def __init__(self, curve_class, nist_name):
self.nist_name = nist_name
self.key_length = curve_class.key_size
# Defined in RFC 5656 6.2
self.key_format_identifier = "ecdsa-sha2-" + self.nist_name
# Defined in RFC 5656 6.2.1
if self.key_length <= 256:
self.hash_object = hashes.SHA256
elif self.key_length <= 384:
self.hash_object = hashes.SHA384
else:
self.hash_object = hashes.SHA512
self.curve_class = curve_class
python类SHA384的实例源码
def __init__(self, curve_class, nist_name):
self.nist_name = nist_name
self.key_length = curve_class.key_size
# Defined in RFC 5656 6.2
self.key_format_identifier = "ecdsa-sha2-" + self.nist_name
# Defined in RFC 5656 6.2.1
if self.key_length <= 256:
self.hash_object = hashes.SHA256
elif self.key_length <= 384:
self.hash_object = hashes.SHA384
else:
self.hash_object = hashes.SHA512
self.curve_class = curve_class
def get_default_algorithms():
"""
Returns the algorithms that are implemented by the library.
"""
default_algorithms = {
'none': NoneAlgorithm(),
'HS256': HMACAlgorithm(HMACAlgorithm.SHA256),
'HS384': HMACAlgorithm(HMACAlgorithm.SHA384),
'HS512': HMACAlgorithm(HMACAlgorithm.SHA512)
}
if has_crypto:
default_algorithms.update({
'RS256': RSAAlgorithm(RSAAlgorithm.SHA256),
'RS384': RSAAlgorithm(RSAAlgorithm.SHA384),
'RS512': RSAAlgorithm(RSAAlgorithm.SHA512),
'ES256': ECAlgorithm(ECAlgorithm.SHA256),
'ES384': ECAlgorithm(ECAlgorithm.SHA384),
'ES512': ECAlgorithm(ECAlgorithm.SHA512),
'PS256': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
'PS384': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
'PS512': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512)
})
return default_algorithms
def __init__(self, curve_class, nist_name):
self.nist_name = nist_name
self.key_length = curve_class.key_size
# Defined in RFC 5656 6.2
self.key_format_identifier = "ecdsa-sha2-" + self.nist_name
# Defined in RFC 5656 6.2.1
if self.key_length <= 256:
self.hash_object = hashes.SHA256
elif self.key_length <= 384:
self.hash_object = hashes.SHA384
else:
self.hash_object = hashes.SHA512
self.curve_class = curve_class
def __init__(self, curve_class, nist_name):
self.nist_name = nist_name
self.key_length = curve_class.key_size
# Defined in RFC 5656 6.2
self.key_format_identifier = "ecdsa-sha2-" + self.nist_name
# Defined in RFC 5656 6.2.1
if self.key_length <= 256:
self.hash_object = hashes.SHA256
elif self.key_length <= 384:
self.hash_object = hashes.SHA384
else:
self.hash_object = hashes.SHA512
self.curve_class = curve_class
def __init__(self, security_level=CURVE_P_256_Size, hash_algorithm=SHA2):
""" Init curve and hash function.
