当前位置: 首页>>代码示例>>Python>>正文


Python constant_time.bytes_eq方法代码示例

本文整理汇总了Python中cryptography.hazmat.primitives.constant_time.bytes_eq方法的典型用法代码示例。如果您正苦于以下问题:Python constant_time.bytes_eq方法的具体用法?Python constant_time.bytes_eq怎么用?Python constant_time.bytes_eq使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cryptography.hazmat.primitives.constant_time的用法示例。


在下文中一共展示了constant_time.bytes_eq方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: decrypt

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def decrypt(self, k, a, iv, e, t):
        """ Decrypt according to the selected encryption and hashing
        functions.
        :param k: Encryption key (optional)
        :param a: Additional Authenticated Data
        :param iv: Initialization Vector
        :param e: Ciphertext
        :param t: Authentication Tag

        Returns plaintext or raises an error
        """
        hkey = k[:_inbytes(self.keysize)]
        dkey = k[_inbytes(self.keysize):]

        # verify mac
        if not constant_time.bytes_eq(t, self._mac(hkey, a, iv, e)):
            raise InvalidSignature('Failed to verify MAC')

        # decrypt
        cipher = Cipher(algorithms.AES(dkey), modes.CBC(iv),
                        backend=self.backend)
        decryptor = cipher.decryptor()
        d = decryptor.update(e) + decryptor.finalize()
        unpadder = PKCS7(self.blocksize).unpadder()
        return unpadder.update(d) + unpadder.finalize() 
开发者ID:latchset,项目名称:jwcrypto,代码行数:27,代码来源:jwa.py

示例2: decrypt_header

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def decrypt_header(self, data: bytes) -> bytes:
        if len(data) != HEADER_LEN + MAC_LEN:
            raise ValueError(
                "Unexpected header length: {}, expected {} + {}".format(
                    len(data), HEADER_LEN, MAC_LEN
                )
            )

        header_ciphertext = data[:HEADER_LEN]
        header_mac = data[HEADER_LEN:]
        mac_secret = self.ingress_mac.digest()[:HEADER_LEN]
        aes = self.mac_enc(mac_secret)[:HEADER_LEN]
        self.ingress_mac.update(sxor(aes, header_ciphertext))
        expected_header_mac = self.ingress_mac.digest()[:HEADER_LEN]
        if not bytes_eq(expected_header_mac, header_mac):
            raise DecryptionError(
                "Invalid header mac: expected {}, got {}".format(
                    expected_header_mac, header_mac
                )
            )
        return self.aes_dec.update(header_ciphertext) 
开发者ID:QuarkChain,项目名称:pyquarkchain,代码行数:23,代码来源:peer.py

示例3: decrypt_body

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def decrypt_body(self, data: bytes, body_size: int) -> bytes:
        read_size = roundup_16(body_size)
        if len(data) < read_size + MAC_LEN:
            raise ValueError(
                "Insufficient body length; Got {}, wanted {} + {}".format(
                    len(data), read_size, MAC_LEN
                )
            )

        frame_ciphertext = data[:read_size]
        frame_mac = data[read_size : read_size + MAC_LEN]

        self.ingress_mac.update(frame_ciphertext)
        fmac_seed = self.ingress_mac.digest()[:MAC_LEN]
        self.ingress_mac.update(sxor(self.mac_enc(fmac_seed), fmac_seed))
        expected_frame_mac = self.ingress_mac.digest()[:MAC_LEN]
        if not bytes_eq(expected_frame_mac, frame_mac):
            raise DecryptionError(
                "Invalid frame mac: expected {}, got {}".format(
                    expected_frame_mac, frame_mac
                )
            )
        return self.aes_dec.update(frame_ciphertext)[:body_size] 
开发者ID:QuarkChain,项目名称:pyquarkchain,代码行数:25,代码来源:peer.py

示例4: decrypt_raw_bytes

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def decrypt_raw_bytes(self, data: bytes, size: int) -> bytes:
        """
        same as decrypt_body() but no roundup
        """
        if len(data) < size + MAC_LEN:
            raise ValueError(
                "Insufficient body length; Got {}, wanted {} + {}".format(
                    len(data), size, MAC_LEN
                )
            )

        frame_ciphertext = data[:size]
        frame_mac = data[size : size + MAC_LEN]

        self.ingress_mac.update(frame_ciphertext)
        fmac_seed = self.ingress_mac.digest()[:MAC_LEN]
        self.ingress_mac.update(sxor(self.mac_enc(fmac_seed), fmac_seed))
        expected_frame_mac = self.ingress_mac.digest()[:MAC_LEN]
        if not bytes_eq(expected_frame_mac, frame_mac):
            raise DecryptionError(
                "Invalid frame mac: expected {}, got {}".format(
                    expected_frame_mac, frame_mac
                )
            )
        return self.aes_dec.update(frame_ciphertext)[:size] 
开发者ID:QuarkChain,项目名称:pyquarkchain,代码行数:27,代码来源:p2p_manager.py

