def main():
afl.init()
try:
decode_rfc6979_signature(sys.stdin.read())
except ValueError:
pass
def test_decode_rfc6979_invalid_asn1():
with pytest.raises(ValueError):
# This byte sequence has an invalid ASN.1 sequence length as well as
# an invalid integer length for the second integer.
decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")
with pytest.raises(ValueError):
# This is the BER "end-of-contents octets," which older versions of
# pyasn1 are wrongly willing to return from top-level DER decoding.
decode_rfc6979_signature(b"\x00\x00")
def test_decode_rfc6979_invalid_asn1():
with pytest.raises(ValueError):
# This byte sequence has an invalid ASN.1 sequence length as well as
# an invalid integer length for the second integer.
decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")
with pytest.raises(ValueError):
# This is the BER "end-of-contents octets," which older versions of
# pyasn1 are wrongly willing to return from top-level DER decoding.
decode_rfc6979_signature(b"\x00\x00")
def der_to_raw_signature(der_sig, curve):
num_bits = curve.key_size
num_bytes = (num_bits + 7) // 8
r, s = decode_rfc6979_signature(der_sig)
return number_to_bytes(r, num_bytes) + number_to_bytes(s, num_bytes)
def der_to_raw_signature(der_sig, curve):
num_bits = curve.key_size
num_bytes = (num_bits + 7) // 8
r, s = decode_rfc6979_signature(der_sig)
return number_to_bytes(r, num_bytes) + number_to_bytes(s, num_bytes)
def test_deprecated_rfc6979_signature():
with pytest.warns(CryptographyDeprecationWarning):
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
with pytest.warns(CryptographyDeprecationWarning):
decoded = decode_rfc6979_signature(sig)
assert decoded == (1, 1)
def test_deprecated_rfc6979_signature():
with pytest.warns(CryptographyDeprecationWarning):
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
with pytest.warns(CryptographyDeprecationWarning):
decoded = decode_rfc6979_signature(sig)
assert decoded == (1, 1)
def sign_ssh_data(self, data):
key = dsa.DSAPrivateNumbers(
x=self.x,
public_numbers=dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p,
q=self.q,
g=self.g
)
)
).private_key(backend=default_backend())
signer = key.signer(hashes.SHA1())
signer.update(data)
r, s = decode_rfc6979_signature(signer.finalize())
m = Message()
m.add_string('ssh-dss')
# apparently, in rare cases, r or s may be shorter than 20 bytes!
rstr = util.deflate_long(r, 0)
sstr = util.deflate_long(s, 0)
if len(rstr) < 20:
rstr = zero_byte * (20 - len(rstr)) + rstr
if len(sstr) < 20:
sstr = zero_byte * (20 - len(sstr)) + sstr
m.add_string(rstr + sstr)
return m
def sign(self, key, payload):
skey = key.get_op_key('sign', self.curve)
signer = skey.signer(ec.ECDSA(self.hashfn))
signer.update(payload)
signature = signer.finalize()
r, s = ec_utils.decode_rfc6979_signature(signature)
l = key.get_curve(self.curve).key_size
return self.encode_int(r, l) + self.encode_int(s, l)
def sign(self, key, payload):
skey = key.get_op_key('sign', self.curve)
signer = skey.signer(ec.ECDSA(self.hashfn))
signer.update(payload)
signature = signer.finalize()
r, s = ec_utils.decode_rfc6979_signature(signature)
l = key.get_curve(self.curve).key_size
return self.encode_int(r, l) + self.encode_int(s, l)
def sign_ssh_data(self, data):
signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256()))
signer.update(data)
sig = signer.finalize()
r, s = decode_rfc6979_signature(sig)
m = Message()
m.add_string('ecdsa-sha2-nistp256')
m.add_string(self._sigencode(r, s))
return m
def sign_ssh_data(self, data):
signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256()))
