def testExportKey8(self): tup = (self.y, self.g, self.p, self.q, self.x) key = DSA.construct(tup) encoded = key.export_key('PEM', pkcs8=False, passphrase="PWDTEST") key = DSA.importKey(encoded, "PWDTEST") self.assertEqual(self.y, key.y) self.assertEqual(self.p, key.p) self.assertEqual(self.q, key.q) self.assertEqual(self.g, key.g) self.assertEqual(self.x, key.x)
def DSAKey(pub=None, priv=None, fd=None): """ make DSA KeyPair Object """ if fd is not None: pub = int.from_bytes(fd.read(128), 'big') priv = int.from_bytes(fd.read(128), 'big') if priv: return DSA.construct((pub, dsa_g, dsa_p, dsa_q, priv)) return DSA.construct((pub, dsa_g, dsa_p, dsa_q))
def test_domain1(self): """Verify we can generate new keys in a given domain""" dsa_key_1 = DSA.generate(1024) domain_params = dsa_key_1.domain() dsa_key_2 = DSA.generate(1024, domain=domain_params) self.assertEqual(dsa_key_1.p, dsa_key_2.p) self.assertEqual(dsa_key_1.q, dsa_key_2.q) self.assertEqual(dsa_key_1.g, dsa_key_2.g) self.assertEqual(dsa_key_1.domain(), dsa_key_2.domain())
def keyObject(self): """ A C{Crypto.PublicKey} object similar to this key. As PyCrypto is no longer used for the underlying operations, this property should be avoided. """ # Lazy import to have PyCrypto as a soft dependency. from Crypto.PublicKey import DSA, RSA keyObject = None keyType = self.type() keyData = self.data() isPublic = self.isPublic() if keyType == 'RSA': if isPublic: keyObject = RSA.construct(( keyData['n'], long(keyData['e']), )) else: keyObject = RSA.construct(( keyData['n'], long(keyData['e']), keyData['d'], keyData['p'], keyData['q'], keyData['u'], )) elif keyType == 'DSA': if isPublic: keyObject = DSA.construct(( keyData['y'], keyData['g'], keyData['p'], keyData['q'], )) else: keyObject = DSA.construct(( keyData['y'], keyData['g'], keyData['p'], keyData['q'], keyData['x'], )) else: raise BadKeyError('Unsupported key type.') return keyObject
def __init__(self, key=None, private=False): self.priv = self.pub = None if not isinstance(key, tuple): raise TypeError('4/5-tuple required for key') if len(key) == 5 and private: self.priv = DSA.construct(key) self.pub = self.priv.publickey() elif len(key) == 4 and not private: self.pub = DSA.construct(key) else: raise TypeError('wrong number of arguments for ' \ 'private={0!r}: got {1} ' .format(private, len(key)))
def strtoprivkey(data, passphrase): kind = data[0][11: 14] if data[1].startswith('Proc-Type: 4,ENCRYPTED'): # is an encrypted key ivdata = data[2].split(',')[1][:-1] iv = ''.join([chr(int(ivdata[i:i + 2], 16)) for i in range(0, len(ivdata), 2)]) if not passphrase: raise BadKeyError('encrypted key with no passphrase') ba = hashlib.md5(passphrase + iv).digest() bb = hashlib.md5(ba + passphrase + iv).digest() decKey = (ba + bb)[:24] b64Data = base64.decodestring(''.join(data[4:-1])) keyData = DES3.new(decKey, DES3.MODE_CBC, iv).decrypt(b64Data) removeLen = ord(keyData[-1]) keyData = keyData[:-removeLen] else: keyData = base64.decodestring(''.join(data[1:-1])) decodedKey = asn1parse(keyData) if isinstance(decodedKey[0], list): decodedKey = decodedKey[0] # this happens with encrypted keys if kind == 'RSA': n, e, d, p, q = decodedKey[1:6] return RSA.construct((n, e, d, p, q)) elif kind == 'DSA': p, q, g, y, x = decodedKey[1: 6] return DSA.construct((y, g, p, q, x))
def sign_DSA(msg, key_tuple, k=None): """Create a DSA signature. :Parameters: - `msg`: string of data signature applies to - `key_tuple`: tuple of DSA integers (y, g, p, q, x) (see `DSA tuple`_) - `k`: random integer 2 < k < q (automatically generated by default) :Returns: tuple (integer, integer) DSA signature values (r, s) .. _DSA tuple: DSA tuple: - `y`: integer DSA public key - `g`: integer DSA group - `p`: integer DSA prime - `q`: integer DSA order - `x`: integer DSA secret value """ import Crypto.PublicKey.DSA as DSA if k is None: # generate our own k value (2 < k < q) import Crypto.Util.number as NUM import Crypto.Util.randpool as RND rnd = RND.RandomPool() q = key_tuple[3] while 1: k = NUM.getRandomNumber(8*len(STN.int2str(q)), rnd.get_bytes) if 2 < k < q: break dsa = DSA.construct(key_tuple) # note change in ordering return dsa.sign(msg, k)
