本文整理匯總了Python中cryptography.hazmat.primitives.asymmetric.padding.PSS屬性的典型用法代碼示例。如果您正苦於以下問題:Python padding.PSS屬性的具體用法?Python padding.PSS怎麽用?Python padding.PSS使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類cryptography.hazmat.primitives.asymmetric.padding的用法示例。
在下文中一共展示了padding.PSS屬性的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: sign
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def sign(self, s):
"""
Create a signature of the string s
:param s: String to sign
:type s: str
:return: The hexlified and versioned signature of the string
:rtype: str
"""
if not self.private:
log.info('Could not sign message {0!s}, no private key!'.format(s))
# TODO: should we throw an exception in this case?
return ''
signature = self.private.sign(
to_bytes(s),
asym_padding.PSS(
mgf=asym_padding.MGF1(hashes.SHA256()),
salt_length=asym_padding.PSS.MAX_LENGTH),
hashes.SHA256())
res = ':'.join([self.sig_ver, hexlify_and_unicode(signature)])
return res 示例2: rsa_verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def rsa_verify(public_key, message, signature):
""" RSA verify message """
try:
public_key.verify(
base64.b64decode(signature),
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
except exceptions.InvalidSignature:
return False
except Exception as e:
raise e
return True 示例3: _get_padding
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def _get_padding(padStr, mgf=padding.MGF1, h=hashes.SHA256, label=None):
if padStr == "pkcs":
return padding.PKCS1v15()
elif padStr == "pss":
# Can't find where this is written, but we have to use the digest
# size instead of the automatic padding.PSS.MAX_LENGTH.
return padding.PSS(mgf=mgf(h), salt_length=h.digest_size)
elif padStr == "oaep":
return padding.OAEP(mgf=mgf(h), algorithm=h, label=label)
else:
warning("Key.encrypt(): Unknown padding type (%s)", padStr)
return None
#####################################################################
# Asymmetric Cryptography wrappers
#####################################################################
# Make sure that default values are consistent across the whole TLS module,
# lest they be explicitly set to None between cert.py and pkcs1.py. 示例4: getFileSignature
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def getFileSignature(cls, filename: str, private_key: RSAPrivateKey) -> Optional[str]:
"""Creates the signature for the (hash of the) provided file, given a private key.
:param filename: The file to be signed.
:param private_key: The private key used for signing.
:return: The signature if successful, 'None' otherwise.
"""
file_hash = cls.getFileHash(filename)
if file_hash is None:
return None
try:
file_hash_bytes = base64.b64decode(file_hash)
signature_bytes = private_key.sign(
file_hash_bytes,
padding.PSS(mgf = padding.MGF1(cls.__hash_algorithm), salt_length = padding.PSS.MAX_LENGTH),
Prehashed(cls.__hash_algorithm)
)
return base64.b64encode(signature_bytes).decode("utf-8")
except: # Yes, we do really want this on _every_ exception that might occur.
Logger.logException("e", "Couldn't sign '{0}', no signature generated.".format(filename))
return None 示例5: _verifyFile
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def _verifyFile(self, filename: str, signature: str) -> bool:
if self._public_key is None:
return False
file_hash = TrustBasics.getFileHash(filename)
if file_hash is None:
return False
try:
signature_bytes = base64.b64decode(signature)
file_hash_bytes = base64.b64decode(file_hash)
self._public_key.verify(
signature_bytes,
file_hash_bytes,
padding.PSS(mgf = padding.MGF1(TrustBasics.getHashAlgorithm()), salt_length = padding.PSS.MAX_LENGTH),
Prehashed(TrustBasics.getHashAlgorithm())
)
return True
except: # Yes, we do really want this on _every_ exception that might occur.
self._violation_handler("Couldn't verify '{0}' with supplied signature.".format(filename))
return False 示例6: test_verify_signature_pss_missing_hashing_algorithm
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def test_verify_signature_pss_missing_hashing_algorithm(self):
"""
Test that the right error is raised when PSS padding is used and no
hashing algorithm is provided.
"""
engine = crypto.CryptographyEngine()
args = (
b'',
b'',
b'',
enums.PaddingMethod.PSS
)
kwargs = {
'signing_algorithm': enums.CryptographicAlgorithm.RSA,
'hashing_algorithm': None,
'digital_signature_algorithm': None
}
self.assertRaisesRegex(
exceptions.InvalidField,
"A hashing algorithm must be specified for PSS padding.",
engine.verify_signature,
*args,
**kwargs
) 示例7: test_verify_signature_invalid_signing_key
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def test_verify_signature_invalid_signing_key(self):
"""
Test that the right error is raised when an invalid signing key is
used.
