparts = []
while len(keystring) > 4:
length = struct.unpack(">I", keystring[:4])[0]
keyparts.append(keystring[4 : 4 + length])
keystring = keystring[4 + length :]
if keyparts[0] == "ssh-dss":
tup = [bytes_to_long(keyparts[x]) for x in (4, 3, 1, 2)]
else:
return False
key = DSA.construct(tup)
# Validate DSA key
fmt_error = not isPrime(key.p)
fmt_error |= ((key.p - 1) % key.q) != 0
fmt_error |= key.g <= 1 or key.g >= key.p
fmt_error |= pow(key.g, key.q, key.p) != 1
fmt_error |= key.y <= 0 or key.y >= key.p
# The following piece of code is currently useless, because 'x' attribute is the private key
# if hasattr(key, 'x'):
# fmt_error |= key.x<=0 or key.x>=key.q
# fmt_error |= pow(key.g, key.x, key.p)!=key.y
return not fmt_error
def testExportKey6(self):
tup = (self.y, self.g, self.p, self.q, self.x)
key = DSA.construct(tup)
encoded = key.export_key('PEM')
self.assertEqual(self.pem_pkcs8, encoded)
encoded = key.export_key('PEM', pkcs8=True)
self.assertEqual(self.pem_pkcs8, encoded)
def Read(key):
"""
Reads a DSA public key from a JSON string representation of it.
@param key: a JSON representation of a DSA public key
@type key: string
@return: a DSA public key
@rtype: L{DsaPublicKey}
"""
dsa = json.loads(key)
params = {
"y": util.Base64WSDecode(dsa["y"]),
"p": util.Base64WSDecode(dsa["p"]),
"g": util.Base64WSDecode(dsa["g"]),
"q": util.Base64WSDecode(dsa["q"]),
}
pubkey = DSA.construct(
(
util.BytesToLong(params["y"]),
util.BytesToLong(params["g"]),
util.BytesToLong(params["p"]),
util.BytesToLong(params["q"]),
)
)
return DsaPublicKey(params, pubkey, dsa["size"])
def exec_dsa(form):
other_params = {}
message = form.text.data.encode("utf-8")
hash_ = SHA.new(message)
form.sha.data = hash_.hexdigest()
h = hash_.digest()
# 恢复key
if not session.get("key"):
key = DSA.generate(1024)
session["key"] = pickle.dumps(key)
else:
key = pickle.loads(session["key"])
if form.sign.data:
k = random.StrongRandom().randint(1,key.q-1)
sig = key.sign(h, k)
form.signature.data = "%s, %s"%(hex(sig[0])[2:-1], hex(sig[1])[2:-1])
elif form.verify.data:
ssig = form.signature.data.split(", ")
try:
sig = (int(ssig[0], base=16), int(ssig[1], base=16))
except (IndexError, UnicodeEncodeError):
flash(u"签名格式错误!")
else:
if key.verify(h, sig):
flash(u"签名验证成功!")
else:
flash(u"签名验证失败!")
