[continued from previous message]
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ kmip/services/server/crypto/engine.py:371: in encrypt
return self._encrypt_asymmetric(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <kmip.services.server.crypto.engine.CryptographyEngine object at 0x7fe2fc3550d0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'0\x81\x89\x02\x81\x81\x00\xa8\xb3\xb2\x84\xaf\x8e\xb5\x0b8p4\xa8`\xf1F\xc4\x91\x9f1\x87c\xcdlU\x98\xc8\xaeH\x11\xa1\...f79-\xd3\xaa\xff\x93\xae\x1ekf{\xb3\xd4$v\x16\xd4\xf5\xba\x10\xd4\xcf\xd2&\xde\x88\xd3\x9f\x16\xfb\x02\x03\x01\x00\
x01'
plain_text = b'f(\x19N\x12\x07=\xb0;\xa9L\xda\x9e\xf9S#\x97\xd5\r\xbay\xb9\x87\x00J\xfe\xfe4'
padding_method = <cryptography.hazmat.primitives.asymmetric.padding.OAEP object at 0x7fe2fc355160>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
except Exception:
raise exceptions.CryptographicFailure(
"The public key bytes could not be loaded."
)
E kmip.core.exceptions.CryptographicFailure: The public key bytes could not be loaded.
kmip/services/server/crypto/engine.py:596: CryptographicFailure
___________ test_encrypt_decrypt_asymmetric[asymmetric_parameters1] ____________
self = <kmip.services.server.crypto.engine.CryptographyEngine object at 0x7fe2fc3568a0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAJi3BYLKgI/R01CVYqDvMFr22YdUQ7Nb3yTVNjU+PxIo3NEqeFaDVsb/\nMjq/cqwc2/5xL7Sf5Z...pbViw/KY253fdWB4d5GMztHQ\n0fN3M4wNPTIHeX6GLGXRFDnliBd1J6fe2Rlxrc+R4ug0438FpzZVAgMBAAE=\n-----END RSA PUBLIC KEY-----\
n'
plain_text = b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7' padding_method = <cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15 object at 0x7fe2fc356480>
hashing_algorithm = None
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
E AttributeError: 'Backend' object has no attribute 'load_der_public_key'
kmip/services/server/crypto/engine.py:591: AttributeError
During handling of the above exception, another exception occurred:
self = <kmip.services.server.crypto.engine.CryptographyEngine object at 0x7fe2fc3568a0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAJi3BYLKgI/R01CVYqDvMFr22YdUQ7Nb3yTVNjU+PxIo3NEqeFaDVsb/\nMjq/cqwc2/5xL7Sf5Z...pbViw/KY253fdWB4d5GMztHQ\n0fN3M4wNPTIHeX6GLGXRFDnliBd1J6fe2Rlxrc+R4ug0438FpzZVAgMBAAE=\n-----END RSA PUBLIC KEY-----\
n'
plain_text = b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7' padding_method = <cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15 object at 0x7fe2fc356480>
hashing_algorithm = None
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
E AttributeError: 'Backend' object has no attribute 'load_pem_public_key'
kmip/services/server/crypto/engine.py:594: AttributeError
During handling of the above exception, another exception occurred:
asymmetric_parameters = {'algorithm': <CryptographicAlgorithm.RSA: 4>, 'encoding': <Encoding.PEM: 'PEM'>, 'padding_method': <PaddingMethod.PKCS1v15: 8>, 'plain_text': b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7', ...}
def test_encrypt_decrypt_asymmetric(asymmetric_parameters):
"""
Test that various encryption/decryption algorithms can be used to
correctly asymmetrically encrypt data.
