class TestSHA512256(object):
test_sha512_256 = generate_hash_test(
load_hash_vectors,
os.path.join("hashes", "SHA2"),
["SHA512_256LongMsg.rsp", "SHA512_256ShortMsg.rsp"],
hashes.SHA512_256(),
)
def test_unsupported_hash_alg(self, backend):
cert, key = _load_cert_key()
with pytest.raises(TypeError):
pkcs7.PKCS7SignatureBuilder().add_signer(
cert,
key,
hashes.SHA512_256() # type: ignore[arg-type]
)
def generate_key(self, password: Text, write_to_file: bool = False) -> bytes:
byte_password = password.encode() # Convert to type bytes
salt = os.urandom(16)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA512_256(), length=32, salt=salt, iterations=100000, backend=default_backend()
)
key = base64.urlsafe_b64encode(kdf.derive(byte_password)) # Can only use kdf once
if write_to_file:
self._loader.put_file(key, "wb")
return key
def address(self):
"""Return the multisig account address."""
msig_bytes = (bytes(constants.msig_addr_prefix, "utf-8") +
bytes([self.version]) + bytes([self.threshold]))
for s in self.subsigs:
msig_bytes += s.public_key
hash = hashes.Hash(hashes.SHA512_256(), default_backend())
hash.update(msig_bytes)
addr = hash.finalize()
return encoding.encode_address(addr)
def get_kdf():
"""Gets a KDF object to perform cryptography with.
Returns:
PBKDF2HMAC: the KDF to perform encryption/decryption with
"""
return PBKDF2HMAC(algorithm=hashes.SHA512_256(),
length=32,
salt=get_salt(),
iterations=140000,
backend=default_backend())
def print_metadata(filename):
"""Prints metadata associated with this run of the validator."""
print("Validator version: {}".format(version.__version__))
blocksize = 65536
digest = hashes.Hash(hashes.SHA512_256(), backend=default_backend())
with open(filename, "rb") as f:
for block in iter(lambda: f.read(blocksize), b""):
digest.update(block)
print("SHA-512/256 checksum: 0x{:x}".format(
int(codecs.encode(digest.finalize(), "hex"), 16)))
def checksum(data):
"""
Compute the checksum of arbitrary binary input.
Args:
data (bytes): data as bytes
Returns:
bytes: checksum of the data
"""
chksum = hashes.Hash(hashes.SHA512_256(), default_backend())
chksum.update(data)
return chksum.finalize()
def get_txid(self):
"""
Get a transaction's ID.
Returns:
str: transaction ID
"""
txn = encoding.msgpack_encode(self)
to_sign = constants.txid_prefix + base64.b64decode(bytes(txn, "utf-8"))
txidbytes = hashes.Hash(hashes.SHA512_256(), default_backend())
txidbytes.update(to_sign)
txid = txidbytes.finalize()
txid = base64.b32encode(txid).decode()
return encoding._undo_padding(txid)
def create_digest(message, digst_algorithm):
hash_algorithm = None
if digst_algorithm == "SHA512":
hash_algorithm = hashes.SHA512_256()
elif digst_algorithm == "BLAKE2":
hash_algorithm = hashes.BLAKE2b(64)
else:
raise Exception("Digest Algorithm name not found!")
digest = hashes.Hash(hash_algorithm)
digest.update(message)
return digest.finalize()
def _checksum(addr):
"""
Compute the checksum of size checkSumLenBytes for the address.
Args:
addr (bytes): address in bytes
Returns:
bytes: checksum of the address
"""
hash = hashes.Hash(hashes.SHA512_256(), default_backend())
hash.update(addr)
chksum = hash.finalize()[-constants.check_sum_len_bytes:]
return chksum
async def SHA512_256(message):
message = message.encode()
kdf = PBKDF2HMAC(
algorithm=hashes.SHA512_256(),
length=hashLen,
salt=
b'\xe7\xde\xc1\xf0\x81\x99\xde}\xa4\xb50u;&\x06\xe7\xa4\xbfn\xbc',
iterations=hashIter,
backend=default_backend())
output = base64.urlsafe_b64encode(kdf.derive(message))
return (output)
def _checksum(data):
"""
Compute the mnemonic checksum.
Args:
data (bytes): data to compute checksum of
Returns:
bytes: checksum
"""
hash = hashes.Hash(hashes.SHA512_256(), default_backend())
hash.update(data)
chksum = hash.finalize()
temp = chksum[0:2]
nums = _to_11_bit(temp)
return _apply_words(nums)[0]
def _get_hasher(T: int):
hash_algo = None
if T == Dss1Verifier.TRAILER_IMPLICIT or T == Dss1Verifier.TRAILER_SHA1:
hash_algo = hashes.SHA1()
elif T == Dss1Verifier.TRAILER_SHA224:
hash_algo = hashes.SHA224()
elif T == Dss1Verifier.TRAILER_SHA256:
hash_algo = hashes.SHA256()
elif T == Dss1Verifier.TRAILER_SHA384:
hash_algo = hashes.SHA384()
elif T == Dss1Verifier.TRAILER_SHA512:
hash_algo = hashes.SHA512()
elif T == Dss1Verifier.TRAILER_SHA512_224:
hash_algo = hashes.SHA512_224()
elif T == Dss1Verifier.TRAILER_SHA512_256:
hash_algo = hashes.SHA512_256()
if hash_algo is None:
raise Dss1VerifierError("Unrecognized hash algorithm in signature")
return hashes.Hash(hash_algo, backend=default_backend())
def get_key(password):
digest = hashes.Hash(hashes.SHA512_256(), backend=default_backend())
digest.update(password)
return urlsafe_b64encode(digest.finalize())
def _publish_certificate(req: object, issuer: dict):
logger.info('Create a certificate builder...')
