def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_value, signature_alg): if "ecdsa-" in signature_alg: ec_key_value = self._find(key_value, "ECKeyValue", namespace="ds11") named_curve = self._find(ec_key_value, "NamedCurve", namespace="ds11") public_key = self._find(ec_key_value, "PublicKey", namespace="ds11") key_data = b64decode(public_key.text)[1:] x = bytes_to_long(key_data[:len(key_data) // 2]) y = bytes_to_long(key_data[len(key_data) // 2:]) curve_class = self.known_ecdsa_curves[named_curve.get("URI")] key = ec.EllipticCurvePublicNumbers( x=x, y=y, curve=curve_class()).public_key(backend=default_backend()) verifier = key.verifier( raw_signature, ec.ECDSA(self._get_signature_digest_method(signature_alg))) elif "dsa-" in signature_alg: dsa_key_value = self._find(key_value, "DSAKeyValue") p = self._get_long(dsa_key_value, "P") q = self._get_long(dsa_key_value, "Q") g = self._get_long(dsa_key_value, "G", require=False) y = self._get_long(dsa_key_value, "Y") pn = dsa.DSAPublicNumbers( y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g)) key = pn.public_key(backend=default_backend()) sig_as_der_seq = der_encoder.encode( DERSequenceOfIntegers([ bytes_to_long(raw_signature[:len(raw_signature) // 2]), bytes_to_long(raw_signature[len(raw_signature) // 2:]) ])) verifier = key.verifier( sig_as_der_seq, self._get_signature_digest_method(signature_alg)) elif "rsa-" in signature_alg: rsa_key_value = self._find(key_value, "RSAKeyValue") modulus = self._get_long(rsa_key_value, "Modulus") exponent = self._get_long(rsa_key_value, "Exponent") key = rsa.RSAPublicNumbers( e=exponent, n=modulus).public_key(backend=default_backend()) verifier = key.verifier( raw_signature, padding=PKCS1v15(), algorithm=self._get_signature_digest_method(signature_alg)) else: raise NotImplementedError() verifier.update(signed_info_c14n) verifier.verify()
def test_dsa_private_numbers_invalid_types(self): parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) public_numbers = dsa.DSAPublicNumbers( y=4, parameter_numbers=parameter_numbers ) with pytest.raises(TypeError): dsa.DSAPrivateNumbers(x=4, public_numbers=None) with pytest.raises(TypeError): dsa.DSAPrivateNumbers(x=None, public_numbers=public_numbers)
def parameter_numbers(self): p = self._backend._ffi.new("BIGNUM **") q = self._backend._ffi.new("BIGNUM **") g = self._backend._ffi.new("BIGNUM **") self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g) self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) self._backend.openssl_assert(q[0] != self._backend._ffi.NULL) self._backend.openssl_assert(g[0] != self._backend._ffi.NULL) return dsa.DSAParameterNumbers(p=self._backend._bn_to_int(p[0]), q=self._backend._bn_to_int(q[0]), g=self._backend._bn_to_int(g[0]))
def private_numbers(self): return dsa.DSAPrivateNumbers( public_numbers=dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers( p=self._backend._bn_to_int(self._dsa_cdata.p), q=self._backend._bn_to_int(self._dsa_cdata.q), g=self._backend._bn_to_int(self._dsa_cdata.g) ), y=self._backend._bn_to_int(self._dsa_cdata.pub_key) ), x=self._backend._bn_to_int(self._dsa_cdata.priv_key) )
def get_public_key(public_key_numbers): y = public_key_numbers['y'] p = public_key_numbers['p'] q = public_key_numbers['q'] g = public_key_numbers['g'] #construct public key based on public_key_numbers parameter_numbers = dsa.DSAParameterNumbers(p, q, g) publick_number = dsa.DSAPublicNumbers(y, parameter_numbers) public_key = publick_number.public_key(default_backend()) #print(publick_number) return public_key
def test_dsa_private_numbers(self): parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) public_numbers = dsa.DSAPublicNumbers( y=4, parameter_numbers=parameter_numbers ) private_numbers = dsa.DSAPrivateNumbers( x=5, public_numbers=public_numbers ) assert private_numbers.x == 5 assert private_numbers.public_numbers == public_numbers
