def test_sign_no_key(self):
self_key = self.gen_key()
signed = self_key.sign(MESSAGE)
rmtree(self.pbp_path)
self.gen_key()
self.assertTrue(
publickey.verify(signed, basedir=self.pbp_path) is None)
def verify_handler(infile=None, outfile=None, basedir=None):
if not infile or infile == '-':
fd = sys.stdin.buffer if hasattr(sys.stdin, 'buffer') else sys.stdin
else:
fd = open(infile, 'rb')
if not outfile or outfile == '-':
outfd = sys.stdout.buffer if hasattr(sys.stdout,
'buffer') else sys.stdout
else:
outfd = open(outfile, 'wb')
# calculate hash sum of data
state = nacl.crypto_generichash_init()
block = fd.read(int(BLOCK_SIZE / 2))
while block:
# use two half blocks, to overcome
# sigs spanning block boundaries
if len(block) == (BLOCK_SIZE / 2):
next = fd.read(int(BLOCK_SIZE / 2))
else:
next = b''
fullblock = block + next
sigoffset = fullblock.rfind(SIGPREFIX)
if 0 <= sigoffset <= (BLOCK_SIZE / 2):
sig = b85decode(fullblock[sigoffset + len(SIGPREFIX):])
block = block[:sigoffset]
next = b''
elif len(fullblock) < (BLOCK_SIZE / 2) + nacl.crypto_sign_BYTES:
sig = fullblock[-nacl.crypto_sign_BYTES:]
block = fullblock[:-nacl.crypto_sign_BYTES]
next = b''
state = nacl.crypto_generichash_update(state, block)
if outfd: outfd.write(block)
block = next
hashsum = nacl.crypto_generichash_final(state)
sender, hashsum1 = publickey.verify(sig + hashsum,
basedir=basedir) or ([], '')
if sender and hashsum == hashsum1:
sys.stderr.write("good message from %s\n" % sender)
else:
sys.stderr.write('verification failed\n')
if fd != sys.stdin: fd.close()
if outfd != sys.stdout: outfd.close()
def keycheck_handler(name=None, basedir=None):
fname = publickey.get_pk_filename(basedir, name)
with open(fname, 'rb') as fd:
pk = fd.read()
sigs = []
with open(fname + ".sig", 'rb') as fd:
sigdat = fd.read()
i = 0
csb = nacl.crypto_sign_BYTES
while i < len(sigdat) / 64:
res = publickey.verify(sigdat[i * csb:(i + 1) * csb] + pk,
basedir=basedir,
master=True)
if res:
sigs.append(res[0])
i += 1
sys.stderr.write('good signatures on %s from %s\n' %
(name, ', '.join(sigs)))
def keycheck_handler(name=None, basedir=None):
# handles verifying signatures of keys
# name is the key to be verified
# basedir the root for the keystore
fname = publickey.get_pk_filename(basedir, name)
with open(fname,'r') as fd:
pk = fd.read()
sigs=[]
with open(fname+".sig",'r') as fd:
sigdat=fd.read()
i=0
csb = nacl.crypto_sign_BYTES
while i<len(sigdat)/64:
res = publickey.verify(sigdat[i*csb:(i+1)*csb]+pk,
basedir=basedir,
master=True)
if res:
sigs.append(res[0])
i+=1
return sigs
def keycheck_handler(name=None, basedir=None):
# handles verifying signatures of keys
# name is the key to be verified
# basedir the root for the keystore
fname = publickey.get_pk_filename(basedir, name)
with open(fname, 'r') as fd:
pk = fd.read()
sigs = []
with open(fname + ".sig", 'r') as fd:
sigdat = fd.read()
i = 0
csb = nacl.crypto_sign_BYTES
while i < len(sigdat) / 64:
res = publickey.verify(sigdat[i * csb:(i + 1) * csb] + pk,
basedir=basedir,
master=True)
if res:
sigs.append(res[0])
i += 1
return sigs
def verify_handler(infile=None, outfile=None, basedir=None):
# provides a high level function to verify signed files
# infile specifies the filename of the input file,
# if '-' or not specified it uses stdin
# outfile specifies the filename of the output file,
# basedir provides a root for the keystores
# this function also handles buffering.
fd = inputfd(infile)
outfd = outputfd(outfile)
# calculate hash sum of data
state = nacl.crypto_generichash_init()
block = fd.read(int(BLOCK_SIZE/2))
while block:
# use two half blocks, to overcome
# sigs spanning block boundaries
if len(block)==(BLOCK_SIZE/2):
next=fd.read(int(BLOCK_SIZE/2))
else: next=''
fullblock = "%s%s" % (block, next)
sigoffset = fullblock.rfind(SIGPREFIX)
if 0 <= sigoffset <= (BLOCK_SIZE/2):
sig = b85decode(fullblock[sigoffset+len(SIGPREFIX):])
block = block[:sigoffset]
next = ''
elif len(fullblock)<(BLOCK_SIZE/2)+nacl.crypto_sign_BYTES:
sig = fullblock[-nacl.crypto_sign_BYTES:]
block = fullblock[:-nacl.crypto_sign_BYTES]
next = ''
state = nacl.crypto_generichash_update(state, block)
if outfd: outfd.write(block)
block = next
if fd != sys.stdin: fd.close()
if outfd != sys.stdout: outfd.close()
hashsum = nacl.crypto_generichash_final(state)
sender, hashsum1 = publickey.verify(sig+hashsum, basedir=basedir) or ([], '')
if sender and hashsum == hashsum1:
return sender
def test_sign_master(self):
self_key = self.gen_key()
self.assertTrue(
publickey.verify(self_key.sign(MESSAGE, master=True),
basedir=self.pbp_path,
master=True) is not None)
def test_sign(self):
self_key = self.gen_key()
self.assertTrue(
publickey.verify(self_key.sign(MESSAGE), basedir=self.pbp_path)
is not None)
def test_sign_fail(self):
self_key = self.gen_key()
signed = self_key.sign(MESSAGE)
malformed = ''.join(chr(ord(c) ^ 42) for c in signed)
self.assertTrue(
publickey.verify(malformed, basedir=self.pbp_path) is None)