first (working) implementation of kioubit-auth
- verify(<x509-key>, signature=base64decode(<sig>), <params(base64)>)
This commit is contained in:
parent
c600c59af8
commit
83e411bcc3
1 changed files with 23 additions and 23 deletions
|
@ -1,14 +1,9 @@
|
|||
#! /usr/bin/env python3
|
||||
|
||||
#import OpenSSL
|
||||
#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
|
||||
#from OpenSSL.crypto import verify as OpenSSL_verify
|
||||
import base64, os
|
||||
#from hashlib import sha512
|
||||
from Crypto.PublicKey import ECC
|
||||
from Crypto.Signature import DSS
|
||||
import Crypto.Hash.SHA512 as SHA512
|
||||
#from hashlib import sha512 as SHA512
|
||||
from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
|
||||
import OpenSSL
|
||||
|
||||
|
||||
PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
|
||||
|
||||
|
@ -21,30 +16,35 @@ class AuthVerifyer ():
|
|||
for line in pk.readlines():
|
||||
pk_content += line
|
||||
print(pk_content)
|
||||
self.pubkey = ECC.import_key(pk_content)
|
||||
#self.pubkey.set_pubkey(
|
||||
# load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
|
||||
#)
|
||||
pkey = load_publickey(FILETYPE_PEM, pk_content)
|
||||
self.x509 = X509()
|
||||
self.x509.set_pubkey(pkey)
|
||||
|
||||
print(self.pubkey)
|
||||
print(self.x509)
|
||||
|
||||
def verify(self, params, signature):
|
||||
# sig = base64.b64decode(signature)
|
||||
# print(type(sig))
|
||||
#OpenSSL_verify(self.pubkey, sig
|
||||
#, base64.b64decode(params), "sha512")
|
||||
h = SHA512.new()
|
||||
h.update(base64.b64decode(params))
|
||||
sig = base64.b64decode(signature)
|
||||
print(f"sig: {sig}")
|
||||
print(f"params: {params}")
|
||||
try:
|
||||
verify(self.x509, sig, params, 'sha512')
|
||||
except OpenSSL.crypto.Error:
|
||||
return False, "Signature Failed"
|
||||
#h = SHA512.new()
|
||||
#h.update(base64.b64decode(params))
|
||||
#print(h.hexdigest())
|
||||
verifier = DSS.new(self.pubkey, 'fips-186-3')
|
||||
valid = verifier.verify(h, signature)
|
||||
return valid
|
||||
#verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
|
||||
#valid = verifier.verify(h, base64.b64decode(signature))
|
||||
return True, ""
|
||||
|
||||
if __name__ == "__main__":
|
||||
example_com_verifier = AuthVerifyer("example.com")
|
||||
example_com_verifier.verify(
|
||||
params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
|
||||
signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
|
||||
)
|
||||
print (example_com_verifier.verify(
|
||||
params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
|
||||
signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
|
||||
) )
|
||||
#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
|
||||
#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'
|
||||
|
|
Loading…
Add table
Reference in a new issue