diff --git a/jose/__init__.py b/jose/__init__.py index 2f3e577..e4d3d16 100644 --- a/jose/__init__.py +++ b/jose/__init__.py @@ -1,4 +1,4 @@ #!/usr/bin/env python -from jws import sign, verify, sign_multi -from jwe import encrypt, decrypt, encrypt_multi +from .jws import sign, verify, sign_multi +from .jwe import encrypt, decrypt, encrypt_multi diff --git a/jose/cryptlib/PBKDF2.py b/jose/cryptlib/PBKDF2.py index 2ca11d3..f28279b 100755 --- a/jose/cryptlib/PBKDF2.py +++ b/jose/cryptlib/PBKDF2.py @@ -132,7 +132,7 @@ def read(self, bytes): i = self.__blockNum while size < bytes: i += 1 - if i > 0xffffffffL or i < 1: + if i > 0xffffffff or i < 1: # We could return "" here, but raise OverflowError("derived key too long") block = self.__f(i) @@ -146,10 +146,10 @@ def read(self, bytes): def __f(self, i): # i must fit within 32 bits - assert 1 <= i <= 0xffffffffL + assert 1 <= i <= 0xffffffff U = self.__prf(self.__passphrase, self.__salt + pack("!L", i)) result = U - for j in xrange(2, 1+self.__iterations): + for j in range(2, 1+self.__iterations): U = self.__prf(self.__passphrase, U) result = strxor(result, U) return result diff --git a/jose/cryptlib/aes_gcm.py b/jose/cryptlib/aes_gcm.py index f187292..8829e09 100755 --- a/jose/cryptlib/aes_gcm.py +++ b/jose/cryptlib/aes_gcm.py @@ -205,16 +205,16 @@ def decrypt(self, init_value, ciphertext, auth_tag, auth_data=b''): b'\x3d\x58\xe0\x91' auth_tag = 0x5bc94fbc3221a5db94fae95ae7121a47 - print 'plaintext:', hex(bytes_to_long(plaintext)) + print('plaintext:', hex(bytes_to_long(plaintext))) my_gcm = AES_GCM(master_key) encrypted, new_tag = my_gcm.encrypt(init_value, plaintext, auth_data) - print 'encrypted:', hex(bytes_to_long(encrypted)) - print 'auth tag: ', hex(new_tag) + print('encrypted:', hex(bytes_to_long(encrypted))) + print('auth tag: ', hex(new_tag)) try: decrypted = my_gcm.decrypt(init_value, encrypted, new_tag + 1, auth_data) except InvalidTagException: decrypted = my_gcm.decrypt(init_value, encrypted, new_tag, auth_data) - print 'decrypted:', hex(bytes_to_long(decrypted)) + print('decrypted:', hex(bytes_to_long(decrypted))) diff --git a/jose/cryptlib/curves.py b/jose/cryptlib/curves.py index ee5847f..ecbcb55 100755 --- a/jose/cryptlib/curves.py +++ b/jose/cryptlib/curves.py @@ -16,35 +16,35 @@ # (see FIPS 186-3, Appendix D.1.2) DOMAINS = { # Bits : (p, order of E(GF(P)), parameter b, base point x, base point y) - 192 : (0xfffffffffffffffffffffffffffffffeffffffffffffffffL, - 0xffffffffffffffffffffffff99def836146bc9b1b4d22831L, - 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1L, - 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012L, - 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811L), + 192 : (0xfffffffffffffffffffffffffffffffeffffffffffffffff, + 0xffffffffffffffffffffffff99def836146bc9b1b4d22831, + 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1, + 0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012, + 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811), - 224 : (0xffffffffffffffffffffffffffffffff000000000000000000000001L, - 0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3dL, - 0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4L, - 0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21L, - 0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34L), + 224 : (0xffffffffffffffffffffffffffffffff000000000000000000000001, + 0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d, + 0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4, + 0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21, + 0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34), - 256 : (0xffffffff00000001000000000000000000000000ffffffffffffffffffffffffL, - 