示例5: finalize

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def finalize(self):
        # CommonCrypto has a yet another bug where you must make at least one
        # call to update. If you pass just AAD and call finalize without a call
        # to update you'll get null bytes for tag. The following update call
        # prevents this issue, which is present in at least 10.8 and 10.9.
        # Filed as rdar://18314580
        self.update(b"")
        tag_size = self._cipher.block_size // 8
        tag_buf = self._backend._ffi.new("unsigned char[]", tag_size)
        tag_len = self._backend._ffi.new("size_t *", tag_size)
        res = self._backend._lib.CCCryptorGCMFinal(
            self._ctx[0], tag_buf, tag_len
        )
        self._backend._check_cipher_response(res)
        self._backend._release_cipher_ctx(self._ctx)
        self._tag = self._backend._ffi.buffer(tag_buf)[:]
        if (self._operation == self._backend._lib.kCCDecrypt and
                not constant_time.bytes_eq(
                    self._tag[:len(self._mode.tag)], self._mode.tag
                )):
            raise InvalidTag
        return b"" 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:24,代码来源:ciphers.py

示例6: aes_key_unwrap

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def aes_key_unwrap(wrapping_key, wrapped_key, backend):
    if len(wrapped_key) < 24:
        raise InvalidUnwrap("Must be at least 24 bytes")

    if len(wrapped_key) % 8 != 0:
        raise InvalidUnwrap("The wrapped key must be a multiple of 8 bytes")

    if len(wrapping_key) not in [16, 24, 32]:
        raise ValueError("The wrapping key must be a valid AES key length")

    aiv = b"\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6"
    r = [wrapped_key[i:i + 8] for i in range(0, len(wrapped_key), 8)]
    a = r.pop(0)
    a, r = _unwrap_core(wrapping_key, a, r, backend)
    if not bytes_eq(a, aiv):
        raise InvalidUnwrap()

    return b"".join(r) 
开发者ID:tp4a,项目名称:teleport,代码行数:20,代码来源:keywrap.py

示例7: handle

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def handle(self, request):
        name = request['headers'].get(self.id_header, None)
        key = request['headers'].get(self.key_header, None)
        if name is None and key is None:
            self.logger.debug('Ignoring request no relevant headers provided')
            return None

        validated = False
        try:
            val = self.store.get(self._db_key(name))
            if val is None:
                raise ValueError("No such ID")
            if constant_time.bytes_eq(val.encode('utf-8'),
                                      key.encode('utf-8')):
                validated = True
        except Exception:  # pylint: disable=broad-except
            self.audit_svc_access(log.AUDIT_SVC_AUTH_FAIL,
                                  request['client_id'], name)
            return False

        if validated:
            self.audit_svc_access(log.AUDIT_SVC_AUTH_PASS,
                                  request['client_id'], name)
            request['remote_user'] = name
            return True

        self.audit_svc_access(log.AUDIT_SVC_AUTH_FAIL,
                              request['client_id'], name)
        return False 
开发者ID:latchset,项目名称:custodia,代码行数:31,代码来源:authenticators.py

示例8: check_password

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def check_password(entered_password, user_password, seed=None):
    """ Version checking and returning the password

    :arg entered_password: password entered by the user.
    :type entered_password: str (Python 3) or unicode (Python 2)
    :arg user_password: the hashed string fetched from the database.
    :type user_password: bytes
    :return: a Boolean depending upon the entered_password, True if the
             password matches
    """
    if not isinstance(entered_password, six.text_type):
        raise ValueError("Entered password is not unicode text")
    if isinstance(user_password, six.text_type):
        user_password = user_password.encode("utf-8")

    if not user_password.count(b"$") >= 2:
        raise pagure.exceptions.PagureException(
            "Password of unknown version found in the database"
        )

    _, version, user_password = user_password.split(b"$", 2)

    if version == b"2":
        password = bcrypt.hashpw(
            entered_password.encode("utf-8"), user_password
        )
    elif version == b"1":
        password = "%s%s" % (entered_password, seed)
        password = (
            hashlib.sha512(password.encode("utf-8"))
            .hexdigest()
            .encode("utf-8")
        )

    else:
        raise pagure.exceptions.PagureException(
            "Password of unknown version found in the database"
        )

    return constant_time.bytes_eq(password, user_password) 
开发者ID:Pagure,项目名称:pagure,代码行数:42,代码来源:login.py

