def test_sign(self):
random = np.random.RandomState(seed=1)
for i in range(10):
length = random.randint(1, 4096)
secret_key = bytes(random.randint(0, 256, 32, dtype=np.uint8))
msg = bytes(random.randint(0, 256, length, dtype=np.uint8))
public_key = monocypher.public_key_compute(secret_key)
sig = monocypher.signature_sign(secret_key, msg)
self.assertTrue(monocypher.signature_check(sig, public_key, msg))
self.assertFalse(monocypher.signature_check(sig, public_key, msg + b'0'))
sig2 = sig[:10] + bytes([sig[10] + 1]) + sig[11:]
self.assertFalse(monocypher.signature_check(sig2, public_key, msg))
def test_sign(self):
random = np.random.RandomState(seed=1)
for i in range(10):
length = random.randint(1, 4096)
secret_key = bytes(random.randint(0, 256, 32, dtype=np.uint8))
msg = bytes(random.randint(0, 256, length, dtype=np.uint8))
public_key = monocypher.compute_signing_public_key(secret_key)
sig = monocypher.signature_sign(secret_key, msg)
self.assertTrue(monocypher.signature_check(sig, public_key, msg))
self.assertFalse(
monocypher.signature_check(sig, public_key, msg + b'0'))
sig2 = sig[:10] + bytes([sig[10] + 1]) + sig[11:]
self.assertFalse(monocypher.signature_check(sig2, public_key, msg))
def __next__(self):
"""Get the next available entry.
:return: tuple (tag, value).
:raise StopIteration: when no more entries remain.
:raise ValueError: on signature check failure.
"""
tag, flags, value, entry = self._read_tag()
if tag is None or tag == TAG_END:
raise StopIteration()
if tag == TAG_SIGNATURE_START:
self._signature_key = bytes(value[8:])
if value[1] & 1:
self._signature_data = bytes(entry)
else:
self._signature_data = b''
elif tag == TAG_SIGNATURE_END:
signature = bytes(value)
value = monocypher.signature_check(signature, self._signature_key,
self._signature_data)
if not value:
raise ValueError('signature check failed')
self._signature_key = None
self._signature_data = None
elif self._signature_data is not None:
self._signature_data += entry
value = _maybe_decompress(value, flags)
return tag, value
def load(path):
with ZipFile(path, mode='r') as f_zip:
with f_zip.open('index.json', 'r') as f:
index_bytes = f.read()
with f_zip.open('index.sig', 'r') as f:
index_sig = binascii.unhexlify(f.read())
if not monocypher.signature_check(index_sig, SIGNING_KEY_PUBLIC, index_bytes):
log.warning('integrity check failed: index.json')
return None
index = json.loads(index_bytes.decode('utf-8'))
for image in index['target']['images']:
with f_zip.open(index['data'][image]['image'], 'r') as f:
index['data'][image]['image'] = f.read()
sig = binascii.unhexlify(index['data'][image]['signature'])
if not monocypher.signature_check(sig, SIGNING_KEY_PUBLIC, index['data'][image]['image']):
log.warning('integrity check failed: %s' % (image, ))
return None
return index
def decrypt(self,
signing_key,
encryption_key,
nonce,
associated_data=None):
"""Decrypt the next tag, if needed"""
tag, flags, value, _ = self._read_tag()
if flags & FLAG_ENCRYPT:
tag2, _, value2, _ = self._read_tag()
if tag2 != TAG_ENCRYPTION:
raise ValueError('Encrypted data must be followed by ENC tag')
mac = value2[:16]
signature = value2[16:]
value = monocypher.unlock(encryption_key, nonce, mac, value,
associated_data)
if value is None:
raise ValueError('Decryption failed')
if not monocypher.signature_check(signature, signing_key, value):
raise ValueError('Signature check failed')
if flags & FLAG_COMPRESS:
value = zlib.decompress(value)
return tag, value