def __str__(self): return json.dumps({ "p": util.Base64WSEncode(self.params['p']), "q": util.Base64WSEncode(self.params['q']), "g": util.Base64WSEncode(self.params['g']), "y": util.Base64WSEncode(self.params['y']), "size": self.size })
def testBadAesCiphertexts(self): crypter = keyczar.Crypter.Read(os.path.join(TEST_DATA, "aes")) ciphertext = util.Base64WSDecode(crypter.Encrypt(self.input_data)) bad = util.Base64WSEncode(chr(0)) char = chr(ord(ciphertext[2]) ^ 44) ciphertext = util.Base64WSEncode(ciphertext[:2]+char+ciphertext[3:]) self.assertRaises(errors.ShortCiphertextError, crypter.Decrypt, bad) self.assertRaises(errors.KeyNotFoundError, crypter.Decrypt, ciphertext)
def __str__(self): return json.dumps({ "modulus": util.Base64WSEncode(self.params['modulus']), "publicExponent": util.Base64WSEncode(self.params['publicExponent']), "size": self.size })
def testHmacBadSigs(self): (signer, sig) = self.__signInput("hmac") sig_bytes = util.Base64WSDecode(sig) self.assertRaises(errors.ShortSignatureError, signer.Verify, self.input, "AB") bad_sig = util.Base64WSEncode(chr(23) + sig_bytes[1:]) self.assertRaises(errors.BadVersionError, signer.Verify, self.input, bad_sig) char = chr(ord(sig_bytes[1]) ^ 45) # Munge key hash info in sig bad_sig = util.Base64WSEncode(sig_bytes[0] + char + sig_bytes[2:]) self.assertRaises(errors.KeyNotFoundError, signer.Verify, self.input, bad_sig)
def LoadPackedKey(packed_key_data): """ Constructs and returns a new _Session instance, initialized with the key data extracted from the provided packed_key_data, which must have been produced by _Session.packed_key. """ unpacked = util.UnpackMultipleByteArrays(packed_key_data) assert len(unpacked) == 2 aes_key_bytes = unpacked[0] hmac_key_bytes = unpacked[1] hmac_key = keys.HmacKey(util.Base64WSEncode(hmac_key_bytes), len(hmac_key_bytes) * 8) session_key = keys.AesKey(util.Base64WSEncode(aes_key_bytes), hmac_key, len(aes_key_bytes) * 8, keyinfo.CBC) return _Session.__Create(session_key, None)
def _FallbackHashes(self): fbh = [] #java uses the block sizes instead of keylength to produce hashes for aes if len(self.key_bytes) != 16: badjavahash = util.Hash(util.IntToBytes(16), self.key_bytes, self.hmac_key.key_bytes) fbh.append(util.Base64WSEncode(badjavahash[:constants.KEY_HASH_SIZE])) #old version of cpp stripped leading zeros of aes key if len(self.key_bytes) > 0 and self.key_bytes[0] == b'\x00'[0]: stripped_key_bytes = util.TrimBytes(self.key_bytes) badcpphash = util.Hash(util.IntToBytes(len(stripped_key_bytes)), stripped_key_bytes, self.hmac_key.key_bytes) fbh.append(util.Base64WSEncode(badcpphash[:constants.KEY_HASH_SIZE])) return fbh
def json(self): """ Returns the session key data and nonce in Json format. """ aes_key_string = json.loads(str(self.__session_key)) return json.dumps({ 'key': aes_key_string, 'nonce': util.Base64WSEncode(self.__nonce) })
def testBadAesCiphertextsStream(self): crypter = keyczar.Crypter.Read(os.path.join(TEST_DATA, "aes")) ciphertext = util.Base64WSDecode(crypter.Encrypt(self.input_data)) bad = util.Base64WSEncode(chr(0)) char = chr(ord(ciphertext[2]) ^ 44) ciphertext = util.Base64WSEncode(ciphertext[:2]+char+ciphertext[3:]) try: stream = StringIO.StringIO(bad) decryption_stream = crypter.CreateDecryptingStreamReader(stream) self.__readFromStream(decryption_stream) except errors.ShortCiphertextError: pass try: stream = StringIO.StringIO(ciphertext) decryption_stream = crypter.CreateDecryptingStreamReader(stream) self.__readFromStream(decryption_stream) except errors.KeyNotFoundError: pass
def testBadAesCiphertextsStream(self): crypter = keyczar.Crypter.Read(os.path.join(TEST_DATA, "aes")) ciphertext = util.Base64WSDecode(crypter.Encrypt(self.input_data)) bad = util.Base64WSEncode(b'0x00') char = bytes([bytearray(ciphertext)[2] ^ 44]) ciphertext = util.Base64WSEncode(ciphertext[:2] + char + ciphertext[3:]) try: stream = io.BytesIO(util.RawBytes(bad)) decryption_stream = crypter.CreateDecryptingStreamReader(stream) self.__readFromStream(decryption_stream) except errors.ShortCiphertextError: pass try: stream = io.BytesIO(util.RawBytes(ciphertext)) decryption_stream = crypter.CreateDecryptingStreamReader(stream) self.__readFromStream(decryption_stream) except errors.KeyNotFoundError: pass
def Generate(size=keyinfo.HMAC_SHA1.default_size): """ Return a newly generated HMAC-SHA1 key. @param size: length of key in bits to generate @type size: integer @return: an HMAC-SHA1 key @rtype: L{HmacKey} """ key_bytes = util.RandBytes(size // 8) key_string = util.Base64WSEncode(key_bytes) return HmacKey(key_string, size)
def Sign(self, data): """ Sign given data and return corresponding signature. For message M, outputs the signature as Header|Sig(Header.M). @param data: message to be signed @type data: string @return: signature on the data encoded as a Base64 string @rtype: string """ return util.Base64WSEncode(self.primary_key.Header() + self.__InternalSign(util.RawBytes(data)))
