def setUp(self):
comps = "Cryptodome.SelfTest.Signature.test_vectors.wycheproof".split(".")
with open(pycryptodome_filename(comps, "dsa_test.json"), "rt") as file_in:
tv_tree = json.load(file_in)
self.tv = []
for group in tv_tree['testGroups']:
key = DSA.import_key(group['keyPem'])
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "DSAVer"
from collections import namedtuple
TestVector = namedtuple('TestVector', 'id comment msg sig key hash_module valid warning')
for test in group['tests']:
tv = TestVector(
test['tcId'],
test['comment'],
unhexlify(test['msg']),
unhexlify(test['sig']),
key,
hash_module,
test['result'] != "invalid",
test['result'] == "acceptable"
)
self.tv.append(tv)
def setUp(self):
comps = "Cryptodome.SelfTest.Signature.test_vectors.wycheproof".split(".")
with open(pycryptodome_filename(comps, "dsa_test.json"), "rt") as file_in:
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
key = DSA.import_key(group['keyPem'])
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "DSAVer"
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'msg', 'sig':
setattr(tv, attr, unhexlify(test[attr]))
tv.key = key
tv.hash_module = hash_module
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
def generate_dsa(key, nonce_or_iv):
dsa_key = DSA.import_key(key)
signer = DSS.new(dsa_key, 'fips-186-3')
def do_computation(msg: bytes):
h = SHA256.new(msg)
signature = signer.sign(h)
return do_computation
def test_import_key(self):
"""Verify importKey is an alias to import_key"""
key_obj = DSA.import_key(self.der_public)
self.failIf(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
def test_import_key(self):
"""Verify importKey is an alias to import_key"""
key_obj = DSA.import_key(self.der_public)
self.failIf(key_obj.has_private())
self.assertEqual(self.y, key_obj.y)
self.assertEqual(self.p, key_obj.p)
self.assertEqual(self.q, key_obj.q)
self.assertEqual(self.g, key_obj.g)
def sign_data(data):
'''
param: string to be signed
return: base64 encoded signature
'''
f_key = open(private_key_loc).read()
key = DSA.import_key(f_key, passphrase=secret)
hash_obj = SHA256.new(data.encode('utf-8'))
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(hash_obj)
return b64encode(signature)
def test_nonce_reuse_importkey():
secret_key = """-----BEGIN PRIVATE KEY-----
MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAIAAAAAAAAAARApDBH1CEeZPeIM9
mMb6l3FyY8+AOy+cdiDzCaqlkIRVIRRxvnCH5oJ6gkinosGscZMTgF7IwQJzDHFm
oxvVdpACrj5Je+kpF6djefAbe+ByZ4FowkGq1EdMZF8aZzsik3CFkEA/vDsjvAsg
XmKRvOnFHkkFuKCRAhUA/+rcmBQ71NBsDzkbusi6NQpTNF8CgYAFVt8xSXTiCGn8
+bqWyoX+gjItArrT28o6fGnq+apjwasvWDHq1FETk/gwqTbTwWTiMo2eOTImRKDF
MbK1us+DjhloAUuhL6nCRQhsLs4Jq+8A/y7aol/HjCz1fHRKKDD9wqKDf2kWdI97
Kb2Hq4AUoJWTCT0ijX+oQJafbywjdwQXAhUAniK/kyRv/SFd1uJjuDMh0EntMws=
-----END PRIVATE KEY-----"""
return TestDsa.test_nonce_reuse(DSA.import_key(secret_key))
def DSA_3072(file_name):
print()
print('DSA 3072 for ' + file_name + ': ')
#KEY GENERATION
t1 = datetime.now()
key = DSA.generate(3072)
t2 = datetime.now()
key_speed = t2 - t1
print('TIME TAKEN FOR KEY GENERATION:(micro seconds) ' +
str(key_speed.microseconds))
f = open("DSA3072_CSE565.pem", "wb")
f.write(key.publickey().export_key())
f.close()
#SIGNING
with open(file_name + ".txt", "r") as myfile:
data = myfile.read()
plaintext = bytes(data, 'utf-8')
hash_gen = SHA256.new(plaintext)
signer = DSS.new(key, 'fips-186-3')
t1 = datetime.now()
signature = signer.sign(hash_gen)
t2 = datetime.now()
sign_time = t2 - t1
print('TIME TAKEN TO SIGN:(micro seconds) ' +
str(sign_time.microseconds))
#VERIFIER
f = open("DSA3072_CSE565.pem", "r")
hash_gen = SHA256.new(plaintext)
public_key = DSA.import_key(f.read())
verifier = DSS.new(public_key, 'fips-186-3')
try:
t1 = datetime.now()
verifier.verify(hash_gen, signature)
t2 = datetime.now()
verify_time = t2 - t1
print('TIME TAKEN TO VERIFY:(micro seconds) ' +
str(verify_time.microseconds))
print("THE SIGNATURE MATCHES! The message is authentic")
except ValueError:
print("The message is not authentic.")
