From 65d054d1a9b8b122096d7994fc2fe675c06f423f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 10:29:59 -1000 Subject: add decode_rfc6979_signature helper for DSA/ECDSA --- .../hazmat/primitives/asymmetric/utils.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 src/cryptography/hazmat/primitives/asymmetric/utils.py (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py new file mode 100644 index 00000000..5e35b3f6 --- /dev/null +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -0,0 +1,22 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +from pyasn1.codec.der import decoder +from pyasn1.type import namedtype, univ + + +class _DSSSigValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('r', univ.Integer()), + namedtype.NamedType('s', univ.Integer()) + ) + + +def decode_rfc6979_signature(signature): + data = decoder.decode(signature, asn1Spec=_DSSSigValue()) + r = int(data[0].getComponentByName('r')) + s = int(data[0].getComponentByName('s')) + return (r, s) -- cgit v1.2.3 From aa7dacaf53e150d9d6e58224c46b88214f2957df Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 27 Nov 2014 10:40:12 -1000 Subject: add encode_rfc6979_signature and refactor tests to use it --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 5e35b3f6..0140e6c1 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -4,7 +4,7 @@ from __future__ import absolute_import, division, print_function -from pyasn1.codec.der import decoder +from pyasn1.codec.der import decoder, encoder from pyasn1.type import namedtype, univ @@ -20,3 +20,10 @@ def decode_rfc6979_signature(signature): r = int(data[0].getComponentByName('r')) s = int(data[0].getComponentByName('s')) return (r, s) + + +def encode_rfc6979_signature(r, s): + sig = _DSSSigValue() + sig.setComponentByName('r', r) + sig.setComponentByName('s', s) + return encoder.encode(sig) -- cgit v1.2.3 From 94a0713e3aa1b2ec4f98fe1eb690ef2160d70fdf Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 30 Nov 2014 09:51:10 -1000 Subject: error if signature has trailing bytes --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 0140e6c1..a1a40292 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -17,6 +17,10 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): data = decoder.decode(signature, asn1Spec=_DSSSigValue()) + if data[1]: + raise ValueError( + "The signature contains bytes after the end of the ASN.1 sequence." + ) r = int(data[0].getComponentByName('r')) s = int(data[0].getComponentByName('s')) return (r, s) -- cgit v1.2.3 From d5fe4ba989f1c8ff5494fee3f6404a14456eac8d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 30 Nov 2014 10:18:08 -1000 Subject: assign tuple to multiple vars for better readability --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index a1a40292..36b9080d 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -16,13 +16,13 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): - data = decoder.decode(signature, asn1Spec=_DSSSigValue()) - if data[1]: + data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + if remaining: raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." ) - r = int(data[0].getComponentByName('r')) - s = int(data[0].getComponentByName('s')) + r = int(data.getComponentByName('r')) + s = int(data.getComponentByName('s')) return (r, s) -- cgit v1.2.3 From 73251faf2cb043dc9795b46c98c7084482d2aed2 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 6 Dec 2014 23:17:23 -0600 Subject: catch PyAsn1Error when decoding rfc6979 signature --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 36b9080d..08bb40c7 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function from pyasn1.codec.der import decoder, encoder +from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ @@ -16,7 +17,11 @@ class _DSSSigValue(univ.Sequence): def decode_rfc6979_signature(signature): - data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + try: + data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue()) + except PyAsn1Error: + raise ValueError("Invalid signature data. Unable to decode ASN.1") + if remaining: raise ValueError( "The signature contains bytes after the end of the ASN.1 sequence." -- cgit v1.2.3 From a43964a0e90d7788b81521c9e7b949cdc2b555a0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 7 Dec 2014 11:44:04 -0600 Subject: catch PyAsn1Error for encoding signature as well --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index 08bb40c7..cf5973a0 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -32,7 +32,11 @@ def decode_rfc6979_signature(signature): def encode_rfc6979_signature(r, s): - sig = _DSSSigValue() - sig.setComponentByName('r', r) - sig.setComponentByName('s', s) + try: + sig = _DSSSigValue() + sig.setComponentByName('r', r) + sig.setComponentByName('s', s) + except PyAsn1Error: + raise ValueError("Both r and s must be integers") + return encoder.encode(sig) -- cgit v1.2.3 From 6a4342c18ca0507f3d1842591553bddac6eb9189 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 7 Dec 2014 13:52:39 -0600 Subject: directly test r, s for integer-ness --- src/cryptography/hazmat/primitives/asymmetric/utils.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py index cf5973a0..71f4ff8e 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/utils.py +++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py @@ -8,6 +8,8 @@ from pyasn1.codec.der import decoder, encoder from pyasn1.error import PyAsn1Error from pyasn1.type import namedtype, univ +import six + class _DSSSigValue(univ.Sequence): componentType = namedtype.NamedTypes( @@ -32,11 +34,13 @@ def decode_rfc6979_signature(signature): def encode_rfc6979_signature(r, s): - try: - sig = _DSSSigValue() - sig.setComponentByName('r', r) - sig.setComponentByName('s', s) - except PyAsn1Error: + if ( + not isinstance(r, six.integer_types) or + not isinstance(s, six.integer_types) + ): raise ValueError("Both r and s must be integers") + sig = _DSSSigValue() + sig.setComponentByName('r', r) + sig.setComponentByName('s', s) return encoder.encode(sig) -- cgit v1.2.3