示例9: decrypt

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def decrypt(
    data: bytes, privkey: datatypes.PrivateKey, shared_mac_data: bytes = b""
) -> bytes:
    """Decrypt data with ECIES method using the given private key

    1) generate shared-secret = kdf( ecdhAgree(myPrivKey, msg[1:65]) )
    2) verify tag
    3) decrypt

    ecdhAgree(r, recipientPublic) == ecdhAgree(recipientPrivate, R)
    [where R = r*G, and recipientPublic = recipientPrivate*G]

    """
    if data[:1] != b"\x04":
        raise DecryptionError("wrong ecies header")

    #  1) generate shared-secret = kdf( ecdhAgree(myPrivKey, msg[1:65]) )
    shared = data[1 : 1 + PUBKEY_LEN]
    key_material = ecdh_agree(privkey, keys.PublicKey(shared))
    key = kdf(key_material)
    key_enc, key_mac = key[: KEY_LEN // 2], key[KEY_LEN // 2 :]
    key_mac = sha256(key_mac).digest()
    tag = data[-KEY_LEN:]

    # 2) Verify tag
    expected_tag = hmac_sha256(
        key_mac, data[1 + PUBKEY_LEN : -KEY_LEN] + shared_mac_data
    )
    if not bytes_eq(expected_tag, tag):
        raise DecryptionError("Failed to verify tag")

    # 3) Decrypt
    algo = CIPHER(key_enc)
    blocksize = algo.block_size // 8
    iv = data[1 + PUBKEY_LEN : 1 + PUBKEY_LEN + blocksize]
    ciphertext = data[1 + PUBKEY_LEN + blocksize : -KEY_LEN]
    ctx = Cipher(algo, MODE(iv), default_backend()).decryptor()
    return ctx.update(ciphertext) + ctx.finalize() 
开发者ID:QuarkChain,项目名称:pyquarkchain,代码行数:40,代码来源:ecies.py

示例10: _open_aes_ctr

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def _open_aes_ctr(key, nonce, ciphertext, expected_hmac, digest_method):
    data_key, hmac_key = _halve_key(key)
    hmac = _get_hmac(hmac_key, ciphertext, digest_method)
    # Check the HMAC before we decrypt to verify ciphertext integrity
    if not constant_time.bytes_eq(hmac, expected_hmac):
        raise IntegrityError("Computed HMAC on %s does not match stored HMAC")

    decryptor = Cipher(
        algorithms.AES(data_key),
        modes.CTR(nonce),
        backend=default_backend()
    ).decryptor()
    return decryptor.update(ciphertext) + decryptor.finalize() 
开发者ID:fugue,项目名称:credstash,代码行数:15,代码来源:credstash.py

示例11: constant_time_compare

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def constant_time_compare(val1, val2):
    """
    :type val1: any
    :type val2: any
    :rtype: bool
    """
    return constant_time.bytes_eq(force_bytes(val1), force_bytes(val2)) 
开发者ID:georgemarshall,项目名称:django-cryptography,代码行数:9,代码来源:crypto.py

示例12: _verify_challenge

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def _verify_challenge(received_challenge, sent_challenge):
    return received_challenge \
        and sent_challenge \
        and isinstance(received_challenge, six.string_types) \
        and isinstance(sent_challenge, six.string_types) \
        and constant_time.bytes_eq(
            to_bytes(sent_challenge),
            to_bytes(received_challenge)
        ) 
开发者ID:privacyidea,项目名称:privacyidea,代码行数:11,代码来源:webauthn.py

示例13: _verify_rp_id_hash

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def _verify_rp_id_hash(auth_data_rp_id_hash, rp_id):
    rp_id_hash = hashlib.sha256(to_bytes(rp_id)).digest()
    return constant_time.bytes_eq(auth_data_rp_id_hash, rp_id_hash) 
开发者ID:privacyidea,项目名称:privacyidea,代码行数:5,代码来源:webauthn.py

示例14: __eq__

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def __eq__(self, other):
        if not isinstance(other, SubjectKeyIdentifier):
            return NotImplemented

        return constant_time.bytes_eq(self.digest, other.digest) 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:7,代码来源:extensions.py

示例15: verify

# 需要导入模块: from cryptography.hazmat.primitives import constant_time [as 别名]
# 或者: from cryptography.hazmat.primitives.constant_time import bytes_eq [as 别名]
def verify(self, signature):
        digest = self.finalize()
        if not constant_time.bytes_eq(digest, signature):
            raise InvalidSignature("Signature did not match digest.") 
开发者ID:aliyun,项目名称:oss-ftp,代码行数:6,代码来源:hmac.py


注:本文中的cryptography.hazmat.primitives.constant_time.bytes_eq方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。