statinfo = os.stat(file_name + ".txt")
size = statinfo.st_size
sign_byte = sign_time.microseconds / size
verify_byte = verify_time.microseconds / size
print("TIME TO SIGN PER BYTE: " + str(sign_byte))
print("TIME TO VERIFY PER BYTE: " + str(verify_byte))
def setUp(self):
file_in = open(
pycryptodome_filename(
"Cryptodome.SelfTest.Signature.test_vectors.wycheproof".split(
"."), "dsa_test.json"), "rt")
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
key = DSA.import_key(group['keyPem'])
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "DSAVer"
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'msg', 'sig':
setattr(tv, attr, unhexlify(test[attr]))
tv.key = key
tv.hash_module = hash_module
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
from Cryptodome.Signature import DSS
from Cryptodome.Hash import SHA256
from Cryptodome.PublicKey import DSA
from base64 import b64encode
secret = "Change this to something unguessable!"
# Read secret key
f_key = open('./secret_key.pem').read()
key = DSA.import_key(f_key, passphrase=secret)
# Create message hash
message = b"2017-12-19T10:59:50.797961"
hash_obj = SHA256.new(message)
print('hash: ', b64encode(hash_obj.digest()))
# Sign the message hash
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(hash_obj)
print('signature: ', b64encode(signature))
# Load the public key
f = open("public_key.pem", "r")
pub_key = DSA.import_key(f.read())
# Create the hash again for verification
check_hash_obj = SHA256.new(message)
print('check_hash: ', b64encode(check_hash_obj.digest()))
# Verify the authenticity of the message
verifier = DSS.new(key, 'fips-186-3')
try:
def filter_dsa(group):
return DSA.import_key(group['keyPem'])
def sign_data(data, key):
'''
param: string to be signed
return: base64 encoded signature
'''
hash_obj = SHA256.new(data.encode('utf-8'))
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(hash_obj)
return b64encode(signature)
app = Flask(__name__)
secret = "Change this to something unguessable!"
secret_key = os.environ.get('secret_key')
key = DSA.import_key(secret_key, passphrase=secret)
@app.route('/')
def index():
timestamp = datetime.datetime.utcnow().isoformat()
t_signature = sign_data(timestamp, key).decode('utf-8')
data = {
'output': 'Signed timestamp',
'timestamp': timestamp,
'signature': t_signature
}
resp = Response(json.dumps(data))
resp.headers['Content-Type'] = 'application/json'
return resp
from Cryptodome.Signature import DSS
from Cryptodome.Hash import SHA256
from Cryptodome.PublicKey import DSA
from base64 import b64decode
import json
# Load the public key
f = open('public_key.pem', 'r')
pub_key = DSA.import_key(f.read())
# Read JSON input
json_string = '{"output": "Signed timestamp", "timestamp": "2017-12-19T14:07:39.149933", "signature": "qJVvJcBTUxpv63chyx3dCt43YueMe4fF8/G/qsRHbriSflkHIfUIgSM6rCy387Hx811zxHXSs34="}'
parsed_json = json.loads(json_string)
timestamp = parsed_json['timestamp']
print('timestamp: ', timestamp)
signature = parsed_json['signature']
print('signature: ', signature)
# Create the hash for verification
hash_obj = SHA256.new(timestamp.encode('utf-8'))
print('hash: ', hash_obj.digest())
# Verify the authenticity of the message
verifier = DSS.new(pub_key, 'fips-186-3')
try:
verifier.verify(hash_obj, b64decode(signature))
print('The message is authentic.')
except ValueError:
print('Message failed authentication!')