signer.update(data)
sig = signer.finalize()
r, s = decode_rfc6979_signature(sig)
m = Message()
m.add_string('ecdsa-sha2-nistp256')
m.add_string(self._sigencode(r, s))
return m
def test_rfc6979_signature():
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
assert decode_rfc6979_signature(sig) == (1, 1)
r_s1 = (1037234182290683143945502320610861668562885151617,
559776156650501990899426031439030258256861634312)
sig2 = encode_rfc6979_signature(*r_s1)
assert sig2 == (
b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08')
assert decode_rfc6979_signature(sig2) == r_s1
sig3 = encode_rfc6979_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
assert decode_rfc6979_signature(sig3) == (0, 0)
sig4 = encode_rfc6979_signature(-1, 0)
assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
assert decode_rfc6979_signature(sig4) == (-1, 0)
def test_rfc6979_signature():
sig = encode_rfc6979_signature(1, 1)
assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
assert decode_rfc6979_signature(sig) == (1, 1)
r_s1 = (
1037234182290683143945502320610861668562885151617,
559776156650501990899426031439030258256861634312
)
sig2 = encode_rfc6979_signature(*r_s1)
assert sig2 == (
b'0-\x02\x15\x00\xb5\xaf0xg\xfb\x8bT9\x00\x13\xccg\x02\r\xdf\x1f,\x0b'
b'\x81\x02\x14b\r;"\xabP1D\x0c>5\xea\xb6\xf4\x81)\x8f\x9e\x9f\x08'
)
assert decode_rfc6979_signature(sig2) == r_s1
sig3 = encode_rfc6979_signature(0, 0)
assert sig3 == b"0\x06\x02\x01\x00\x02\x01\x00"
assert decode_rfc6979_signature(sig3) == (0, 0)
sig4 = encode_rfc6979_signature(-1, 0)
assert sig4 == b"0\x06\x02\x01\xFF\x02\x01\x00"
assert decode_rfc6979_signature(sig4) == (-1, 0)
def sign_ssh_data(self, data):
key = dsa.DSAPrivateNumbers(
x=self.x,
public_numbers=dsa.DSAPublicNumbers(
y=self.y,
parameter_numbers=dsa.DSAParameterNumbers(
p=self.p, q=self.q,
g=self.g))).private_key(backend=default_backend())
signer = key.signer(hashes.SHA1())
signer.update(data)
r, s = decode_rfc6979_signature(signer.finalize())
m = Message()
m.add_string('ssh-dss')
# apparently, in rare cases, r or s may be shorter than 20 bytes!
rstr = util.deflate_long(r, 0)
sstr = util.deflate_long(s, 0)
if len(rstr) < 20:
rstr = zero_byte * (20 - len(rstr)) + rstr
if len(sstr) < 20:
sstr = zero_byte * (20 - len(sstr)) + sstr
m.add_string(rstr + sstr)
return m
def sign(self, key, payload):
skey = key.get_op_key('sign', self._curve)
signature = skey.sign(payload, ec.ECDSA(self.hashfn))
r, s = ec_utils.decode_rfc6979_signature(signature)
l = key.get_curve(self._curve).key_size
return _encode_int(r, l) + _encode_int(s, l)
def test_decode_rfc6979_trailing_bytes():
with pytest.raises(ValueError):
decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")
import sys
import afl
from cryptography.hazmat.primitives.asymmetric.utils import (
decode_rfc6979_signature,
)
afl.start()
try:
decode_rfc6979_signature(sys.stdin.read())
except ValueError:
pass
sys.exit(0)
def test_decode_rfc6979_invalid_asn1():
with pytest.raises(ValueError):
# This byte sequence has an invalid ASN.1 sequence length as well as
# an invalid integer length for the second integer.
decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")
def test_decode_rfc6979_trailing_bytes():
with pytest.raises(ValueError):
decode_rfc6979_signature(b"0\x06\x02\x01\x01\x02\x01\x01\x00\x00\x00")
def test_decode_rfc6979_invalid_asn1():
with pytest.raises(ValueError):
# This byte sequence has an invalid ASN.1 sequence length as well as
# an invalid integer length for the second integer.
decode_rfc6979_signature(b"0\x07\x02\x01\x01\x02\x02\x01")