crt_builder = x509.CertificateBuilder()
crt_builder = crt_builder.subject_name(name=req._subject())
crt_builder = crt_builder.public_key(key=req._public_key())
for extension in req._extensions():
crt_builder = crt_builder.add_extension(extension=extension.value,
critical=extension.critical)
logger.info('Ready to sign the certificate request...')
if not isinstance(issuer['valid_year'], int):
issuer['valid_year'] = int(issuer['valid_year'])
if issuer['is_ca'] == 'true': issuer['is_ca'] = True
if issuer['is_ca'] == 'false': issuer['is_ca'] = False
crt_builder = crt_builder.not_valid_before(time=datetime.datetime.today())
crt_builder = crt_builder.not_valid_after(
time=datetime.datetime.today() +
datetime.timedelta(days=issuer['valid_year'] * 365))
crt_builder = crt_builder.serial_number(number=x509.random_serial_number())
crt_builder = crt_builder.add_extension(extension=x509.BasicConstraints(
ca=issuer['is_ca'], path_length=None),
critical=True)
logger.info(
'Select CA to sign the certificate signing request and output certificate'
)
if issuer['ca'] == 'SelfSign':
logger.debug('CA is self-signed')
crt_builder = crt_builder.issuer_name(name=req._subject())
ca_key = req.private_key()
else:
ca_dir = os.path.join(
os.path.dirname(os.path.dirname(os.path.abspath(__file__))),
'common_static/ca')
ca_file = "{}/{}.pfx".format(ca_dir, issuer['ca'])
logger.debug("CA file is located in {}".format(ca_file))
with open(file=ca_file, mode='rb') as f:
ca_bytes = f.read()
logger.debug('CA file content is \n{}'.format(ca_bytes))
crt_chain = ReadCertificateChain({
'bytes': ca_bytes,
'password': b'Cisco123!'
})
ca_crt = crt_chain.certificate(data_type='object')
ca_key = crt_chain.private_key(data_type='object')
crt_builder = crt_builder.issuer_name(name=ca_crt.subject)
hash_obj_list = {
hashes.MD5(),
hashes.SHA1(),
hashes.SHA224(),
hashes.SHA256(),
hashes.SHA384(),
hashes.SHA512(),
hashes.SHA512_224(),
hashes.SHA512_256(),
hashes.SHA3_224(),
hashes.SHA3_256(),
hashes.SHA3_384(),
hashes.SHA3_512()
}
for hash_obj in hash_obj_list:
if issuer['hash_alg'] == hash_obj.name:
hash_algor = hash_obj
break
else:
hash_algor = hashes.MD5()
return crt_builder.sign(private_key=ca_key,
algorithm=hash_algor,
backend=default_backend())
from asn1crypto.algos import SignedDigestAlgorithm
from cryptography.hazmat.primitives import hashes
_STR_TO_HASH_ALGO = {
'md5' : hashes.MD5(),
'sha1' : hashes.SHA1(),
'sha224' : hashes.SHA224(),
'sha256' : hashes.SHA256(),
'sha384' : hashes.SHA384(),
'sha512' : hashes.SHA512(),
'sha512_224' : hashes.SHA512_224(),
'sha512_256' : hashes.SHA512_256(),
'sha3_224' : hashes.SHA3_224(),
'sha3_256' : hashes.SHA3_256(),
'sha3_384' : hashes.SHA3_384(),
'sha3_512' : hashes.SHA3_512(),
}
def get_hash_algo_by_name(hash_algo: str):
hash_algo = hash_algo.lower()
if hash_algo not in _STR_TO_HASH_ALGO:
raise ValueError("Invalid hash algorithm '{}'".format(hash_algo))
return _STR_TO_HASH_ALGO[hash_algo]
def update_sig_algo_if_no_hash_algo(sig_algo: SignedDigestAlgorithm, hash_algo: str):
n_sig_algo = sig_algo['algorithm'].native
if n_sig_algo == 'rsassa_pkcs1v15' or n_sig_algo == 'ecdsa' or n_sig_algo == 'dsa':
if n_sig_algo == 'rsassa_pkcs1v15':
n_sig_algo = 'rsa'
if hash_algo == 'md5':
)
@pytest.mark.requires_backend_interface(interface=HashBackend)
class TestSHA512224(object):
test_sha512_224 = generate_hash_test(
load_hash_vectors,
os.path.join("hashes", "SHA2"),
[
"SHA512_224LongMsg.rsp",
"SHA512_224ShortMsg.rsp",
],
hashes.SHA512_224(),
)
@pytest.mark.supported(
only_if=lambda backend: backend.hash_supported(hashes.SHA512_256()),
skip_message="Does not support SHA512/256",
)
@pytest.mark.requires_backend_interface(interface=HashBackend)
class TestSHA512256(object):
test_sha512_256 = generate_hash_test(
load_hash_vectors,
os.path.join("hashes", "SHA2"),
[
"SHA512_256LongMsg.rsp",
"SHA512_256ShortMsg.rsp",
],
hashes.SHA512_256(),
)
def test_unsupported_hash_alg(self):
cert, key = _load_cert_key()
with pytest.raises(TypeError):
smime.SMIMESignatureBuilder().add_signer(cert, key,
hashes.SHA512_256())
