def decrypt(rsa_key, rsa_str): rsa_bytes = base64.decodebytes(rsa_str.encode()) rsa_key = PublicKey.load_pkcs1_openssl_pem(rsa_key.encode()) num = transform.bytes2int(rsa_bytes) decry = core.decrypt_int(num, rsa_key.e, rsa_key.n) out = transform.int2bytes(decry) sep_idx = out.index(b"\x00", 2) out = out[sep_idx + 1:] return out
def test_many_encrypt_decrypt(self): priv_key = PrivateKey.load_pkcs1(private_key_data) pub_key = PublicKey.load_pkcs1_openssl_pem(public_key_data) for i in range(100): try: data = randnum.read_random_bits(16 * 8) enc = pkcs1_v2.encrypt(data, pub_key, hasher='SHA-256') dec = pkcs1_v2.decrypt(enc, priv_key, hasher='SHA-256') self.assertEqual(dec, data, i) except BaseException as e: self.assertIsNone(e, i)
def load_pubkey_from_str(str_key): """ str likes below, prefix and suffix are needed. -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEYkKp8k9wTzGMMBUrPfeMiS9R VBso8N8aC5hb0mJzm648kQLLJRA/wyiDu4AKSSIMsOOgtJD90ucvb5nDrQDI6+S3 KDqkb9C1+36twe/kUcFtrTiiRPIL0ngWAOX5uXhJRZ4fvtzyOL03oOMXroxrUmR0 +/nIst9tUud7+tbZ6QIDAQAB -----END PUBLIC KEY----- """ return PublicKey.load_pkcs1_openssl_pem(str_key.encode())
def test_many_sign_verify(self): priv_key = PrivateKey.load_pkcs1(private_key_data) pub_key = PublicKey.load_pkcs1_openssl_pem(public_key_data) for i in range(100): try: data = randnum.read_random_bits(16 * 8) signature = pkcs1_v2.sign(data, priv_key, hasher='SHA-256') self.assertTrue( pkcs1_v2.verify(data, signature, pub_key, hasher='SHA-256'), i) except BaseException as e: self.assertIsNone(e, i)
def _validate_token_against_public_key(self, access_token, public_key): header, encoded_payload, signature = self._split_header_payload_signature_from_token( access_token) headers = TokenManager.load_decoded_content_as_json(header) if headers['alg'] != 'RS256': # As public key is used, algorithm has to be RS256 raise SecurityError('Invalid algorithm!', code=401) decoded_signature = TokenManager.b64decode(signature) pubkey = PublicKey.load_pkcs1_openssl_pem(public_key) message = header + '.' + encoded_payload verified = rsa.verify(message.encode('utf-8'), decoded_signature, pubkey) return verified, encoded_payload
def test_many_encrypt_decrypt_fixed_data(self): priv_key = PrivateKey.load_pkcs1(private_key_data) pub_key = PublicKey.load_pkcs1_openssl_pem(public_key_data) all_enc = set() for i in range(100): try: data = b'a simple test message, which will be encrypted' enc = pkcs1_v2.encrypt(data, pub_key, hasher='SHA-256') dec = pkcs1_v2.decrypt(enc, priv_key, hasher='SHA-256') self.assertEqual(dec, data, i) all_enc.add(enc) except BaseException as e: self.assertIsNone(e, i) # Make sure the seed is doing what it's supposed to do # This test might (theoretically) fail, although it really shouldn't # A fail here might indicate a bad RNG self.assertGreater(len(all_enc), 1)
def test_many_sign_verify_fixed_data(self): priv_key = PrivateKey.load_pkcs1(private_key_data) pub_key = PublicKey.load_pkcs1_openssl_pem(public_key_data) all_signatures = set() for i in range(100): try: data = b'a simple test message, which will be signed' signature = pkcs1_v2.sign(data, priv_key, hasher='SHA-256') self.assertTrue( pkcs1_v2.verify(data, signature, pub_key, hasher='SHA-256'), i) all_signatures.add(signature) except BaseException as e: self.assertIsNone(e, i) # Make sure the salt is doing what it's supposed to do # This test might (theoretically) fail, although it really shouldn't # A fail here might indicate a bad RNG self.assertGreater(len(all_signatures), 1)
def test_verify(self): pub_key = PublicKey.load_pkcs1_openssl_pem(public_key_data) ok = pkcs1_v2.verify(b'test', sig_data, pub_key, salt_len=0) self.assertTrue(ok)
def test_encrypt(self): pub_key = PublicKey.load_pkcs1_openssl_pem(public_key_data) ct = pkcs1_v2.encrypt(b'test', pub_key, test_seed=b'abcdefghijklmnopqrstuvwxyz'[:20]) self.assertEqual(ct, enc_data)