return form, other_params
def dsa_sign(priv, msg):
if isinstance(msg, int):
msg = msg.to_bytes((msg.bit_length() // 8) + 1, 'big')
msg = sha512(msg).digest()
dsa = DSA.construct((pow(G, priv, P), G, P, Q, priv))
k = Rand.randrange(1, Q)
return dsa.sign(msg, k)
def decode_pkcs1_public(cls, key_data):
if (isinstance(key_data, tuple) and len(key_data) == 5 and
all_ints(key_data) and key_data[0] == 0):
_, p, q, g, y = key_data
return cls(DSA.construct((y, g, p, q)))
else:
raise KeyImportError('Invalid DSA public key')
def testImportKey10(self):
key_obj = DSA.importKey(self.der_pkcs8_encrypted, "PWDTEST")
self.assertTrue(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
self.assertEqual(self.x, key_obj.x)
def testImportKey2(self):
for pem in (self.pem_public, tostr(self.pem_public)):
key_obj = DSA.importKey(pem)
self.assertFalse(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
def testImportKey5(self):
key_obj = DSA.importKey(self.der_pkcs8)
self.assertTrue(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
self.assertEqual(self.x, key_obj.x)
def testA02PyCryptoDSAVerification(self):
"""PyCrypto.PublicKey.DSA._verify: PyCrypto signature verification"""
# this file has known good signature parameters
sig = pickle.load(file('pgpfiles'+os.sep+'sig'+os.sep+'DSA_sig_test.pkl.py'))
dsa = DSA.construct((sig['dsa_y'], sig['dsa_g'], sig['dsa_p'], sig['dsa_q'], sig['dsa_x']))
r_s = dsa.sign(sig['msg'], sig['k'])
ret = dsa.verify(sig['msg'], r_s)
self.assertEqual(1, ret)
def testImportKey7(self):
for ssh in (self.ssh_pub, tostr(self.ssh_pub)):
key_obj = DSA.importKey(ssh)
self.assertFalse(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
def dsa_sign(dsakey, message):
dsakey = DSA.construct(dsakey)
h = SHA.new(message).digest()
k = random.StrongRandom().randint(1, dsakey.q - 1)
sign = dsakey.sign(h, k)
sign_r = sign[0].to_bytes(20, 'big')
sign_s = sign[1].to_bytes(20, 'big')
signature = struct.pack('<B', 4 + len(sign_r) + len(sign_s)) + b'\x00\x00\x00' + b'\x00' + \
struct.pack('<B', len(sign_r)*8) + sign_r + b'\x00' + struct.pack('<B', len(sign_s)*8) + sign_s
return signature
def generate_DSA_agentkey():
key = DSA.generate(1024)
agent_pubkey_epo_format = b'\x01\x00\x0c\x00' \
+ b'agpubkey.bin' \
+ b'\x9c\x01\x00\x00' \
+ b'\x40\x00' + key.p.to_bytes(128, 'little') \
+ b'\x00\xa0' + key.q.to_bytes(20, 'little') \
+ b'\x03\xff' + key.g.to_bytes(128, 'little') \
+ b'\x03\xfc' + key.y.to_bytes(128, 'little')
return agent_pubkey_epo_format
def varify_message(self, text, signature, key):
pubKey = DSA.import_key(bytes(key, 'utf-8'))
hash_obj = SHA256.new(bytes(text, 'utf-8'))
verifier = DSS.new(pubKey, 'fips-186-3')
signature = base64.b64decode(signature)
try:
verifier.verify(hash_obj, signature)
return True
except ValueError:
return False
def test2(self):
for sig in self.signatures:
tk = sig.test_key
key = DSA.construct([tk.y, tk.g, tk.p, tk.q, tk.x], False)
signer = DSS.new(key, 'deterministic-rfc6979')
hash_obj = sig.module.new(sig.message)
result = signer.sign(hash_obj)
self.assertEqual(sig.result, result)
def _fips_verify_negative(self, test_vectors):
"""Negative tests for signature verification"""
for tv in test_vectors:
self.description = tv.desc
key = DSA.construct([tv.Y, tv.G, tv.P, tv.Q], False)
hash_obj = tv.hashmod.new(tv.Msg)
signer = DSS.new(key, 'fips-186-3')
self.assertRaises(ValueError, signer.verify, hash_obj,
tv.Signature)
def testImportKey8(self):
for pem in (self.pem_private_encrypted,
tostr(self.pem_private_encrypted)):
key_obj = DSA.importKey(pem, "PWDTEST")
self.failUnless(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
self.assertEqual(self.x, key_obj.x)
def testA02PyCryptoDSAVerification(self):
"""PyCrypto.PublicKey.DSA._verify: PyCrypto signature verification"""
# this file has known good signature parameters
sig = pickle.load(
file('pgpfiles' + os.sep + 'sig' + os.sep + 'DSA_sig_test.pkl.py'))
dsa = DSA.construct((sig['dsa_y'], sig['dsa_g'], sig['dsa_p'],
sig['dsa_q'], sig['dsa_x']))
r_s = dsa.sign(sig['msg'], sig['k'])
ret = dsa.verify(sig['msg'], r_s)
self.assertEqual(1, ret)
def _fips_sign(self, test_vectors):
"""Positive tests for signature generation"""
for tv in test_vectors:
self.description = tv.desc
key = DSA.construct([tv.Y, tv.G, tv.P, tv.Q, tv.X], False)
hash_obj = tv.hashmod.new(tv.Msg)
signer = DSS.new(key, 'fips-186-3', randfunc=StrRNG(tv.K))
signature = signer.sign(hash_obj)
self.assertEqual(signature, tv.Signature)
def __init__(self, relayPort, password):
"""Init."""
