first (working) implementation of kioubit-auth

- verify(<x509-key>, signature=base64decode(<sig>), <params(base64)>)
This commit is contained in:
lare 2022-11-12 19:57:16 +01:00
parent e8c9c25a01
commit b305139033

View file

@ -1,14 +1,9 @@
#! /usr/bin/env python3 #! /usr/bin/env python3
#import OpenSSL
#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
#from OpenSSL.crypto import verify as OpenSSL_verify
import base64, os import base64, os
#from hashlib import sha512 from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
from Crypto.PublicKey import ECC import OpenSSL
from Crypto.Signature import DSS
import Crypto.Hash.SHA512 as SHA512
#from hashlib import sha512 as SHA512
PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem" PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
@ -21,30 +16,35 @@ class AuthVerifyer ():
for line in pk.readlines(): for line in pk.readlines():
pk_content += line pk_content += line
print(pk_content) print(pk_content)
self.pubkey = ECC.import_key(pk_content) pkey = load_publickey(FILETYPE_PEM, pk_content)
#self.pubkey.set_pubkey( self.x509 = X509()
# load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content) self.x509.set_pubkey(pkey)
#)
print(self.pubkey) print(self.x509)
def verify(self, params, signature): def verify(self, params, signature):
# sig = base64.b64decode(signature)
# print(type(sig)) # print(type(sig))
#OpenSSL_verify(self.pubkey, sig #OpenSSL_verify(self.pubkey, sig
#, base64.b64decode(params), "sha512") #, base64.b64decode(params), "sha512")
h = SHA512.new() sig = base64.b64decode(signature)
h.update(base64.b64decode(params)) print(f"sig: {sig}")
print(f"params: {params}")
try:
verify(self.x509, sig, params, 'sha512')
except OpenSSL.crypto.Error:
return False, "Signature Failed"
#h = SHA512.new()
#h.update(base64.b64decode(params))
#print(h.hexdigest()) #print(h.hexdigest())
verifier = DSS.new(self.pubkey, 'fips-186-3') #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
valid = verifier.verify(h, signature) #valid = verifier.verify(h, base64.b64decode(signature))
return valid return True, ""
if __name__ == "__main__": if __name__ == "__main__":
example_com_verifier = AuthVerifyer("example.com") example_com_verifier = AuthVerifyer("example.com")
example_com_verifier.verify( print (example_com_verifier.verify(
params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA==" signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
) ) )
#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", #params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX' #signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'