"""
# NOTE (peter-hamilton) Randomness included in RSA padding schemes
# makes it impossible to unit test just encryption; it's not possible
# to predict the cipher text. Instead, we test the encrypt/decrypt
# cycle to ensure that they correctly mirror each other.
backend = backends.default_backend()
public_key_numbers = rsa.RSAPublicNumbers(
asymmetric_parameters.get('public_key').get('e'),
asymmetric_parameters.get('public_key').get('n')
)
public_key = public_key_numbers.public_key(backend)
public_bytes = public_key.public_bytes(
asymmetric_parameters.get('encoding'),
serialization.PublicFormat.PKCS1
)
private_key_numbers = rsa.RSAPrivateNumbers(
p=asymmetric_parameters.get('private_key').get('p'),
q=asymmetric_parameters.get('private_key').get('q'),
d=asymmetric_parameters.get('private_key').get('d'),
dmp1=asymmetric_parameters.get('private_key').get('dmp1'),
dmq1=asymmetric_parameters.get('private_key').get('dmq1'),
iqmp=asymmetric_parameters.get('private_key').get('iqmp'),
public_numbers=public_key_numbers
)
private_key = private_key_numbers.private_key(backend)
private_bytes = private_key.private_bytes(
asymmetric_parameters.get('encoding'),
serialization.PrivateFormat.PKCS8,
serialization.NoEncryption()
)
engine = crypto.CryptographyEngine()
result = engine.encrypt(
asymmetric_parameters.get('algorithm'),
public_bytes,
asymmetric_parameters.get('plain_text'),
padding_method=asymmetric_parameters.get('padding_method'),
hashing_algorithm=asymmetric_parameters.get('hashing_algorithm')
)
kmip/tests/unit/services/server/crypto/test_engine.py:1752:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ kmip/services/server/crypto/engine.py:371: in encrypt
return self._encrypt_asymmetric(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <kmip.services.server.crypto.engine.CryptographyEngine object at 0x7fe2fc3568a0>
encryption_algorithm = <CryptographicAlgorithm.RSA: 4>
encryption_key = b'-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAJi3BYLKgI/R01CVYqDvMFr22YdUQ7Nb3yTVNjU+PxIo3NEqeFaDVsb/\nMjq/cqwc2/5xL7Sf5Z...pbViw/KY253fdWB4d5GMztHQ\n0fN3M4wNPTIHeX6GLGXRFDnliBd1J6fe2Rlxrc+R4ug0438FpzZVAgMBAAE=\n-----END RSA PUBLIC KEY-----\
n'
plain_text = b'\xe9\xa7q\xe0\xa6_(p\x8e\x83\xd5\xe6\xcc\x89\x8aA\xd7' padding_method = <cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15 object at 0x7fe2fc356480>
hashing_algorithm = None
def _encrypt_asymmetric(self,
encryption_algorithm,
encryption_key,
plain_text,
padding_method,
hashing_algorithm=None):
"""
Encrypt data using asymmetric encryption.
Args:
encryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the asymmetric encryption algorithm to use for
encryption. Required.
encryption_key (bytes): The bytes of the public key to use for
encryption. Required.
plain_text (bytes): The bytes to be encrypted. Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use with the asymmetric encryption
algorithm. Required.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the encryption padding
method. Required, if the padding method is OAEP. Optional
otherwise, defaults to None.
Returns:
dict: A dictionary containing the encrypted data, with at least
the following key/value field:
* cipher_text - the bytes of the encrypted data
Raises:
InvalidField: Raised when the algorithm is unsupported or the
length is incompatible with the algorithm.
CryptographicFailure: Raised when the key generation process
fails.
"""
if encryption_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.OAEP:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if hash_algorithm is None:
raise exceptions.InvalidField(
"The hashing algorithm '{0}' is not supported for "
"asymmetric encryption.".format(hashing_algorithm)
)
padding_method = asymmetric_padding.OAEP(
mgf=asymmetric_padding.MGF1(
algorithm=hash_algorithm()
),
algorithm=hash_algorithm(),
label=None
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding_method = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for asymmetric "
"encryption.".format(padding_method)
)
backend = default_backend()
try:
public_key = backend.load_der_public_key(encryption_key)
except Exception:
try:
public_key = backend.load_pem_public_key(encryption_key)
except Exception:
raise exceptions.CryptographicFailure(
"The public key bytes could not be loaded."
