Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
parsing of DSA keys from X.509 certificates
- Loading branch information
1 parent
1c68f2e
commit ff7780b
Showing
11 changed files
with
466 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,7 @@ | |
"python_aes", | ||
"python_rc4", | ||
"python_rsakey", | ||
"python_dsakey", | ||
"rc4", | ||
"rijndael", | ||
"rsakey", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
"""Abstract class for DSA.""" | ||
|
||
class DSAKey(object): | ||
"""This is an abstract base class for DSA keys. | ||
Particular implementations of DSA keys, such as | ||
:py:class:`~.python_dsakey.Python_DSAKey` | ||
... more coming | ||
inherit from this. | ||
To create or parse an DSA key, don't use one of these classes | ||
directly. Instead, use the factory functions in | ||
:py:class:`~tlslite.utils.keyfactory`. | ||
""" | ||
|
||
def __init__(self, p, q, g, x, y): | ||
raise NotImplementedError() | ||
|
||
def __len__(self): | ||
raise NotImplementedError() | ||
|
||
def hasPrivateKey(self): | ||
raise NotImplementedError() | ||
|
||
def hashAndSign(self, data, hAlg): | ||
raise NotImplementedError() | ||
|
||
def verify(self, signature, hash_bytes): | ||
raise NotImplementedError() | ||
|
||
@staticmethod | ||
def generate(L, N): | ||
raise NotImplementedError() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
from ecdsa.der import encode_sequence, encode_integer, \ | ||
remove_sequence, remove_integer | ||
|
||
from .cryptomath import getRandomNumber, getRandomPrime, \ | ||
powMod, numBits, bytesToNumber, invMod, secureHash | ||
|
||
from .dsakey import DSAKey | ||
|
||
class Python_DSAKey(DSAKey): | ||
|
||
def __init__(self, p=0, q=0, g=0, x=0, y=0): | ||
self.p = p | ||
self.q = q | ||
self.g = g | ||
self.private_key = x | ||
self.public_key = y | ||
self.key_type = "dsa" | ||
|
||
def __len__(self): | ||
return numBits(self.p) | ||
|
||
def hasPrivateKey(self): | ||
return bool(self.private_key) | ||
|
||
@staticmethod | ||
def generate(L, N): | ||
assert (L, N) in [(1024, 160), (2048, 224), (2048, 256), (3072, 256)] | ||
key = Python_DSAKey() | ||
(q, p) = Python_DSAKey.generate_qp(L, N) | ||
|
||
index = getRandomNumber(1, (p-1)) | ||
g = powMod(index, int((p-1)/q), p) | ||
x = getRandomNumber(1, q-1) | ||
y = powMod(g, x, p) | ||
key.q = q | ||
key.p = p | ||
key.g = g | ||
key.private_key = x | ||
key.public_key = y | ||
return key | ||
|
||
@staticmethod | ||
def generate_qp(L, N): | ||
assert (L, N) in [(1024, 160), (2048, 224), (2048, 256), (3072, 256)] | ||
|
||
# TODO: optimize, docstring, implement Shawe-Taylor Random_Prime | ||
q = int(getRandomPrime(N)) | ||
while True: | ||
p = int(getRandomPrime(L)) | ||
if (p-1) % q: | ||
break | ||
return (q, p) | ||
|
||
def hashAndSign(self, data, hAlg="sha1"): | ||
# TODO: add assert for hash size < (q-1) constrain, docstring | ||
digest = bytesToNumber(secureHash(bytearray(data), hAlg)) | ||
digest_size = numBits(digest) | ||
|
||
# extract min(|hAlg|, N) left bits of digest | ||
N = numBits(self.q) | ||
if N < digest_size: | ||
digest &= ~(~0 << (digest_size - N)) | ||
|
||
k = getRandomNumber(1, (self.q-1)) | ||
r = powMod(self.g, k, self.p) % self.q | ||
s = invMod(k, self.q) * (digest + self.private_key * r) % self.q | ||
|
||
return encode_sequence(encode_integer(r), encode_integer(s)) | ||
|
||
def hashAndVerify(self, signature, data, hAlg="sha1"): | ||
# Get r, s components from signature | ||
digest = bytesToNumber(secureHash(bytearray(data), hAlg)) | ||
digest_size = numBits(digest) | ||
|
||
# extract min(|hAlg|, N) left bits of digest | ||
N = numBits(self.q) | ||
if N < digest_size: | ||
digest &= ~(~0 << (digest_size - N)) | ||
|
||
# get r, s keys | ||
if not signature: | ||
return False | ||
body, rest = remove_sequence(signature) | ||
if rest: | ||
return False | ||
r, rest = remove_integer(body) | ||
s, rest = remove_integer(rest) | ||
if rest: | ||
return False | ||
|
||
# check the signature | ||
if 0 < r < self.q and 0 < s < self.q: | ||
w = invMod(s, self.q) | ||
u1 = (digest * w) % self.q | ||
u2 = (r * w) % self.q | ||
v = ((powMod(self.g, u1, self.p) * powMod(self.public_key, u2, self.p)) % self.p) % self.q | ||
|
||
return r == v | ||
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.