"""
engine = crypto.CryptographyEngine()
args = (
'invalid',
b'',
b'',
enums.PaddingMethod.PSS
)
kwargs = {
'signing_algorithm': enums.CryptographicAlgorithm.RSA,
'hashing_algorithm': enums.HashingAlgorithm.SHA_1,
'digital_signature_algorithm': None
}
self.assertRaisesRegex(
exceptions.CryptographicFailure,
"The signing key bytes could not be loaded.",
engine.verify_signature,
*args,
**kwargs
) 示例8: verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def verify(signed, public_key):
data = base642bytes(signed.data)
signature = base642bytes(signed.signature)
key = RSAPublicNumbers(
public_key.e,
base642int(public_key.n)
).public_key(BACKEND)
key.verify(
signature=signature,
data=data,
padding=PADDING.get(signed.padding, PSS),
algorithm=ALGORITHM.get(signed.algorithm, SHA256),
)
return json2value(data.decode("utf8")) 示例9: verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def verify(self, msg, key, sig):
verifier = key.verifier(
sig,
padding.PSS(
mgf=padding.MGF1(self.hash_alg()),
salt_length=self.hash_alg.digest_size
),
self.hash_alg()
)
verifier.update(msg)
try:
verifier.verify()
return True
except InvalidSignature:
return False 示例10: sign
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def sign(self, msg, key):
return key.sign(
msg,
padding.PSS(
mgf=padding.MGF1(self.hash_alg()),
salt_length=self.hash_alg.digest_size
),
self.hash_alg()
) 示例11: verify
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def verify(self, msg, key, sig):
try:
key.verify(
sig,
msg,
padding.PSS(
mgf=padding.MGF1(self.hash_alg()),
salt_length=self.hash_alg.digest_size
),
self.hash_alg()
)
return True
except InvalidSignature:
return False 示例12: __init__
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def __init__(self):
padfn = padding.PSS(padding.MGF1(hashes.SHA256()),
hashes.SHA256.digest_size)
super(_PS256, self).__init__(padfn, hashes.SHA256()) 示例13: verify_signature_v2
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def verify_signature_v2(args):
""" Verify a previously signed binary image, using the RSA public key """
SECTOR_SIZE = 4096
SIG_BLOCK_MAX_COUNT = 3
vk = _get_sbv2_rsa_pub_key(args.keyfile)
image_content = args.datafile.read()
if len(image_content) < SECTOR_SIZE or len(image_content) % SECTOR_SIZE != 0:
raise esptool.FatalError("Invalid datafile. Data size should be non-zero & a multiple of 4096.")
digest = digest = hashlib.sha256()
digest.update(image_content[:-SECTOR_SIZE])
digest = digest.digest()
for sig_blk_num in range(SIG_BLOCK_MAX_COUNT):
sig_blk = validate_signature_block(image_content, sig_blk_num)
if sig_blk is None:
raise esptool.FatalError("Signature block %d invalid. Signature could not be verified with the provided key." % sig_blk_num)
sig_data = struct.unpack("<BBxx32s384sI384sI384sI16x", sig_blk)
if sig_data[2] != digest:
raise esptool.FatalError("Signature block image digest does not match the actual image digest %s. Expected %s." % (digest, sig_data[2]))
try:
vk.verify(
sig_data[-2][::-1],
digest,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=32
),
utils.Prehashed(hashes.SHA256())
)
print("Signature block %d verification successful with %s." % (sig_blk_num, args.keyfile.name))
return
except exceptions.InvalidSignature:
print("Signature block %d is not signed by %s. Checking the next block" % (sig_blk_num, args.keyfile.name))
continue
raise esptool.FatalError("Checked all blocks. Signature could not be verified with the provided key.") 示例14: rsa_sign
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def rsa_sign(key, message):
""" RSA sign message """
signature = key.sign(
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return base64.b64encode(signature) 示例15: test_verify_signature_mismatching_signing_algorithms
# 需要導入模塊: from cryptography.hazmat.primitives.asymmetric import padding [as 別名]
# 或者: from cryptography.hazmat.primitives.asymmetric.padding import PSS [as 別名]
def test_verify_signature_mismatching_signing_algorithms(self):
"""
Test that the right error is raised when both the signing algorithm
and the digital signature algorithm are provided and do not match.
"""
engine = crypto.CryptographyEngine()
args = (
b'',
b'',
b'',
enums.PaddingMethod.PSS
)
kwargs = {
'signing_algorithm': enums.CryptographicAlgorithm.ECDSA,
'hashing_algorithm': enums.HashingAlgorithm.SHA_1,
'digital_signature_algorithm':
enums.DigitalSignatureAlgorithm.SHA1_WITH_RSA_ENCRYPTION
}
self.assertRaisesRegex(
exceptions.InvalidField,
"The signing algorithm does not match the digital signature "
"algorithm.",
engine.verify_signature,
*args,
**kwargs
)