myDSAKeys = DSA.generate(1024)
self.myDSAPublicKey = myDSAKeys.publickey()
self.encryptedDSAKey = CryptoLib.encryptWalletDSAKey(password, myDSAKeys)
self.address = CryptoLib.getAddressFromPublicKey(self.myDSAPublicKey.y)
self.unspentTxs = []
self.relayPort = relayPort
self.relayIP = "http://localhost:" + str(self.relayPort)
self.BlockChain = []
def testExportKey10(self):
tup = (self.y, self.g, self.p, self.q, self.x)
key = DSA.construct(tup)
randfunc = BytesIO(
unhexlify(b("27A1C66C42AFEECE") + b("D725BF1B6B8239F4"))).read
encoded = key.export_key('DER',
pkcs8=True,
passphrase="PWDTEST",
randfunc=randfunc)
self.assertEqual(self.der_pkcs8_encrypted, encoded)
def sign(self, message):
# Create a new DSA key
key = DSA.generate(1024)
# Sign a message
message = bytes(message.encode())
hash_obj = SHA256.new(message)
signer = DSS.new(key, 'fips-186-3')
start_time = timer()
signature = signer.sign(hash_obj)
self.executionTime = timer() - start_time
return signature.hex().upper()
def test4(self):
"""Verify that unapproved hashes are rejected"""
from Crypto.Hash import RIPEMD160
self.description = "Unapproved hash (RIPEMD160) test"
key = DSA.construct((self.Y, self.G, self.P, self.Q))
hash_obj = RIPEMD160.new()
signer = DSS.new(key, 'fips-186-3')
self.assertRaises(ValueError, signer.sign, hash_obj)
self.assertRaises(ValueError, signer.verify, hash_obj, b("\x00") * 40)
def __init__(self, p_length=None, p=None, q=None, g=None):
if p == None:
dsa = DSA.generate(p_length)
self.p = dsa.p
self.q = dsa.q
self.g = dsa.g
else:
self.p = p
self.q = q
self.g = g
Z_m.__init__(self, self.p, self.q)
def unpackDSA(self, string):
#print 'unpackDSA', len(string), binascii.hexlify(string)
#t = 64 * (ord(string[0])+1)
t = (ord(string[0])*8+64)
if (len(string) != (1 + 20 + (3 * t))):
raise ValueError, 'HI: got RR length %d expecting %d' % (len(string), (1 + 20 + (3 * t)))
(t, q, p, g, y) = struct.unpack('!B20s%ds%ds%ds'%(t,t,t), string)
self.dsa = DSA.construct([bytes_to_long(y),
bytes_to_long(g),
bytes_to_long(p),
bytes_to_long(q)])
def DSA_verifier(message, signature, client):
# Load the public key
f = open(client + "_DSA_public_key.pem", "rb")
hash_obj = SHA256.new(message.encode())
pub_key = DSA.import_key(f.read())
verifier = DSS.new(pub_key, 'fips-186-3')
# Verify the authenticity of the message
try:
verifier.verify(hash_obj, signature)
print("The message is authentic.")