def _construct_DSA(self,privkey): k,x = privkey return DSA.construct([self.pubkey.y, self.pubkey.g, self.pubkey.p, self.pubkey.q, x])
def load_unencrypted(pkeyInfo): version, pkeyAlgo, pkeyData = pkeyInfo[0:3] if version != 0: raise PKCSError('unknown PKCS#8 version: {}'.format(version)) algoId, algoParms = pkeyAlgo.get_pos(0,2) if algoId == OID_PKCS_RSAPKEY: from Crypto.PublicKey import RSA rsakey = asn1.loads(pkeyData) vals = rsakey[1:6] # n, e, d, p, q pkey = RSA.construct([long(val) for val in vals]) print 'RSA!', vals elif algoId == OID_PKCS_DSAPKEY: from Crypto.PublicKey import DSA p, q, g = algoParms x = asn1.loads(pkeyData) y = pow(g, x, p) vals = (y, g, p, q, x) pkey = DSA.construct([long(val) for val in vals]) elif algoId == OID_PKCS_DHPKEY: from Crypto.PublicKey import ElGamal p, g = algoParms[0:2] x = asn1.loads(pkeyData) y = pow(g, x, p) vals = (p, g, y, x) pkey = ElGamal.construct([long(val) for val in vals]) else: raise PKCSError('unknown PKCS#8 key algorithm: {}'.format(algoId)) return pkey
def is_private_key_unprotected(self, key_content_encoded, key_algorithm): """ Check if the private key can be loaded without specifying any passphrase. PyCrypto >= 2.6.1 required in order to have the method importKey() in DSA class. :param key_content_encoded: Encoded content of the private key to test :param key_algorithm: Algorithm of the key (RSA or DSA) :return: True only if the key can be successfuly loaded and is usable """ state = False try: # Try to load it if key_algorithm == "RSA": key = RSA.importKey(key_content_encoded) else: key = DSA.importKey(key_content_encoded) # Validate loading state = (key is not None and key.can_sign() and key.has_private()) except Exception as e: print_debug("ERROR", "Cannot validate key protection '%s'" % e) state = False pass return state
def setUp(self): comps = "Crypto.SelfTest.Signature.test_vectors.wycheproof".split(".") with open(pycryptodome_filename(comps, "dsa_test.json"), "rt") as file_in: tv_tree = json.load(file_in) self.tv = [] for group in tv_tree['testGroups']: key = DSA.import_key(group['keyPem']) hash_name = group['sha'] if hash_name == "SHA-256": hash_module = SHA256 elif hash_name == "SHA-224": hash_module = SHA224 elif hash_name == "SHA-1": hash_module = SHA1 else: assert False assert group['type'] == "DSAVer" from collections import namedtuple TestVector = namedtuple('TestVector', 'id comment msg sig key hash_module valid warning') for test in group['tests']: tv = TestVector( test['tcId'], test['comment'], unhexlify(test['msg']), unhexlify(test['sig']), key, hash_module, test['result'] != "invalid", test['result'] == "acceptable" ) self.tv.append(tv)
def make_pkey(keyAlg, keyData, isPublic): algoId, algoParams = keyAlg.get_slice(0,2) if algoId == OID_PKCS_RSAKEY: from Crypto.PublicKey import RSA vals = asn1.loads(keyData) if isPublic: vals = vals[0:2] # n, e else: vals = vals[1:6] # n, e, d, p, q key = RSA.construct([long(val) for val in vals]) elif algoId == OID_X957_DSAKEY: from Crypto.PublicKey import DSA p, q, g = algoParams val = asn1.loads(keyData) if isPublic: vals = (val, g, p, q) # y, g, p, q else: y = pow(g, val, p) vals = (y, g, p, q, val) # y, g, p, q, x key = DSA.construct([long(val) for val in vals]) else: raise ValueError('unknown key algorithm id: {}'.format(algoId)) # if attrs: # for attrId, attrValues in attrs: # if attrId in ATTR_NAMES and attrValues: # setattr(key, ATTR_NAMES[attrId], attrValues[0]) return key
def testImportKey1(self): key_obj = DSA.importKey(self.der_public) self.assertFalse(key_obj.has_private()) self.assertEqual(self.y, key_obj.y) self.assertEqual(self.p, key_obj.p) self.assertEqual(self.q, key_obj.q) self.assertEqual(self.g, key_obj.g)
