コード例 #1
0
    def decode(buffer: bytes, **kwargs) -> object:
        """
        Decodes a JWK JSON string into EdDSA parameters.

        Parameters:
            buffer (bytes/str): JWK JSON string.
        
        Returns:
            EdDSA: EdDSA object.
        """
        from samson.public_key.eddsa import EdDSA
        from samson.protocols.dh25519 import DH25519

        if issubclass(type(buffer), (bytes, bytearray)):
            buffer = buffer.decode()

        jwk = json.loads(buffer)

        curve = JWK_INVERSE_CURVE_LOOKUP[jwk['crv']]
        x = Bytes(url_b64_decode(jwk['x'].encode('utf-8')), 'little')

        if 'd' in jwk:
            d = Bytes(url_b64_decode(jwk['d'].encode('utf-8'))).int()
        else:
            d = 0

        if jwk['crv'] in ['Ed25519', 'Ed448']:
            eddsa = EdDSA(curve=curve, d=d)
            eddsa.A = eddsa.decode_point(x)
        else:
            eddsa = DH25519(curve=curve, d=d, pub=x.int())

        return eddsa
コード例 #2
0
    def test_import_ssh(self):
        priv  = EdDSA.import_key(TEST_SSH_PRIV)
        pubv1 = EdDSA.import_key(TEST_SSH_PUB)
        pubv2 = EdDSA.import_key(TEST_SSH2_PUB)

        self.assertEqual(priv.A, pubv1.A)
        self.assertEqual(priv.A, pubv2.A)

        self.assertEqual(pubv1.export_public_key(encoding=PKIEncoding.OpenSSH).replace(b'\n', b''), TEST_SSH_PUB.replace(b'\n', b''))
        self.assertEqual(pubv2.export_public_key(encoding=PKIEncoding.SSH2).replace(b'\n', b''), TEST_SSH2_PUB_NO_CMT.replace(b'\n', b''))
コード例 #3
0
    def _run_test(self, message, d, curve, hash_alg, expected_public_key=None, expected_sig=None):
        eddsa = EdDSA(d=d, curve=curve, hash_obj=hash_alg)
        sig = eddsa.sign(message)

        if expected_public_key:
            self.assertEqual(eddsa.encode_point(eddsa.A).int(), expected_public_key)

        if expected_sig:
            self.assertEqual(sig, expected_sig)

        self.assertTrue(eddsa.verify(message, sig))
コード例 #4
0
    def test_import_openssh(self):
        for key, passphrase in [TEST_OPENSSH0, TEST_OPENSSH1, TEST_OPENSSH2, TEST_OPENSSH3]:
            if passphrase:
                with self.assertRaises(ValueError):
                    EdDSA.import_key(key)

            eddsa = EdDSA.import_key(key, passphrase=passphrase)

            # EdDSA's little-endian causes a pretty big headache
            other_eddsa = EdDSA(h=eddsa.h[:32][::-1], clamp=False)

            self.assertEqual(eddsa.a, other_eddsa.a)
コード例 #5
0
    def decode(buffer: bytes, **kwargs):
        from samson.public_key.eddsa import EdDSA
        items = bytes_to_der_sequence(buffer)

        pub_point = Bytes(int(items[1]))

        curve_oid = str(items[0][0])
        curve = EDCURVE_OID_LOOKUP[curve_oid]

        eddsa = EdDSA(curve=curve)
        eddsa.A = eddsa.decode_point(pub_point)

        return eddsa
コード例 #6
0
    def test_import_pkcs8(self):
        priv = EdDSA.import_key(TEST_PKCS8)

        priv_out = priv.export_private_key(encoding=PKIEncoding.PKCS8)

        self.assertEqual((priv.d, priv.curve), (Bytes(0xD4EE72DBF913584AD5B6D8F1F769F8AD3AFE7C28CBF1D4FBE097A88F44755842), EdwardsCurve25519))
        self.assertEqual(priv_out.replace(b'\n', b''), TEST_PKCS8.replace(b'\n', b''))
コード例 #7
0
    def decode(buffer: bytes, **kwargs):
        from samson.public_key.eddsa import EdDSA
        from samson.math.algebra.curves.named import EdwardsCurve25519
        _, pub = parse_openssh_key(buffer, SSH_PUBLIC_HEADER, EdDSAPublicKey,
                                   EdDSAPrivateKey, None)

        a, h = pub.a, 0
        eddsa = EdDSA(curve=EdwardsCurve25519, h=h, a=a, d=0, clamp=False)

        return eddsa
コード例 #8
0
    def decode(buffer: bytes, **kwargs):
        from samson.public_key.eddsa import EdDSA
        from samson.math.algebra.curves.named import EdwardsCurve25519
        priv, _ = parse_openssh_key(buffer, SSH_PUBLIC_HEADER, EdDSAPublicKey,
                                    EdDSAPrivateKey, kwargs.get('passphrase'))

        a, h = priv.a, priv.h
        eddsa = EdDSA(curve=EdwardsCurve25519, h=h, a=a, d=0, clamp=False)