except ValueError:
print("The message is not authentic.")
def constructKey(tup):
'''
tup with 4 or 5 items in the following order:
1. Public key (*y*).
2. Sub-group generator (*g*).
3. Modulus, finite field order (*p*).
4. Sub-group order (*q*).
5. Private key (*x*). Optional.
'''
key = DSA.construct(tup)
return key
def from_string_private_blob(cls, data):
key_type, rest = get_NS(data, 1)
if key_type == "ssh-rsa":
n, e, d, u, p, q, rest = get_MP(rest, 6)
rsakey = cls(RSA.construct((n, e, d, p, q, u)))
return rsakey
elif key_type == "ssh-dss":
p, q, g, y, x, rest = get_MP(rest, 5)
dsakey = cls(DSA.construct((y, g, p, q, x)))
return dsakey
else:
raise ValueError('unknown blob type: %s' % key_type)
def make_DSA_keys():
# generate a pair of private and public DSA keys
key = DSA.generate(1024)
response = {
'private key': str(key.x),
'public key': str(key.y),
'generator': str(key.g),
'modulus': str(key.p),
'sub-group order': str(key.q)
}
return jsonify(response), 200
def generate_asymmetric(self, generate_dto, kek_meta_dto, project_id):
"""Generate asymmetric keys based on below rules:
- RSA, with passphrase (supported)
- RSA, without passphrase (supported)
- DSA, without passphrase (supported)
- DSA, with passphrase (not supported)
Note: PyCrypto is not capable of serializing DSA
keys and DER formated keys. Such keys will be
serialized to Base64 PEM to store in DB.
TODO (atiwari/reaperhulk): PyCrypto is not capable to serialize
DSA keys and DER formated keys, later we need to pick better
crypto lib.
"""
if (generate_dto.algorithm is None
or generate_dto.algorithm.lower() == 'rsa'):
private_key = RSA.generate(generate_dto.bit_length, None, None,
65537)
elif generate_dto.algorithm.lower() == 'dsa':
private_key = DSA.generate(generate_dto.bit_length, None, None)
else:
raise c.CryptoPrivateKeyFailureException()
public_key = private_key.publickey()
# Note (atiwari): key wrapping format PEM only supported
if generate_dto.algorithm.lower() == 'rsa':
public_key, private_key = self._wrap_key(public_key, private_key,
generate_dto.passphrase)
if generate_dto.algorithm.lower() == 'dsa':
if generate_dto.passphrase:
raise ValueError(u._('Passphrase not supported for DSA key'))
public_key, private_key = self._serialize_dsa_key(
public_key, private_key)
private_dto = self.encrypt(c.EncryptDTO(private_key), kek_meta_dto,
project_id)
public_dto = self.encrypt(c.EncryptDTO(public_key), kek_meta_dto,
project_id)
passphrase_dto = None
if generate_dto.passphrase:
if isinstance(generate_dto.passphrase, six.text_type):
generate_dto.passphrase = generate_dto.passphrase.encode(
'utf-8')
passphrase_dto = self.encrypt(
c.EncryptDTO(generate_dto.passphrase), kek_meta_dto,
project_id)
return private_dto, public_dto, passphrase_dto
def sign(self, user_id, record_id):
session = session_class()
digital_sign = session.query(DDigitalSign).filter_by(
doctor_id=user_id, record_id=record_id).first()
if digital_sign is not None:
session.close()
return False, '该病历已被签名'
user = session.query(DUser).filter_by(id=user_id).first()
if user is None:
session.close()
return False, '用户不存在'
info = session.query(DDoctorInfo).filter_by(
id=user.doctor_info_id).first()
if user is None:
session.close()
return False, '用户信息不存在'
private_key = session.query(DPrivateKey).filter_by(