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551L, - 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604bL, - 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296L, - 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5L), + 256 : (0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff, + 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551, + 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b, + 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296, + 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5), - 384 : (0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffffL, - 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973L, - 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aefL, - 0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7L, - 0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5fL), + 384 : (0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff, + 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973, + 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef, + 0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7, + 0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f), - 521 : (0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffL, - 0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409L, - 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00L, - 0x0c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66L, - 0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650L) + 521 : (0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff, + 0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409, + 0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00, + 0x0c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66, + 0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650) } @@ -52,17 +52,17 @@ # (not intended for use in signing, hence the missing group order) DOMAINS.update({ - 128 : (0xffffffffffffffffffffffffffffff61L, + 128 : (0xffffffffffffffffffffffffffffff61, None, - 0xd83d3eb8266a89927d73d5fe263d5f23L, - 0xa94d2d8531f7af8bde367def12b98eadL, - 0x9f44e1d671beb68fd2df7f877ab13fa6L), + 0xd83d3eb8266a89927d73d5fe263d5f23, + 0xa94d2d8531f7af8bde367def12b98ead, + 0x9f44e1d671beb68fd2df7f877ab13fa6), - 160 : (0xffffffffffffffffffffffffffffffffffffffd1L, + 160 : (0xffffffffffffffffffffffffffffffffffffffd1, None, - 0x94bfe70deef7b94742c089ca4db3ca27fbe1f754L, - 0xcc6562c2969ac57524b8d0f300d1f598c908c121L, - 0x952ddde80a252683dd7ba90fb5919899b5af69f5L) + 0x94bfe70deef7b94742c089ca4db3ca27fbe1f754, + 0xcc6562c2969ac57524b8d0f300d1f598c908c121, + 0x952ddde80a252683dd7ba90fb5919899b5af69f5) }) CURVE_P = 3 # global parameter of all curves (for efficiency reasons) @@ -75,7 +75,7 @@ def get_curve(bits): p, n, b, x, y = DOMAINS[bits] return bits, p, n, CURVE_P, p - b, (x, y) else: - raise KeyError, "Key size not implemented: %s" % bits + raise KeyError("Key size not implemented: %s" % bits) def implemented_keys(must_sign = False): return [k for k in DOMAINS if not must_sign or DOMAINS[k][1]] diff --git a/jose/cryptlib/ecc.py b/jose/cryptlib/ecc.py index d079c31..0c54539 100755 --- a/jose/cryptlib/ecc.py +++ b/jose/cryptlib/ecc.py @@ -1,8 +1,8 @@ #!