本文整理匯總了Python中cryptography.hazmat.primitives.asymmetric.ec.ECDSA屬性的典型用法代碼示例。如果您正苦於以下問題:Python ec.ECDSA屬性的具體用法?Python ec.ECDSA怎麽用?Python ec.ECDSA使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類cryptography.hazmat.primitives.asymmetric.ec的用法示例。
在下文中一共展示了ec.ECDSA屬性的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: validate
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def validate(self, authenticator_data, rp_id_hash, client_data_hash):
# See https://www.w3.org/TR/webauthn/#fido-u2f-attestation, "Verification procedure"
credential = authenticator_data.credential
public_key_u2f = b'\x04' + credential.public_key.x + credential.public_key.y
verification_data = b'\x00' + rp_id_hash + client_data_hash + credential.id + public_key_u2f
assert len(credential.public_key.x) == 32
assert len(credential.public_key.y) == 32
self.cert_public_key.verify(self.signature, verification_data, ec.ECDSA(hashes.SHA256()))
key_id = x509.SubjectKeyIdentifier.from_public_key(self.cert_public_key).digest.hex()
att_root_cert_chain = self.metadata_for_key_id(key_id)["attestationRootCertificates"]
# TODO: implement full cert chain validation
# See https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate.tbs_certificate_bytes
# See https://github.com/pyca/cryptography/issues/2381
# See https://github.com/wbond/certvalidator
assert len(att_root_cert_chain) == 1
att_root_cert = x509.load_der_x509_certificate(att_root_cert_chain[0].encode(),
cryptography.hazmat.backends.default_backend())
att_root_cert.public_key().verify(self.att_cert.signature,
self.att_cert.tbs_certificate_bytes,
padding.PKCS1v15(),
self.att_cert.signature_hash_algorithm)
return self.validated_attestation(type="Basic", trust_path="x5c", credential=credential) 示例2: generate_signature
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def generate_signature(self, pri_key: str, msg: bytes) -> str:
if self.__scheme == SignatureScheme.SHA224withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16), ec.SECP224R1(), default_backend())
signature = private_key.sign(
msg,
ec.ECDSA(hashes.SHA224())
)
elif self.__scheme == SignatureScheme.SHA256withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16), ec.SECP256R1(), default_backend())
signature = private_key.sign(
msg,
ec.ECDSA(hashes.SHA256())
)
elif self.__scheme == SignatureScheme.SHA384withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16), ec.SECP384R1(), default_backend())
signature = private_key.sign(
msg,
ec.ECDSA(hashes.SHA384())
)
else:
raise SDKException(ErrorCode.other_error('Invalid signature scheme.'))
sign = SignatureHandler.dsa_der_to_plain(signature)
return sign 示例3: load_pem_public_key
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def load_pem_public_key(self, data):
mem_bio = self._bytes_to_bio(data)
evp_pkey = self._lib.PEM_read_bio_PUBKEY(
mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
)
if evp_pkey != self._ffi.NULL:
evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
return self._evp_pkey_to_public_key(evp_pkey)
else:
# It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
# need to check to see if it is a pure PKCS1 RSA public key (not
# embedded in a subjectPublicKeyInfo)
self._consume_errors()
res = self._lib.BIO_reset(mem_bio.bio)
self.openssl_assert(res == 1)
rsa_cdata = self._lib.PEM_read_bio_RSAPublicKey(
mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
)
if rsa_cdata != self._ffi.NULL:
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
return _RSAPublicKey(self, rsa_cdata, evp_pkey)
else:
self._handle_key_loading_error() 示例4: load_der_public_key
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def load_der_public_key(self, data):
mem_bio = self._bytes_to_bio(data)
evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
if evp_pkey != self._ffi.NULL:
evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
return self._evp_pkey_to_public_key(evp_pkey)
else:
# It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
# need to check to see if it is a pure PKCS1 RSA public key (not
# embedded in a subjectPublicKeyInfo)
self._consume_errors()
res = self._lib.BIO_reset(mem_bio.bio)
self.openssl_assert(res == 1)
rsa_cdata = self._lib.d2i_RSAPublicKey_bio(
mem_bio.bio, self._ffi.NULL
)
if rsa_cdata != self._ffi.NULL:
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
evp_pkey = self._rsa_cdata_to_evp_pkey(rsa_cdata)
return _RSAPublicKey(self, rsa_cdata, evp_pkey)
else:
self._handle_key_loading_error() 示例5: elliptic_curve_signature_algorithm_supported
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def elliptic_curve_signature_algorithm_supported(
self, signature_algorithm, curve
):
if self._lib.Cryptography_HAS_EC != 1:
return False
# We only support ECDSA right now.
if not isinstance(signature_algorithm, ec.ECDSA):
return False
# Before 0.9.8m OpenSSL can't cope with digests longer than the curve.
if (
self._lib.OPENSSL_VERSION_NUMBER < 0x009080df and
curve.key_size < signature_algorithm.algorithm.digest_size * 8
):
return False
return self.elliptic_curve_supported(curve) 示例6: _fromString_PUBLIC_OPENSSH
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def _fromString_PUBLIC_OPENSSH(cls, data):
"""
Return a public key object corresponding to this OpenSSH public key
string. The format of an OpenSSH public key string is::
<key type> <base64-encoded public key blob>
@type data: L{bytes}
@param data: The key data.
@return: A new key.
@rtype: L{twisted.conch.ssh.keys.Key}
@raises BadKeyError: if the blob type is unknown.
