def Verify(self, data, sig):
"""
Verifies whether the signature corresponds to the given data. This is a
stanard signature (i.e. HMAC-SHA1, RSA-SHA1, DSA-SHA1) that contains no
version information, so this will try to verify with each key in a keyset.
@param data: message that has been signed with sig
@type data: string
@param sig: Base64 string formatted as Header|Signature
@type sig: string
@return: True if sig corresponds to data, False otherwise.
@rtype: boolean
"""
sig_bytes = util.Decode(sig)
for version in self.versions:
key = self._keys[version]
# Try to verify with each key
result = key.Verify(data, sig_bytes)
if result:
return True
# None of the keys verified the signature
return False
def Read(key):
"""
Reads a RSA public key from a JSON string representation of it.
@param key: a JSON representation of a RSA public key
@type key: string
@return: a RSA public key
@rtype: L{RsaPublicKey}
"""
rsa = json.loads(key)
params = {'modulus' : util.Decode(rsa['modulus']),
'publicExponent' : util.Decode(rsa['publicExponent'])}
pubkey = RSA.construct((util.BytesToLong(params['modulus']),
util.BytesToLong(params['publicExponent'])))
return RsaPublicKey(params, pubkey, rsa['size'])
def Read(key):
"""
Reads a DSA public key from a JSON string representation of it.
@param key: a JSON representation of a DSA public key
@type key: string
@return: a DSA public key
@rtype: L{DsaPublicKey}
"""
dsa = json.loads(key)
params = {'y' : util.Decode(dsa['y']),
'p' : util.Decode(dsa['p']),
'g' : util.Decode(dsa['g']),
'q' : util.Decode(dsa['q'])}
pubkey = DSA.construct((util.BytesToLong(params['y']),
util.BytesToLong(params['g']),
util.BytesToLong(params['p']),
util.BytesToLong(params['q'])))
return DsaPublicKey(params, pubkey, dsa['size'])
def Read(key):
"""
Reads a RSA private key from a JSON string representation of it.
@param key: a JSON representation of a RSA private key
@type key: string
@return: a RSA private key
@rtype: L{RsaPrivateKey}
"""
rsa = json.loads(key)
pub = RsaPublicKey.Read(json.dumps(rsa['publicKey']))
params = {'privateExponent': util.Decode(rsa['privateExponent']),
'primeP': util.Decode(rsa['primeP']),
'primeQ': util.Decode(rsa['primeQ']),
'primeExponentP': util.Decode(rsa['primeExponentP']),
'primeExponentQ': util.Decode(rsa['primeExponentQ']),
'crtCoefficient': util.Decode(rsa['crtCoefficient'])
}
key = RSA.construct((util.BytesToLong(pub.params['modulus']),
util.BytesToLong(pub.params['publicExponent']),
util.BytesToLong(params['privateExponent']),
util.BytesToLong(params['primeQ']),
util.BytesToLong(params['primeP']),
util.BytesToLong(params['crtCoefficient'])))
return RsaPrivateKey(params, pub, key, rsa['size'])
def Verify(self, data, sig):
"""
Verifies whether the signature corresponds to the given data.
@param data: message that has been signed with sig
@type data: string
@param sig: Base64 string formatted as Header|Signature
@type sig: string
@return: True if sig corresponds to data, False otherwise.
@rtype: boolean
"""
sig_bytes = util.Decode(sig)
if len(sig_bytes) < HEADER_SIZE:
raise errors.ShortSignatureError(len(sig_bytes))
key = self._ParseHeader(sig_bytes[:HEADER_SIZE])
return key.Verify(data + VERSION_BYTE, sig_bytes[HEADER_SIZE:])
def Read(key):
"""
Reads a DSA private key from a JSON string representation of it.
@param key: a JSON representation of a DSA private key
@type key: string
@return: an DSA private key
@rtype: L{DsaPrivateKey}
"""
dsa = json.loads(key)
pub = DsaPublicKey.Read(json.dumps(dsa['publicKey']))
params = { 'x' : util.Decode(dsa['x']) }
key = DSA.construct((util.BytesToLong(pub._params['y']),
util.BytesToLong(pub._params['g']),
util.BytesToLong(pub._params['p']),
util.BytesToLong(pub._params['q']),
util.BytesToLong(params['x'])))
return DsaPrivateKey(params, pub, key, dsa['size'])
class Key(object):
"""Parent class for Keyczar Keys."""
def __init__(self, type):
self.type = type
self.__size = self.type.default_size # initially default
def __eq__(self, other):
return (self.type == other.type and
self.size == other.size and
self.key_string == other.key_string)
def __SetSize(self, new_size):
if self.type.IsValidSize(new_size):
self.__size = new_size
def _GetKeyString(self):
"""Return the key as a string. Abstract method."""
def __GetKeyString(self):
"""Indirect getter for the key string."""
return self._GetKeyString()
def _Hash(self):
"""Compute and return the hash id of this key. Can override default hash."""
fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)), self.key_bytes)
return util.Encode(fullhash[:keyczar.KEY_HASH_SIZE])
def __Hash(self):
"""Indirect getter for hash."""
return self._Hash()
hash = property(__Hash, doc="""The hash id of the key.""")
size = property(lambda self: self.__size, __SetSize,
doc="""The size of the key in bits.""")
key_string = property(__GetKeyString, doc="""The key as a Base64 string.""")
key_bytes = property(lambda self: util.Decode(self.key_string),
doc="""The key as bytes.""")
def Header(self):
"""Return the 5-byte header string including version byte, 4-byte hash."""
return chr(keyczar.VERSION) + util.Decode(self.hash)
def Decrypt(self, ciphertext):
"""
Decrypts the given ciphertext and returns the plaintext.
@param ciphertext: Base64 encoded string ciphertext to be decrypted.
@type ciphertext: string
@return: plaintext message
@rtype: string
@raise ShortCiphertextError: if length is too short to have Header, IV, Sig
@raise BadVersionError: if header specifies an illegal version
@raise BadFormatError: if header specifies an illegal format
@raise KeyNotFoundError: if key specified in header doesn't exist
@raise InvalidSignatureError: if the signature can't be verified
"""
data_bytes = util.Decode(ciphertext)
if len(data_bytes) < HEADER_SIZE:
raise errors.ShortCiphertextError(len(data_bytes))
key = self._ParseHeader(data_bytes[:HEADER_SIZE])
return key.Decrypt(data_bytes)
def Header(self): """Return the 5-byte header string including version byte, 4-byte hash.""" return chr(keyczar.VERSION) + util.Decode(self.hash)