first (working) implementation of kioubit-auth

- verify(<x509-key>, signature=base64decode(<sig>), <params(base64)>)

web/backend/kioubit_verify.py

@@ -1,14 +1,9 @@
 #! /usr/bin/env python3
 
-#import OpenSSL
-#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
-#from OpenSSL.crypto import verify as OpenSSL_verify
 import base64, os
-#from hashlib import sha512
-from Crypto.PublicKey import ECC
-from Crypto.Signature import DSS 
-import Crypto.Hash.SHA512 as SHA512
-#from hashlib import sha512 as SHA512
+from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
+import OpenSSL
+
 
 PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
 
@@ -21,30 +16,35 @@ class AuthVerifyer ():
             for line in pk.readlines():
                 pk_content += line
             print(pk_content)
-            self.pubkey = ECC.import_key(pk_content)
-            #self.pubkey.set_pubkey(
-            #    load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
-            #)
+        pkey = load_publickey(FILETYPE_PEM, pk_content)
+        self.x509 = X509()
+        self.x509.set_pubkey(pkey)
         
-        print(self.pubkey)
+        print(self.x509)
         
     def verify(self, params, signature):
-        # sig = base64.b64decode(signature)
         # print(type(sig))
         #OpenSSL_verify(self.pubkey, sig
         #, base64.b64decode(params), "sha512")
-        h = SHA512.new()
-        h.update(base64.b64decode(params))
+        sig = base64.b64decode(signature)
+        print(f"sig: {sig}")
+        print(f"params: {params}")
+        try:
+            verify(self.x509, sig, params, 'sha512')
+        except OpenSSL.crypto.Error:
+            return False, "Signature Failed"
+        #h = SHA512.new()
+        #h.update(base64.b64decode(params))
         #print(h.hexdigest())
-        verifier = DSS.new(self.pubkey, 'fips-186-3')
-        valid = verifier.verify(h, signature)
-        return valid
+        #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
+        #valid = verifier.verify(h, base64.b64decode(signature))
+        return True, ""
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
-    example_com_verifier.verify(
-        params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
-        signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
-        )
+    print (example_com_verifier.verify(
+        params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
+        signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
+        ) )
 #params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", 
 #signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'