)
E kmip.core.exceptions.CryptographicFailure: The public key bytes could not be loaded.
kmip/services/server/crypto/engine.py:596: CryptographicFailure _________________ test_verify_signature[signature_parameters0] _________________
self = <kmip.services.server.crypto.engine.CryptographyEngine object at 0x7fe2fc37e0f0>
signing_key = b'0\x81\x89\x02\x81\x81\x00\xa5nJ\x0ep\x10\x17X\x9aQ\x87\xdc~\xa8A\xd1V\xf2\xec\x0e6\xadR\xa4M\xfe\xb1\xe6\x1fz\xd9\x9...f1\x05\xac\xc2\xd3\xf0\xcb5\xf2\x92\x80\xe18kod\xc4\xef"\xe1\xe1\xf2\r\x0c\xe8\xcf\xfb"I\xbd\x9a!7\x02\x03\x01\x00\x01'
message = b'\xcd\xc8}\xa2#\xd7\x86\xdf;E\xe0\xbb\xbcr\x13&\xd1\xee*\xf8\x06\xcc1Tu\xcco\r\x9cf\xe1\xb6#q\xd4\\\xe29.\x1a\xc9(D\x...\xca\xb2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\xd0'
signature = b'k\xc3\xa0fV\x84)0\xa2G\xe3\rXd\xb4\xd8\x19#k\xa7\xc6\x89e\x86*\xd7\xdb\xc4\xe2J\xf2\x8e\x86\xbbS\x1f\x035\x8b\xe5\xf...d\x13\xe4r\xd1I\x05G\xc6Y\xc7a\x7f=$\x08}\xdbo+r\tag\xfc\t|\xab\x18\xe9\xa4X\xfc\xb64\xcd\xce\x8e\xe3X\x94\xc4\x84\xd7'
padding_method = <PaddingMethod.PKCS1v15: 8>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
digital_signature_algorithm = None
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
E AttributeError: 'Backend' object has no attribute 'load_der_public_key'
kmip/services/server/crypto/engine.py:1492: AttributeError
During handling of the above exception, another exception occurred:
self = <kmip.services.server.crypto.engine.CryptographyEngine object at 0x7fe2fc37e0f0>
signing_key = b'0\x81\x89\x02\x81\x81\x00\xa5nJ\x0ep\x10\x17X\x9aQ\x87\xdc~\xa8A\xd1V\xf2\xec\x0e6\xadR\xa4M\xfe\xb1\xe6\x1fz\xd9\x9...f1\x05\xac\xc2\xd3\xf0\xcb5\xf2\x92\x80\xe18kod\xc4\xef"\xe1\xe1\xf2\r\x0c\xe8\xcf\xfb"I\xbd\x9a!7\x02\x03\x01\x00\x01'
message = b'\xcd\xc8}\xa2#\xd7\x86\xdf;E\xe0\xbb\xbcr\x13&\xd1\xee*\xf8\x06\xcc1Tu\xcco\r\x9cf\xe1\xb6#q\xd4\\\xe29.\x1a\xc9(D\x...\xca\xb2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\xd0'
signature = b'k\xc3\xa0fV\x84)0\xa2G\xe3\rXd\xb4\xd8\x19#k\xa7\xc6\x89e\x86*\xd7\xdb\xc4\xe2J\xf2\x8e\x86\xbbS\x1f\x035\x8b\xe5\xf...d\x13\xe4r\xd1I\x05G\xc6Y\xc7a\x7f=$\x08}\xdbo+r\tag\xfc\t|\xab\x18\xe9\xa4X\xfc\xb64\xcd\xce\x8e\xe3X\x94\xc4\x84\xd7'
padding_method = <PaddingMethod.PKCS1v15: 8>
signing_algorithm = <CryptographicAlgorithm.RSA: 4>
hashing_algorithm = <HashingAlgorithm.SHA_1: 4>
digital_signature_algorithm = None
def verify_signature(self,
signing_key,
message,
signature,
padding_method,
signing_algorithm=None,
hashing_algorithm=None,
digital_signature_algorithm=None):
"""
Verify a message signature.
Args:
signing_key (bytes): The bytes of the signing key to use for
signature verification. Required.
message (bytes): The bytes of the message that corresponds with
the signature. Required.
signature (bytes): The bytes of the signature to be verified.
