Python cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature() Examples

The following are 11 code examples of cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module cryptography.hazmat.primitives.asymmetric.utils , or try the search function .
Example #1
Source File: ecdsalib.py    From virtualchain with GNU General Public License v3.0 6 votes vote down vote up
def sign_digest(hash_hex, privkey_hex, hashfunc=hashlib.sha256):
    """
    Given a digest and a private key, sign it.
    Return the base64-encoded signature
    """
    if not isinstance(hash_hex, (str, unicode)):
        raise ValueError("hash hex is not a string")

    hash_hex = str(hash_hex)

    pk_i = decode_privkey_hex(privkey_hex)
    privk = ec.derive_private_key(pk_i, ec.SECP256K1(), default_backend())

    sig = privk.sign(hash_hex.decode('hex'), ec.ECDSA(utils.Prehashed(hashes.SHA256())))

    sig_r, sig_s = decode_dss_signature(sig)
    sigb64 = encode_signature(sig_r, sig_s)
    return sigb64 
Example #2
Source File: signing.py    From pyUmbral with GNU General Public License v3.0 6 votes vote down vote up
def from_bytes(cls,
                   signature_as_bytes: bytes,
                   der_encoded: bool = False,
                   curve: Optional[Curve] = None) -> 'Signature':
        curve = curve if curve is not None else default_curve()
        if der_encoded:
            r, s = utils.decode_dss_signature(signature_as_bytes)
        else:
            expected_len = cls.expected_bytes_length(curve)
            if not len(signature_as_bytes) == expected_len:
                raise ValueError("Looking for exactly {} bytes if you call from_bytes \
                    with der_encoded=False and curve={}.".format(expected_len, curve))
            else:
                r = int.from_bytes(signature_as_bytes[:(expected_len//2)], "big")
                s = int.from_bytes(signature_as_bytes[(expected_len//2):], "big")

        return cls(CurveBN.from_int(r, curve), CurveBN.from_int(s, curve)) 
Example #3
Source File: jwa.py    From jwcrypto with GNU Lesser General Public License v3.0 5 votes vote down vote up
def sign(self, key, payload):
        skey = key.get_op_key('sign', self._curve)
        signature = skey.sign(payload, ec.ECDSA(self.hashfn))
        r, s = ec_utils.decode_dss_signature(signature)
        size = key.get_curve(self._curve).key_size
        return _encode_int(r, size) + _encode_int(s, size) 
Example #4
Source File: signature_handler.py    From ontology-python-sdk with GNU Lesser General Public License v3.0 5 votes vote down vote up
def dsa_der_to_plain(signature):
        r, s = utils.decode_dss_signature(signature)
        r = hex(r)[2:]
        if len(r) < 64:
            r = '0' * (64 - len(r)) + r
        s = hex(s)[2:]
        if len(s) < 64:
            s = '0' * (64 - len(s)) + s
        return r + s 
Example #5
Source File: elliptic_curve.py    From aws-encryption-sdk-python with Apache License 2.0 5 votes vote down vote up
def _ecc_static_length_signature(key, algorithm, digest):
    """Calculates an elliptic curve signature with a static length using pre-calculated hash.

    :param key: Elliptic curve private key
    :type key: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey
    :param algorithm: Master algorithm to use
    :type algorithm: aws_encryption_sdk.identifiers.Algorithm
    :param bytes digest: Pre-calculated hash digest
    :returns: Signature with required length
    :rtype: bytes
    """
    pre_hashed_algorithm = ec.ECDSA(Prehashed(algorithm.signing_hash_type()))
    signature = b""
    while len(signature) != algorithm.signature_len:
        _LOGGER.debug(
            "Signature length %d is not desired length %d.  Recalculating.", len(signature), algorithm.signature_len
        )
        signature = key.sign(digest, pre_hashed_algorithm)
        if len(signature) != algorithm.signature_len:
            # Most of the time, a signature of the wrong length can be fixed
            # by negating s in the signature relative to the group order.
            _LOGGER.debug(
                "Signature length %d is not desired length %d.  Negating s.", len(signature), algorithm.signature_len
            )
            r, s = decode_dss_signature(signature)
            s = _ECC_CURVE_PARAMETERS[algorithm.signing_algorithm_info.name].order - s
            signature = encode_dss_signature(r, s)
    return signature 
Example #6
Source File: m2crypto.py    From py-ipv8 with GNU Lesser General Public License v3.0 5 votes vote down vote up
def signature(self, msg):
        """
        Create a signature for a message in a backwards compatible fashion