/usr/bin/env python from Crypto.Util.number import long_to_bytes, bytes_to_long -from elliptic import inv, mulp, sign_bit, y_from_x, muladdp -from curves import get_curve +from .elliptic import inv, mulp, sign_bit, y_from_x, muladdp +from .curves import get_curve from random import getrandbits from math import ceil @@ -98,102 +98,102 @@ def dsaVerify(self, h, sig, pub): Zba = P256.dhZ( privB, pubA ) if (Zab == Zba): - print "Passed DH test" + print("Passed DH test") else: - print "Failed DH test" + print("Failed DH test") # Try ECDSA with one of the NIST test vectors import hashlib msg = "5ff1fa17c2a67ce599a34688f6fb2d4a8af17532d15fa1868a598a8e6a0daf9b11edcc483d11ae003ed645c0aaccfb1e51cf448b737376d531a6dcf0429005f5e7be626b218011c6218ff32d00f30480b024ec9a3370d1d30a9c70c9f1ce6c61c9abe508d6bc4d3f2a167756613af1778f3a94e7771d5989fe856fa4df8f8ae5".decode("hex") - d = 0x002a10b1b5b9fa0b78d38ed29cd9cec18520e0fe93023e3550bb7163ab4905c6L - k = 0x00c2815763d7fcb2480b39d154abc03f616f0404e11272d624e825432687092aL - Qx = 0xe9cd2e8f15bd90cb0707e05ed3b601aace7ef57142a64661ea1dd7199ebba9acL - Qy = 0xc96b0115bed1c134b68f89584b040a194bfad94a404fdb37adad107d5a0b4c5eL + d = 0x002a10b1b5b9fa0b78d38ed29cd9cec18520e0fe93023e3550bb7163ab4905c6 + k = 0x00c2815763d7fcb2480b39d154abc03f616f0404e11272d624e825432687092a + Qx = 0xe9cd2e8f15bd90cb0707e05ed3b601aace7ef57142a64661ea1dd7199ebba9ac + Qy = 0xc96b0115bed1c134b68f89584b040a194bfad94a404fdb37adad107d5a0b4c5e Q = (Qx, Qy) - R = 0x15bf46937c7a1e2fa7adc65c89fe03ae602dd7dfa6722cdafa92d624b32b156eL - S = 0x59c591792ee94f0b202e7a590e70d01dd8a9774884e2b5ba9945437cfed01686L + R = 0x15bf46937c7a1e2fa7adc65c89fe03ae602dd7dfa6722cdafa92d624b32b156e + S = 0x59c591792ee94f0b202e7a590e70d01dd8a9774884e2b5ba9945437cfed01686 h = int(hashlib.new("SHA1", msg).hexdigest(), 16) sig = P256.int2bytes(R) + P256.int2bytes(S) ver = P256.dsaVerify(h, sig, Q) if ver: - print "Passed NIST ECDSA P-256 verification test" + print("Passed NIST ECDSA P-256 verification test") else: - print "Failed NIST ECDSA P-256 verification test" + print("Failed NIST ECDSA P-256 verification test") sig = P256.dsaSign(h, d) # NB: This will differ because of k; fix k to test generation ver2 = P256.dsaVerify(h, sig, Q) if ver2: - print "Passed ECDSA P-256 signature test" + print("Passed ECDSA P-256 signature test") else: - print "Failed ECDSA P-256 signature test" + print("Failed ECDSA P-256 signature test") # Try ECDSA with the Suite B test vectors msg = "54686973206973206f6e6c7920612074657374206d6573736167652e204974206973203438206279746573206c6f6e67".decode("hex") - Qx = 0x1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0L - Qy = 0xeb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9L - R = 0xa0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856L - S = 0x20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402L + Qx = 0x1fbac8eebd0cbf35640b39efe0808dd774debff20a2a329e91713baf7d7f3c3e81546d883730bee7e48678f857b02ca0 + Qy = 0xeb213103bd68ce343365a8a4c3d4555fa385f5330203bdd76ffad1f3affb95751c132007e1b240353cb0a4cf1693bdf9 + R = 0xa0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856 + S = 0x20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402 h = int(hashlib.new("SHA384", msg).hexdigest(), 16) Q = (Qx, Qy) sig = P384.int2bytes(R) + P384.int2bytes(S) ver = P384.dsaVerify(h, sig, Q) if ver: - print "Passed Suite B ECDSA P-384 verification test" + print("Passed Suite B ECDSA P-384 verification test") else: - print "Failed Suite B ECDSA P-384 verification test" + print("Failed Suite B ECDSA P-384 verification test") msg = "54686973206973206f6e6c7920612074657374206d6573736167652e204974206973203438206279746573206c6f6e67".decode("hex") - Qx = 0x8101ece47464a6ead70cf69a6e2bd3d88691a3262d22cba4f7635eaff26680a8L - Qy = 0xd8a12ba61d599235f67d9cb4d58f1783d3ca43e78f0a5abaa624079936c0c3a9L - R = 0x7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27cL - S = 0x7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367L + Qx = 0x8101ece47464a6ead70cf69a6e2bd3d88691a3262d22cba4f7635eaff26680a8 + Qy = 0xd8a12ba61d599235f67d9cb4d58f1783d3ca43e78f0a5abaa624079936c0c3a9 + R = 0x7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c + S = 