def test_dsa_public_numbers_invalid_types(self): with pytest.raises(TypeError): dsa.DSAPublicNumbers( y=4, parameter_numbers=None # type: ignore[arg-type] ) with pytest.raises(TypeError): parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) dsa.DSAPublicNumbers( y=None, # type: ignore[arg-type] parameter_numbers=parameter_numbers, )
def test_private_numbers_ne(self): pub = dsa.DSAPublicNumbers(1, dsa.DSAParameterNumbers(1, 2, 3)) priv = dsa.DSAPrivateNumbers(1, pub) assert priv != dsa.DSAPrivateNumbers( 2, dsa.DSAPublicNumbers( 1, dsa.DSAParameterNumbers(1, 2, 3) ) ) assert priv != dsa.DSAPrivateNumbers( 1, dsa.DSAPublicNumbers( 2, dsa.DSAParameterNumbers(1, 2, 3) ) ) assert priv != dsa.DSAPrivateNumbers( 1, dsa.DSAPublicNumbers( 1, dsa.DSAParameterNumbers(2, 2, 3) ) ) assert priv != dsa.DSAPrivateNumbers( 1, dsa.DSAPublicNumbers( 1, dsa.DSAParameterNumbers(1, 3, 3) ) ) assert priv != dsa.DSAPrivateNumbers( 1, dsa.DSAPublicNumbers( 1, dsa.DSAParameterNumbers(1, 2, 4) ) ) assert priv != object()
def test_repr(self): parameter_numbers = dsa.DSAParameterNumbers(p=1, q=2, g=3) assert ( repr(parameter_numbers) == "<DSAParameterNumbers(p=1, q=2, g=3)>" ) public_numbers = dsa.DSAPublicNumbers( y=4, parameter_numbers=parameter_numbers ) assert repr(public_numbers) == ( "<DSAPublicNumbers(y=4, parameter_numbers=<DSAParameterNumbers(p=1" ", q=2, g=3)>)>" )
def _load_ssh_dss_public_key(key_type, decoded_data, backend): p, rest = _read_next_mpint(decoded_data) q, rest = _read_next_mpint(rest) g, rest = _read_next_mpint(rest) y, rest = _read_next_mpint(rest) if rest: raise ValueError('Key body contains extra bytes.') parameter_numbers = dsa.DSAParameterNumbers(p, q, g) public_numbers = dsa.DSAPublicNumbers(y, parameter_numbers) return public_numbers.public_key(backend)
def make_dsa_key(material): '''Convert a hex-based dict of values to a DSA key''' backend = default_backend() public_material = material['public'] private_material = material['private'] p = int(public_material['p'], 16) q = int(public_material['q'], 16) g = int(public_material['g'], 16) y = int(public_material['y'], 16) x = int(private_material['x'], 16) params = dsa.DSAParameterNumbers(p, q, g) pn = dsa.DSAPublicNumbers(y, params) return dsa.DSAPrivateNumbers(x, pn).private_key(backend), None
def write_private_key(self, file_obj, password=None): key = dsa.DSAPrivateNumbers( x=self.x, public_numbers=dsa.DSAPublicNumbers( y=self.y, parameter_numbers=dsa.DSAParameterNumbers( p=self.p, q=self.q, g=self.g))).private_key(backend=default_backend()) self._write_private_key(file_obj, key, serialization.PrivateFormat.TraditionalOpenSSL, password=password)
def load_private(self, data, pubfields, backend): """Make DSA private key from data.""" (p, q, g, y), data = self.get_public(data) x, data = _get_mpint(data) if (p, q, g, y) != pubfields: raise ValueError("Corrupt data: dsa field mismatch") parameter_numbers = dsa.DSAParameterNumbers(p, q, g) public_numbers = dsa.DSAPublicNumbers(y, parameter_numbers) self._validate(public_numbers) private_numbers = dsa.DSAPrivateNumbers(x, public_numbers) private_key = private_numbers.private_key(backend) return private_key, data
def _fromString_BLOB(cls, blob): """ Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. """ keyType, rest = common.getNS(blob) if keyType == b'ssh-rsa': e, n, rest = common.getMP(rest, 2) return cls( rsa.RSAPublicNumbers(e, n).public_key(default_backend())) elif keyType == b'ssh-dss': p, q, g, y, rest = common.getMP(rest, 4) return cls( dsa.DSAPublicNumbers(y=y, parameter_numbers=dsa.DSAParameterNumbers( p=p, q=q, g=g)).public_key(default_backend())) elif keyType in _curveTable: # First we have to make an EllipticCuvePublicNumbers from the # provided curve and points, # then turn it into a public key object. return cls( ec.EllipticCurvePublicNumbers.from_encoded_point( _curveTable[keyType], common.getNS(rest, 2)[1]).public_key(default_backend())) else: raise BadKeyError('unknown blob type: %s' % (keyType, ))
