def validate_ds_digest(digest_alg, digest, dnskey_msg):
if not digest_alg_is_supported(digest_alg):
return None
if digest_alg == 1:
md = EVP.MessageDigest("sha1")
md.update(dnskey_msg)
return md.final() == digest
elif digest_alg == 2:
md = EVP.MessageDigest("sha256")
md.update(dnskey_msg)
return md.final() == digest
elif digest_alg == 3:
_gost_init()
try:
mdgost = m2.get_digestbyname(GOST_DIGEST_NAME)
md = GostMessageDigest(mdgost)
md.update(dnskey_msg)
return md.final() == digest
finally:
_gost_cleanup()
elif digest_alg == 4:
md = EVP.MessageDigest("sha384")
md.update(dnskey_msg)
return md.final() == digest
def __init__(self, algo):
# type: (str) -> None
md = getattr(m2, algo, None) # type: Optional[Callable]
if md is None:
# if the digest algorithm isn't found as an attribute of the m2
# module, try to look up the digest using get_digestbyname()
self.md = m2.get_digestbyname(algo)
else:
self.md = md()
self.ctx = m2.md_ctx_new()
m2.digest_init(self.ctx, self.md)
def __init__(self, algo):
# type: (str) -> None
md = getattr(m2, algo, None) # type: Optional[Callable]
if md is None:
# if the digest algorithm isn't found as an attribute of the m2
# module, try to look up the digest using get_digestbyname()
self.md = m2.get_digestbyname(algo)
else:
self.md = md()
self.ctx = m2.md_ctx_new()
m2.digest_init(self.ctx, self.md)
def __init__(self, algo):
md = getattr(m2, algo, None)
if md is None:
# if the digest algorithm isn't found as an attribute of the m2
# module, try to look up the digest using get_digestbyname()
self.md = m2.get_digestbyname(algo)
if self.md is None:
raise ValueError('unknown algorithm', algo)
else:
self.md = md()
self.ctx = m2.md_ctx_new()
m2.digest_init(self.ctx, self.md)
def _validate_rrsig_gost(alg, sig, msg, key):
_gost_init()
try:
pubkey = _dnskey_to_gost(key)
pubkey.md = m2.get_digestbyname(GOST_DIGEST_NAME)
pubkey.verify_init()
pubkey.verify_update(msg)
return pubkey.verify_final(sig) == 1
finally:
_gost_cleanup()
def _validate_rrsig_gost(alg, sig, msg, key):
_gost_init()
try:
pubkey = _dnskey_to_gost(key)
pubkey.md = m2.get_digestbyname(GOST_DIGEST_NAME)
pubkey.verify_init()
pubkey.verify_update(msg)
return pubkey.verify_final(sig) == 1
finally:
_gost_cleanup()
def _validate_rrsig_gost(alg, sig, msg, key):
_gost_init()
try:
pubkey = _dnskey_to_gost(key)
# if the key is invalid, then the signature is also invalid
if pubkey is None:
return False
pubkey.md = m2.get_digestbyname(GOST_DIGEST_NAME)
pubkey.verify_init()
pubkey.verify_update(msg)
return pubkey.verify_final(sig) == 1
finally:
_gost_cleanup()
def test_get_digestbyname(self):
with self.assertRaises(EVP.EVPError):
m2.get_digestbyname('sha513')
self.assertNotEqual(m2.get_digestbyname('sha1'), None)
def test_get_digestbyname(self):
self.assertEqual(m2.get_digestbyname('sha513'), None)
self.assertNotEqual(m2.get_digestbyname('sha1'), None)
def test_get_digestbyname(self):
self.assertEqual(m2.get_digestbyname('sha513'), None)
self.assertNotEqual(m2.get_digestbyname('sha1'), None)
def test_get_digestbyname(self):
with self.assertRaises(EVP.EVPError):
m2.get_digestbyname('sha513')
self.assertNotEqual(m2.get_digestbyname('sha1'), None)