def sign(self, data, hash_context):
if not isinstance(hash_context, hashes.HashContext):
raise TypeError("hash_context must be an instance of hashes.HashContext.")
hash_context.update(data)
digest = hash_context.finalize()
r, s = decode_dss_signature(self._key.sign(digest, Prehashed(SHA256HMAC160())))
# return long_to_bytes(r, 20) + long_to_bytes(s, 20)
size = self.private_numbers.public_numbers.parameter_numbers.q.bit_length() // 8
return long_to_bytes(r, size) + long_to_bytes(s, size)
def sign(self, data, hash_context):
if not isinstance(hash_context, hashes.HashContext):
raise TypeError("hash_context must be an instance of hashes.HashContext.")
signer = self._key.signer(hashes.SHA256())
signer._hash_ctx = hash_context
signer.update(data)
r, s = decode_dss_signature(signer.finalize())
# return long_to_bytes(r, 20) + long_to_bytes(s, 20)
size = self.private_numbers.public_numbers.parameter_numbers.q.bit_length() // 8
return long_to_bytes(r, size) + long_to_bytes(s, size)
def finalize(self):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized.")
digest = self._ctx.finalize()
self._ctx = None
q = self._dsa_key.parameters.parameter_numbers().q
# We need this for compatibility with libotr which doesn't truncate its digest to the leftmost q.bit_length() bits
# when the digest is longer than that as per the DSA specification (see FIPS 186-4, 4.2 & 4.6). Passing digest mod q
# is the same as passing it unmodified, but this way we avoid the cryptography library truncating the digest as per
# the specification, which would result in the signature verification failing.
if self.algorithm.digest_size * 8 > q.bit_length():
digest = long_to_bytes(bytes_to_long(digest) % q, (q.bit_length() + 7) // 8)
return digest
def finalize(self):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized.")
digest = self._ctx.finalize()
self._ctx = None
q = self._dsa_key.parameters.parameter_numbers().q
# We need this for compatibility with libotr which doesn't truncate its digest to the leftmost q.bit_length() bits
# when the digest is longer than that as per the DSA specification (see FIPS 186-4, 4.2 & 4.6). Passing digest mod q
# is the same as passing it unmodified, but this way we avoid the cryptography library truncating the digest as per
# the specification, which would result in the signature verification failing.
if self.algorithm.digest_size * 8 > q.bit_length():
digest = long_to_bytes(bytes_to_long(digest) % q, (q.bit_length() + 7) // 8)
return digest
def __init__(self, key, counter=0):
self._cipher = Cipher(algorithms.AES(key), modes.CTR(long_to_bytes(counter << 64, 16)), self.__backend__)
def __init__(self, key, counter=0):
self._cipher = Cipher(algorithms.AES(key), modes.CTR(long_to_bytes(counter << 64, 16)), self.__backend__)