        :param msg: the message to sign
        """
        # Create the pyca signature
        if NEW_CRYPTOGRAPHY_SIGN_VERSION:
            signature = self.ec.sign(msg, ec.ECDSA(hashes.SHA1()))
        else:
            signer = self.ec.signer(ec.ECDSA(hashes.SHA1()))
            signer.update(msg)
            signature = signer.finalize()
        # Decode the DSS r and s variables from the pyca signature
        # We are going to turn these longs into (binary) string format
        r, s = decode_dss_signature(signature)
        # Convert the r and s to a valid hex representation
        r = hex(r).rstrip("L").lstrip("0x") or "0"
        s = hex(s).rstrip("L").lstrip("0x") or "0"
        # We want bytes: one byte is two nibbles:
        # Prefix with a 0 if the result is of odd length
        if len(r) % 2 == 1:
            r = "0" + r
        if len(s) % 2 == 1:
            s = "0" + s
        # Now we can turn this into a binary string
        r = unhexlify(r)
        s = unhexlify(s)
        key_len = self.get_signature_length() // 2
        # For easy decoding, prepend 0 to r and s until they are of >equal length<
        return b"".join((b"\x00" * (key_len - len(r)), r, b"\x00" * (key_len - len(s)), s)) 
Example #7
Source File: es256.py    From google-auth-library-python with Apache License 2.0 5 votes vote down vote up
def sign(self, message):
        message = _helpers.to_bytes(message)
        asn1_signature = self._key.sign(message, ec.ECDSA(hashes.SHA256()))

        # Convert ASN1 encoded signature to (r||s) raw signature.
        (r, s) = decode_dss_signature(asn1_signature)
        return utils.int_to_bytes(r, 32) + utils.int_to_bytes(s, 32) 
Example #8
Source File: ecdsalib.py    From virtualchain with GNU General Public License v3.0 5 votes vote down vote up
def finalize(self):
        """
        Get the base64-encoded signature itself.
        Can only be called once.
        """
        signature = self.signer.finalize()
        sig_r, sig_s = decode_dss_signature(signature)
        sig_b64 = encode_signature(sig_r, sig_s)
        return sig_b64 
Example #9
Source File: cryptography_backend.py    From python-jose with MIT License 5 votes vote down vote up
def _der_to_raw(self, der_signature):
        """Convert signature from DER encoding to RAW encoding."""
        r, s = decode_dss_signature(der_signature)
        component_length = self._sig_component_length()
        return int_to_bytes(r, component_length) + int_to_bytes(s, component_length) 
Example #10
Source File: jws.py    From jws with Apache License 2.0 5 votes vote down vote up
def sign(self, header, payload):
    """Computes the signed jws as defined at rfc7515#section-7.1.

    Args:
      header: dict, dictionary of header to convert to JSON and sign.
      payload: dict, dictionary of the payload to conert to JSON and sign.

    Returns:
      bytes, the signed token as defined at
      https://tools.ietf.org/html/rfc7515#section-7.1.

    Raises:
      SecurityException: if the header's algorithm or kid does not match the
      key's.
    """
    if ((header.get("alg", None) is not None and
         header["alg"] != self.algorithm) or
        (header.get("kid", None) is not None and
         getattr(self, "kid", None) is not None and header["kid"] != self.kid)):
      raise SecurityException(
          "Header's algorithm or kid does not match the key's")
    signing_input = jwsutil.urlsafe_b64encode(
        jwsutil.json_encode(header)) + b"." + jwsutil.urlsafe_b64encode(
            jwsutil.json_encode(payload))
    signature = self.signer.sign(signing_input)
    if self.algorithm[:2] == "ES":
      # Standard Ecdsa signature is the DER encoding of [r, s] while Jws's
      # singature is the concatenation of r and s.
      (r, s) = utils.decode_dss_signature(signature)
      curve_length = jwsutil.ecdsa_algorithm_to_curve_length(self.algorithm)
      signature = jwsutil.int_to_bytes(r, curve_length) + jwsutil.int_to_bytes(
          s, curve_length)
    return signing_input + b"." + jwsutil.urlsafe_b64encode(signature) 
Example #11
Source File: weak_key.py    From truegaze with Apache License 2.0 5 votes vote down vote up
def check_for_weak_signatures(signatures):
        messages = []

        # Extra r values from signatures
        values = list()
        for signature in signatures:
            (r, s) = utils.decode_dss_signature(signature)
            values.append(r)

        # Check if any appear more than once
        for r in values:
            if values.count(r) > 1:
                messages.append('---- ISSUE: DSA "r" value occurs more than once, private key is recoverable; k = ' + r)

        return messages