def test_load_ssh_public_key_dss(self, backend): ssh_key = ( b"ssh-dss AAAAB3NzaC1kc3MAAACBALmwUtfwdjAUjU2Dixd5DvT0NDcjjr69UD" b"LqSD/Xt5Al7D3GXr1WOrWGpjO0NE9qzRCvMTU7zykRH6XjuNXB6Hvv48Zfm4vm" b"nHQHFmmMg2bI75JbnOwdzWnnPZJrVU4rS23dFFPqs5ug+EbhVVrcwzxahjcSjJ" b"7WEQSkVQWnSPbbAAAAFQDXmpD3DIkGvLSBf1GdUF4PHKtUrQAAAIB/bJFwss+2" b"fngmfG/Li5OyL7A9iVoGdkUaFaxEUROTp7wkm2z49fXFAir+/U31v50Tu98YLf" b"WvKlxdHcdgQYV9Ww5LIrhWwwD4UKOwC6w5S3KHVbi3pWUi7vxJFXOWfeu1mC/J" b"TWqMKR91j+rmOtdppWIZRyIVIqLcMdGO3m+2VgAAAIANFDz5KQH5NvoljpoRQi" b"RgyPjxWXiE7vjLElKj4v8KrpanAywBzdhIW1y/tzpGuwRwj5ihi8iNTHgSsoTa" b"j5AG5HPomJf5vJElxpu/2O9pHA52wcNObIQ7j+JA5uWusxNIbl+pF6sSiP8abr" b"z53N7tPF/IhHTjBHb1Ol7IFu9p9A== testkey@localhost" ) key = load_ssh_public_key(ssh_key, backend) assert key is not None assert isinstance(key, dsa.DSAPublicKey) numbers = key.public_numbers() expected_y = int( "d143cf92901f936fa258e9a11422460c8f8f1597884eef8cb1252a3e2ff0aae" "96a7032c01cdd8485b5cbfb73a46bb04708f98a18bc88d4c7812b284da8f900" "6e473e89897f9bc9125c69bbfd8ef691c0e76c1c34e6c843b8fe240e6e5aeb3" "13486e5fa917ab1288ff1a6ebcf9dcdeed3c5fc88474e30476f53a5ec816ef6" "9f4", 16 ) expected_p = int( "b9b052d7f07630148d4d838b17790ef4f43437238ebebd5032ea483fd7b7902" "5ec3dc65ebd563ab586a633b4344f6acd10af31353bcf29111fa5e3b8d5c1e8" "7befe3c65f9b8be69c740716698c8366c8ef925b9cec1dcd69e73d926b554e2" "b4b6ddd1453eab39ba0f846e1555adcc33c5a8637128c9ed61104a45505a748" "f6db", 16 ) expected_q = 1230879958723280233885494314531920096931919647917 expected_g = int( "7f6c9170b2cfb67e78267c6fcb8b93b22fb03d895a0676451a15ac44511393a" "7bc249b6cf8f5f5c5022afefd4df5bf9d13bbdf182df5af2a5c5d1dc7604185" "7d5b0e4b22b856c300f850a3b00bac394b728755b8b7a56522eefc491573967" "debb5982fc94d6a8c291f758feae63ad769a5621947221522a2dc31d18ede6f" "b656", 16 ) expected = dsa.DSAPublicNumbers( expected_y, dsa.DSAParameterNumbers(expected_p, expected_q, expected_g) ) assert numbers == expected
def _deserialize_dsa_private_key(stream: typing.BinaryIO) -> dsa.DSAPrivateKey: dsa_p = _sshbuf_get_bignum2(stream) dsa_q = _sshbuf_get_bignum2(stream) dsa_g = _sshbuf_get_bignum2(stream) dsa_pub_key = _sshbuf_get_bignum2(stream) dsa_priv_key = _sshbuf_get_bignum2(stream) parameter_numbers = dsa.DSAParameterNumbers(p=dsa_p, q=dsa_q, g=dsa_g) public_numbers = dsa.DSAPublicNumbers(y=dsa_pub_key, parameter_numbers=parameter_numbers) private_numbers = dsa.DSAPrivateNumbers(x=dsa_priv_key, public_numbers=public_numbers) # ignoring mypy error that DSAPrivateNumbers does not have private_key() - it does. return private_numbers.private_key( backend=default_backend()) # type: ignore
def public_numbers(self): p = self._backend._ffi.new("BIGNUM **") q = self._backend._ffi.new("BIGNUM **") g = self._backend._ffi.new("BIGNUM **") pub_key = self._backend._ffi.new("BIGNUM **") self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) self._backend.openssl_assert() self._backend.oepnssl_assert() self._backend._lib.DSA_get0_key(self.dsa_cdata, pub_key, self._backend._ffi.NULL) self._backend.openssl_assert(pub_key[0] != self._backend._ffi.NULL) return dsa.DSAPublicNumbers(parameter_numbers=dsa.DSAParameterNumbers( p=self._backend._bn_to_int(p[0]), q=self._backend._bn_to_int(q[0]), g=self._backend._bn_to_int(g[0])), y=self._backend._bn_to_int(pub_key[0]))
