Exemple #1
0
def verifySig(identifier, signature, msg) -> bool:
    key = cryptonymToHex(identifier) if not isHex(identifier) else identifier
    ser = serializeForSig(msg)
    b64sig = signature.encode('utf-8')
    sig = b64decode(b64sig)
    vr = Verifier(key)
    return vr.verify(sig, ser)
Exemple #2
0
def testFullSigning():
    # stored securely/privately
    seed = randombytes(32)

    # generates key pair based on seed
    sk = SigningKey(seed=seed)

    # helper for signing
    signer = Signer(sk)

    # this is the public key used to verify signatures (securely shared before-hand with recipient)
    verkey = signer.verhex

    # the message to be signed
    msg = b'1234'

    # the signature
    sig = signer.signature(msg)

    # helper for verification
    vr = Verifier(verkey)

    # verification
    isVerified = vr.verify(sig, msg)

    assert isVerified
def testFullSigning():
    # stored securely/privately
    seed = randombytes(32)

    # generates key pair based on seed
    sk = SigningKey(seed=seed)

    # helper for signing
    signer = Signer(sk)

    # this is the public key used to verify signatures (securely shared before-hand with recipient)
    verkey = signer.verhex

    # the message to be signed
    msg = b'1234'

    # the signature
    sig = signer.signature(msg)

    # helper for verification
    vr = Verifier(verkey)

    # verification
    isVerified = vr.verify(sig, msg)

    assert isVerified
Exemple #4
0
    def authenticate(self,
                     msg: Mapping,
                     identifier: str=None,
                     signature: str=None) -> bool:
        """
        Authenticate the client's message with the signature provided.

        :param identifier: some unique identifier; if None, then try to use
        msg['clientId'] as identifier
        :param signature: a utf-8 and base64 encoded signature
        :param msg: the message to authenticate
        :return: the identifier; an exception of type SigningException is
            raised if the signature is not valid
        """
        try:
            if not signature:
                try:
                    signature = msg["signature"]
                    if not signature:
                        raise EmptySignature
                except KeyError:
                    raise MissingSignature
            if not identifier:
                try:
                    identifier = msg[f.CLIENT_ID.nm]
                    if not identifier:
                        raise EmptyIdentifier
                except KeyError:
                    raise MissingIdentifier
            b64sig = signature.encode('utf-8')
            sig = b64decode(b64sig)
            ser = serializeForSig(msg)
            try:
                verkey = self.clients[identifier]
            except KeyError:
                raise InvalidIdentifier
            vr = Verifier(verkey)
            isVerified = vr.verify(sig, ser)
            if not isVerified:
                raise InvalidSignature
        except SigningException:
            raise
        except Exception as ex:
            raise CouldNotAuthenticate from ex
        return identifier
Exemple #5
0
class DidVerifier(Verifier):
    def __init__(self, verkey, identifier=None):
        self._verkey = None
        self._vr = None
        if identifier:
            rawIdr = b58decode(identifier)
            if len(rawIdr) == 32 and not verkey:  # assume cryptonym
                verkey = identifier
            if verkey[0] == '~':  # abbreviated
                verkey = b58encode(
                    b58decode(identifier) + b58decode(verkey[1:]))
        self.verkey = verkey

    @property
    def verkey(self):
        return self._verkey

    @verkey.setter
    def verkey(self, value):
        self._verkey = value
        self._vr = NaclVerifier(b58decode(value))

    def verify(self, sig, msg) -> bool:
        return self._vr.verify(sig, msg)
Exemple #6
0
 def authenticate(self,
                  msg: Dict,
                  identifier: str = None,
                  signature: str = None) -> str:
     try:
         if not signature:
             try:
                 signature = msg[f.SIG.nm]
                 if not signature:
                     raise EmptySignature(identifier, msg.get(f.REQ_ID.nm))
             except KeyError:
                 raise MissingSignature
         if not identifier:
             try:
                 identifier = msg[f.IDENTIFIER.nm]
                 if not identifier:
                     raise EmptyIdentifier
             except KeyError:
                 raise MissingIdentifier
         b64sig = signature.encode('utf-8')
         sig = b64decode(b64sig)
         ser = serializeForSig(msg)
         try:
             verkey = self.getVerkey(identifier)
         except KeyError:
             # TODO: Should probably be called UnknownIdentifier
             raise InvalidIdentifier(identifier, msg.get(f.REQ_ID.nm))
         vr = Verifier(verkey)
         isVerified = vr.verify(sig, ser)
         if not isVerified:
             raise InvalidSignature
     except SigningException as e:
         raise e
     except Exception as ex:
         raise CouldNotAuthenticate from ex
     return identifier
Exemple #7
0
 def authenticate(self,
                  msg: Dict,
                  identifier: str = None,
                  signature: str = None) -> str:
     try:
         if not signature:
             try:
                 signature = msg[f.SIG.nm]
                 if not signature:
                     raise EmptySignature(identifier, msg.get(f.REQ_ID.nm))
             except KeyError:
                 raise MissingSignature
         if not identifier:
             try:
                 identifier = msg[f.IDENTIFIER.nm]
                 if not identifier:
                     raise EmptyIdentifier
             except KeyError:
                 raise MissingIdentifier
         b64sig = signature.encode('utf-8')
         sig = b64decode(b64sig)
         ser = serializeForSig(msg)
         try:
             verkey = self.getVerkey(identifier)
         except KeyError:
             # TODO: Should probably be called UnknownIdentifier
             raise InvalidIdentifier(identifier, msg.get(f.REQ_ID.nm))
         vr = Verifier(verkey)
         isVerified = vr.verify(sig, ser)
         if not isVerified:
             raise InvalidSignature
     except SigningException as e:
         raise e
     except Exception as ex:
         raise CouldNotAuthenticate from ex
     return identifier
Exemple #8
0
class DidVerifier(Verifier):
    def __init__(self, verkey, identifier=None):
        self._verkey = None
        self._vr = None
        if identifier:
            rawIdr = b58decode(identifier)
            if len(rawIdr) == 32 and not verkey:  # assume cryptonym
                verkey = identifier
            if verkey[0] == '~':  # abbreviated
                verkey = b58encode(b58decode(identifier) +
                                   b58decode(verkey[1:]))
        self.verkey = verkey

    @property
    def verkey(self):
        return self._verkey

    @verkey.setter
    def verkey(self, value):
        self._verkey = value
        self._vr = NaclVerifier(b58decode(value))

    def verify(self, sig, msg) -> bool:
        return self._vr.verify(sig, msg)