        return eddsa
コード例 #9
0
    def decode(buffer: bytes, **kwargs):
        from samson.public_key.eddsa import EdDSA
        items = bytes_to_der_sequence(buffer)

        curve_oid = str(items[1][0])
        priv_key, _ = decoder.decode(bytes(items[2]))

        d = Bytes(priv_key).int()

        curve = EDCURVE_OID_LOOKUP[curve_oid]
        eddsa = EdDSA(d=d, curve=curve)

        return eddsa
コード例 #10
0
ファイル: test_jws.py プロジェクト: gcdeshpande/samson
    def test_gauntlet(self):
        for jwa in [JWASignatureAlg.HS256, JWASignatureAlg.HS384, JWASignatureAlg.HS512]:
            for _ in range(50):
                key = Bytes.random(16)
                jws = JWS.create(jwa, BODY, key)

                self.assertTrue(jws.verify(key))


        for jwa, curve, hash_obj in [(JWASignatureAlg.ES256, P256, SHA256()), (JWASignatureAlg.ES384, P384, SHA384()), (JWASignatureAlg.ES512, P521, SHA512())]:
            for _ in range(10):
                key = ECDSA(G=curve.G, hash_obj=hash_obj)
                jws = JWS.create(jwa, BODY, key)

                self.assertTrue(jws.verify(key))


        for jwa in [JWASignatureAlg.RS256, JWASignatureAlg.RS384, JWASignatureAlg.RS512, JWASignatureAlg.PS256, JWASignatureAlg.PS384, JWASignatureAlg.PS512]:
            for _ in range(10):
                key = RSA(2048)
                jws = JWS.create(jwa, BODY, key)

                correct = jws.verify(key)

                if not correct:
                    print(key)
                    print(jws)

                self.assertTrue(correct)


        for i in range(10):
            if i % 2:
                curve = EdwardsCurve25519
            else:
                curve = EdwardsCurve448

            key = EdDSA(curve=curve)
            jws = JWS.create(JWASignatureAlg.EdDSA, BODY, key)

            correct = jws.verify(key)

            if not correct:
                print(key)
                print(jws)

            self.assertTrue(correct)
コード例 #11
0
    def test_openssh_gauntlet(self):
        num_runs = 1
        num_enc = num_runs // 3
        for i in range(num_runs):
            eddsa = EdDSA()
            passphrase = None
            if i < num_enc:
                passphrase = Bytes.random(Bytes.random(1).int())

            priv        = eddsa.export_private_key(encoding=PKIEncoding.OpenSSH, encryption=b'aes256-ctr', passphrase=passphrase)
            pub_openssh = eddsa.export_public_key(encoding=PKIEncoding.OpenSSH)
            pub_ssh2    = eddsa.export_public_key(encoding=PKIEncoding.SSH2)

            new_priv = EdDSA.import_key(priv, passphrase=passphrase)
            new_pub_openssh = EdDSA.import_key(pub_openssh)
            new_pub_ssh2 = EdDSA.import_key(pub_ssh2)

            self.assertEqual((new_priv.h, new_priv.a, new_priv.A), (eddsa.h, eddsa.a, eddsa.A))
            self.assertEqual((new_pub_openssh.a, new_pub_openssh.A), (eddsa.a, eddsa.A))
            self.assertEqual((new_pub_ssh2.a, new_pub_ssh2.A), (eddsa.a, eddsa.A))
コード例 #12
0
ファイル: test_jws.py プロジェクト: gcdeshpande/samson
 def test_eddsa(self):
     key   = json.dumps({"kty":"OKP","crv":"Ed25519","d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A","x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}).encode('utf-8')
     token = b'eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc.hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg'
     jws   = JWS.parse(token)
     self.assertTrue(jws.verify(EdDSA.import_key(key)))
コード例 #13
0
    def test_import_jwk(self):
        eddsa = EdDSA.import_key(TEST_JWK)

        self.assertEqual((eddsa.A.x, eddsa.A.y), (38815646466658113194383306759739515082307681141926459231621296960732224964046, 11903303657706407974989296177215005343713679411332034699907763981919547054807))
        self.assertEqual(eddsa.d, b'\x9da\xb1\x9d\xef\xfdZ`\xba\x84J\xf4\x92\xec,\xc4DI\xc5i{2i\x19p;\xac\x03\x1c\xae\x7f`')
        self.assertEqual(eddsa.export_private_key(encoding=PKIEncoding.JWK).replace(b'\n', b'').replace(b' ', b''), TEST_JWK)
コード例 #14
0
    def test_import_x509(self):
        eddsa = EdDSA.import_key(TEST_X509)

        self.assertEqual((eddsa.A.x, eddsa.A.y), (14952151952356719083710889065620775312428310390022181962301901207657981878023, 44054905936511465773410409843262024357620586324426155423091388570442095968025))
        self.assertEqual(eddsa.export_public_key(encoding=PKIEncoding.X509).replace(b'\n', b''), TEST_X509.replace(b'\n', b''))