def Verify(self, data, sig): """ Verifies whether the signature corresponds to the given data. This is a stanard signature (i.e. HMAC-SHA1, RSA-SHA1, DSA-SHA1) that contains no version information, so this will try to verify with each key in a keyset. @param data: message that has been signed with sig @type data: string @param sig: Base64 string formatted as Header|Signature @type sig: string @return: True if sig corresponds to data, False otherwise. @rtype: boolean """ sig_bytes = util.Base64WSDecode(sig) for version in self.versions: key = self._keys[version] # Try to verify with each key result = key.Verify(data, sig_bytes) if result: return True # None of the keys verified the signature return False
def AttachedVerify(self, signed_data, nonce): """ Verifies the signature in the signed blob corresponds to the data in the signed blob and the provided nonce, and returns the data. @param signed_data: the blob, produced by AttachedSign, containing data and signature. @type signed_data: string @param nonce: Nonce string that was used when the signature was generated. If the provided value doesn't match, verification will fail. @type sig: string @return: If verification succeeds, the extracted data will be returned, otherwise, None @rtype: string """ decoded_data = util.Base64WSDecode(signed_data) data, offset = util.UnpackByteArray(decoded_data, HEADER_SIZE) signature = decoded_data[offset:] if self.__InternalVerify(decoded_data[:HEADER_SIZE], signature, data, nonce): return data else: return None
def Read(key): """ Reads a RSA public key from a JSON string representation of it. @param key: a JSON representation of a RSA public key @type key: string @return: a RSA public key @rtype: L{RsaPublicKey} """ rsa = json.loads(key) params = { 'modulus': util.Base64WSDecode(rsa['modulus']), 'publicExponent': util.Base64WSDecode(rsa['publicExponent']) } pubkey = RSA.construct((util.BytesToLong(params['modulus']), util.BytesToLong(params['publicExponent']))) return RsaPublicKey(params, pubkey, rsa['size'])
def LoadJsonSession(json_session_data): """ Constructs and returns a new _Session instance, initialized with the key and nonce extracted from the provided json_session_data, which must have been produced by _Session.json. """ json_dict = json.loads(json_session_data) aes_key_string = json.dumps(json_dict['key']) return _Session.__Create(keys.AesKey.Read(aes_key_string), util.Base64WSDecode(json_dict['nonce']))
def Read(key): """ Reads a RSA private key from a JSON string representation of it. @param key: a JSON representation of a RSA private key @type key: string @return: a RSA private key @rtype: L{RsaPrivateKey} """ rsa = json.loads(key) pub = RsaPublicKey.Read(json.dumps(rsa['publicKey'])) params = { 'privateExponent': util.Base64WSDecode(rsa['privateExponent']), 'primeP': util.Base64WSDecode(rsa['primeP']), 'primeQ': util.Base64WSDecode(rsa['primeQ']), 'primeExponentP': util.Base64WSDecode(rsa['primeExponentP']), 'primeExponentQ': util.Base64WSDecode(rsa['primeExponentQ']), 'crtCoefficient': util.Base64WSDecode(rsa['crtCoefficient']) } key = RSA.construct((util.BytesToLong(pub.params['modulus']), util.BytesToLong(pub.params['publicExponent']), util.BytesToLong(params['privateExponent']), util.BytesToLong(params['primeQ']), util.BytesToLong(params['primeP']), util.BytesToLong(params['crtCoefficient']))) return RsaPrivateKey(params, pub, key, rsa['size'])
def Read(key): """ Reads a DSA public key from a JSON string representation of it. @param key: a JSON representation of a DSA public key @type key: string @return: a DSA public key @rtype: L{DsaPublicKey} """ dsa = json.loads(key) params = { 'y': util.Base64WSDecode(dsa['y']), 'p': util.Base64WSDecode(dsa['p']), 'g': util.Base64WSDecode(dsa['g']), 'q': util.Base64WSDecode(dsa['q']) } pubkey = DSA.construct( (util.BytesToLong(params['y']), util.BytesToLong(params['g']), util.BytesToLong(params['p']), util.BytesToLong(params['q']))) return DsaPublicKey(params, pubkey, dsa['size'])
def Verify(self, data, sig): """ Verifies whether the signature corresponds to the given data. @param data: message that has been signed with sig @type data: string @param sig: Base64 string formatted as Header|Signature @type sig: string @return: True if sig corresponds to data, False otherwise. @rtype: boolean """ sig_bytes = util.Base64WSDecode(sig) if len(sig_bytes) < HEADER_SIZE: raise errors.ShortSignatureError(len(sig_bytes)) return self.__InternalVerify(sig_bytes[:HEADER_SIZE], sig_bytes[HEADER_SIZE:], data)
def Read(key): """ Reads a DSA private key from a JSON string representation of it. @param key: a JSON representation of a DSA private key @type key: string @return: an DSA private key @rtype: L{DsaPrivateKey} """ dsa = json.loads(key) pub = DsaPublicKey.Read(json.dumps(dsa['publicKey'])) params = {'x': util.Base64WSDecode(dsa['x'])} key = DSA.construct((util.BytesToLong(pub._params['y']), util.BytesToLong(pub._params['g']), util.BytesToLong(pub._params['p']), util.BytesToLong(pub._params['q']), util.BytesToLong(params['x']))) return DsaPrivateKey(params, pub, key, dsa['size'])
class Key(object): """Parent class for Keyczar Keys.""" def __init__(self, key_type): self.type = key_type self.__size = self.type.default_size # initially default def __eq__(self, other): return (self.type == other.type and self.size == other.size and self.key_string == other.key_string) def __SetSize(self, new_size): if self.type.IsValidSize(new_size): self.__size = new_size def _GetKeyString(self): """Return the key as a string. Abstract method.""" def __GetKeyString(self): """Indirect getter for the key string.""" return self._GetKeyString() def _Hash(self): """Compute and return the hash_id id of this key. Can override default hash_id.""" fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)), self.key_bytes) return util.Base64WSEncode(fullhash[:keyczar.KEY_HASH_SIZE]) def __Hash(self): """Indirect getter for hash_id.""" return self._Hash() hash_id = property(__Hash, doc="""The hash_id id of the key.""") size = property(lambda self: self.__size, __SetSize, doc="""The size of the key in bits.""") key_string = property(__GetKeyString, doc="""The key as a Base64 string.""") key_bytes = property(lambda self: util.Base64WSDecode(self.key_string), doc="""The key as bytes.""") def Header(self): """Return the 5-byte header string including version byte, 4-byte hash_id.""" return chr(keyczar.VERSION) + util.Base64WSDecode(self.hash_id)
def Header(self): """Return the 5-byte header string including version byte, 4-byte hash_id.""" return chr(keyczar.VERSION) + util.Base64WSDecode(self.hash_id)
def WrapperFunction(self, json_dict, *args): output = util.Base64WSDecode(json_dict["output"]) return method(self, output, *args)