0x7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367 h = int(hashlib.new("SHA256", msg).hexdigest(), 16) Q = (Qx, Qy) sig = P256.int2bytes(R) + P256.int2bytes(S) ver = P256.dsaVerify(h, sig, Q) if ver: - print "Passed Suite B ECDSA P-256 verification test" + print("Passed Suite B ECDSA P-256 verification test") else: - print "Failed Suite B ECDSA P-256 verification test" + print("Failed Suite B ECDSA P-256 verification test") # Try ECDSA with one of the NIST P-521 test vectors (should pass) Msg = "f69417bead3b1e208c4c99236bf84474a00de7f0b9dd23f991b6b60ef0fb3c62073a5a7abb1ef69dbbd8cf61e64200ca086dfd645b641e8d02397782da92d3542fbddf6349ac0b48b1b1d69fe462d1bb492f34dd40d137163843ac11bd099df719212c160cbebcb2ab6f3525e64846c887e1b52b52eced9447a3d31938593a87".decode("hex") - Qx = 0x153eb2be05438e5c1effb41b413efc2843b927cbf19f0bc9cc14b693eee26394a0d8880dc946a06656bcd09871544a5f15c7a1fa68e00cdc728c7cfb9c448034867L - Qy = 0x143ae8eecbce8fcf6b16e6159b2970a9ceb32c17c1d878c09317311b7519ed5ece3374e7929f338ddd0ec0522d81f2fa4fa47033ef0c0872dc049bb89233eef9bc1L - R = 0x0dd633947446d0d51a96a0173c01125858abb2bece670af922a92dedcec067136c1fa92e5fa73d7116ac9c1a42b9cb642e4ac19310b049e48c53011ffc6e7461c36L - S = 0x0efbdc6a414bb8d663bb5cdb7c586bccfe7589049076f98cee82cdb5d203fddb2e0ffb77954959dfa5ed0de850e42a86f5a63c5a6592e9b9b8bd1b40557b9cd0cc0L + Qx = 0x153eb2be05438e5c1effb41b413efc2843b927cbf19f0bc9cc14b693eee26394a0d8880dc946a06656bcd09871544a5f15c7a1fa68e00cdc728c7cfb9c448034867 + Qy = 0x143ae8eecbce8fcf6b16e6159b2970a9ceb32c17c1d878c09317311b7519ed5ece3374e7929f338ddd0ec0522d81f2fa4fa47033ef0c0872dc049bb89233eef9bc1 + R = 0x0dd633947446d0d51a96a0173c01125858abb2bece670af922a92dedcec067136c1fa92e5fa73d7116ac9c1a42b9cb642e4ac19310b049e48c53011ffc6e7461c36 + S = 0x0efbdc6a414bb8d663bb5cdb7c586bccfe7589049076f98cee82cdb5d203fddb2e0ffb77954959dfa5ed0de850e42a86f5a63c5a6592e9b9b8bd1b40557b9cd0cc0 h = int(hashlib.new("SHA512", Msg).hexdigest(), 16) Q = (Qx, Qy) sig = P521.int2bytes(R) + P521.int2bytes(S) ver = P521.dsaVerify(h, sig, Q) if ver: - print "Passed NIST ECDSA P-521 verification test" + print("Passed NIST ECDSA P-521 verification test") else: - print "Failed NIST ECDSA P-521 verification test" + print("Failed NIST ECDSA P-521 verification test") # Try ECDSA with one of the NIST P-521 test vectors (should fail) Msg = "a0732a605c785a2cc9a3ff84cbaf29175040f7a0cc35f4ea8eeff267c1f92f06f46d3b35437195185d322cbd775fd24741e86ee9236ba5b374a2ac29803554d715fa4656ac31778f103f88d68434dd2013d4c4e9848a11198b390c3d600d712893513e179cd3d31fb06c6e2a1016fb96ffd970b1489e36a556ab3b537eb29dff".decode("hex") - Qx = 0x12a593f568ca2571e543e00066ecd3a3272a57e1c94fe311e5df96afc1b792e5862720fc730e62052bbf3e118d3a078f0144fc00c9d8baaaa8298ff63981d09d911L - Qy = 0x17cea5ae75a74100ee03cdf2468393eef55ddabfe8fd5718e88903eb9fd241e8cbf9c68ae16f4a1db26c6352afcb1894a9812da6d32cb862021c86cd8aa483afc26L - R = 0x1aac7692baf3aa94a97907307010895efc1337cdd686f9ef2fd8404796a74701e55b03ceef41f3e6f50a0eeea11869c4789a3e8ab5b77324961d081e1a3377ccc91L - S = 0x009c1e7d93d056b5a97759458d58c49134a45071854b8a6b8272f9fe7e78e1f3d8097e8a6e731f7ab4851eb26d5aa4fdadba6296dc7af835fe3d1b6dba4b031d5f3L + Qx = 0x12a593f568ca2571e543e00066ecd3a3272a57e1c94fe311e5df96afc1b792e5862720fc730e62052bbf3e118d3a078f0144fc00c9d8baaaa8298ff63981d09d911 + Qy = 0x17cea5ae75a74100ee03cdf2468393eef55ddabfe8fd5718e88903eb9fd241e8cbf9c68ae16f4a1db26c6352afcb1894a9812da6d32cb862021c86cd8aa483afc26 + R = 0x1aac7692baf3aa94a97907307010895efc1337cdd686f9ef2fd8404796a74701e55b03ceef41f3e6f50a0eeea11869c4789a3e8ab5b77324961d081e1a3377ccc91 + S = 0x009c1e7d93d056b5a97759458d58c49134a45071854b8a6b8272f9fe7e78e1f3d8097e8a6e731f7ab4851eb26d5aa4fdadba6296dc7af835fe3d1b6dba4b031d5f3 