def Generate(size=keyinfo.AES.default_size): """ Return a newly generated AES key. @param size: length of key in bits to generate @type size: integer @return: an AES key @rtype: L{AesKey} """ key_bytes = util.RandBytes(size // 8) key_string = util.Base64WSEncode(key_bytes) hmac_key = HmacKey.Generate() # use default HMAC-SHA1 key size return AesKey(key_string, hmac_key, size)
def __str__(self): return json.dumps({ "publicKey": json.loads(str(self.public_key)), "privateExponent": util.Base64WSEncode(self.params['privateExponent']), "primeP": util.Base64WSEncode(self.params['primeP']), "primeQ": util.Base64WSEncode(self.params['primeQ']), "primeExponentP": util.Base64WSEncode(self.params['primeExponentP']), "primeExponentQ": util.Base64WSEncode(self.params['primeExponentQ']), "crtCoefficient": util.Base64WSEncode(self.params['crtCoefficient']), "size": self.size})
def Sign(self, data): """ Sign given data and return corresponding signature. This signature contains no header or version information. For message M, outputs the signature as Sig(M). @param data: message to be signed @type data: string @return: signature on the data encoded as a Base64 string @rtype: string """ signing_key = self.primary_key if signing_key is None: raise errors.NoPrimaryKeyError() return util.Base64WSEncode(signing_key.Sign(util.RawBytes(data)))
def _ParseHeader(self, header): """ Parse the header and verify version, format info. Return key if exists. @param header: the bytes of the header of Keyczar output @type header: string @return: the key identified by the hash in the header @rtype: L{keys.Key} @raise BadVersionError: if header specifies an illegal version @raise KeyNotFoundError: if key specified in header doesn't exist """ version = bytearray(header)[0] if version != constants.VERSION: raise errors.BadVersionError(version) return self.GetKey(util.Base64WSEncode(header[1:]))
def AttachedSign(self, data, nonce): """ Sign given data and nonce and return a blob containing both data and signature For message M, and nonce N, outputs Header|len(M)|M|Sig(Header|M|N). @param data: message to be signed @type data: string @param nonce: nonce to be included in the signature @type nonce: string @return: signature on the data encoded as a Base64 string @rtype: string """ return util.Base64WSEncode( self.primary_key.Header() + util.PackByteArray(util.RawBytes(data)) + self.__InternalSign(util.RawBytes(data), util.RawBytes(nonce)))
def Sign(self, data, expire_date): """ Sign given data and return corresponding signature. For message M, outputs the signature as Header|Sig(Header.M). @param data: message to be signed @type data: string @param expire_date: datetime when signature expires @type expire_date: datetime (UTC) @return: signature on the data encoded as a Base64 string @rtype: string """ expire_milli = util.UnixTimeMilliseconds(expire_date) expire_bytes = util.LongLongToBytes(expire_milli) return util.Base64WSEncode(self.primary_key.Header() + expire_bytes + self.__InternalSign(expire_bytes + util.RawBytes(data)))
def _Hash(self): fullhash = util.Hash(self.key_bytes) return util.Base64WSEncode(fullhash[:constants.KEY_HASH_SIZE])
def _Hash(self): fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)), self.key_bytes, self.hmac_key.key_bytes) return util.Base64WSEncode(fullhash[:constants.KEY_HASH_SIZE])
def _Hash(self): """ Compute and return the hash_id id of this key. Can override default hash_id. """ fullhash = util.PrefixHash(self.key_bytes) return util.Base64WSEncode(fullhash[:constants.KEY_HASH_SIZE])
def _Hash(self): fullhash = util.PrefixHash(util.TrimBytes(self._params['modulus']), util.TrimBytes(self._params['publicExponent'])) return util.Base64WSEncode(fullhash[:constants.KEY_HASH_SIZE])
def testUnencodedAttachedSign(self): (signer, sig) = self.__unencodedAttachedSignInput("hmac", "nonce") encoded_sig = util.Base64WSEncode(sig) self.assertTrue(signer.AttachedVerify(encoded_sig, "nonce")) self.assertTrue(signer.AttachedVerify(sig, "nonce", None))
def _Hash(self): """Compute and return the hash_id id of this key. Can override default hash_id.""" fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)), self.key_bytes) return util.Base64WSEncode(fullhash[:keyczar.KEY_HASH_SIZE])
def __str__(self): return json.dumps({"publicKey": json.loads(str(self.public_key)), "x": util.Base64WSEncode(self.params['x']), "size": self.size})
def testUnencodedUnversionedSign(self): (signer, sig) = self.__unencodedUnversionedSignInput("hmac") encoded_sig = util.Base64WSEncode(sig) self.assertFalse(signer.Verify(self.input, encoded_sig, None)) self.assertTrue(signer.Verify(self.input, encoded_sig)) self.assertTrue(signer.Verify(self.input, sig, None))
def _Hash(self): fullhash = util.PrefixHash(util.TrimBytes(self._params['p']), util.TrimBytes(self._params['q']), util.TrimBytes(self._params['g']), util.TrimBytes(self._params['y'])) return util.Base64WSEncode(fullhash[:constants.KEY_HASH_SIZE])
def __modifyByteString(self, string, offset): decoded = util.Base64WSDecode(string) modified_char = chr(ord(decoded[offset]) ^ 0xFF) return util.Base64WSEncode(decoded[:offset] + modified_char + decoded[offset + 1:])