def test_dsa_signing(self, vector, backend): digest_algorithm = vector['digest_algorithm'].replace("-", "") algorithm = self._algorithms_dict[digest_algorithm] _skip_if_dsa_not_supported(backend, algorithm, vector['p'], vector['q'], vector['g']) private_key = dsa.DSAPrivateNumbers( public_numbers=dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers( vector['p'], vector['q'], vector['g']), y=vector['y']), x=vector['x']).private_key(backend) signature = private_key.sign(vector['msg'], algorithm()) assert signature private_key.public_key().verify(signature, vector['msg'], algorithm())
def test_large_p(self, backend): key = load_vectors_from_file( os.path.join("asymmetric", "PEM_Serialization", "dsa_4096.pem"), lambda pemfile: serialization.load_pem_private_key( pemfile.read(), None, backend), mode="rb") pn = key.private_numbers() assert pn.public_numbers.parameter_numbers.p.bit_length() == 4096 # Turn it back into a key to confirm that values this large pass # verification dsa.DSAPrivateNumbers(public_numbers=dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers( p=pn.public_numbers.parameter_numbers.p, q=pn.public_numbers.parameter_numbers.q, g=pn.public_numbers.parameter_numbers.g, ), y=pn.public_numbers.y), x=pn.x).private_key(backend)
def test_dsa_verification(self, vector, backend): digest_algorithm = vector['digest_algorithm'].replace("-", "") algorithm = self._algorithms_dict[digest_algorithm] _skip_if_dsa_not_supported(backend, algorithm, vector['p'], vector['q'], vector['g']) public_key = dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers(vector['p'], vector['q'], vector['g']), y=vector['y']).public_key(backend) sig = encode_dss_signature(vector['r'], vector['s']) if vector['result'] == "F": with pytest.raises(InvalidSignature): public_key.verify(sig, vector['msg'], algorithm()) else: public_key.verify(sig, vector['msg'], algorithm())
def test_dsa_verification(self, vector, backend): digest_algorithm = vector["digest_algorithm"].replace("-", "") algorithm = self._algorithms_dict[digest_algorithm] _skip_if_dsa_not_supported(backend, algorithm, vector["p"], vector["q"], vector["g"]) public_key = dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers(vector["p"], vector["q"], vector["g"]), y=vector["y"], ).public_key(backend) sig = encode_dss_signature(vector["r"], vector["s"]) if vector["result"] == "F": with pytest.raises(InvalidSignature): public_key.verify(sig, vector["msg"], algorithm()) else: public_key.verify(sig, vector["msg"], algorithm())
def convert_key(cls, packet, private=False): if isinstance(packet, RSAPrivateKey) or isinstance( packet, RSAPublicKey) or isinstance( packet, DSAPublicKey) or isinstance(packet, DSAPrivateKey): if (not private) and (isinstance(packet, DSAPrivateKey) or isinstance(packet, RSAPrivateKey)): return packet.public_key() else: return packet packet = cls._parse_packet(packet) if isinstance(packet, OpenPGP.Message): packet = packet[0] if packet.key_algorithm_name() == 'DSA': params = dsa.DSAParameterNumbers( cls._bytes_to_long(packet.key['p']), cls._bytes_to_long(packet.key['q']), cls._bytes_to_long(packet.key['g'])) public = dsa.DSAPublicNumbers(cls._bytes_to_long(packet.key['y']), params) if private: return dsa.DSAPrivateNumbers( cls._bytes_to_long(packet.key['x']), public).private_key(openssl.backend) else: return public.public_key(openssl.backend) else: # RSA public = rsa.RSAPublicNumbers(cls._bytes_to_long(packet.key['e']), cls._bytes_to_long(packet.key['n'])) if private: d = cls._bytes_to_long(packet.key['d']) p = cls._bytes_to_long(packet.key['q']) q = cls._bytes_to_long(packet.key['p']) dmp1 = rsa.rsa_crt_dmp1(d, p) dmq1 = rsa.rsa_crt_dmp1(d, q) u = cls._bytes_to_long(packet.key['u']) return rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, u, public).private_key( default_backend()) else: return public.public_key(default_backend())