h = int(hashlib.new("SHA512", Msg).hexdigest(), 16) Q = (Qx, Qy) sig = P521.int2bytes(R) + P521.int2bytes(S) ver = P521.dsaVerify(h, sig, Q) if not ver: - print "Passed NIST ECDSA P-521 negative verification test" + print("Passed NIST ECDSA P-521 negative verification test") else: - print "Failed NIST ECDSA P-521 negative verification test" + print("Failed NIST ECDSA P-521 negative verification test") # Try ECDSA on our own signature with P-521 Msg = "9ce982c91af08a21d405f96abd6204588bb0ef1c8b78305b06f36a12d1914cae9dce6a1f1a0b4c42b067667c457c3e90e56f34cff0116bbd350d27882dd6e47997c944dcead9cb945f7c691078c1b533960a55f93d241970a1fdf4441107d8bc8af5aa8e088ea3aa82c7f3286e815dbb85d5cfae0aeeeb093468cb55201eeffb".decode("hex") @@ -203,6 +203,6 @@ def dsaVerify(self, h, sig, pub): sig = P521.dsaSign(h, priv) ver = P521.dsaVerify(h, sig, pub) if ver: - print "Passed self-interop with P-521" + print("Passed self-interop with P-521") else: - print "Failed self-interop with P-521" + print("Failed self-interop with P-521") diff --git a/jose/cryptlib/elliptic.py b/jose/cryptlib/elliptic.py index 9191a88..d3ee7e6 100755 --- a/jose/cryptlib/elliptic.py +++ b/jose/cryptlib/elliptic.py @@ -360,9 +360,9 @@ def test(tcount, bits = 256): q = curve_q(p1[0], p1[1], p, n) p2 = mulp(p, q, n, p1, rsa.random.randint(1, n)) - c1 = [rsa.random.randint(1, n) for i in xrange(tcount)] - c2 = [rsa.random.randint(1, n) for i in xrange(tcount)] - c = zip(c1, c2) + c1 = [rsa.random.randint(1, n) for i in range(tcount)] + c2 = [rsa.random.randint(1, n) for i in range(tcount)] + c = list(zip(c1, c2)) t = time.time() for i, j in c: diff --git a/jose/josecrypto.py b/jose/josecrypto.py index c562de6..77a7041 100755 --- a/jose/josecrypto.py +++ b/jose/josecrypto.py @@ -21,10 +21,10 @@ import re import base64 -import polyfills -from cryptlib.aes_gcm import AES_GCM, InvalidTagException -from cryptlib.ecc import NISTEllipticCurve, P256, P384, P521 -from util import b64enc, b64dec, getOrRaise +from . import polyfills +from .cryptlib.aes_gcm import AES_GCM, InvalidTagException +from .cryptlib.ecc import NISTEllipticCurve, P256, P384, P521 +from .util import b64enc, b64dec, getOrRaise def keyLength(enc): diff --git a/jose/jwe.py b/jose/jwe.py index 82fcc49..52ae41a 100644 --- a/jose/jwe.py +++ b/jose/jwe.py @@ -19,10 +19,10 @@ import json import zlib from copy import copy -import josecrypto -from util import * -from validate import * -import serialize +from . import josecrypto +from .util import * +from .validate import * +from . import serialize supported_alg = [ "dir", diff --git a/jose/jwp.py b/jose/jwp.py index 4cae32d..916f5ce 100644 --- a/jose/jwp.py +++ b/jose/jwp.py @@ -17,9 +17,9 @@ import json import zlib from copy import copy -from util import * -from validate import * -import serialize +from .util import * +from .validate import * +from . import serialize supported_alg = [ "none" diff --git a/jose/jws.py b/jose/jws.py index 5f0b67a..a9db320 100644 --- a/jose/jws.py +++ b/jose/jws.py @@ -18,10 +18,10 @@ import json from copy import copy -import josecrypto -from util import * -from validate import * -import serialize +from . import josecrypto +from .util import * +from .validate import * +from . import serialize supported_alg = [ "HS256", "HS384", "HS512", diff --git a/jose/polyfills.py b/jose/polyfills.py index 04458c8..e9a70ee 100755 --- a/jose/polyfills.py +++ b/jose/polyfills.py @@ -21,8 +21,8 @@ from Crypto.Cipher import AES from Crypto.Cipher.AES import AESCipher from Crypto.Util.strxor import strxor -from cryptlib.PBKDF2 import PBKDF2 -from util import b64enc, b64dec +from .cryptlib.PBKDF2 import PBKDF2 +from .util import