How to use the oscrypto._win._advapi32.handle_error function in oscrypto
To help you get started, we’ve selected a few oscrypto examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
wbond / oscrypto / oscrypto / _win / asymmetric.py View on Github 
# OpenSSL allows use of generator 2 or 5, but we hardcode 2 since it is
# the default, and what is used by Security.framework on OS X also.
g = 2
try:
byte_size = bit_size // 8
if _backend == 'win':
alg_handle = open_alg_handle(BcryptConst.BCRYPT_RNG_ALGORITHM)
buffer = buffer_from_bytes(byte_size)
while True:
if _backend == 'winlegacy':
rb = os.urandom(byte_size)
else:
res = bcrypt.BCryptGenRandom(alg_handle, buffer, byte_size, 0)
handle_error(res)
rb = bytes_from_buffer(buffer)
p = int_from_bytes(rb)
# If a number is even, it can't be prime
if p % 2 == 0:
continue
# Perform the generator checks outlined in OpenSSL's
# dh_builtin_genparams() located in dh_gen.c
if g == 2:
if p % 24 != 11:
continue
elif g == 5:
rem = p % 10
if rem != 3 and rem != 7:'md5': Advapi32Const.CALG_MD5,
'sha1': Advapi32Const.CALG_SHA1,
'sha256': Advapi32Const.CALG_SHA_256,
'sha384': Advapi32Const.CALG_SHA_384,
'sha512': Advapi32Const.CALG_SHA_512,
}[hash_algorithm]
hash_handle_pointer = new(advapi32, 'HCRYPTHASH *')
res = advapi32.CryptCreateHash(
certificate_or_public_key.context_handle,
alg_id,
null(),
0,
hash_handle_pointer
)
handle_error(res)
hash_handle = unwrap(hash_handle_pointer)
res = advapi32.CryptHashData(hash_handle, data, len(data), 0)
handle_error(res)
if algo == 'dsa':
# Windows doesn't use the ASN.1 Sequence for DSA signatures,
# so we have to convert it here for the verification to work
try:
signature = DSASignature.load(signature).to_p1363()
# Switch the two integers so that the reversal later will
# result in the correct order
half_len = len(signature) // 2
signature = signature[half_len:] + signature[:half_len]
except (ValueError, OverflowError, TypeError):buffer = buffer_from_bytes(buffer_len)
iv_buffer = buffer_from_bytes(iv) if iv else null()
res = bcrypt.BCryptEncrypt(
key_handle,
data,
len(data),
null(),
iv_buffer,
iv_len,
buffer,
buffer_len,
out_len,
flags
)
handle_error(res)
return bytes_from_buffer(buffer, deref(out_len))
finally:
if key_handle:
bcrypt.BCryptDestroyKey(key_handle)sha224, sha256 or sha512
'''
))
out_len = new(bcrypt, 'DWORD *')
res = bcrypt.BCryptSignHash(
private_key.key_handle,
padding_info,
digest,
len(digest),
null(),
0,
out_len,
flags
)
handle_error(res)
buffer_len = deref(out_len)
buffer = buffer_from_bytes(buffer_len)
if private_key.algorithm == 'rsa':
padding_info = cast(bcrypt, 'void *', padding_info_struct_pointer)
res = bcrypt.BCryptSignHash(
private_key.key_handle,
padding_info,
digest,
len(digest),
buffer,
buffer_len,
out_len,
flagsexcept (ValueError, OverflowError, TypeError):
raise SignatureError('Signature is invalid')
# The CryptoAPI expects signatures to be in little endian byte order,
# which is the opposite of other systems, so we must reverse it
reversed_signature = signature[::-1]
res = advapi32.CryptVerifySignatureW(
hash_handle,
reversed_signature,
len(signature),
certificate_or_public_key.key_handle,
null(),
0
)
handle_error(res)
finally:
if hash_handle:
advapi32.CryptDestroyHash(hash_handle)if rsa_oaep_padding:
flags = Advapi32Const.CRYPT_OAEP
ciphertext = ciphertext[::-1]
buffer = buffer_from_bytes(ciphertext)
out_len = new(advapi32, 'DWORD *', len(ciphertext))
res = advapi32.CryptDecrypt(
private_key.ex_key_handle,
null(),
True,
flags,
buffer,
out_len
)
handle_error(res)
return bytes_from_buffer(buffer, deref(out_len))blob = struct_bytes(blob_struct_pointer) + x_bytes + y_bytes
if key_type == 'private':
blob += fill_width(private_bytes, key_width)
key_handle_pointer = new(bcrypt, 'BCRYPT_KEY_HANDLE *')
res = bcrypt.BCryptImportKeyPair(
alg_handle,
null(),