"""
# ECDSA keys don't need base64 decoding which is required
# for RSA or DSA key.
if data.startswith(b'ecdsa-sha2'):
return cls(load_ssh_public_key(data, default_backend()))
blob = decodebytes(data.split()[1])
return cls._fromString_BLOB(blob) 示例7: sign_digest
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def sign_digest(hash_hex, privkey_hex, hashfunc=hashlib.sha256):
"""
Given a digest and a private key, sign it.
Return the base64-encoded signature
"""
if not isinstance(hash_hex, (str, unicode)):
raise ValueError("hash hex is not a string")
hash_hex = str(hash_hex)
pk_i = decode_privkey_hex(privkey_hex)
privk = ec.derive_private_key(pk_i, ec.SECP256K1(), default_backend())
sig = privk.sign(hash_hex.decode('hex'), ec.ECDSA(utils.Prehashed(hashes.SHA256())))
sig_r, sig_s = decode_dss_signature(sig)
sigb64 = encode_signature(sig_r, sig_s)
return sigb64 示例8: verify_digest
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def verify_digest(hash_hex, pubkey_hex, sigb64, hashfunc=hashlib.sha256):
"""
Given a digest, public key (as hex), and a base64 signature,
verify that the public key signed the digest.
Return True if so
Return False if not
"""
if not isinstance(hash_hex, (str, unicode)):
raise ValueError("hash hex is not a string")
hash_hex = str(hash_hex)
pubk_uncompressed_hex = keylib.key_formatting.decompress(pubkey_hex)
sig_r, sig_s = decode_signature(sigb64)
pubk = ec.EllipticCurvePublicNumbers.from_encoded_point(ec.SECP256K1(), pubk_uncompressed_hex.decode('hex')).public_key(default_backend())
signature = encode_dss_signature(sig_r, sig_s)
try:
pubk.verify(signature, hash_hex.decode('hex'), ec.ECDSA(utils.Prehashed(hashes.SHA256())))
return True
except InvalidSignature:
return False 示例9: verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def verify(self, public_key, message, signature):
"""ECDSA verify signature.
:param public_key: Signing public key
:param message: Origin message
:param signature: Signature of message
:return: verify result boolean, True means valid
"""
if not (self._check_malleability(signature)):
return False
try:
public_key.verify(signature, message,
ec.ECDSA(self.sign_hash_algorithm))
except InvalidSignature:
return False
except Exception as e:
raise e
return True 示例10: verify_ssh_sig
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def verify_ssh_sig(self, data, msg):
if msg.get_text() != self.ecdsa_curve.key_format_identifier:
return False
sig = msg.get_binary()
sigR, sigS = self._sigdecode(sig)
signature = encode_dss_signature(sigR, sigS)
verifier = self.verifying_key.verifier(
signature, ec.ECDSA(self.ecdsa_curve.hash_object())
)
verifier.update(data)
try:
verifier.verify()
except InvalidSignature:
return False
else:
return True 示例11: generate
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def generate(cls, curve=ec.SECP256R1(), progress_func=None, bits=None):
"""
Generate a new private ECDSA key. This factory function can be used to
generate a new host key or authentication key.
:param function progress_func: Not used for this type of key.
:returns: A new private key (`.ECDSAKey`) object
"""
if bits is not None:
curve = cls._ECDSA_CURVES.get_by_key_length(bits)
if curve is None:
raise ValueError("Unsupported key length: %d"%(bits))
curve = curve.curve_class()
private_key = ec.generate_private_key(curve, backend=default_backend())
return ECDSAKey(vals=(private_key, private_key.public_key()))
### internals... 示例12: sign
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def sign(self, byts):
'''
Compute the ECC signature for the given bytestream.
Args:
byts (bytes): The bytes to sign.
Returns:
bytes: The RSA Signature bytes.
'''
chosen_hash = c_hashes.SHA256()
hasher = c_hashes.Hash(chosen_hash, default_backend())
hasher.update(byts)
digest = hasher.finalize()
return self.priv.sign(digest,
c_ec.ECDSA(c_utils.Prehashed(chosen_hash))
) 示例13: verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def verify(self, byts, sign):
'''
Verify the signature for the given bytes using the ECC
public key.
Args:
byts (bytes): The data bytes.
sign (bytes): The signature bytes.
Returns:
bool: True if the data was verified, False otherwise.
'''
try:
chosen_hash = c_hashes.SHA256()
hasher = c_hashes.Hash(chosen_hash, default_backend())
hasher.update(byts)
digest = hasher.finalize()
self.publ.verify(sign,
digest,
c_ec.ECDSA(c_utils.Prehashed(chosen_hash))
)
return True
except InvalidSignature:
logger.exception('Error in publ.verify')
return False 示例14: verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def verify(self, signature, signed_data):
ec_curve = EllipticCurves[self.public_key.ec_id]
ec_pk_numbers = ec.EllipticCurvePublicNumbers(int.from_bytes(self.public_key.x, byteorder="big"),
int.from_bytes(self.public_key.y, byteorder="big"),
ec_curve)
ec_public_key = ec_pk_numbers.public_key(cryptography.hazmat.backends.default_backend())
sig_alg = SignatureAlgorithms[self.public_key.algorithm]
ec_public_key.verify(signature, signed_data, ec.ECDSA(sig_alg())) 示例15: sign
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import ec [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.ec import ECDSA [as 別名]
def sign(self, msg, key):
der_sig = key.sign(msg, ec.ECDSA(self.hash_alg()))
return der_to_raw_signature(der_sig, key.curve)