first (working) implementation of kioubit-auth

- verify(<x509-key>, signature=base64decode(<sig>), <params(base64)>)
This commit is contained in:
lare 2022-11-12 19:57:16 +01:00
parent c600c59af8
commit 83e411bcc3

View file

@ -1,14 +1,9 @@
#! /usr/bin/env python3
#import OpenSSL
#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
#from OpenSSL.crypto import verify as OpenSSL_verify
import base64, os
#from hashlib import sha512
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS
import Crypto.Hash.SHA512 as SHA512
#from hashlib import sha512 as SHA512
from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
import OpenSSL
PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
@ -21,30 +16,35 @@ class AuthVerifyer ():
for line in pk.readlines():
pk_content += line
print(pk_content)
self.pubkey = ECC.import_key(pk_content)
#self.pubkey.set_pubkey(
# load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
#)
pkey = load_publickey(FILETYPE_PEM, pk_content)
self.x509 = X509()
self.x509.set_pubkey(pkey)
print(self.pubkey)
print(self.x509)
def verify(self, params, signature):
# sig = base64.b64decode(signature)
# print(type(sig))
#OpenSSL_verify(self.pubkey, sig
#, base64.b64decode(params), "sha512")
h = SHA512.new()
h.update(base64.b64decode(params))
sig = base64.b64decode(signature)
print(f"sig: {sig}")
print(f"params: {params}")
try:
verify(self.x509, sig, params, 'sha512')
except OpenSSL.crypto.Error:
return False, "Signature Failed"
#h = SHA512.new()
#h.update(base64.b64decode(params))
#print(h.hexdigest())
verifier = DSS.new(self.pubkey, 'fips-186-3')
valid = verifier.verify(h, signature)
return valid
#verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
#valid = verifier.verify(h, base64.b64decode(signature))
return True, ""
if __name__ == "__main__":
example_com_verifier = AuthVerifyer("example.com")
example_com_verifier.verify(
params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
)
print (example_com_verifier.verify(
params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
) )
#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'