Required.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use during signature verification. Required.
signing_algorithm (CryptographicAlgorithm): An enumeration
specifying the cryptographic algorithm to use for signature
verification. Only RSA is supported. Optional, must match the
algorithm specified by the digital signature algorithm if both
are provided. Defaults to None.
hashing_algorithm (HashingAlgorithm): An enumeration specifying
the hashing algorithm to use with the cryptographic algortihm,
if needed. Optional, must match the algorithm specified by the
digital signature algorithm if both are provided. Defaults to
None.
digital_signature_algorithm (DigitalSignatureAlgorithm): An
enumeration specifying both the cryptographic and hashing
algorithms to use for signature verification. Optional, must
match the cryptographic and hashing algorithms if both are
provided. Defaults to None.
Returns:
boolean: the result of signature verification, True for valid
signatures, False for invalid signatures
Raises:
InvalidField: Raised when various settings or values are invalid.
CryptographicFailure: Raised when the signing key bytes cannot be
loaded, or when the signature verification process fails
unexpectedly.
"""
backend = default_backend()
hash_algorithm = None
dsa_hash_algorithm = None
dsa_signing_algorithm = None
if hashing_algorithm:
hash_algorithm = self._encryption_hash_algorithms.get(
hashing_algorithm
)
if digital_signature_algorithm:
algorithm_pair = self._digital_signature_algorithms.get(
digital_signature_algorithm
)
if algorithm_pair:
dsa_hash_algorithm = algorithm_pair[0]
dsa_signing_algorithm = algorithm_pair[1]
if dsa_hash_algorithm and dsa_signing_algorithm:
if hash_algorithm and (hash_algorithm != dsa_hash_algorithm):
raise exceptions.InvalidField(
"The hashing algorithm does not match the digital "
"signature algorithm."
)
if (signing_algorithm and
(signing_algorithm != dsa_signing_algorithm)):
raise exceptions.InvalidField(
"The signing algorithm does not match the digital "
"signature algorithm."
)
signing_algorithm = dsa_signing_algorithm
hash_algorithm = dsa_hash_algorithm
if signing_algorithm == enums.CryptographicAlgorithm.RSA:
if padding_method == enums.PaddingMethod.PSS:
if hash_algorithm:
padding = asymmetric_padding.PSS(
mgf=asymmetric_padding.MGF1(hash_algorithm()),
salt_length=asymmetric_padding.PSS.MAX_LENGTH
)
else:
raise exceptions.InvalidField(
"A hashing algorithm must be specified for PSS "
"padding."
)
elif padding_method == enums.PaddingMethod.PKCS1v15:
padding = asymmetric_padding.PKCS1v15()
else:
raise exceptions.InvalidField(
"The padding method '{0}' is not supported for signature "
"verification.".format(padding_method)
)
try:
public_key = backend.load_der_public_key(signing_key)
except Exception:
try:
public_key = backend.load_pem_public_key(signing_key)
E AttributeError: 'Backend' object has no attribute 'load_pem_public_key'
kmip/services/server/crypto/engine.py:1495: AttributeError
During handling of the above exception, another exception occurred:
signature_parameters = {'digital_signature_algorithm': None, 'encoding': <Encoding.DER: 'DER'>, 'hashing_algorithm': <HashingAlgorithm.SHA_1:...b2tO\xd9\xea\x8f\xd2#\xc4%7\x02\x98(\xbd\x16\xbe\x02To\x13\x0f\xd2\xe3;\x93m&v\xe0\x8a\xed\x1bs1\x8bu\n\x01g\
xd0', ...}
def test_verify_signature(signature_parameters):
"""
Test that various signature verification methods and settings can be used
to correctly verify signatures.
"""
engine = crypto.CryptographyEngine()
backend = backends.default_backend()
public_key_numbers = rsa.RSAPublicNumbers(
signature_parameters.get('public_key').get('e'),
signature_parameters.get('public_key').get('n')
)
public_key = public_key_numbers.public_key(backend)
public_bytes = public_key.public_bytes(
signature_parameters.get('encoding'),
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)