def verify(self, signature, message, signature_as_digits=True):
global _CryptoLog
# if _CryptoLog is None:
# _CryptoLog = os.environ.get('CRYPTO_LOG') == '1'
signature_bytes = signature
if signature_as_digits:
signature_bytes = number.long_to_bytes(signature, blocksize=4)
if not strng.is_bin(signature_bytes):
raise ValueError('signature must be byte string')
if not strng.is_bin(message):
raise ValueError('message must be byte string')
h = hashes.sha1(message, return_object=True)
result = False
try:
pkcs1_15.new(self.keyObject).verify(h, signature_bytes)
result = True
except (
ValueError,
TypeError,
):
# do not raise any exception... just return False
lg.exc('signature=%r message=%r' % (
signature,
message,
))
if _Debug:
if _CryptoLog:
lg.args(_DebugLevel, result=result, signature=signature)
return result
def verify(self, signature, message, signature_as_digits=True):
signature_bytes = signature
if signature_as_digits:
signature_text = strng.to_text(signature)
signature_int = int(signature_text)
signature_bytes = number.long_to_bytes(signature_int)
if signature[0:1] == b'0':
signature_bytes = b'\x00' + signature_bytes
if not strng.is_bin(signature_bytes):
raise ValueError('signature must be byte string')
if not strng.is_bin(message):
raise ValueError('message must be byte string')
h = hashes.sha1(message, return_object=True)
try:
pkcs1_15.new(self.keyObject).verify(h, signature_bytes)
result = True
except (
ValueError,
TypeError,
):
if _Debug:
lg.exc(
msg='signature=%r\nmessage=%r\nsignature_as_digits=%r\n' %
(signature, message, signature_as_digits))
result = False
return result
def sign(self, message, as_digits=True):
if not self.keyObject:
raise ValueError('key object is not exist')
if not strng.is_bin(message):
raise ValueError('message must be byte string')
h = hashes.sha1(message, return_object=True)
signature_bytes = pkcs1_15.new(self.keyObject).sign(h)
if not as_digits:
return signature_bytes
signature_raw = strng.to_bin(number.bytes_to_long(signature_bytes))
if signature_bytes[0:1] == b'\x00':
signature_raw = b'0' + signature_raw
return signature_raw
def validate_key(key_object):
sample_data = strng.to_bin(base64.b64encode(os.urandom(256)))
sample_hash_base = hashes.sha1(sample_data, hexdigest=True)
sample_signature = key_object.sign(sample_hash_base)
is_valid = key_object.verify(sample_signature, sample_hash_base)
if not is_valid:
if _Debug:
lg.err('validate_key FAILED')
lg.out(_DebugLevel, 'public=%r' % key_object.toPublicString())
lg.out(_DebugLevel, 'signature=%r' % sample_signature)
lg.out(_DebugLevel, 'hash_base=%r' % sample_hash_base)
lg.out(_DebugLevel, 'data=%r' % sample_data)
return is_valid
def verify(self, signature, message, signature_as_digits=True):
if signature_as_digits:
signature_raw = number.long_to_bytes(int(strng.to_text(signature)))
if signature[0:1] == b'0':
signature_raw = b'\x00' + signature_raw
if not strng.is_bin(signature_raw):
raise ValueError('signature must be byte string')
if not strng.is_bin(message):
raise ValueError('message must be byte string')
h = hashes.sha1(message, return_object=True)
try:
pkcs1_15.new(self.keyObject).verify(h, signature_raw)
result = True
except (ValueError, TypeError, ):
if _Debug:
from logs import lg
lg.exc()
result = False
return result
def verify(self, signature, message, signature_as_digits=True):
signature_bytes = signature
if signature_as_digits:
signature_text = strng.to_text(signature)
signature_int = int(signature_text)
signature_bytes = number.long_to_bytes(signature_int)
# if signature[0:1] == b'0':
# signature_bytes = b'\x00' + signature_bytes
if not strng.is_bin(signature_bytes):
raise ValueError('signature must be byte string')
if not strng.is_bin(message):
raise ValueError('message must be byte string')
h = hashes.sha1(message, return_object=True)
result = False
try:
pkcs1_15.new(self.keyObject).verify(h, signature_bytes)
result = True
except (
ValueError,
TypeError,
):
if signature_as_digits and signature[0:1] == b'0':
lg.warn('signature starts with "0", will try to verify again')
try:
signature_text = strng.to_text(signature)
signature_int = int(signature_text)
signature_bytes = number.long_to_bytes(signature_int)
pkcs1_15.new(self.keyObject).verify(
h, b'\x00' + signature_bytes)
result = True
lg.warn(
'signature with additional "0" in front passed verification'
)
except:
# lg.err('signature verification failed: %r' % signature)
lg.err(
'signature=%r message=%r signature_as_digits=%r' %
(signature, message, signature_as_digits))
# lg.exc(msg='signature=%r\nmessage=%r\nsignature_as_digits=%r\n' % (
# signature, message, signature_as_digits))
# do not raise any exception...
return result
def sign(self, message, as_digits=True):
global _CryptoLog
# if _CryptoLog is None:
# _CryptoLog = os.environ.get('CRYPTO_LOG') == '1'
if not self.keyObject:
raise ValueError('key object is not exist')
if not strng.is_bin(message):
raise ValueError('message must be byte string')
h = hashes.sha1(message, return_object=True)
signature_raw = pkcs1_15.new(self.keyObject).sign(h)
if not as_digits:
if _Debug:
if _CryptoLog:
lg.args(_DebugLevel, signature_raw=signature_raw)
return signature_raw
signature_long = number.bytes_to_long(signature_raw)
signature_bytes = strng.to_bin(signature_long)
if _Debug:
if _CryptoLog:
lg.args(_DebugLevel, signature_bytes=signature_bytes)
return signature_bytes
def HashSHA(inp, hexdigest=False):
"""
Use SHA1 method to calculate the hash of ``inp`` string.
"""
return hashes.sha1(inp, hexdigest=hexdigest)