blob_type,
key_handle_pointer,
blob,
len(blob),
BcryptConst.BCRYPT_NO_KEY_VALIDATION
)
handle_error(res)
key_handle = unwrap(key_handle_pointer)
return container(key_handle, key_object)
finally:
if alg_handle:
close_alg_handle(alg_handle)'md5': Advapi32Const.CALG_MD5,
'sha1': Advapi32Const.CALG_SHA1,
'sha256': Advapi32Const.CALG_SHA_256,
'sha384': Advapi32Const.CALG_SHA_384,
'sha512': Advapi32Const.CALG_SHA_512,
}[hash_algorithm]
hash_handle_pointer = new(advapi32, 'HCRYPTHASH *')
res = advapi32.CryptCreateHash(
private_key.context_handle,
alg_id,
null(),
0,
hash_handle_pointer
)
handle_error(res)
hash_handle = unwrap(hash_handle_pointer)
res = advapi32.CryptHashData(hash_handle, data, len(data), 0)
handle_error(res)
out_len = new(advapi32, 'DWORD *')
res = advapi32.CryptSignHashW(
hash_handle,
Advapi32Const.AT_SIGNATURE,
null(),
0,
null(),
out_len
)
handle_error(res)null(),
out_len
)
handle_error(res)
buffer_length = deref(out_len)
buffer_ = buffer_from_bytes(buffer_length)
res = advapi32.CryptExportKey(
key_handle,
null(),
Advapi32Const.PRIVATEKEYBLOB,
0,
buffer_,
out_len
)
handle_error(res)
blob_struct_pointer = struct_from_buffer(advapi32, struct_type, buffer_)
blob_struct = unwrap(blob_struct_pointer)
struct_size = sizeof(advapi32, blob_struct)
private_blob = bytes_from_buffer(buffer_, buffer_length)[struct_size:]
if algorithm == 'rsa':
public_info, private_info = _advapi32_interpret_rsa_key_blob(bit_size, blob_struct, private_blob)
else:
# The public key for a DSA key is not available in from the private
# key blob, so we have to separately export the public key
public_out_len = new(advapi32, 'DWORD *')
res = advapi32.CryptExportKey(
key_handle,struct_size = sizeof(bcrypt, private_blob_struct)
private_blob = bytes_from_buffer(private_buffer, private_buffer_length)[struct_size:]
if algorithm == 'rsa':
private_key = _bcrypt_interpret_rsa_key_blob('private', private_blob_struct, private_blob)
elif algorithm == 'dsa':
if bit_size > 1024:
private_key = _bcrypt_interpret_dsa_key_blob('private', 2, private_blob_struct, private_blob)
else:
private_key = _bcrypt_interpret_dsa_key_blob('private', 1, private_blob_struct, private_blob)
else:
private_key = _bcrypt_interpret_ec_key_blob('private', private_blob_struct, private_blob)
public_out_len = new(bcrypt, 'ULONG *')
res = bcrypt.BCryptExportKey(key_handle, null(), public_blob_type, null(), 0, public_out_len, 0)
handle_error(res)
public_buffer_length = deref(public_out_len)
public_buffer = buffer_from_bytes(public_buffer_length)
res = bcrypt.BCryptExportKey(
key_handle,
null(),
public_blob_type,
public_buffer,
public_buffer_length,
public_out_len,
0
)
handle_error(res)
public_blob_struct_pointer = struct_from_buffer(bcrypt, struct_type, public_buffer)
public_blob_struct = unwrap(public_blob_struct_pointer)
struct_size = sizeof(bcrypt, public_blob_struct)oscrypto
TLS (SSL) sockets, key generation, encryption, decryption, signing, verification and KDFs using the OS crypto libraries. Does not require a compiler, and relies on the OS for patching. Works on Windows, OS X and Linux/BSD.
Package Health Score
73 / 100Popular oscrypto functions
- oscrypto._asn1.int_from_bytes
- oscrypto._asn1.int_to_bytes
- oscrypto._errors.pretty_message
- oscrypto._ffi.buffer_from_bytes
- oscrypto._ffi.bytes_from_buffer
- oscrypto._ffi.deref
- oscrypto._ffi.is_null
- oscrypto._ffi.new
- oscrypto._ffi.null
- oscrypto._ffi.struct
- oscrypto._ffi.unwrap
- oscrypto._int.fill_width
- oscrypto._mac._core_foundation.CoreFoundation.CFRelease
- oscrypto._mac._security.handle_sec_error
- oscrypto._mac._security.Security
- oscrypto._mac._security.Security.SecTransformSetAttribute
- oscrypto._openssl._libcrypto.handle_openssl_error
- oscrypto._types.type_name
- oscrypto._win._advapi32.handle_error
- oscrypto.asymmetric.load_public_key