Example #1
0
 def __init__(self, model):
     self.model = model
     self.filter_clause = util.Hash()
     self.pagination_clause = util.Hash()
     self.order_clause = util.Hash()
     self.fields_clause = util.Hash()
     self.include_clause = util.Hash()
Example #2
0
    def Sign(self, msg):
        """
    Return raw byte string of signature on the message.

    @param msg: message to be signed
    @type msg: string

    @return: byte string formatted as an ASN.1 sequnce of r and s
    @rtype: string
    """
        # Need to chose a random k per-message, SystemRandom() is available
        # since Python 2.4.
        k = random.SystemRandom().randint(2, self.key.q - 1)
        (r, s) = self.key.sign(util.Hash(msg), k)
        return util.MakeDsaSig(r, s)
Example #3
0
    def __init__(self, attributes={}):
        self.uuid = uuid.uuid4()
        self.attributes = util.Hash()
        self.relations = util.Hash()
        self.errors = util.Hash()
        self.original_attributes = util.Hash()
        self.original_relations = util.Hash()
        self.links = util.Hash()

        for key, value in attributes.iteritems():
            self.__set_attribute(key, value)
Example #4
0
    def __Decode(self, encoded_message, label=""):
        # See PKCS#1 v2.1: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
        if len(label) >= 2**61:
            # 2^61 = the input limit for SHA-1
            raise errors.KeyczarError(
                "OAEP Decoding Error - label is too large %d" % len(label))
        if len(encoded_message) < 2 * util.HLEN + 2:
            raise errors.KeyczarError(
                "OAEP Decoding Error - encoded_message is too small: %d" %
                len(encoded_message))

        # Step 3b  EM = Y || maskedSeed || maskedDB
        k = int(math.floor(math.log(self.key.n, 256)) + 1)  # num bytes in n
        diff_len = k - len(encoded_message)
        # PyCrypto strips out leading zero bytes.
        # In OAEP, the first byte is expected to be a zero, so we can ignore it
        if diff_len > 1:
            # If more bytes were chopped by PyCrypto, add zero bytes back on
            encoded_message = '\x00' * (diff_len - 1) + encoded_message

        masked_seed = encoded_message[:util.HLEN]
        masked_datablock = encoded_message[util.HLEN:]

        # Step 3c,d
        seed_mask = util.MGF(masked_datablock, util.HLEN)
        seed = util.Xor(masked_seed, seed_mask)

        # Step 3e
        datablock_mask = util.MGF(
            seed,
            len(masked_datablock))  # encoded_message already stripped of 0

        # Step 3f
        datablock = util.Xor(masked_datablock, datablock_mask)

        label_hash = datablock[:util.HLEN]
        expected_label_hash = util.Hash(label)  # Debugging
        if label_hash != expected_label_hash:
            raise errors.KeyczarError(
                "OAEP Decoding Error - hash_id is invalid")

        delimited_message = datablock[util.HLEN:].lstrip('\x00')
        if delimited_message[0] != '\x01':
            raise errors.KeyczarError(
                "OAEP Decoding Error - expected a 1 value")
        return delimited_message[1:]  # The message
Example #5
0
    def Verify(self, msg, sig):
        """
    Return True if the signature corresponds to the message.

    @param msg: message that has been signed
    @type msg: string

    @param sig: raw byte string of the signature formatted as an ASN.1 sequence
      of r and s
    @type sig: string

    @return: True if signature is valid for message. False otherwise.
    @rtype: boolean
    """
        try:
            (r, s) = util.ParseDsaSig(sig)
            return self.key.verify(util.Hash(msg), (r, s))
        except errors.KeyczarError:
            # if signature is not in correct format
            return False
Example #6
0
  def __Encode(self, msg, label=""):
    if len(label) >= 2**61:  # the input limit for SHA-1
      raise errors.KeyczarError("OAEP parameter string too long.")
    k = int(math.floor(math.log(self.key.n, 256)) + 1) # num bytes in n
    if len(msg) > k - 2 * util.HLEN - 2:
      raise errors.KeyczarError("Message too long to OAEP encode.")
    label_hash = util.Hash(label)
    pad_octets = (k - len(msg) - 2 * util.HLEN - 2)  # Number of zeros to pad
    if pad_octets < 0:
      raise errors.KeyczarError("Message is too long: %d" % len(msg))
    datablock = label_hash + ('\x00' * pad_octets) + '\x01' + msg
    seed = util.RandBytes(util.HLEN)

    # Steps 2e, f
    datablock_mask = util.MGF(seed, k - util.HLEN - 1)
    masked_datablock = util.Xor(datablock, datablock_mask)

    # Steps 2g, h
    seed_mask = util.MGF(masked_datablock, util.HLEN)
    masked_seed = util.Xor(seed, seed_mask)

    # Step 2i: Construct the encoded message
    return '\x00' + masked_seed + masked_datablock
Example #7
0
 def _Hash(self):
     fullhash = util.Hash(self.key_bytes)
     return util.Base64WSEncode(fullhash[:keyczar.KEY_HASH_SIZE])
Example #8
0
 def _Hash(self):
     fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)),
                          self.key_bytes, self.hmac_key.key_bytes)
     return util.Base64WSEncode(fullhash[:keyczar.KEY_HASH_SIZE])
Example #9
0
 def _Hash(self):
     """Compute and return the hash_id id of this key. Can override default hash_id."""
     fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)),
                          self.key_bytes)
     return util.Base64WSEncode(fullhash[:keyczar.KEY_HASH_SIZE])