:param security_level: security level
:param hash_algorithm: hash function
"""
if security_level == CURVE_P_256_Size:
# order = openssl.backend._lib.BN_new()
# curve = openssl.backend._lib.EC_GROUP_new_by_curve_name(
# openssl.backend._lib.NID_X9_62_prime256v1)
# openssl.backend._lib.EC_GROUP_get_order(
# curve, order, openssl.backend._ffi.NULL)
self.order = int("115792089210356248762697446949407573529"
"996955224135760342422259061068512044369")
self.half_order = self.order >> 1
self.curve = ec.SECP256R1
self.sign_hash_algorithm = hashes.SHA256()
else:
# order = openssl.backend._lib.BN_new()
# curve = openssl.backend._lib.EC_GROUP_new_by_curve_name(
# openssl.backend._lib.NID_secp384r1)
# openssl.backend._lib.EC_GROUP_get_order(
# curve, order, openssl.backend._ffi.NULL)
self.order = int("39402006196394479212279040100"
"14361380507973927046544666794"
"69052796276593991132635693989"
"56308152294913554433653942643")
self.half_order = self.order >> 1
self.curve = ec.SECP384R1
self.sign_hash_algorithm = hashes.SHA384()
if hash_algorithm == SHA2:
self._hash = hashlib.sha256
elif hash_algorithm == SHA3 and security_level == CURVE_P_256_Size:
self._hash = hashlib.sha3_256
else:
self._hash = hashlib.sha3_384
def _oaep_hash_supported(self, algorithm):
if self._lib.Cryptography_HAS_RSA_OAEP_MD:
return isinstance(
algorithm, (
hashes.SHA1,
hashes.SHA224,
hashes.SHA256,
hashes.SHA384,
hashes.SHA512,
)
)
else:
return isinstance(algorithm, hashes.SHA1)
def hash_func(self):
return {
self.MD5: hashes.MD5,
self.SHA1: hashes.SHA1,
self.SHA224: hashes.SHA224,
self.SHA256: hashes.SHA256,
self.SHA384: hashes.SHA384,
self.SHA512: hashes.SHA512,
}[self]
def rsa_pkcs1v15_signature_algorithm_for_hash_id(hash_id):
signature_algorithms = {
HashID.SHA512: RS512,
HashID.SHA384: RS384,
}
return signature_algorithms.get(hash_id, RS256)
def get_default_algorithms():
"""
Returns the algorithms that are implemented by the library.
"""
default_algorithms = {
'none': NoneAlgorithm(),
'HS256': HMACAlgorithm(HMACAlgorithm.SHA256),
'HS384': HMACAlgorithm(HMACAlgorithm.SHA384),
'HS512': HMACAlgorithm(HMACAlgorithm.SHA512)
}
if has_crypto:
default_algorithms.update({
'RS256': RSAAlgorithm(RSAAlgorithm.SHA256),
'RS384': RSAAlgorithm(RSAAlgorithm.SHA384),
'RS512': RSAAlgorithm(RSAAlgorithm.SHA512),
'ES256': ECAlgorithm(ECAlgorithm.SHA256),
'ES384': ECAlgorithm(ECAlgorithm.SHA384),
'ES521': ECAlgorithm(ECAlgorithm.SHA512),
'ES512': ECAlgorithm(ECAlgorithm.SHA512), # Backward compat for #219 fix
'PS256': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
'PS384': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
'PS512': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512)
})
return default_algorithms
def __init__(self):
"""
Construct a CryptographyEngine.
"""
self.logger = logging.getLogger('kmip.server.engine.cryptography')
self._symmetric_key_algorithms = {
enums.CryptographicAlgorithm.TRIPLE_DES: algorithms.TripleDES,
enums.CryptographicAlgorithm.AES: algorithms.AES,
enums.CryptographicAlgorithm.BLOWFISH: algorithms.Blowfish,
enums.CryptographicAlgorithm.CAMELLIA: algorithms.Camellia,
enums.CryptographicAlgorithm.CAST5: algorithms.CAST5,
enums.CryptographicAlgorithm.IDEA: algorithms.IDEA,
enums.CryptographicAlgorithm.RC4: algorithms.ARC4
}
self._asymetric_key_algorithms = {
enums.CryptographicAlgorithm.RSA: self._create_rsa_key_pair
}
self._hash_algorithms = {
enums.CryptographicAlgorithm.HMAC_SHA1: hashes.SHA1,
enums.CryptographicAlgorithm.HMAC_SHA224: hashes.SHA224,
enums.CryptographicAlgorithm.HMAC_SHA256: hashes.SHA256,
enums.CryptographicAlgorithm.HMAC_SHA384: hashes.SHA384,
enums.CryptographicAlgorithm.HMAC_SHA512: hashes.SHA512,
enums.CryptographicAlgorithm.HMAC_MD5: hashes.MD5
}
def _oaep_hash_supported(self, algorithm):
if self._lib.Cryptography_HAS_RSA_OAEP_MD:
return isinstance(
algorithm, (
hashes.SHA1,
hashes.SHA224,
hashes.SHA256,
hashes.SHA384,
hashes.SHA512,
)
)
else:
return isinstance(algorithm, hashes.SHA1)
def get_default_algorithms():
"""
Returns the algorithms that are implemented by the library.