def verify_DSA(msg, sig_tuple, key_tuple): """Verify a DSA signature. :Parameters: - `msg`: string of data signature applies to - `sig_tuple`: tuple of DSA signature integers (r, s) (see `DSA signature tuple`_) - `key_tuple`: tuple of DSA key integers (y, g, p, q) (see `DSA key tuple`_) :Returns: integer 1 or 0, for verification true or false .. _DSA signature tuple: DSA signature tuple: - `r`: integer DSA "r" - `s`: integer DSA "s" .. _DSA key tuple: DSA key tuple: - `y`: integer DSA public key - `g`: integer DSA group - `p`: integer DSA prime - `q`: integer DSA order """ import Crypto.PublicKey.DSA as DSA dsa = DSA.construct(key_tuple) # note change in ordering return dsa.verify(msg, sig_tuple)
def strtoprivkey(data, password): kind = data[0][11: 14] if data[1].startswith('Proc-Type: 4,ENCRYPTED'): # encrypted key if not password: raise BadKeyPassword("password required") enc_type, salt = data[2].split(": ")[1].split(",") salt = unhexlify(salt.strip()) b64Data = base64.decodestring(''.join(data[4:-1])) if enc_type == "DES-EDE3-CBC": key = get_key_data(salt, password, 24) keyData = DES3.new(key, DES3.MODE_CBC, salt).decrypt(b64Data) elif enc_type == "AES-128-CBC": key = get_key_data(salt, password, 16) keyData = AES.new(key, AES.MODE_CBC, salt).decrypt(b64Data) else: raise BadKeyError("unknown encryption") removeLen = ord(keyData[-1]) keyData = keyData[:-removeLen] else: keyData = base64.decodestring(''.join(data[1:-1])) decodedKey = asn1parse(keyData) if isinstance(decodedKey[0], list): decodedKey = decodedKey[0] # this happens with encrypted keys if kind == 'RSA': n, e, d, p, q = decodedKey[1:6] return RSA.construct((n, e, d, p, q)) elif kind == 'DSA': p, q, g, y, x = decodedKey[1: 6] return DSA.construct((y, g, p, q, x))
def dsa_verify(pub, msg, sig): if isinstance(msg, int): msg = msg.to_bytes((msg.bit_length() // 8) + 1, 'big') msg = sha512(msg).digest() dsa = DSA.construct((pub, G, P, Q)) if not dsa.verify(msg, sig): raise ValueError("dsa verification failed")
def _fromString_PRIVATE_LSH(Class, data): """ Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: C{str} @return: a {Crypto.PublicKey.pubkey.pubkey} object @raises BadKeyError: if the key type is unknown """ sexp = sexpy.parse(data) assert sexp[0] == 'private-key' kd = {} for name, data in sexp[1][1:]: kd[name] = common.getMP(common.NS(data))[0] if sexp[1][0] == 'dsa': assert len(kd) == 5, len(kd) return Class(DSA.construct((kd['y'], kd['g'], kd['p'], kd['q'], kd['x']))) elif sexp[1][0] == 'rsa-pkcs1': assert len(kd) == 8, len(kd) if kd['p'] > kd['q']: # make p smaller than q kd['p'], kd['q'] = kd['q'], kd['p'] return Class(RSA.construct((kd['n'], kd['e'], kd['d'], kd['p'], kd['q']))) else: raise BadKeyError('unknown lsh key type %s' % sexp[1][0])
def testExportKey5(self): tup = (self.y, self.g, self.p, self.q, self.x) key = DSA.construct(tup) encoded = key.exportKey('DER') self.assertEqual(self.der_pkcs8, encoded) encoded = key.exportKey('DER', pkcs8=True) self.assertEqual(self.der_pkcs8, encoded)
def _fromString_BLOB(Class, blob): """ Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y @type blob: C{str} @return: a C{Crypto.PublicKey.pubkey.pubkey} object @raises BadKeyError: if the key type (the first string) is unknown. """ keyType, rest = common.getNS(blob) if keyType == 'ssh-rsa': e, n, rest = common.getMP(rest, 2) return Class(RSA.construct((n, e))) elif keyType == 'ssh-dss': p, q, g, y, rest = common.getMP(rest, 4) return Class(DSA.construct((y, g, p, q))) else: raise BadKeyError('unknown blob type: %s' % keyType)
