Python cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature() Examples
The following are 11
code examples of cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.hazmat.primitives.asymmetric.utils
, or try the search function
.
Example #1
Source File: ecdsalib.py From virtualchain with GNU General Public License v3.0 | 6 votes |
def sign_digest(hash_hex, privkey_hex, hashfunc=hashlib.sha256): """ Given a digest and a private key, sign it. Return the base64-encoded signature """ if not isinstance(hash_hex, (str, unicode)): raise ValueError("hash hex is not a string") hash_hex = str(hash_hex) pk_i = decode_privkey_hex(privkey_hex) privk = ec.derive_private_key(pk_i, ec.SECP256K1(), default_backend()) sig = privk.sign(hash_hex.decode('hex'), ec.ECDSA(utils.Prehashed(hashes.SHA256()))) sig_r, sig_s = decode_dss_signature(sig) sigb64 = encode_signature(sig_r, sig_s) return sigb64
Example #2
Source File: signing.py From pyUmbral with GNU General Public License v3.0 | 6 votes |
def from_bytes(cls, signature_as_bytes: bytes, der_encoded: bool = False, curve: Optional[Curve] = None) -> 'Signature': curve = curve if curve is not None else default_curve() if der_encoded: r, s = utils.decode_dss_signature(signature_as_bytes) else: expected_len = cls.expected_bytes_length(curve) if not len(signature_as_bytes) == expected_len: raise ValueError("Looking for exactly {} bytes if you call from_bytes \ with der_encoded=False and curve={}.".format(expected_len, curve)) else: r = int.from_bytes(signature_as_bytes[:(expected_len//2)], "big") s = int.from_bytes(signature_as_bytes[(expected_len//2):], "big") return cls(CurveBN.from_int(r, curve), CurveBN.from_int(s, curve))
Example #3
Source File: jwa.py From jwcrypto with GNU Lesser General Public License v3.0 | 5 votes |
def sign(self, key, payload): skey = key.get_op_key('sign', self._curve) signature = skey.sign(payload, ec.ECDSA(self.hashfn)) r, s = ec_utils.decode_dss_signature(signature) size = key.get_curve(self._curve).key_size return _encode_int(r, size) + _encode_int(s, size)
Example #4
Source File: signature_handler.py From ontology-python-sdk with GNU Lesser General Public License v3.0 | 5 votes |
def dsa_der_to_plain(signature): r, s = utils.decode_dss_signature(signature) r = hex(r)[2:] if len(r) < 64: r = '0' * (64 - len(r)) + r s = hex(s)[2:] if len(s) < 64: s = '0' * (64 - len(s)) + s return r + s
Example #5
Source File: elliptic_curve.py From aws-encryption-sdk-python with Apache License 2.0 | 5 votes |
def _ecc_static_length_signature(key, algorithm, digest): """Calculates an elliptic curve signature with a static length using pre-calculated hash. :param key: Elliptic curve private key :type key: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey :param algorithm: Master algorithm to use :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes digest: Pre-calculated hash digest :returns: Signature with required length :rtype: bytes """ pre_hashed_algorithm = ec.ECDSA(Prehashed(algorithm.signing_hash_type())) signature = b"" while len(signature) != algorithm.signature_len: _LOGGER.debug( "Signature length %d is not desired length %d. Recalculating.", len(signature), algorithm.signature_len ) signature = key.sign(digest, pre_hashed_algorithm) if len(signature) != algorithm.signature_len: # Most of the time, a signature of the wrong length can be fixed # by negating s in the signature relative to the group order. _LOGGER.debug( "Signature length %d is not desired length %d. Negating s.", len(signature), algorithm.signature_len ) r, s = decode_dss_signature(signature) s = _ECC_CURVE_PARAMETERS[algorithm.signing_algorithm_info.name].order - s signature = encode_dss_signature(r, s) return signature
Example #6
Source File: m2crypto.py From py-ipv8 with GNU Lesser General Public License v3.0 | 5 votes |
