def sign(self, data, hash_context): if not isinstance(hash_context, hashes.HashContext): raise TypeError("hash_context must be an instance of hashes.HashContext.") hash_context.update(data) digest = hash_context.finalize() r, s = decode_dss_signature(self._key.sign(digest, Prehashed(SHA256HMAC160()))) # return long_to_bytes(r, 20) + long_to_bytes(s, 20) size = self.private_numbers.public_numbers.parameter_numbers.q.bit_length() // 8 return long_to_bytes(r, size) + long_to_bytes(s, size)
def sign(self, data, hash_context): if not isinstance(hash_context, hashes.HashContext): raise TypeError("hash_context must be an instance of hashes.HashContext.") signer = self._key.signer(hashes.SHA256()) signer._hash_ctx = hash_context signer.update(data) r, s = decode_dss_signature(signer.finalize()) # return long_to_bytes(r, 20) + long_to_bytes(s, 20) size = self.private_numbers.public_numbers.parameter_numbers.q.bit_length() // 8 return long_to_bytes(r, size) + long_to_bytes(s, size)
def finalize(self): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") digest = self._ctx.finalize() self._ctx = None q = self._dsa_key.parameters.parameter_numbers().q # We need this for compatibility with libotr which doesn't truncate its digest to the leftmost q.bit_length() bits # when the digest is longer than that as per the DSA specification (see FIPS 186-4, 4.2 & 4.6). Passing digest mod q # is the same as passing it unmodified, but this way we avoid the cryptography library truncating the digest as per # the specification, which would result in the signature verification failing. if self.algorithm.digest_size * 8 > q.bit_length(): digest = long_to_bytes(bytes_to_long(digest) % q, (q.bit_length() + 7) // 8) return digest
def __init__(self, key, counter=0): self._cipher = Cipher(algorithms.AES(key), modes.CTR(long_to_bytes(counter << 64, 16)), self.__backend__)