def validate_dsa_key_pair(public_key, private_key): """ Validates a pair of dsa keys """ # FIXME: Make this function validate private key too # Construct DSA key keystring = binascii.a2b_base64(public_key.split(" ")[1]) keyparts = [] while len(keystring) > 4: length = struct.unpack(">I", keystring[:4])[0] keyparts.append(keystring[4 : 4 + length]) keystring = keystring[4 + length :] if keyparts[0] == "ssh-dss": tup = [bytes_to_long(keyparts[x]) for x in (4, 3, 1, 2)] else: return False key = DSA.construct(tup) # Validate DSA key fmt_error = not isPrime(key.p) fmt_error |= ((key.p - 1) % key.q) != 0 fmt_error |= key.g <= 1 or key.g >= key.p fmt_error |= pow(key.g, key.q, key.p) != 1 fmt_error |= key.y <= 0 or key.y >= key.p # The following piece of code is currently useless, because 'x' attribute is the private key # if hasattr(key, 'x'): # fmt_error |= key.x<=0 or key.x>=key.q # fmt_error |= pow(key.g, key.x, key.p)!=key.y return not fmt_error
def testExportKey6(self): tup = (self.y, self.g, self.p, self.q, self.x) key = DSA.construct(tup) encoded = key.export_key('PEM') self.assertEqual(self.pem_pkcs8, encoded) encoded = key.export_key('PEM', pkcs8=True) self.assertEqual(self.pem_pkcs8, encoded)
def Read(key): """ Reads a DSA public key from a JSON string representation of it. @param key: a JSON representation of a DSA public key @type key: string @return: a DSA public key @rtype: L{DsaPublicKey} """ dsa = json.loads(key) params = { "y": util.Base64WSDecode(dsa["y"]), "p": util.Base64WSDecode(dsa["p"]), "g": util.Base64WSDecode(dsa["g"]), "q": util.Base64WSDecode(dsa["q"]), } pubkey = DSA.construct( ( util.BytesToLong(params["y"]), util.BytesToLong(params["g"]), util.BytesToLong(params["p"]), util.BytesToLong(params["q"]), ) ) return DsaPublicKey(params, pubkey, dsa["size"])
def exec_dsa(form): other_params = {} message = form.text.data.encode("utf-8") hash_ = SHA.new(message) form.sha.data = hash_.hexdigest() h = hash_.digest() # 恢复key if not session.get("key"): key = DSA.generate(1024) session["key"] = pickle.dumps(key) else: key = pickle.loads(session["key"]) if form.sign.data: k = random.StrongRandom().randint(1,key.q-1) sig = key.sign(h, k) form.signature.data = "%s, %s"%(hex(sig[0])[2:-1], hex(sig[1])[2:-1]) elif form.verify.data: ssig = form.signature.data.split(", ") try: sig = (int(ssig[0], base=16), int(ssig[1], base=16)) except (IndexError, UnicodeEncodeError): flash(u"签名格式错误!") else: if key.verify(h, sig): flash(u"签名验证成功!") else: flash(u"签名验证失败!") return form, other_params
def dsa_sign(priv, msg): if isinstance(msg, int): msg = msg.to_bytes((msg.bit_length() // 8) + 1, 'big') msg = sha512(msg).digest() dsa = DSA.construct((pow(G, priv, P), G, P, Q, priv)) k = Rand.randrange(1, Q) return dsa.sign(msg, k)
def decode_pkcs1_public(cls, key_data): if (isinstance(key_data, tuple) and len(key_data) == 5 and all_ints(key_data) and key_data[0] == 0): _, p, q, g, y = key_data return cls(DSA.construct((y, g, p, q))) else: raise KeyImportError('Invalid DSA public key')
def testImportKey10(self): key_obj = DSA.importKey(self.der_pkcs8_encrypted, "PWDTEST") self.assertTrue(key_obj.has_private()) self.assertEqual(self.y, key_obj.y) self.assertEqual(self.p, key_obj.p) self.assertEqual(self.q, key_obj.q) self.assertEqual(self.g, key_obj.g) self.assertEqual(self.x, key_obj.x)
def testImportKey2(self): for pem in (self.pem_public, tostr(self.pem_public)): key_obj = DSA.importKey(pem) self.assertFalse(key_obj.has_private()) self.assertEqual(self.y, key_obj.y) self.assertEqual(self.p, key_obj.p) self.assertEqual(self.q, key_obj.q) self.assertEqual(self.g, key_obj.g)
def testImportKey5(self): key_obj = DSA.importKey(self.der_pkcs8) self.assertTrue(key_obj.has_private()) self.assertEqual(self.y, key_obj.y) self.assertEqual(self.p, key_obj.p) self.assertEqual(self.q, key_obj.q) self.assertEqual(self.g, key_obj.g) self.assertEqual(self.x, key_obj.x)
def testA02PyCryptoDSAVerification(self): """PyCrypto.PublicKey.DSA._verify: PyCrypto signature verification""" # this file has known good signature parameters sig = pickle.load(file('pgpfiles'+os.sep+'sig'+os.sep+'DSA_sig_test.pkl.py')) dsa = DSA.construct((sig['dsa_y'], sig['dsa_g'], sig['dsa_p'], sig['dsa_q'], sig['dsa_x'])) r_s = dsa.sign(sig['msg'], sig['k']) ret = dsa.verify(sig['msg'], r_s) self.assertEqual(1, ret)