def signature(self, msg): """ Create a signature for a message in a backwards compatible fashion :param msg: the message to sign """ # Create the pyca signature if NEW_CRYPTOGRAPHY_SIGN_VERSION: signature = self.ec.sign(msg, ec.ECDSA(hashes.SHA1())) else: signer = self.ec.signer(ec.ECDSA(hashes.SHA1())) signer.update(msg) signature = signer.finalize() # Decode the DSS r and s variables from the pyca signature # We are going to turn these longs into (binary) string format r, s = decode_dss_signature(signature) # Convert the r and s to a valid hex representation r = hex(r).rstrip("L").lstrip("0x") or "0" s = hex(s).rstrip("L").lstrip("0x") or "0" # We want bytes: one byte is two nibbles: # Prefix with a 0 if the result is of odd length if len(r) % 2 == 1: r = "0" + r if len(s) % 2 == 1: s = "0" + s # Now we can turn this into a binary string r = unhexlify(r) s = unhexlify(s) key_len = self.get_signature_length() // 2 # For easy decoding, prepend 0 to r and s until they are of >equal length< return b"".join((b"\x00" * (key_len - len(r)), r, b"\x00" * (key_len - len(s)), s))
Example #7
Source File: es256.py From google-auth-library-python with Apache License 2.0 | 5 votes |
def sign(self, message): message = _helpers.to_bytes(message) asn1_signature = self._key.sign(message, ec.ECDSA(hashes.SHA256())) # Convert ASN1 encoded signature to (r||s) raw signature. (r, s) = decode_dss_signature(asn1_signature) return utils.int_to_bytes(r, 32) + utils.int_to_bytes(s, 32)
Example #8
Source File: ecdsalib.py From virtualchain with GNU General Public License v3.0 | 5 votes |
def finalize(self): """ Get the base64-encoded signature itself. Can only be called once. """ signature = self.signer.finalize() sig_r, sig_s = decode_dss_signature(signature) sig_b64 = encode_signature(sig_r, sig_s) return sig_b64
Example #9
Source File: cryptography_backend.py From python-jose with MIT License | 5 votes |
def _der_to_raw(self, der_signature): """Convert signature from DER encoding to RAW encoding.""" r, s = decode_dss_signature(der_signature) component_length = self._sig_component_length() return int_to_bytes(r, component_length) + int_to_bytes(s, component_length)
Example #10
Source File: jws.py From jws with Apache License 2.0 | 5 votes |
def sign(self, header, payload): """Computes the signed jws as defined at rfc7515#section-7.1. Args: header: dict, dictionary of header to convert to JSON and sign. payload: dict, dictionary of the payload to conert to JSON and sign. Returns: bytes, the signed token as defined at https://tools.ietf.org/html/rfc7515#section-7.1. Raises: SecurityException: if the header's algorithm or kid does not match the key's. """ if ((header.get("alg", None) is not None and header["alg"] != self.algorithm) or (header.get("kid", None) is not None and getattr(self, "kid", None) is not None and header["kid"] != self.kid)): raise SecurityException( "Header's algorithm or kid does not match the key's") signing_input = jwsutil.urlsafe_b64encode( jwsutil.json_encode(header)) + b"." + jwsutil.urlsafe_b64encode( jwsutil.json_encode(payload)) signature = self.signer.sign(signing_input) if self.algorithm[:2] == "ES": # Standard Ecdsa signature is the DER encoding of [r, s] while Jws's # singature is the concatenation of r and s. (r, s) = utils.decode_dss_signature(signature) curve_length = jwsutil.ecdsa_algorithm_to_curve_length(self.algorithm) signature = jwsutil.int_to_bytes(r, curve_length) + jwsutil.int_to_bytes( s, curve_length) return signing_input + b"." + jwsutil.urlsafe_b64encode(signature)
Example #11
Source File: weak_key.py From truegaze with Apache License 2.0 | 5 votes |
def check_for_weak_signatures(signatures): messages = [] # Extra r values from signatures values = list() for signature in signatures: (r, s) = utils.decode_dss_signature(signature) values.append(r) # Check if any appear more than once for r in values: if values.count(r) > 1: messages.append('---- ISSUE: DSA "r" value occurs more than once, private key is recoverable; k = ' + r) return messages