本文整理汇总了Python中cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature方法的典型用法代码示例。如果您正苦于以下问题:Python utils.encode_dss_signature方法的具体用法?Python utils.encode_dss_signature怎么用?Python utils.encode_dss_signature使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cryptography.hazmat.primitives.asymmetric.utils
的用法示例。
在下文中一共展示了utils.encode_dss_signature方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: verify_digest
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def verify_digest(hash_hex, pubkey_hex, sigb64, hashfunc=hashlib.sha256):
"""
Given a digest, public key (as hex), and a base64 signature,
verify that the public key signed the digest.
Return True if so
Return False if not
"""
if not isinstance(hash_hex, (str, unicode)):
raise ValueError("hash hex is not a string")
hash_hex = str(hash_hex)
pubk_uncompressed_hex = keylib.key_formatting.decompress(pubkey_hex)
sig_r, sig_s = decode_signature(sigb64)
pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), pubk_uncompressed_hex.decode('hex')).public_key(default_backend())
signature = encode_dss_signature(sig_r, sig_s)
try:
pubk.verify(signature, hash_hex.decode('hex'), ec.ECDSA(utils.Prehashed(hashes.SHA256())))
return True
except InvalidSignature:
return False
示例2: _ecc_static_length_signature
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def _ecc_static_length_signature(key, algorithm, digest):
"""Calculates an elliptic curve signature with a static length using pre-calculated hash.
:param key: Elliptic curve private key
:type key: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey
:param algorithm: Master algorithm to use
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param bytes digest: Pre-calculated hash digest
:returns: Signature with required length
:rtype: bytes
"""
pre_hashed_algorithm = ec.ECDSA(Prehashed(algorithm.signing_hash_type()))
signature = b""
while len(signature) != algorithm.signature_len:
_LOGGER.debug(
"Signature length %d is not desired length %d. Recalculating.", len(signature), algorithm.signature_len
)
signature = key.sign(digest, pre_hashed_algorithm)
if len(signature) != algorithm.signature_len:
# Most of the time, a signature of the wrong length can be fixed
# by negating s in the signature relative to the group order.
_LOGGER.debug(
"Signature length %d is not desired length %d. Negating s.", len(signature), algorithm.signature_len
)
r, s = decode_dss_signature(signature)
s = _ECC_CURVE_PARAMETERS[algorithm.signing_algorithm_info.name].order - s
signature = encode_dss_signature(r, s)
return signature
示例3: verify
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def verify(self, key, payload, signature):
pkey = key.get_op_key('verify', self._curve)
r = signature[:len(signature) // 2]
s = signature[len(signature) // 2:]
enc_signature = ec_utils.encode_dss_signature(
int(hexlify(r), 16), int(hexlify(s), 16))
pkey.verify(enc_signature, payload, ec.ECDSA(self.hashfn))
示例4: extract_signature
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def extract_signature(auth):
# type: (str) -> Tuple[str, str]
"""Fix the JWT auth token.
The JWA spec defines the signature to be a pair of 32octet encoded
longs.
The `ecdsa` library signs using a raw, 32octet pair of values (s, r).
Cryptography, which uses OpenSSL, uses a DER sequence of (s, r).
This function converts the raw ecdsa to DER.
:param auth: A JWT authorization token.
:type auth: str
:return tuple containing the signature material and signature
"""
payload, asig = auth.encode('utf8').rsplit(".", 1)
sig = base64.urlsafe_b64decode(repad(asig))
if len(sig) != 64:
return payload, sig
encoded = utils.encode_dss_signature(
s=int(binascii.hexlify(sig[32:]), 16),
r=int(binascii.hexlify(sig[:32]), 16)
)
return payload, encoded
示例5: verify
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def verify(self, signature, msg):
"""
Verify whether a given signature is correct for a message.
:param signature: the given signature
:param msg: the given message
"""
length = len(signature) // 2
r = signature[:length]
# remove all "\x00" prefixes
while r and r[0:1] == "\x00":
r = r[1:]
# prepend "\x00" when the most significant bit is set
if ord(r[0:1]) & 128:
r = "\x00" + r
s = signature[length:]
# remove all "\x00" prefixes
while s and s[0:1] == "\x00":
s = s[1:]
# prepend "\x00" when the most significant bit is set
if ord(s[0:1]) & 128:
s = "\x00" + s
# turn back into int
r = int(hexlify(r), 16)
s = int(hexlify(s), 16)
# verify
try:
if NEW_CRYPTOGRAPHY_SIGN_VERSION:
self.ec.verify(encode_dss_signature(r, s), msg, ec.ECDSA(hashes.SHA1()))
else:
self.ec.verifier(encode_dss_signature(r, s), ec.ECDSA(hashes.SHA1()))
return True
except InvalidSignature:
return False
示例6: verify
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def verify(self, message, signature):
