Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
parsing of DSA keys from X.509 certificates
- Loading branch information
1 parent
b4b1339
commit b06fd33
Showing
7 changed files
with
339 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,7 @@ | |
"python_aes", | ||
"python_rc4", | ||
"python_rsakey", | ||
"python_dsakey", | ||
"rc4", | ||
"rijndael", | ||
"rsakey", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
"""Abstract class for DSA.""" | ||
|
||
class DSAKey(object): | ||
"""This is an abstract base class for DSA keys. | ||
Particular implementations of DSA keys, such as | ||
:py:class:`~.python_dsakey.Python_DSAKey` | ||
... more coming | ||
inherit from this. | ||
To create or parse an DSA key, don't use one of these classes | ||
directly. Instead, use the factory functions in | ||
:py:class:`~tlslite.utils.keyfactory`. | ||
""" | ||
|
||
def __init__(self, p, q, g, x, y): | ||
raise NotImplementedError() | ||
|
||
def __len__(self): | ||
raise NotImplementedError() | ||
|
||
def hasPrivateKey(self): | ||
raise NotImplementedError() | ||
|
||
def hashAndSign(self, data, hAlg): | ||
raise NotImplementedError() | ||
|
||
def verify(self, signature, hash_bytes): | ||
raise NotImplementedError() | ||
|
||
@staticmethod | ||
def generate(L, N): | ||
raise NotImplementedError() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
from ecdsa.der import encode_sequence, encode_integer, \ | ||
remove_sequence, remove_integer | ||
|
||
from .cryptomath import getRandomNumber, getRandomPrime, \ | ||
powMod, numBits, bytesToNumber, invMod, secureHash | ||
|
||
from .dsakey import DSAKey | ||
|
||
class Python_DSAKey(DSAKey): | ||
|
||
def __init__(self, p=0, q=0, g=0, x=0, y=0): | ||
self.p = p | ||
self.q = q | ||
self.g = g | ||
self.private_key = x | ||
self.public_key = y | ||
self.key_type = "dsa" | ||
|
||
def __len__(self): | ||
return numBits(self.p) | ||
|
||
def hasPrivateKey(self): | ||
return bool(self.private_key) | ||
|
||
@staticmethod | ||
def generate(L, N): | ||
assert (L, N) in [(1024, 160), (2048, 224), (2048, 256), (3072, 256)] | ||
key = Python_DSAKey() | ||
(q, p) = Python_DSAKey.generate_qp(L, N) | ||
|
||
index = getRandomNumber(1, (p-1)) | ||
g = powMod(index, int((p-1)/q), p) | ||
x = getRandomNumber(1, q-1) | ||
y = powMod(g, x, p) | ||
key.q = q | ||
key.p = p | ||
key.g = g | ||
key.private_key = x | ||
key.public_key = y | ||
return key | ||
|
||
@staticmethod | ||
def generate_qp(L, N): | ||
assert (L, N) in [(1024, 160), (2048, 224), (2048, 256), (3072, 256)] | ||
|
||
# TODO: optimize, docstring, implement Shawe-Taylor Random_Prime | ||
q = int(getRandomPrime(N)) | ||
while True: | ||
p = int(getRandomPrime(L)) | ||
if (p-1) % q: | ||
break | ||
return (q, p) | ||
|
||
def hashAndSign(self, data, hAlg="sha1"): | ||
# TODO: add assert for hash size < (q-1) constrain, docstring | ||
digest = bytesToNumber(secureHash(bytearray(data), hAlg)) | ||
digest_size = numBits(digest) | ||
N = numBits(self.q) | ||
if N < digest_size: | ||
digest &= ~(~0 << (digest_size - N)) | ||
k = getRandomNumber(1, (self.q-1)) | ||
r = powMod(self.g, k, self.p) % self.q | ||
s = invMod(k, self.q) * (digest + self.private_key * r) % self.q | ||
return encode_sequence(encode_integer(r), encode_integer(s)) | ||
|
||
def hashAndVerify(self, signature, data, hAlg="sha1"): | ||
# Get r, s components from signature | ||
digest = bytesToNumber(secureHash(bytearray(data), hAlg)) | ||
digest_size = numBits(digest) | ||
N = numBits(self.q) | ||
if N < digest_size: | ||
digest &= ~(~0 << (digest_size - N)) | ||
|
||
# get r, s keys | ||
body, rest = remove_sequence(signature) | ||
assert bytesToNumber(rest) == 0 | ||
r, rest = remove_integer(body) | ||
s, rest = remove_integer(rest) | ||
assert bytesToNumber(rest) == 0 | ||
|
||
# check the signature | ||
if 0 < r < self.q and 0 < s < self.q: | ||
w = invMod(s, self.q) | ||
u1 = (digest * w) % self.q | ||
u2 = (r * w) % self.q | ||
v = ((powMod(self.g, u1, self.p) * powMod(self.public_key, u2, self.p)) % self.p) % self.q | ||
return r == v |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.