def testImportKey7(self): for ssh in (self.ssh_pub, tostr(self.ssh_pub)): key_obj = DSA.importKey(ssh) self.assertFalse(key_obj.has_private()) self.assertEqual(self.y, key_obj.y) self.assertEqual(self.p, key_obj.p) self.assertEqual(self.q, key_obj.q) self.assertEqual(self.g, key_obj.g)
def dsa_sign(dsakey, message): dsakey = DSA.construct(dsakey) h = SHA.new(message).digest() k = random.StrongRandom().randint(1, dsakey.q - 1) sign = dsakey.sign(h, k) sign_r = sign[0].to_bytes(20, 'big') sign_s = sign[1].to_bytes(20, 'big') signature = struct.pack('<B', 4 + len(sign_r) + len(sign_s)) + b'\x00\x00\x00' + b'\x00' + \ struct.pack('<B', len(sign_r)*8) + sign_r + b'\x00' + struct.pack('<B', len(sign_s)*8) + sign_s return signature
def generate_DSA_agentkey(): key = DSA.generate(1024) agent_pubkey_epo_format = b'\x01\x00\x0c\x00' \ + b'agpubkey.bin' \ + b'\x9c\x01\x00\x00' \ + b'\x40\x00' + key.p.to_bytes(128, 'little') \ + b'\x00\xa0' + key.q.to_bytes(20, 'little') \ + b'\x03\xff' + key.g.to_bytes(128, 'little') \ + b'\x03\xfc' + key.y.to_bytes(128, 'little') return agent_pubkey_epo_format
def varify_message(self, text, signature, key): pubKey = DSA.import_key(bytes(key, 'utf-8')) hash_obj = SHA256.new(bytes(text, 'utf-8')) verifier = DSS.new(pubKey, 'fips-186-3') signature = base64.b64decode(signature) try: verifier.verify(hash_obj, signature) return True except ValueError: return False
def test2(self): for sig in self.signatures: tk = sig.test_key key = DSA.construct([tk.y, tk.g, tk.p, tk.q, tk.x], False) signer = DSS.new(key, 'deterministic-rfc6979') hash_obj = sig.module.new(sig.message) result = signer.sign(hash_obj) self.assertEqual(sig.result, result)
def _fips_verify_negative(self, test_vectors): """Negative tests for signature verification""" for tv in test_vectors: self.description = tv.desc key = DSA.construct([tv.Y, tv.G, tv.P, tv.Q], False) hash_obj = tv.hashmod.new(tv.Msg) signer = DSS.new(key, 'fips-186-3') self.assertRaises(ValueError, signer.verify, hash_obj, tv.Signature)
def testImportKey8(self): for pem in (self.pem_private_encrypted, tostr(self.pem_private_encrypted)): key_obj = DSA.importKey(pem, "PWDTEST") self.failUnless(key_obj.has_private()) self.assertEqual(self.y, key_obj.y) self.assertEqual(self.p, key_obj.p) self.assertEqual(self.q, key_obj.q) self.assertEqual(self.g, key_obj.g) self.assertEqual(self.x, key_obj.x)
def testA02PyCryptoDSAVerification(self): """PyCrypto.PublicKey.DSA._verify: PyCrypto signature verification""" # this file has known good signature parameters sig = pickle.load( file('pgpfiles' + os.sep + 'sig' + os.sep + 'DSA_sig_test.pkl.py')) dsa = DSA.construct((sig['dsa_y'], sig['dsa_g'], sig['dsa_p'], sig['dsa_q'], sig['dsa_x'])) r_s = dsa.sign(sig['msg'], sig['k']) ret = dsa.verify(sig['msg'], r_s) self.assertEqual(1, ret)
def _fips_sign(self, test_vectors): """Positive tests for signature generation""" for tv in test_vectors: self.description = tv.desc key = DSA.construct([tv.Y, tv.G, tv.P, tv.Q, tv.X], False) hash_obj = tv.hashmod.new(tv.Msg) signer = DSS.new(key, 'fips-186-3', randfunc=StrRNG(tv.K)) signature = signer.sign(hash_obj) self.assertEqual(signature, tv.Signature)
def __init__(self, relayPort, password): """Init.""" myDSAKeys = DSA.generate(1024) self.myDSAPublicKey = myDSAKeys.publickey() self.encryptedDSAKey = CryptoLib.encryptWalletDSAKey(password, myDSAKeys) self.address = CryptoLib.getAddressFromPublicKey(self.myDSAPublicKey.y) self.unspentTxs = [] self.relayPort = relayPort self.relayIP = "http://localhost:" + str(self.relayPort) self.BlockChain = []
def testExportKey10(self): tup = (self.y, self.g, self.p, self.q, self.x) key = DSA.construct(tup) randfunc = BytesIO( unhexlify(b("27A1C66C42AFEECE") + b("D725BF1B6B8239F4"))).read encoded = key.export_key('DER', pkcs8=True, passphrase="PWDTEST", randfunc=randfunc) self.assertEqual(self.der_pkcs8_encrypted, encoded)
