def _decodeSignatureInfo(signatureHolder, decoder):
endOffset = decoder.readNestedTlvsStart(Tlv.SignatureInfo)
signatureType = decoder.readNonNegativeIntegerTlv(Tlv.SignatureType)
if signatureType == Tlv.SignatureType_SignatureSha256WithRsa:
signatureHolder.setSignature(Sha256WithRsaSignature())
# Modify signatureHolder's signature object because if we create an object
# and set it, then signatureHolder will have to copy all the fields.
signatureInfo = signatureHolder.getSignature()
Tlv0_1_1WireFormat._decodeKeyLocator(Tlv.KeyLocator,
signatureInfo.getKeyLocator(),
decoder)
elif signatureType == Tlv.SignatureType_SignatureSha256WithIbswaters:
signatureHolder.setSignature(Sha256WithIbsWatersSignature())
# Modify signatureHolder's signature object because if we create an object
# and set it, then signatureHolder will have to copy all the fields.
signatureInfo = signatureHolder.getSignature()
Tlv0_1_1WireFormat._decodeKeyLocator(Tlv.KeyLocator,
signatureInfo.getKeyLocator(),
decoder)
elif signatureType == Tlv.SignatureType_DigestSha256:
signatureHolder.setSignature(DigestSha256Signature())
else:
raise RuntimeError(
"decodeSignatureInfo: unrecognized SignatureInfo type" +
str(signatureType))
decoder.finishNestedTlvs(endOffset)
def signInterestWithSha256(self, interest, wireFormat=None):
"""
Append a SignatureInfo for DigestSha256 to the Interest name, digest the
name components and append a final name component with the signature
bits (which is the digest).
:param Interest interest: The Interest object to be signed. This appends
name components of SignatureInfo and the signature bits.
:param wireFormat: (optional) A WireFormat object used to encode the
input. If omitted, use WireFormat.getDefaultWireFormat().
:type wireFormat: A subclass of WireFormat
"""
if wireFormat == None:
# Don't use a default argument since getDefaultWireFormat can change.
wireFormat = WireFormat.getDefaultWireFormat()
signature = DigestSha256Signature()
# Append the encoded SignatureInfo.
interest.getName().append(wireFormat.encodeSignatureInfo(signature))
# Append an empty signature so that the "signedPortion" is correct.
interest.getName().append(Name.Component())
# Encode once to get the signed portion.
encoding = interest.wireEncode(wireFormat)
# Digest and set the signature.
sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend())
sha256.update(encoding.toSignedBytes())
signatureBits = sha256.finalize()
signature.setSignature(Blob(bytearray(signatureBits), False))
# Remove the empty signature and append the real one.
interest.setName(interest.getName().getPrefix(-1).append(
wireFormat.encodeSignatureValue(signature)))
def signWithSha256(self, data, wireFormat=None):
"""
Wire encode the Data object, digest it and set its SignatureInfo to a
DigestSha256.
:param Data data: The Data object to be signed. This updates its
signature and wireEncoding.
:param wireFormat: (optional) A WireFormat object used to encode the
input. If omitted, use WireFormat.getDefaultWireFormat().
:type wireFormat: A subclass of WireFormat
"""
if wireFormat == None:
# Don't use a default argument since getDefaultWireFormat can change.
wireFormat = WireFormat.getDefaultWireFormat()
data.setSignature(DigestSha256Signature())
# Encode once to get the signed portion.
encoding = data.wireEncode(wireFormat)
# Digest and set the signature.
sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend())
sha256.update(encoding.toSignedBytes())
signatureBits = sha256.finalize()
data.getSignature().setSignature(Blob(bytearray(signatureBits), False))
# Encode again to include the signature.
data.wireEncode(wireFormat)
def signWithSha256(self, data, wireFormat = None):
"""
Wire encode the Data object, digest it and set its SignatureInfo to a
DigestSha256.
:param Data data: The Data object to be signed. This updates its
signature and wireEncoding.
:param wireFormat: (optional) A WireFormat object used to encode the
input. If omitted, use WireFormat.getDefaultWireFormat().
:type wireFormat: A subclass of WireFormat
"""
if wireFormat == None:
# Don't use a default argument since getDefaultWireFormat can change.
wireFormat = WireFormat.getDefaultWireFormat()
data.setSignature(DigestSha256Signature())
# Encode once to get the signed portion.
encoding = data.wireEncode(wireFormat)
# Get the bytes to sign.
signedPortion = encoding.toSignedBuffer()
if sys.version_info[0] == 2:
# In Python 2.x, we need a str. Use Blob to convert signedPortion.
signedPortion = Blob(signedPortion, False).toRawStr()
# Digest and set the signature.
data.getSignature().setSignature(Blob(SHA256.new(signedPortion).digest()))
# Encode again to include the signature.
data.wireEncode(wireFormat)
def signInterestWithSha256(self, interest, wireFormat = None):
"""
Append a SignatureInfo for DigestSha256 to the Interest name, digest the
name components and append a final name component with the signature
bits (which is the digest).
:param Interest interest: The Interest object to be signed. This appends
name components of SignatureInfo and the signature bits.
:param wireFormat: (optional) A WireFormat object used to encode the
input. If omitted, use WireFormat.getDefaultWireFormat().
:type wireFormat: A subclass of WireFormat
"""
if wireFormat == None:
# Don't use a default argument since getDefaultWireFormat can change.
wireFormat = WireFormat.getDefaultWireFormat()
signature = DigestSha256Signature()
# Append the encoded SignatureInfo.
interest.getName().append(wireFormat.encodeSignatureInfo(signature))
# Append an empty signature so that the "signedPortion" is correct.
interest.getName().append(Name.Component())
# Encode once to get the signed portion.
encoding = interest.wireEncode(wireFormat)
# Get the bytes to sign.
signedPortion = encoding.toSignedBuffer()
if sys.version_info[0] == 2:
# In Python 2.x, we need a str. Use Blob to convert signedPortion.
signedPortion = Blob(signedPortion, False).toRawStr()
# Digest and set the signature.
signature.setSignature(Blob(SHA256.new(signedPortion).digest()))
# Remove the empty signature and append the real one.
interest.setName(interest.getName().getPrefix(-1).append(
wireFormat.encodeSignatureValue(signature)))