def sign_requested_data(data, signature_request, private_key, tag, signature_size=32):
""" usage: sign(data, signature_request, private_key, tag,
signature_size=32) => signature, signing_key
Returns a signature and signing key.
The two items should be returned to the requester of the signature for verification. """
validation_key = serialize_key(_retrieve_validation_key(deserialize_key(signature_request), private_key))
if hmac(data, validation_key) != tag:
raise ValueError("Invalid data/tag")
signing_key = bytearray(urandom(signature_size))
output = signing_key[:]
#assert len(validation_key) == len(signing_key), (len(validation_key), len(signing_key))
xor_subroutine(signing_key, validation_key)
return hmac(data, signing_key), output
def derive_keys(self, keying_material):
key_material = hkdf(keying_material, 64)
self.encryption_key = key_material[:32]
self.mac_key = key_material[32:]
confirmation_code = hmac(self.confirm_connection_string, self.mac_key)
return confirmation_code
def verify(encrypted_data, signature, validation_key):
data = bytearray(encrypted_data)
xor_subroutine(data, validation_key)
if hmac(data, validation_key) == signature:
return True
else:
return False
def sign(data, signing_key, signature_size=32, already_hashed=False, hash_function=hash_function):
if not already_hashed:
data = hash_function(data)
signature = hmac(data, signing_key)
data = bytearray(data)
xor_subroutine(data, signing_key)
return data, signature
def __init__(self,
public_key,
private_key,
hash_function=hash_function,
secret_size=32):
self.public_key = public_key
self.private_key = private_key
self.hash_function = hash_function
self.secret_size = secret_size
self.confirm_connection_string = "Good happy success :)"
self.confirmation_code_size = len(hmac('', ''))
def verify(data, signature, signing_key, validation_key):
""" usage: verify(data, signature, signing_key, validation_key) => True or False
Returns True if the signature on data is valid.
Returns False if the signature on data is invalid. """
#assert len(validation_key) == len(signing_key), (len(validation_key), len(signing_key))
xor_subroutine(signing_key, validation_key)
if hmac(data, signing_key) == signature:
return True
else:
return False
def generate_signature_request_on_data(signers_public_key, data, signature_key_size=32):
""" usage: generate_signature_request(signers_public_key, data,
signature_key_size=32) => signature_request, validation_key
Returns a signing request, signature validation key, and an HMAC tag for the data.
The signing request is bound to the owner of the supplied public key - only the owner will be able to produce a signature
The validation key is bound to the party that generates the signature request - nobody else may use it to verify Bob's signature.
The signing party is committed to signing the data provided by the signature requester."""
validation_key = bytearray(urandom(signature_key_size))
signature_request = serialize_key(keyexchange.encapsulate_key(deserialize_key(validation_key), signers_public_key))
return signature_request, validation_key, hmac(data, validation_key)