def sign(self, message): # Create a new DSA key key = DSA.generate(1024) # Sign a message message = bytes(message.encode()) hash_obj = SHA256.new(message) signer = DSS.new(key, 'fips-186-3') start_time = timer() signature = signer.sign(hash_obj) self.executionTime = timer() - start_time return signature.hex().upper()
def test4(self): """Verify that unapproved hashes are rejected""" from Crypto.Hash import RIPEMD160 self.description = "Unapproved hash (RIPEMD160) test" key = DSA.construct((self.Y, self.G, self.P, self.Q)) hash_obj = RIPEMD160.new() signer = DSS.new(key, 'fips-186-3') self.assertRaises(ValueError, signer.sign, hash_obj) self.assertRaises(ValueError, signer.verify, hash_obj, b("\x00") * 40)
def __init__(self, p_length=None, p=None, q=None, g=None): if p == None: dsa = DSA.generate(p_length) self.p = dsa.p self.q = dsa.q self.g = dsa.g else: self.p = p self.q = q self.g = g Z_m.__init__(self, self.p, self.q)
def unpackDSA(self, string): #print 'unpackDSA', len(string), binascii.hexlify(string) #t = 64 * (ord(string[0])+1) t = (ord(string[0])*8+64) if (len(string) != (1 + 20 + (3 * t))): raise ValueError, 'HI: got RR length %d expecting %d' % (len(string), (1 + 20 + (3 * t))) (t, q, p, g, y) = struct.unpack('!B20s%ds%ds%ds'%(t,t,t), string) self.dsa = DSA.construct([bytes_to_long(y), bytes_to_long(g), bytes_to_long(p), bytes_to_long(q)])
def DSA_verifier(message, signature, client): # Load the public key f = open(client + "_DSA_public_key.pem", "rb") hash_obj = SHA256.new(message.encode()) pub_key = DSA.import_key(f.read()) verifier = DSS.new(pub_key, 'fips-186-3') # Verify the authenticity of the message try: verifier.verify(hash_obj, signature) print("The message is authentic.") except ValueError: print("The message is not authentic.")
def constructKey(tup): ''' tup with 4 or 5 items in the following order: 1. Public key (*y*). 2. Sub-group generator (*g*). 3. Modulus, finite field order (*p*). 4. Sub-group order (*q*). 5. Private key (*x*). Optional. ''' key = DSA.construct(tup) return key
def from_string_private_blob(cls, data): key_type, rest = get_NS(data, 1) if key_type == "ssh-rsa": n, e, d, u, p, q, rest = get_MP(rest, 6) rsakey = cls(RSA.construct((n, e, d, p, q, u))) return rsakey elif key_type == "ssh-dss": p, q, g, y, x, rest = get_MP(rest, 5) dsakey = cls(DSA.construct((y, g, p, q, x))) return dsakey else: raise ValueError('unknown blob type: %s' % key_type)
def make_DSA_keys(): # generate a pair of private and public DSA keys key = DSA.generate(1024) response = { 'private key': str(key.x), 'public key': str(key.y), 'generator': str(key.g), 'modulus': str(key.p), 'sub-group order': str(key.q) } return jsonify(response), 200
def generate_asymmetric(self, generate_dto, kek_meta_dto, project_id): """Generate asymmetric keys based on below rules: - RSA, with passphrase (supported) - RSA, without passphrase (supported) - DSA, without passphrase (supported) - DSA, with passphrase (not supported) Note: PyCrypto is not capable of serializing DSA keys and DER formated keys. Such keys will be serialized to Base64 PEM to store in DB. TODO (atiwari/reaperhulk): PyCrypto is not capable to serialize DSA keys and DER formated keys, later we need to pick better crypto lib. """ if (generate_dto.algorithm is None or generate_dto.algorithm.lower() == 'rsa'): private_key = RSA.generate(generate_dto.bit_length, None, None, 65537) elif generate_dto.algorithm.lower() == 'dsa': private_key = DSA.generate(generate_dto.bit_length, None, None) else: raise c.CryptoPrivateKeyFailureException() public_key = private_key.publickey() # Note (atiwari): key wrapping format PEM only supported if generate_dto.algorithm.lower() == 'rsa': public_key, private_key = self._wrap_key(public_key, private_key, generate_dto.passphrase) if