# First convert (r||s) raw signature to ASN1 encoded signature.
sig_bytes = _helpers.to_bytes(signature)
if len(sig_bytes) != 64:
return False
r = utils.int_from_bytes(sig_bytes[:32], byteorder="big")
s = utils.int_from_bytes(sig_bytes[32:], byteorder="big")
asn1_sig = encode_dss_signature(r, s)
message = _helpers.to_bytes(message)
try:
self._pubkey.verify(asn1_sig, message, ec.ECDSA(hashes.SHA256()))
return True
except (ValueError, cryptography.exceptions.InvalidSignature):
return False
示例7: __init__
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def __init__(self, pubkey_hex, sigb64):
"""
Instantiate the verifier with a hex-encoded public key and a base64-encoded signature
"""
sig_r, sig_s = decode_signature(sigb64)
pubkey_hex_decompressed = keylib.key_formatting.decompress(pubkey_hex)
pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), pubkey_hex_decompressed.decode('hex')).public_key(default_backend())
signature = encode_dss_signature(sig_r, sig_s)
self.verifier = pubk.verifier(signature, ec.ECDSA(hashes.SHA256()))
示例8: _encode_dss_signature
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def _encode_dss_signature(self, raw_signature, key_size_bits):
want_raw_signature_len = bits_to_bytes_unit(key_size_bits) * 2
if len(raw_signature) != want_raw_signature_len:
raise InvalidSignature(
"Expected %d byte SignatureValue, got %d"
% (want_raw_signature_len, len(raw_signature))
)
int_len = len(raw_signature) // 2
r = bytes_to_long(raw_signature[:int_len])
s = bytes_to_long(raw_signature[int_len:])
return utils.encode_dss_signature(r, s)
示例9: encryptPassword
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def encryptPassword(self, login, passwd):
"""Encrypt credentials using the google publickey, with the
RSA algorithm"""
# structure of the binary key:
#
# *-------------------------------------------------------*
# | modulus_length | modulus | exponent_length | exponent |
# *-------------------------------------------------------*
#
# modulus_length and exponent_length are uint32
binaryKey = b64decode(config.GOOGLE_PUBKEY)
# modulus
i = utils.readInt(binaryKey, 0)
modulus = utils.toBigInt(binaryKey[4:][0:i])
# exponent
j = utils.readInt(binaryKey, i + 4)
exponent = utils.toBigInt(binaryKey[i + 8:][0:j])
# calculate SHA1 of the pub key
digest = hashes.Hash(hashes.SHA1(), backend=default_backend())
digest.update(binaryKey)
h = b'\x00' + digest.finalize()[0:4]
# generate a public key
der_data = encode_dss_signature(modulus, exponent)
publicKey = load_der_public_key(der_data, backend=default_backend())
# encrypt email and password using pubkey
to_be_encrypted = login.encode() + b'\x00' + passwd.encode()
ciphertext = publicKey.encrypt(
to_be_encrypted,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
return urlsafe_b64encode(h + ciphertext)
示例10: _raw_to_der
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def _raw_to_der(self, raw_signature):
"""Convert signature from RAW encoding to DER encoding."""
component_length = self._sig_component_length()
if len(raw_signature) != int(2 * component_length):
raise ValueError("Invalid signature")
r_bytes = raw_signature[:component_length]
s_bytes = raw_signature[component_length:]
r = int_from_bytes(r_bytes, "big")
s = int_from_bytes(s_bytes, "big")
return encode_dss_signature(r, s)
示例11: _der_encoded_bytes
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def _der_encoded_bytes(self) -> bytes:
return utils.encode_dss_signature(int(self.r), int(self.s))
示例12: get_signature_params
# 需要导入模块: from cryptography.hazmat.primitives.asymmetric import utils [as 别名]
# 或者: from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature [as 别名]
def get_signature_params(data):
"""
<Purpose>
Parse the signature parameters as multi-precision-integers.
<Arguments>
data:
the RFC4880-encoded signature data buffer as described
in the fourth paragraph of section 5.2.2
<Exceptions>
securesystemslib.gpg.exceptions.PacketParsingError:
if the public key parameters are malformed
securesystemslib.exceptions.UnsupportedLibraryError:
if the cryptography module is not available
<Side Effects>
None.
<Returns>
The decoded signature buffer
"""
if not CRYPTO: # pragma: no cover
return securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
ptr = 0
r_length = securesystemslib.gpg.util.get_mpi_length(data[ptr:ptr+2])
ptr += 2
r = data[ptr:ptr + r_length]
if len(r) != r_length: # pragma: no cover
raise securesystemslib.gpg.exceptions.PacketParsingError(
"r-value truncated in signature")
ptr += r_length
s_length = securesystemslib.gpg.util.get_mpi_length(data[ptr: ptr+2])
ptr += 2
s = data[ptr: ptr + s_length]
if len(s) != s_length: # pragma: no cover
raise securesystemslib.gpg.exceptions.PacketParsingError(
"s-value truncated in signature")
s = int(binascii.hexlify(s), 16)
r = int(binascii.hexlify(r), 16)
signature = dsautils.encode_dss_signature(r, s)
return signature