def Verify(self, data, sig):
"""
Verifies whether the signature corresponds to the given data. This is a
stanard signature (i.e. HMAC-SHA1, RSA-SHA1, DSA-SHA1) that contains no
version information, so this will try to verify with each key in a keyset.
@param data: message that has been signed with sig
@type data: string
@param sig: Base64 string formatted as Header|Signature
@type sig: string
@return: True if sig corresponds to data, False otherwise.
@rtype: boolean
"""
sig_bytes = util.Base64WSDecode(sig)
for version in self.versions:
key = self._keys[version]
# Try to verify with each key
result = key.Verify(data, sig_bytes)
if result:
return True
# None of the keys verified the signature
return False
def AttachedVerify(self, signed_data, nonce):
"""
Verifies the signature in the signed blob corresponds to the data
in the signed blob and the provided nonce, and returns the data.
@param signed_data: the blob, produced by AttachedSign, containing
data and signature.
@type signed_data: string
@param nonce: Nonce string that was used when the signature was
generated. If the provided value doesn't match, verification will
fail.
@type sig: string
@return: If verification succeeds, the extracted data will be returned,
otherwise, None
@rtype: string
"""
decoded_data = util.Base64WSDecode(signed_data)
data, offset = util.UnpackByteArray(decoded_data, HEADER_SIZE)
signature = decoded_data[offset:]
if self.__InternalVerify(decoded_data[:HEADER_SIZE], signature, data, nonce):
return data
else:
return None
def Read(key):
"""
Reads a RSA public key from a JSON string representation of it.
@param key: a JSON representation of a RSA public key
@type key: string
@return: a RSA public key
@rtype: L{RsaPublicKey}
"""
rsa = json.loads(key)
params = {
'modulus': util.Base64WSDecode(rsa['modulus']),
'publicExponent': util.Base64WSDecode(rsa['publicExponent'])
}
pubkey = RSA.construct((util.BytesToLong(params['modulus']),
util.BytesToLong(params['publicExponent'])))
return RsaPublicKey(params, pubkey, rsa['size'])
def LoadJsonSession(json_session_data):
"""
Constructs and returns a new _Session instance, initialized with the key and nonce
extracted from the provided json_session_data, which must have been produced by
_Session.json.
"""
json_dict = json.loads(json_session_data)
aes_key_string = json.dumps(json_dict['key'])
return _Session.__Create(keys.AesKey.Read(aes_key_string),
util.Base64WSDecode(json_dict['nonce']))
def Read(key):
"""
Reads a RSA private key from a JSON string representation of it.
@param key: a JSON representation of a RSA private key
@type key: string
@return: a RSA private key
@rtype: L{RsaPrivateKey}
"""
rsa = json.loads(key)
pub = RsaPublicKey.Read(json.dumps(rsa['publicKey']))
params = {
'privateExponent': util.Base64WSDecode(rsa['privateExponent']),
'primeP': util.Base64WSDecode(rsa['primeP']),
'primeQ': util.Base64WSDecode(rsa['primeQ']),
'primeExponentP': util.Base64WSDecode(rsa['primeExponentP']),
'primeExponentQ': util.Base64WSDecode(rsa['primeExponentQ']),
'crtCoefficient': util.Base64WSDecode(rsa['crtCoefficient'])
}
key = RSA.construct((util.BytesToLong(pub.params['modulus']),
util.BytesToLong(pub.params['publicExponent']),
util.BytesToLong(params['privateExponent']),
util.BytesToLong(params['primeQ']),
util.BytesToLong(params['primeP']),
util.BytesToLong(params['crtCoefficient'])))
return RsaPrivateKey(params, pub, key, rsa['size'])
def Read(key):
"""
Reads a DSA public key from a JSON string representation of it.
@param key: a JSON representation of a DSA public key
@type key: string
@return: a DSA public key
@rtype: L{DsaPublicKey}
"""
dsa = json.loads(key)
params = {
'y': util.Base64WSDecode(dsa['y']),
'p': util.Base64WSDecode(dsa['p']),
'g': util.Base64WSDecode(dsa['g']),
'q': util.Base64WSDecode(dsa['q'])
}
pubkey = DSA.construct(
(util.BytesToLong(params['y']), util.BytesToLong(params['g']),
util.BytesToLong(params['p']), util.BytesToLong(params['q'])))
return DsaPublicKey(params, pubkey, dsa['size'])
def Verify(self, data, sig):
"""
Verifies whether the signature corresponds to the given data.
@param data: message that has been signed with sig
@type data: string
@param sig: Base64 string formatted as Header|Signature
@type sig: string
@return: True if sig corresponds to data, False otherwise.
@rtype: boolean
"""
sig_bytes = util.Base64WSDecode(sig)
if len(sig_bytes) < HEADER_SIZE:
raise errors.ShortSignatureError(len(sig_bytes))
return self.__InternalVerify(sig_bytes[:HEADER_SIZE], sig_bytes[HEADER_SIZE:], data)
def Read(key):
"""
Reads a DSA private key from a JSON string representation of it.
@param key: a JSON representation of a DSA private key
@type key: string
@return: an DSA private key
@rtype: L{DsaPrivateKey}
"""
dsa = json.loads(key)
pub = DsaPublicKey.Read(json.dumps(dsa['publicKey']))
params = {'x': util.Base64WSDecode(dsa['x'])}
key = DSA.construct((util.BytesToLong(pub._params['y']),
util.BytesToLong(pub._params['g']),
util.BytesToLong(pub._params['p']),
util.BytesToLong(pub._params['q']),
util.BytesToLong(params['x'])))
return DsaPrivateKey(params, pub, key, dsa['size'])
class Key(object):
"""Parent class for Keyczar Keys."""
def __init__(self, key_type):
self.type = key_type
self.__size = self.type.default_size # initially default
def __eq__(self, other):
return (self.type == other.type and self.size == other.size
and self.key_string == other.key_string)
def __SetSize(self, new_size):
if self.type.IsValidSize(new_size):
self.__size = new_size
def _GetKeyString(self):
"""Return the key as a string. Abstract method."""
def __GetKeyString(self):
"""Indirect getter for the key string."""
return self._GetKeyString()
def _Hash(self):
"""Compute and return the hash_id id of this key. Can override default hash_id."""
fullhash = util.Hash(util.IntToBytes(len(self.key_bytes)),
self.key_bytes)
return util.Base64WSEncode(fullhash[:keyczar.KEY_HASH_SIZE])
def __Hash(self):
"""Indirect getter for hash_id."""
return self._Hash()
hash_id = property(__Hash, doc="""The hash_id id of the key.""")
size = property(lambda self: self.__size,
__SetSize,
doc="""The size of the key in bits.""")
key_string = property(__GetKeyString,
doc="""The key as a Base64 string.""")
key_bytes = property(lambda self: util.Base64WSDecode(self.key_string),
doc="""The key as bytes.""")
def Header(self):
"""Return the 5-byte header string including version byte, 4-byte hash_id."""
return chr(keyczar.VERSION) + util.Base64WSDecode(self.hash_id)
def Header(self):
"""Return the 5-byte header string including version byte, 4-byte hash_id."""
return chr(keyczar.VERSION) + util.Base64WSDecode(self.hash_id)
def WrapperFunction(self, json_dict, *args):
output = util.Base64WSDecode(json_dict["output"])
return method(self, output, *args)