generate_dto.algorithm.lower() == 'dsa': if generate_dto.passphrase: raise ValueError(u._('Passphrase not supported for DSA key')) public_key, private_key = self._serialize_dsa_key( public_key, private_key) private_dto = self.encrypt(c.EncryptDTO(private_key), kek_meta_dto, project_id) public_dto = self.encrypt(c.EncryptDTO(public_key), kek_meta_dto, project_id) passphrase_dto = None if generate_dto.passphrase: if isinstance(generate_dto.passphrase, six.text_type): generate_dto.passphrase = generate_dto.passphrase.encode( 'utf-8') passphrase_dto = self.encrypt( c.EncryptDTO(generate_dto.passphrase), kek_meta_dto, project_id) return private_dto, public_dto, passphrase_dto
def sign(self, user_id, record_id): session = session_class() digital_sign = session.query(DDigitalSign).filter_by( doctor_id=user_id, record_id=record_id).first() if digital_sign is not None: session.close() return False, '该病历已被签名' user = session.query(DUser).filter_by(id=user_id).first() if user is None: session.close() return False, '用户不存在' info = session.query(DDoctorInfo).filter_by( id=user.doctor_info_id).first() if user is None: session.close() return False, '用户信息不存在' private_key = session.query(DPrivateKey).filter_by( id=info.private_key_id).first() if private_key is None: session.close() return False, '用户密钥不存在' record = session.query(DMedicalRecord).filter_by(id=record_id).first() if record is None: session.close() return False, '病历不存在' plain_text = str(record.id) + record.r_name + record.company + str( record.gender) + record.address + str(record.age) + str( record.department_id) + record.nation + record.symptom + str( record.r_date.year) + '.' + str( record.r_date.month) + '.' + str( record.r_date.day) + record.conclusion print(len(plain_text), plain_text) hashed_text = SHA256.new(plain_text.encode('utf-8')).digest() print(len(hashed_text), hashed_text) key = DSA.construct((int(private_key.key_y), int(private_key.key_g), int(private_key.key_p), int(private_key.key_q), int(private_key.key_x))) k = random.StrongRandom().randint(1, key.q - 1) sign = key.sign(hashed_text, k) sign_data = DDigitalSign(doctor_id=user_id, record_id=record_id, sign_1=str(sign[0]), sign_2=str(sign[1])) try: session.add(sign_data) session.commit() session.close() return True, '签名成功' except Exception as e: print('repr(e):\t', repr(e)) session.rollback() session.close() return False, '数据库错误'
def sign(self, message): p, q, g, y, x = self.private_key dsa_obj = DSA.construct((y, g, p, q, x)) message_hash = hashlib.sha1(message).digest() # Get a random number that is greater than 2 and less than q. random_number = random.get_random_number_from_range(2, q) random_data = number.long_to_bytes(random_number) r, s = dsa_obj.sign(message_hash, random_data) signature = number.long_to_bytes(r, 20) + number.long_to_bytes(s, 20) return packet.pack_payload(DSS_SIG_PAYLOAD, ('ssh-dss', signature))
def get_dsa_key(key_location=None, key_file_obj=None, passphrase=None, use_pycrypto=False): key_fobj = key_file_obj or open(key_location) try: key = paramiko.DSSKey.from_private_key(key_fobj, password=passphrase) if use_pycrypto: key = DSA.construct((key.y, key.g, key.p, key.q, key.x)) return key except (paramiko.SSHException, ValueError): raise exception.SSHError( "Invalid DSA private key file or missing passphrase: %s" % key_location)
def test_dsa_asymmetric_key_generation(): with pytest.raises(ValueError, match="asymmetric key length"): wacryptolib.key_generation.generate_asymmetric_keypair( key_type="DSA", key_length_bits=1024) for key_length_bits in (None, 2048): extra_parameters = (dict( key_length_bits=key_length_bits) if key_length_bits else {}) keypair = wacryptolib.key_generation.generate_asymmetric_keypair( key_type="DSA", **extra_parameters) key = DSA.import_key(keypair["private_key"]) assert isinstance(key, DSA.DsaKey)
