Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_open_rejects_wrong_key_lengths(self):
"""
Too few bytes in a key passed through to libsodium will lead to bytes past the end
of the string being read. We should be guarding against this dangerous case.
"""
msg = b'The message does not matter.'
good_key = b'This valid key is 32 bytes long.'
for bad_key in (b'too short', b'too long' * 100):
with self.assertRaises(ValueError) as context:
libnacl.crypto_sign_open(msg, bad_key)
self.assertEqual(context.exception.args, ('Invalid public key',))
with self.assertRaises(ValueError) as context:
libnacl.crypto_sign_open(msg, good_key)
self.assertEqual(context.exception.args, ('Failed to validate message',))
def fromBinary(binary, providerFP):
if len(binary) != 124:
raise Exception("Invalid binary certificate")
certMagic = binary[0:4]
esVersion = binary[4:6]
protocolMinVersion = binary[6:8]
if certMagic != DNSCryptResolverCertificate.DNSCRYPT_CERT_MAGIC or esVersion != DNSCryptResolverCertificate.DNSCRYPT_ES_VERSION or protocolMinVersion != DNSCryptResolverCertificate.DNSCRYPT_PROTOCOL_MIN_VERSION:
raise Exception("Invalid binary certificate")
orig = libnacl.crypto_sign_open(binary[8:124], providerFP)
resolverPK = orig[0:32]
clientMagic = orig[32:40]
serial = struct.unpack_from("I", orig[40:44])[0]
validFrom = struct.unpack_from("!I", orig[44:48])[0]
validUntil = struct.unpack_from("!I", orig[48:52])[0]
return DNSCryptResolverCertificate(serial, validFrom, validUntil, resolverPK, clientMagic)
signature and message concated together.
:param signature: [:class:`bytes`] If an unsigned message is given for
smessage then the detached signature must be provded.
:param encoder: A class that is able to decode the secret message and
signature.
:rtype: :class:`bytes`
"""
if signature is not None:
# If we were given the message and signature separately, combine
# them.
smessage = signature + smessage
# Decode the signed message
smessage = encoder.decode(smessage)
return libnacl.crypto_sign_open(smessage, self._key)
def verify(self, msg):
'''
Verify the message with tis key
'''
return libnacl.crypto_sign_open(msg, self.vk)
def verify_der(self, data, sig_algorithm, sig):
"""Verify a DER-encoded signature of the specified data"""
# pylint: disable=unused-argument
try:
return libnacl.crypto_sign_open(sig + data, self._vk) == data
except ValueError:
return False
signature and message concated together.
:param signature: [:class:`bytes`] If an unsigned message is given for
smessage then the detached signature must be provded.
:param encoder: A class that is able to decode the secret message and
signature.
:rtype: :class:`bytes`
"""
if signature is not None:
# If we were given the message and signature separately, combine
# them.
smessage = signature + smessage
# Decode the signed message
smessage = encoder.decode(smessage)
return libnacl.crypto_sign_open(smessage, self._key)
"""Verify the signature on a block of data"""
try:
return _ed25519_verify(sig + data, self._pub) == data
except ValueError:
return False
try:
import libnacl
_ED25519_PUBLIC_BYTES = libnacl.crypto_sign_ed25519_PUBLICKEYBYTES
_ed25519_construct_keypair = libnacl.crypto_sign_seed_keypair
_ed25519_generate_keypair = libnacl.crypto_sign_keypair
_ed25519_sign = libnacl.crypto_sign
_ed25519_verify = libnacl.crypto_sign_open
ed25519_available = True
except (ImportError, OSError, AttributeError):
pass
if curve25519_available: # pragma: no branch
class Curve25519DH:
"""Curve25519 Diffie Hellman implementation based on PyCA"""
def __init__(self):
self._priv_key = x25519.X25519PrivateKey.generate()
def get_public(self):
"""Return the public key to send in the handshake"""
def verify(self, msg):
'''
Verify the message with tis key
'''
return libnacl.crypto_sign_open(msg, self.vk)