def _verify_signature_with_pubkey(self, signed_info_c14n, raw_signature, key_value, signature_alg): if "ecdsa-" in signature_alg: ec_key_value = self._find(key_value, "ECKeyValue", namespace="dsig11") named_curve = self._find(ec_key_value, "NamedCurve", namespace="dsig11") public_key = self._find(ec_key_value, "PublicKey", namespace="dsig11") key_data = b64decode(public_key.text)[1:] x = bytes_to_long(key_data[:len(key_data)//2]) y = bytes_to_long(key_data[len(key_data)//2:]) curve_class = self.known_ecdsa_curves[named_curve.get("URI")] key = ec.EllipticCurvePublicNumbers(x=x, y=y, curve=curve_class()).public_key(backend=default_backend()) dss_signature = self._encode_dss_signature(raw_signature, key.key_size) key.verify( dss_signature, data=signed_info_c14n, signature_algorithm=ec.ECDSA( self._get_signature_digest_method(signature_alg) ), ) elif "dsa-" in signature_alg: dsa_key_value = self._find(key_value, "DSAKeyValue") p = self._get_long(dsa_key_value, "P") q = self._get_long(dsa_key_value, "Q") g = self._get_long(dsa_key_value, "G", require=False) y = self._get_long(dsa_key_value, "Y") pn = dsa.DSAPublicNumbers(y=y, parameter_numbers=dsa.DSAParameterNumbers(p=p, q=q, g=g)) key = pn.public_key(backend=default_backend()) # TODO: supply meaningful key_size_bits for signature length assertion dss_signature = self._encode_dss_signature(raw_signature, len(raw_signature) * 8 / 2) key.verify(dss_signature, data=signed_info_c14n, algorithm=self._get_signature_digest_method(signature_alg)) elif "rsa-" in signature_alg: rsa_key_value = self._find(key_value, "RSAKeyValue") modulus = self._get_long(rsa_key_value, "Modulus") exponent = self._get_long(rsa_key_value, "Exponent") key = rsa.RSAPublicNumbers(e=exponent, n=modulus).public_key(backend=default_backend()) key.verify(raw_signature, data=signed_info_c14n, padding=PKCS1v15(), algorithm=self._get_signature_digest_method(signature_alg)) else: raise NotImplementedError()
def private_numbers(self): p = self._backend._ffi.new("BIGNUM **") q = self._backend._ffi.new("BIGNUM **") g = self._backend._ffi.new("BIGNUM **") pub_key = self.backend._ffi.new("BIGNUM **") priv_key = self._backend._ffi.new("BIGNUM **") self._backend._lib.DSA_get0_pqg(self._dsa_cdata, p, q, g) self._backend.openssl_assert(p[0] != self._backend._ffi.NULL) self._backend.openssl_assert() self._backend.openssl_assert() self._backend._lib.DSA_get0_key() self._backend.openssl_assert() self._backend.openssl_assert() return dsa.DSAPrivateNumbers(public_numbers=dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers( p=self._backend._bn_to_int(p[0]), q=self._backend._bn_to_int(q[0]), g=self._backend._bn_to_int(g[0])), y=self._backend._bn_to_int(pub_key[0])), x=self._backend._bn_to_int(pub_key[0]))
def _fromString_BLOB(cls, blob): """ Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. """ keyType, rest = common.getNS(blob) if keyType == b'ssh-rsa': e, n, rest = common.getMP(rest, 2) return cls( rsa.RSAPublicNumbers(e, n).public_key(default_backend())) elif keyType == b'ssh-dss': p, q, g, y, rest = common.getMP(rest, 4) return cls( dsa.DSAPublicNumbers( y=y, parameter_numbers=dsa.DSAParameterNumbers( p=p, q=q, g=g ) ).public_key(default_backend()) ) else: raise BadKeyError('unknown blob type: %s' % (keyType,))
def test_dsa_verification(self, vector, backend): digest_algorithm = vector['digest_algorithm'].replace("-", "") algorithm = self._algorithms_dict[digest_algorithm] if (not backend.dsa_parameters_supported(vector['p'], vector['q'], vector['g']) or not backend.dsa_hash_supported(algorithm)): pytest.skip( "{0} does not support the provided parameters".format(backend)) public_key = dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers(vector['p'], vector['q'], vector['g']), y=vector['y']).public_key(backend) sig = der_encode_dsa_signature(vector['r'], vector['s']) verifier = public_key.verifier(sig, algorithm()) verifier.update(vector['msg']) if vector['result'] == "F": with pytest.raises(InvalidSignature): verifier.verify() else: verifier.verify()