def verify_message(message, signature_file): with open(signature_file, 'rb') as signature: sign = signature.read() with open('public_key.pem', 'rb') as f: public_key = DSA.importKey(f.read()) hash_object = SHA1.new(message) verifier = DSS.new(public_key, 'fips-186-3') try: verifier.verify(hash_object, sign) return "Verified" except ValueError: return "Not verified"
def validate_private_key(ssh_private_key_data): try: RSA.import_key(from_base64(ssh_private_key_data)) return except ValueError: try: ECC.import_key(from_base64(ssh_private_key_data)) return except ValueError: try: DSA.import_key(from_base64(ssh_private_key_data)) return except ValueError: try: key_obj = io.StringIO( from_base64(ssh_private_key_data).decode('utf-8')) Ed25519Key(file_obj=key_obj) return except SSHException as ex: raise InvalidArgumentValueError( consts.SSH_PRIVATE_KEY_ERROR, consts.SSH_PRIVATE_KEY_HELP) from ex
def verify(self, message, signature): p, q, g, y = self.public_key dss, blob = packet.unpack_payload(DSS_SIG_PAYLOAD, signature) if dss != 'ssh-dss': raise ValueError(dss) # blob is the concatenation of r and s # r and s are 160-bit (20-byte) integers in network-byte-order assert(len(blob) == 40) r = number.bytes_to_long(blob[:20]) s = number.bytes_to_long(blob[20:]) dsa_obj = DSA.construct((y, g, p, q)) hash_of_message = hashlib.sha1(message).digest() return dsa_obj.verify(hash_of_message, (r, s))
def DSS_sign(c): key = DSA.generate(2048) global public_key public_key = key.publickey() if c == "a": hash_obj = SHA256.new(a_peer_public_key) else: hash_obj = SHA256.new(b_peer_public_key) signer = DSS.new(key, 'fips-186-3') signature = signer.sign(hash_obj) global s s = signer.sign(hash_obj) return hash_obj.hexdigest(), signature
def process(self, public_key_string): if True: #try: enc_pk = [chunk.strip().decode("hex") for chunk in public_key_string.split(",")] dec_str = ''.join(map(privkey_enc.decrypt,enc_pk)) pkdat = map(long,dec_str.split(",")) if len(pkdat) != 4: return None self.client_pk = DSA.construct(pkdat) return privkey.sign(dec_str, random.randint(1,privkey.__getstate__()['q']-1)) else: #except: return None
def __init__(self, data): _PubkeyAlg.__init__(self) (p, pos) = _parseMPI(data) (q, length) = _parseMPI(data[pos:]) pos += length (g, length) = _parseMPI(data[pos:]) pos += length (y, length) = _parseMPI(data[pos:]) if pos + length != len(data): raise ValueError, "Invalid DSA public key data" if DSA is None: raise NotImplementedError, "python-Crypto not available" self.dsa = DSA.construct((y, g, p, q))
def Simulation(): global file global ListOfTransactions global BlockChain ScroogeKey = DSA.generate(1024) UsersList.append(User("Scrooge", ScroogeKey.publickey(), ScroogeKey, [])) for i in range(25): Key = DSA.generate(1024) UsersList.append(User(str(uuid.uuid1()), Key.publickey(), Key, [])) for i in range(len(UsersList)): p = "User: "******", " + str(UsersList[i].PublicKey) + ", Amount of coins: " + str(len(UsersList[i].Coins)) + "\n" print(p) file.write(p) for i in range(len(UsersList)): if i > 0: F = MakeCoins(UsersList[0].PrivateKey, 10) ListOfTransactions.append(F) for z in range(len(F.ListOfCoins)): UsersList[0].Coins.append(F.ListOfCoins[z]) if len(ListOfTransactions) == 10: ListOfTransactions = VerifyTransaction(ListOfTransactions) SendCoins(10, UsersList[0].ID, UsersList[i].ID, UsersList[0].Coins[len(UsersList[0].Coins) - 10:]) while True: if keyboard.is_pressed('space'): Header = str(BlockChain[len(BlockChain)-1].ID) HashID = SHA256.new(bytes(Header, 'utf-8')) Sign = DSS.new(UsersList[0].PrivateKey, 'fips-186-3') Signature = Sign.sign(HashID) BlockChain[len(BlockChain)-1].HashPointer = Signature p = "\nLast block_ID: " + BlockChain[len(BlockChain)-1].ID + ", Hash of block: " + str(BlockChain[len(BlockChain)-1].Hash) + ", Signature of Scrooge: " + str(BlockChain[len(BlockChain)-1].HashPointer) + "\n" print(p) file.write(p) print("Program Terminated") file.close() break else: RandomTransaction()