def verify_hash2(self, sign_algo: int, flags: int, hashbuf: bytes, signature: bytes) -> None: gnutls_pubkey_verify_hash2( self._c_object, sign_algo, flags, gnutls_datum_t(hashbuf), gnutls_datum_t(signature), )
def get_public_key(self): if self.uri: return PublicKey.import_uri(self.uri, 0, self.srk_password) m = gnutls_datum_t() e = gnutls_datum_t() gnutls_privkey_export_rsa_raw(self._c_object, m, e, None, None, None, None, None, None) return RSAPublicKey.import_rsa_raw(m.get_string_and_free(), e.get_string_and_free())
def import_dsa_raw(p: bytes, q: bytes, g: bytes, y: bytes) -> "DSAPublicKey": pubkey = PublicKey() gnutls_pubkey_import_dsa_raw( pubkey._c_object, gnutls_datum_t(p), gnutls_datum_t(q), gnutls_datum_t(g), gnutls_datum_t(y), ) return DSAPublicKey(pubkey=pubkey)
def export_dsa_raw(self) -> Tuple[str, str, str, str]: p = gnutls_datum_t() q = gnutls_datum_t() g = gnutls_datum_t() y = gnutls_datum_t() gnutls_pubkey_export_dsa_raw(self._c_object, p, q, g, y) return ( p.get_string_and_free(), q.get_string_and_free(), g.get_string_and_free(), y.get_string_and_free(), )
def get_public_key(self): if self.uri: return PublicKey.import_uri(self.uri, 0, self.srk_password) p = gnutls_datum_t() q = gnutls_datum_t() g = gnutls_datum_t() y = gnutls_datum_t() gnutls_privkey_export_dsa_raw(self._c_object, p, q, g, y, None) return DSAPublicKey.import_dsa_raw( p.get_string_and_free(), q.get_string_and_free(), g.get_string_and_free(), y.get_string_and_free(), )
def sign( self, cert: "X509Certificate", privkey: Union["X509PrivateKey", "PrivateKey"], buf: bytes, hash_algo: Optional[int] = None, flags: int = 0, ) -> None: # auto detect the best algorithm to use if hash_algo is None: pubkey = PublicKey() pubkey.import_x509(cert) hash_algo = pubkey.get_preferred_hash_algorithm() # convert from a X509PrivateKey to a PrivateKey if isinstance(privkey, X509PrivateKey): pkey = PrivateKey() pkey.import_x509(privkey) privkey = pkey data = gnutls_datum_t(buf) gnutls_pkcs7_sign( self._c_object, cert._c_object, privkey._c_object, byref(data), 0, # FIXME? 0, # FIXME? hash_algo, flags, )
def _gnutls_datum_t_hex_encode(self): if not self.data: None if not self.size: None tmp = gnutls_datum_t() gnutls_hex_encode2(self, byref(tmp)) return tmp.get_string_and_free().decode()
def verify_direct(self, cert: "X509Certificate", buf: bytes, idx: int = -1, flags: int = 0) -> None: data = gnutls_datum_t(buf) # by default, check all signatures in context if idx == -1: idxs = list(range(self.get_signature_count())) else: idxs = [idx] for idx in idxs: gnutls_pkcs7_verify_direct(self._c_object, cert._c_object, idx, data, flags)
def verify(self, tl: X509TrustList, buf: bytes, idx: int = -1, flags: int = 0) -> None: data = gnutls_datum_t(buf) vdata = gnutls_typed_vdata_st() # by default, check all signatures in context if idx == -1: idxs = list(range(self.get_signature_count())) else: idxs = [idx] for idx in idxs: gnutls_pkcs7_verify( self._c_object, tl._c_object, byref(vdata), 0, # do we care about vdata? idx, byref(data), flags, )
def sign_hash(self, hash_algo, flags, buf): hash_data = gnutls_datum_t(buf) _signature = gnutls_datum_t() gnutls_privkey_sign_hash(self._c_object, hash_algo, flags, byref(hash_data), byref(_signature)) return _signature.get_string_and_free()
def export_rsa_raw(self) -> Tuple[str, str]: m = gnutls_datum_t() e = gnutls_datum_t() gnutls_pubkey_export_rsa_raw(self._c_object, m, e) return m.get_string_and_free(), e.get_string_and_free()
def import_rsa_raw(m: bytes, e: bytes) -> "RSAPublicKey": pubkey = PublicKey() gnutls_pubkey_import_rsa_raw(pubkey._c_object, gnutls_datum_t(m), gnutls_datum_t(e)) return RSAPublicKey(pubkey=pubkey)
def encrypt_data(self, flags: int, plaintext: bytes) -> str: ciphertext = gnutls_datum_t() gnutls_pubkey_encrypt_data(self._c_object, flags, gnutls_datum_t(plaintext), ciphertext) return ciphertext.get_string_and_free()
def __str__(self): tmp = gnutls_datum_t() gnutls_x509_dn_get_str2(self._c_object, byref(tmp), 0) return tmp.get_string_and_free().decode()
def add_certificate(self, cert: "X509Certificate", flags: int = 0) -> None: # mrrrggg, we have to export the certificate to a blob buf = cert.export() data = gnutls_datum_t(buf) gnutls_x509_trust_list_add_trust_mem(self._c_object, byref(data))
def __init__(self, buf, format=GNUTLS_X509_FMT_PEM): gnutls_x509_crl_init(byref(self._c_object)) data = gnutls_datum_t(buf) gnutls_x509_crl_import(self._c_object, byref(data), format)
def import_signature(self, buf: bytes, format: int = GNUTLS_X509_FMT_PEM) -> None: data = gnutls_datum_t(buf) gnutls_pkcs7_import(self._c_object, byref(data), format)
def __init__(self, buf: bytes, format: int = GNUTLS_X509_FMT_PEM): gnutls_x509_crt_init(byref(self._c_object)) data = gnutls_datum_t(buf) gnutls_x509_crt_import(self._c_object, byref(data), format) self._alternative_names: Optional[AlternativeNames] = None
def decrypt_data(self, flags, ciphertext): plaintext = gnutls_datum_t() gnutls_privkey_decrypt_data(self._c_object, flags, gnutls_datum_t(ciphertext), plaintext) return plaintext.get_string_and_free()
def __init__(self, algo, key, iv): super(Cipher, self).__init__() gnutls_cipher_init(byref(self._c_object), algo, gnutls_datum_t(key), gnutls_datum_t(iv)) self.algorithm = algo self.deinit = gnutls_cipher_deinit
def __init__(self, algo, key): super(AEADCipher, self).__init__() data = gnutls_datum_t(key) gnutls_aead_cipher_init(byref(self._c_object), algo, byref(data)) self.deinit = gnutls_aead_cipher_deinit