def sign_ssh_data(self, data): key = dsa.DSAPrivateNumbers( x=self.x, public_numbers=dsa.DSAPublicNumbers( y=self.y, parameter_numbers=dsa.DSAParameterNumbers( p=self.p, q=self.q, g=self.g))).private_key(backend=default_backend()) sig = key.sign(data, hashes.SHA1()) r, s = decode_dss_signature(sig) m = Message() m.add_string('ssh-dss') # apparently, in rare cases, r or s may be shorter than 20 bytes! rstr = util.deflate_long(r, 0) sstr = util.deflate_long(s, 0) if len(rstr) < 20: rstr = zero_byte * (20 - len(rstr)) + rstr if len(sstr) < 20: sstr = zero_byte * (20 - len(sstr)) + sstr m.add_string(rstr + sstr) return m
def test_generate_dsa_keys(self, vector, backend): parameters = dsa.DSAParameterNumbers(p=vector['p'], q=vector['q'], g=vector['g']).parameters(backend) skey = parameters.generate_private_key() numbers = skey.private_numbers() skey_parameters = numbers.public_numbers.parameter_numbers pkey = skey.public_key() parameters = pkey.parameters() parameter_numbers = parameters.parameter_numbers() assert parameter_numbers.p == skey_parameters.p assert parameter_numbers.q == skey_parameters.q assert parameter_numbers.g == skey_parameters.g assert skey_parameters.p == vector['p'] assert skey_parameters.q == vector['q'] assert skey_parameters.g == vector['g'] assert skey.key_size == bit_length(vector['p']) assert pkey.key_size == skey.key_size public_numbers = pkey.public_numbers() assert numbers.public_numbers.y == public_numbers.y assert numbers.public_numbers.y == pow(skey_parameters.g, numbers.x, skey_parameters.p)
def test_dsa_signing(self, vector, backend): digest_algorithm = vector['digest_algorithm'].replace("-", "") algorithm = self._algorithms_dict[digest_algorithm] _skip_if_dsa_not_supported(backend, algorithm, vector['p'], vector['q'], vector['g']) private_key = dsa.DSAPrivateNumbers( public_numbers=dsa.DSAPublicNumbers( parameter_numbers=dsa.DSAParameterNumbers( vector['p'], vector['q'], vector['g']), y=vector['y']), x=vector['x']).private_key(backend) signer = pytest.deprecated_call(private_key.signer, algorithm()) signer.update(vector['msg']) signature = signer.finalize() assert signature public_key = private_key.public_key() verifier = public_key.verifier(signature, algorithm()) verifier.update(vector['msg']) verifier.verify()
def create_pubkey(pubkey_info): """ <Purpose> Create and return a DSAPublicKey object from the passed pubkey_info using pyca/cryptography. <Arguments> pubkey_info: The DSA pubkey info dictionary as specified by securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA <Exceptions> securesystemslib.exceptions.FormatError if pubkey_info does not match securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA securesystemslib.exceptions.UnsupportedLibraryError if the cryptography module is not available <Returns> A cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey based on the passed pubkey_info. """ if not CRYPTO: # pragma: no cover raise securesystemslib.exceptions.UnsupportedLibraryError( NO_CRYPTO_MSG) securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA.check_match(pubkey_info) y = int(pubkey_info['keyval']['public']['y'], 16) g = int(pubkey_info['keyval']['public']['g'], 16) p = int(pubkey_info['keyval']['public']['p'], 16) q = int(pubkey_info['keyval']['public']['q'], 16) parameter_numbers = dsa.DSAParameterNumbers(p, q, g) pubkey = dsa.DSAPublicNumbers(y, parameter_numbers).public_key( backends.default_backend()) return pubkey