id=info.private_key_id).first()
if private_key is None:
session.close()
return False, '用户密钥不存在'
record = session.query(DMedicalRecord).filter_by(id=record_id).first()
if record is None:
session.close()
return False, '病历不存在'
plain_text = str(record.id) + record.r_name + record.company + str(
record.gender) + record.address + str(record.age) + str(
record.department_id) + record.nation + record.symptom + str(
record.r_date.year) + '.' + str(
record.r_date.month) + '.' + str(
record.r_date.day) + record.conclusion
print(len(plain_text), plain_text)
hashed_text = SHA256.new(plain_text.encode('utf-8')).digest()
print(len(hashed_text), hashed_text)
key = DSA.construct((int(private_key.key_y), int(private_key.key_g),
int(private_key.key_p), int(private_key.key_q),
int(private_key.key_x)))
k = random.StrongRandom().randint(1, key.q - 1)
sign = key.sign(hashed_text, k)
sign_data = DDigitalSign(doctor_id=user_id,
record_id=record_id,
sign_1=str(sign[0]),
sign_2=str(sign[1]))
try:
session.add(sign_data)
session.commit()
session.close()
return True, '签名成功'
except Exception as e:
print('repr(e):\t', repr(e))
session.rollback()
session.close()
return False, '数据库错误'
def sign(self, message):
p, q, g, y, x = self.private_key
dsa_obj = DSA.construct((y, g, p, q, x))
message_hash = hashlib.sha1(message).digest()
# Get a random number that is greater than 2 and less than q.
random_number = random.get_random_number_from_range(2, q)
random_data = number.long_to_bytes(random_number)
r, s = dsa_obj.sign(message_hash, random_data)
signature = number.long_to_bytes(r, 20) + number.long_to_bytes(s, 20)
return packet.pack_payload(DSS_SIG_PAYLOAD,
('ssh-dss',
signature))
def get_dsa_key(key_location=None, key_file_obj=None, passphrase=None,
use_pycrypto=False):
key_fobj = key_file_obj or open(key_location)
try:
key = paramiko.DSSKey.from_private_key(key_fobj,
password=passphrase)
if use_pycrypto:
key = DSA.construct((key.y, key.g, key.p, key.q, key.x))
return key
except (paramiko.SSHException, ValueError):
raise exception.SSHError(
"Invalid DSA private key file or missing passphrase: %s" %
key_location)
def test_dsa_asymmetric_key_generation():
with pytest.raises(ValueError, match="asymmetric key length"):
wacryptolib.key_generation.generate_asymmetric_keypair(
key_type="DSA", key_length_bits=1024)
for key_length_bits in (None, 2048):
extra_parameters = (dict(
key_length_bits=key_length_bits) if key_length_bits else {})
keypair = wacryptolib.key_generation.generate_asymmetric_keypair(
key_type="DSA", **extra_parameters)
key = DSA.import_key(keypair["private_key"])
assert isinstance(key, DSA.DsaKey)
def verify_message(message, signature_file):
with open(signature_file, 'rb') as signature:
sign = signature.read()
with open('public_key.pem', 'rb') as f:
public_key = DSA.importKey(f.read())
hash_object = SHA1.new(message)
verifier = DSS.new(public_key, 'fips-186-3')
try:
verifier.verify(hash_object, sign)
return "Verified"
except ValueError:
return "Not verified"
def validate_private_key(ssh_private_key_data):
try:
RSA.import_key(from_base64(ssh_private_key_data))
return
except ValueError:
try:
ECC.import_key(from_base64(ssh_private_key_data))
return
except ValueError:
try:
DSA.import_key(from_base64(ssh_private_key_data))
return
except ValueError:
try:
key_obj = io.StringIO(