"""
default_algorithms = {
'none': NoneAlgorithm(),
'HS256': HMACAlgorithm(HMACAlgorithm.SHA256),
'HS384': HMACAlgorithm(HMACAlgorithm.SHA384),
'HS512': HMACAlgorithm(HMACAlgorithm.SHA512)
}
if has_crypto:
default_algorithms.update({
'RS256': RSAAlgorithm(RSAAlgorithm.SHA256),
'RS384': RSAAlgorithm(RSAAlgorithm.SHA384),
'RS512': RSAAlgorithm(RSAAlgorithm.SHA512),
'ES256': ECAlgorithm(ECAlgorithm.SHA256),
'ES384': ECAlgorithm(ECAlgorithm.SHA384),
'ES521': ECAlgorithm(ECAlgorithm.SHA512),
'ES512': ECAlgorithm(ECAlgorithm.SHA512), # Backward compat for #219 fix
'PS256': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
'PS384': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
'PS512': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512)
})
return default_algorithms
def _oaep_hash_supported(self, algorithm):
if self._lib.Cryptography_HAS_RSA_OAEP_MD:
return isinstance(
algorithm, (
hashes.SHA1,
hashes.SHA224,
hashes.SHA256,
hashes.SHA384,
hashes.SHA512,
)
)
else:
return isinstance(algorithm, hashes.SHA1)
def _oaep_hash_supported(self, algorithm):
if self._lib.Cryptography_HAS_RSA_OAEP_MD:
return isinstance(
algorithm, (
hashes.SHA1,
hashes.SHA224,
hashes.SHA256,
hashes.SHA384,
hashes.SHA512,
)
)
else:
return isinstance(algorithm, hashes.SHA1)
def jws_encapsulate(key,
header,
payload,
digest=hashes.SHA256,
padder=asymmetric.padding.PKCS1v15):
if digest == hashes.SHA256:
suffix = '256'
elif digest == hashes.SHA384:
suffix = '384'
elif digest == hashes.SHA512:
suffix = '512'
else:
raise ValueError('RFC 7518 non-compliant digest: ' + digest)
if isinstance(key, bytes):
algorithm = 'HS' + suffix
signer = hmac.HMAC(key, digest(), backend)
elif isinstance(key, ec.EllipticCurvePrivateKey):
algorithm = 'ES' + suffix
signer = key.signer(ec.ECDSA(digest()))
elif isinstance(key, rsa.RSAPrivateKey):
if padder == asymmetric.padding.PSS:
algorithm = 'PS' + suffix
signer = key.signer(padder(padding.MGF1(digest()),
padder.MAX_LENGTH).
digest())
elif padder == asymmetric.padding.PKCS1v15:
algorithm = 'RS' + suffix
signer = key.signer(padder(), digest())
else:
raise ValueError('RFC 7518 non-compliant padding: ' + \
str(type(padder)))
else:
raise ValueError('RFC 7518 non-compliant key: ' + str(type(key)))
pubkey = key_to_pubkey(key)
header['alg'] = algorithm
header['jwk'] = pubkey_to_jwk(pubkey)
protected = jws_safe_obj(header)
payload = jws_safe_obj(payload)
signer.update(protected + b'.' + payload)
signature = acme_safe_b64_encode(signer.finalize())
return json.dumps({
'protected': protected.decode('ascii'),
'payload': payload.decode('ascii'),
'signature': signature.decode('ascii'),
}).encode('ascii')
