def verify_hash2(self, sign_algo: int, flags: int, hashbuf: bytes,
signature: bytes) -> None:
gnutls_pubkey_verify_hash2(
self._c_object,
sign_algo,
flags,
gnutls_datum_t(hashbuf),
gnutls_datum_t(signature),
)
def get_public_key(self):
if self.uri:
return PublicKey.import_uri(self.uri, 0, self.srk_password)
m = gnutls_datum_t()
e = gnutls_datum_t()
gnutls_privkey_export_rsa_raw(self._c_object, m, e, None, None, None,
None, None, None)
return RSAPublicKey.import_rsa_raw(m.get_string_and_free(),
e.get_string_and_free())
def import_dsa_raw(p: bytes, q: bytes, g: bytes,
y: bytes) -> "DSAPublicKey":
pubkey = PublicKey()
gnutls_pubkey_import_dsa_raw(
pubkey._c_object,
gnutls_datum_t(p),
gnutls_datum_t(q),
gnutls_datum_t(g),
gnutls_datum_t(y),
)
return DSAPublicKey(pubkey=pubkey)
def export_dsa_raw(self) -> Tuple[str, str, str, str]:
p = gnutls_datum_t()
q = gnutls_datum_t()
g = gnutls_datum_t()
y = gnutls_datum_t()
gnutls_pubkey_export_dsa_raw(self._c_object, p, q, g, y)
return (
p.get_string_and_free(),
q.get_string_and_free(),
g.get_string_and_free(),
y.get_string_and_free(),
)
def get_public_key(self):
if self.uri:
return PublicKey.import_uri(self.uri, 0, self.srk_password)
p = gnutls_datum_t()
q = gnutls_datum_t()
g = gnutls_datum_t()
y = gnutls_datum_t()
gnutls_privkey_export_dsa_raw(self._c_object, p, q, g, y, None)
return DSAPublicKey.import_dsa_raw(
p.get_string_and_free(),
q.get_string_and_free(),
g.get_string_and_free(),
y.get_string_and_free(),
)
def sign(
self,
cert: "X509Certificate",
privkey: Union["X509PrivateKey", "PrivateKey"],
buf: bytes,
hash_algo: Optional[int] = None,
flags: int = 0,
) -> None:
# auto detect the best algorithm to use
if hash_algo is None:
pubkey = PublicKey()
pubkey.import_x509(cert)
hash_algo = pubkey.get_preferred_hash_algorithm()
# convert from a X509PrivateKey to a PrivateKey
if isinstance(privkey, X509PrivateKey):
pkey = PrivateKey()
pkey.import_x509(privkey)
privkey = pkey
data = gnutls_datum_t(buf)
gnutls_pkcs7_sign(
self._c_object,
cert._c_object,
privkey._c_object,
byref(data),
0, # FIXME?
0, # FIXME?
hash_algo,
flags,
)
def _gnutls_datum_t_hex_encode(self):
if not self.data:
None
if not self.size:
None
tmp = gnutls_datum_t()
gnutls_hex_encode2(self, byref(tmp))
return tmp.get_string_and_free().decode()
def verify_direct(self,
cert: "X509Certificate",
buf: bytes,
idx: int = -1,
flags: int = 0) -> None:
data = gnutls_datum_t(buf)
# by default, check all signatures in context
if idx == -1:
idxs = list(range(self.get_signature_count()))
else:
idxs = [idx]
for idx in idxs:
gnutls_pkcs7_verify_direct(self._c_object, cert._c_object, idx,
data, flags)
def verify(self,
tl: X509TrustList,
buf: bytes,
idx: int = -1,
flags: int = 0) -> None:
data = gnutls_datum_t(buf)
vdata = gnutls_typed_vdata_st()
# by default, check all signatures in context
if idx == -1:
idxs = list(range(self.get_signature_count()))
else:
idxs = [idx]
for idx in idxs:
gnutls_pkcs7_verify(
self._c_object,
tl._c_object,
byref(vdata),
0, # do we care about vdata?
idx,
byref(data),
flags,
)
def sign_hash(self, hash_algo, flags, buf):
hash_data = gnutls_datum_t(buf)
_signature = gnutls_datum_t()
gnutls_privkey_sign_hash(self._c_object, hash_algo, flags,
byref(hash_data), byref(_signature))
return _signature.get_string_and_free()
def export_rsa_raw(self) -> Tuple[str, str]:
m = gnutls_datum_t()
e = gnutls_datum_t()
gnutls_pubkey_export_rsa_raw(self._c_object, m, e)
return m.get_string_and_free(), e.get_string_and_free()
def import_rsa_raw(m: bytes, e: bytes) -> "RSAPublicKey":
pubkey = PublicKey()
gnutls_pubkey_import_rsa_raw(pubkey._c_object, gnutls_datum_t(m),
gnutls_datum_t(e))
return RSAPublicKey(pubkey=pubkey)
def encrypt_data(self, flags: int, plaintext: bytes) -> str:
ciphertext = gnutls_datum_t()
gnutls_pubkey_encrypt_data(self._c_object, flags,
gnutls_datum_t(plaintext), ciphertext)
return ciphertext.get_string_and_free()
def __str__(self):
tmp = gnutls_datum_t()
gnutls_x509_dn_get_str2(self._c_object, byref(tmp), 0)
return tmp.get_string_and_free().decode()
def add_certificate(self, cert: "X509Certificate", flags: int = 0) -> None:
# mrrrggg, we have to export the certificate to a blob
buf = cert.export()
data = gnutls_datum_t(buf)
gnutls_x509_trust_list_add_trust_mem(self._c_object, byref(data))
def __init__(self, buf, format=GNUTLS_X509_FMT_PEM):
gnutls_x509_crl_init(byref(self._c_object))
data = gnutls_datum_t(buf)
gnutls_x509_crl_import(self._c_object, byref(data), format)
def import_signature(self,
buf: bytes,
format: int = GNUTLS_X509_FMT_PEM) -> None:
data = gnutls_datum_t(buf)
gnutls_pkcs7_import(self._c_object, byref(data), format)
def __init__(self, buf: bytes, format: int = GNUTLS_X509_FMT_PEM):
gnutls_x509_crt_init(byref(self._c_object))
data = gnutls_datum_t(buf)
gnutls_x509_crt_import(self._c_object, byref(data), format)
self._alternative_names: Optional[AlternativeNames] = None
def decrypt_data(self, flags, ciphertext):
plaintext = gnutls_datum_t()
gnutls_privkey_decrypt_data(self._c_object, flags,
gnutls_datum_t(ciphertext), plaintext)
return plaintext.get_string_and_free()
def __init__(self, algo, key, iv):
super(Cipher, self).__init__()
gnutls_cipher_init(byref(self._c_object), algo, gnutls_datum_t(key),
gnutls_datum_t(iv))
self.algorithm = algo
self.deinit = gnutls_cipher_deinit
def __init__(self, algo, key):
super(AEADCipher, self).__init__()
data = gnutls_datum_t(key)
gnutls_aead_cipher_init(byref(self._c_object), algo, byref(data))
self.deinit = gnutls_aead_cipher_deinit