from_base64(ssh_private_key_data).decode('utf-8'))
Ed25519Key(file_obj=key_obj)
return
except SSHException as ex:
raise InvalidArgumentValueError(
consts.SSH_PRIVATE_KEY_ERROR,
consts.SSH_PRIVATE_KEY_HELP) from ex
def verify(self, message, signature):
p, q, g, y = self.public_key
dss, blob = packet.unpack_payload(DSS_SIG_PAYLOAD, signature)
if dss != 'ssh-dss':
raise ValueError(dss)
# blob is the concatenation of r and s
# r and s are 160-bit (20-byte) integers in network-byte-order
assert(len(blob) == 40)
r = number.bytes_to_long(blob[:20])
s = number.bytes_to_long(blob[20:])
dsa_obj = DSA.construct((y, g, p, q))
hash_of_message = hashlib.sha1(message).digest()
return dsa_obj.verify(hash_of_message, (r, s))
def DSS_sign(c):
key = DSA.generate(2048)
global public_key
public_key = key.publickey()
if c == "a":
hash_obj = SHA256.new(a_peer_public_key)
else:
hash_obj = SHA256.new(b_peer_public_key)
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(hash_obj)
global s
s = signer.sign(hash_obj)
return hash_obj.hexdigest(), signature
def process(self, public_key_string):
if True: #try:
enc_pk = [chunk.strip().decode("hex") for chunk in public_key_string.split(",")]
dec_str = ''.join(map(privkey_enc.decrypt,enc_pk))
pkdat = map(long,dec_str.split(","))
if len(pkdat) != 4:
return None
self.client_pk = DSA.construct(pkdat)
return privkey.sign(dec_str, random.randint(1,privkey.__getstate__()['q']-1))
else: #except:
return None
def __init__(self, data):
_PubkeyAlg.__init__(self)
(p, pos) = _parseMPI(data)
(q, length) = _parseMPI(data[pos:])
pos += length
(g, length) = _parseMPI(data[pos:])
pos += length
(y, length) = _parseMPI(data[pos:])
if pos + length != len(data):
raise ValueError, "Invalid DSA public key data"
if DSA is None:
raise NotImplementedError, "python-Crypto not available"
self.dsa = DSA.construct((y, g, p, q))
def Simulation():
global file
global ListOfTransactions
global BlockChain
ScroogeKey = DSA.generate(1024)
UsersList.append(User("Scrooge", ScroogeKey.publickey(), ScroogeKey, []))
for i in range(25):
Key = DSA.generate(1024)
UsersList.append(User(str(uuid.uuid1()), Key.publickey(), Key, []))
for i in range(len(UsersList)):
p = "User: "******", " + str(UsersList[i].PublicKey) + ", Amount of coins: " + str(len(UsersList[i].Coins)) + "\n"
print(p)
file.write(p)
for i in range(len(UsersList)):
if i > 0:
F = MakeCoins(UsersList[0].PrivateKey, 10)
ListOfTransactions.append(F)
for z in range(len(F.ListOfCoins)):
UsersList[0].Coins.append(F.ListOfCoins[z])
if len(ListOfTransactions) == 10:
ListOfTransactions = VerifyTransaction(ListOfTransactions)
SendCoins(10, UsersList[0].ID, UsersList[i].ID, UsersList[0].Coins[len(UsersList[0].Coins) - 10:])
while True:
if keyboard.is_pressed('space'):
Header = str(BlockChain[len(BlockChain)-1].ID)
HashID = SHA256.new(bytes(Header, 'utf-8'))
Sign = DSS.new(UsersList[0].PrivateKey, 'fips-186-3')
Signature = Sign.sign(HashID)
BlockChain[len(BlockChain)-1].HashPointer = Signature
p = "\nLast block_ID: " + BlockChain[len(BlockChain)-1].ID + ", Hash of block: " + str(BlockChain[len(BlockChain)-1].Hash) + ", Signature of Scrooge: " + str(BlockChain[len(BlockChain)-1].HashPointer) + "\n"
print(p)
file.write(p)
print("Program Terminated")
file.close()
break
else:
RandomTransaction()