b64enc, b64dec from math import ceil # PKCS#5 padding, since it's not in PyCrypto @@ -169,7 +169,7 @@ def aes_key_wrap(key, p): assert( len(p) % 8 == 0 ) n = len(p)/8 - r = range(n+1) + r = list(range(n+1)) r[0] = b'\0\0\0\0\0\0\0\0' for i in range(1,n+1): r[i] = p[(i-1)*8:i*8] @@ -200,7 +200,7 @@ def aes_key_unwrap(key, c): assert( len(c) % 8 == 0 ) n = len(c)/8 - 1 - r = range(n+1) + r = list(range(n+1)) r[0] = b'\0\0\0\0\0\0\0\0' for i in range(1,n+1): r[i] = c[i*8:(i+1)*8] @@ -218,7 +218,7 @@ def aes_key_unwrap(key, c): if (a == b'\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6'): return "".join(r[1:]) else: - raise "Key unwrap integrity check failed" + raise Exception("Key unwrap integrity check failed") def PBKDF_key_wrap(key, CEK, hashmod, dkLen, header={}): """ diff --git a/jose/serialize.py b/jose/serialize.py index 6d2bcb6..2d9ed7d 100644 --- a/jose/serialize.py +++ b/jose/serialize.py @@ -12,9 +12,9 @@ import json import msgpack from copy import copy -from validate.unserialized import \ +from .validate.unserialized import \ isJOSE_unserialized, isJWS_unserialized, isJWE_unserialized, isJWP_unserialized -from util import b64enc, b64dec +from .util import b64enc, b64dec def deserialize(x): diff --git a/jose/test/examples.py b/jose/test/examples.py index 75285c3..7903008 100755 --- a/jose/test/examples.py +++ b/jose/test/examples.py @@ -14,7 +14,7 @@ jws = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk" ver = jose.verify(jws, [key]) -print "HS256 " + str(ver["result"]) +print("HS256 " + str(ver["result"])) ## A.2. RS256 @@ -29,7 +29,7 @@ jws = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw" ver = jose.verify(jws, [key]) -print "RS256 " + str(ver["result"]) +print("RS256 " + str(ver["result"])) ## A.3. ES256 @@ -45,7 +45,7 @@ jws = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q" ver = jose.verify(jws, [key]) -print "ES256 " + str(ver["result"]) +print("ES256 " + str(ver["result"])) ## A.4. ES512 @@ -61,13 +61,13 @@ jws = "eyJhbGciOiJFUzUxMiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn" ver = jose.verify(jws, [key]) -print "ES512 (-14) " + str(ver["result"]) +print("ES512 (-14) " + str(ver["result"])) jws_fixed = "eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA.AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn" ver = jose.verify(jws_fixed, [key]) -print "ES512 (fixed) " + str(ver["result"]) +print("ES512 (fixed) " + str(ver["result"])) # JWE @@ -84,7 +84,7 @@ jwe = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGeipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDbSv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaVmqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je81860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi6UklfCpIMfIjf7iGdXKHzg.48V1_ALb6US04U3b.5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6jiSdiwkIr3ajwQzaBtQD_A.XFBoMYUZodetZdvTiFvSkQ" dec = jose.decrypt(jwe, [key]) -print "OAEP+GCM {} '{}'".format(dec["result"], dec["plaintext"]) +print("OAEP+GCM {} '{}'".format(dec["result"], dec["plaintext"])) ## A.2. "RSA_1_5" + "AES_128_CBC_HMAC_SHA_256" @@ -99,7 +99,7 @@ jwe = "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.9hH0vgRfYgPnAHOd8stkvw" dec = jose.decrypt(jwe, [key]) -print "v1.5+CBC+HMAC {} '{}'".format(dec["result"], dec["plaintext"]) +print("v1.5+CBC+HMAC {} '{}'".format(dec["result"], dec["plaintext"])) ## A.3. "A128KW" + "AES_128_CBC_HMAC_SHA_256" @@ -111,4 +111,4 @@ jwe = "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.AxY8DCtDaGlsbGljb3RoZQ.KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.U0m_YmjN04DJvceFICbCVQ" dec = jose.decrypt(jwe, [key]) -print "KW+CBC+HMAC {} '{}'".format(dec["result"], dec["plaintext"]) +print("KW+CBC+HMAC {} '{}'".format(dec["result"], dec["plaintext"])) diff --git a/jose/test/jwp.py b/jose/test/jwp.py index f06980c..1b5eb70 100644 --- a/jose/test/jwp.py +++ b/jose/test/jwp.py @@ -11,9 +11,9 @@ p1 = jose.jwp.bundle(header, payload) c1 = serialize_compact(p1) u1 = jose.jwp.unbundle(c1) -print c1 -print u1 -print +print(c1) +print(u1) +print() # This should fail (bad "alg") @@ -25,11 +25,11 @@ p2 = jose.jwp.bundle(header, payload) c2 = serialize_compact(p2) u2 = jose.jwp.unbundle(c2) - print c2 - print u2 + print(c2) + print(u2) except Exception as e: - print e -print + print(e) +print() # This should fail (bad "crit") @@ -40,9 +40,9 @@ p3 = jose.jwp.bundle(header, payload) c3 = serialize_compact(p3) u3 = jose.jwp.unbundle(c3) - print c3 - print u3 + print(c3) + print(u3) except Exception as e: - print e -print + print(e) +print() diff --git a/jose/test/msgpack.py b/jose/test/msgpack.py index 6da0f46..b6a7d46 100755 --- a/jose/test/msgpack.py +++ b/jose/test/msgpack.py @@ -18,11 +18,11 @@ jwsd = deserialize(jws) jwsb = serialize_msgpack(jwsd) ver = jose.verify(jwsb, [key]) -print "HS256 {res} ({clen} / {blen} / {blen64})".format( +print("HS256 {res} ({clen} / {blen} / {blen64})".format( res = ver["result"], clen = len(jws), blen = len(jwsb), - blen64 = len(b64enc(jwsb))) + blen64 = len(b64enc(jwsb)))) @@ -40,11 +40,11 @@ jwsd = deserialize(jws) jwsb = serialize_msgpack(jwsd) ver = jose.verify(jwsb, [key]) -print "RS256 {res} ({clen} / {blen} / {blen64})".format( +print("RS256 {res} ({clen} / {blen} / {blen64})".format( res = ver["result"], clen = len(jws), blen = len(jwsb), - blen64 = len(b64enc(jwsb))) + blen64 = len(b64enc(jwsb)))) ## A.3. ES256 @@ -62,11 +62,11 @@ jwsd = deserialize(jws) jwsb = serialize_msgpack(jwsd) ver = jose.verify(jwsb, [key]) -print "ES256 {res} ({clen} / {blen} / {blen64})".format( +print("ES256 {res} ({clen} / {blen} / {blen64})".format( res = ver["result"], clen = len(jws), blen = len(jwsb), - blen64 = len(b64enc(jwsb))) + blen64 = len(b64enc(jwsb)))) ## A.4. ES512 @@ -84,11 +84,11 @@ jwsd = deserialize(jws) jwsb = serialize_msgpack(jwsd) ver = jose.verify(jwsb, [key]) -print "ES512 (-14) {res} ({clen} / {blen} / {blen64})".format( +print("ES512 (-14) {res} ({clen} / {blen} / {blen64})".format( res = ver["result"], clen = len(jws), blen = len(jwsb), - blen64 = len(b64enc(jwsb))) + blen64 = len(b64enc(jwsb)))) jws_fixed = "eyJhbGciOiJFUzUxMiJ9.UGF5bG9hZA.AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZqwqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8KpEHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn" @@ -96,11 +96,11 @@ jwsd = deserialize(jws_fixed) jwsb = serialize_msgpack(jwsd) ver = jose.verify(jwsb, [key]) -print "ES512 (fixed) {res} ({clen} / {blen} / {blen64})".format( +print("ES512 (fixed) {res} ({clen} / {blen} / {blen64})".format( res = ver["result"], clen = len(jws_fixed), blen = len(jwsb), - blen64 = len(b64enc(jwsb))) + blen64 = len(b64enc(jwsb)))) # JWE @@ -119,12 +119,12 @@ jwed = deserialize(jwe) jweb = serialize_msgpack(jwed) dec = jose.decrypt(jweb, [key]) -print "OAEP+GCM (fixed) {res} {pt} ({clen} / {blen} / {blen64})".format( +print("OAEP+GCM (fixed) {res} {pt} ({clen} / {blen} / {blen64})".format( res = dec["result"], pt = dec["plaintext"], clen = len(jwe), blen = len(jweb), - blen64 = len(b64enc(jweb))) + blen64 = len(b64enc(jweb)))) ## A.2. "RSA_1_5" + "AES_128_CBC_HMAC_SHA_256" @@ -141,12 +141,12 @@ jwed = deserialize(jwe) jweb = serialize_msgpack(jwed) dec = jose.decrypt(jweb, [key]) -print "v1.5+CBC+HMAC (fixed) {res} {pt} ({clen} / {blen} / {blen64})".format( +print("v1.5+CBC+HMAC (fixed) {res} {pt} ({clen} / {blen} / {blen64})".format( res = dec["result"], pt = dec["plaintext"], clen = len(jwe), blen = len(jweb), - blen64 = len(b64enc(jweb))) + blen64 = len(b64enc(jweb)))) ## A.3. "A128KW" + "AES_128_CBC_HMAC_SHA_256" @@ -159,10 +159,10 @@ jwed = deserialize(jwe) jweb = serialize_msgpack(jwed) dec = jose.decrypt(jweb, [key]) -print "KW+CBC+HMAC (fixed) {res} {pt} ({clen} / {blen} / {blen64})".format( +print("KW+CBC+HMAC (fixed) {res} {pt} ({clen} / {blen} / {blen64})".format( res = dec["result"], pt = dec["plaintext"], clen = len(jwe), blen = len(jweb), - blen64 = len(b64enc(jweb))) + blen64 = len(b64enc(jweb)))) diff --git a/jose/test/quickstart.py b/jose/test/quickstart.py index af32303..a4bff12 100644 --- a/jose/test/quickstart.py +++ b/jose/test/quickstart.py @@ -11,30 +11,30 @@ # Encrypt into the JSON serialization jwe1 = jose.encrypt(jwe_header, keys, plaintext) dec1 = jose.decrypt(jwe1, keys) -print jwe1 -print dec1 -print +print(jwe1) +print(dec1) +print() # Encrypt into the compact serialization jwe2 = serialize_compact( \ jose.encrypt(jwe_header, keys, plaintext, protect="*")) dec2 = jose.decrypt(jwe2, keys) -print jwe2 -print dec2 -print +print(jwe2) +print(dec2) +print() # Sign into the JSON serialization jws1 = jose.sign(jws_header, keys, plaintext) ver1 = jose.verify(jws1, keys) -print jws1 -print ver1 -print +print(jws1) +print(ver1) +print() # Sign into the compact serialization jws2 = serialize_compact( \ jose.sign(jws_header, keys, plaintext, protect="*")) ver2 = jose.verify(jws2, keys) -print jws2 -print ver2 -print +print(jws2) +print(ver2) +print() diff --git a/jose/test/testall.py b/jose/test/testall.py index a17a4fe..41dcc30 100644 --- a/jose/test/testall.py +++ b/jose/test/testall.py @@ -95,7 +95,7 @@ div = "|:----|:---------------------|:----------------|:--------|:--------|:--------|" testix = 0 def reportResult(testix, alg, enc, level, valid, correct): - print fmt.format(str(testix), alg, enc, str(level), str(valid), str(correct)) + print(fmt.format(str(testix), alg, enc, str(level), str(valid), str(correct))) testJWSbasic = True testJWEbasic = False @@ -105,9 +105,9 @@ def reportResult(testix, alg, enc, level, valid, correct): # Print a header -print div -print fmt.format("", "alg", "enc", "protect", "valid", "correct") -print div +print(div) +print(fmt.format("", "alg", "enc", "protect", "valid", "correct")) +print(div) # Test all JWS algorithms @@ -127,7 +127,7 @@ def reportResult(testix, alg, enc, level, valid, correct): vpayload = result["payload"] if "payload" in result else "" correct = (payload == vpayload) reportResult(testix, alg, "", p, result["result"], correct) - print div + print(div) # Test all JWE algorithms (alg and enc) @@ -151,7 +151,7 @@ def reportResult(testix, alg, enc, level, valid, correct): plaintext = result["plaintext"] if "plaintext" in result else "" correct = (payload == plaintext) reportResult(testix, alg, enc, p, result["result"], correct) - print div + print(div) # Test multi-signer @@ -172,7 +172,7 @@ def reportResult(testix, alg, enc, level, valid, correct): valid = (valid and v) correct = (payload == resm["payload"]) reportResult(testix, "multi-sign", "", "[]", valid, correct) - print div + print(div) # Test multi-recipient @@ -193,4 +193,4 @@ def reportResult(testix, alg, enc, level, valid, correct): and (payload == decm1["plaintext"]) \ and (payload == decm2["plaintext"]) reportResult(testix, "multi-rcpt", "", "[]", valid, correct) - print div + print(div) diff --git a/jose/test/x509.py b/jose/test/x509.py index 17d4bdd..e880060 100644 --- a/jose/test/x509.py +++ b/jose/test/x509.py @@ -1,44 +1,44 @@ -import jose -from copy import copy - -jwk_priv = { - "kty": "RSA", - "n":"mXa2x22fO8ASC7K0LySwedBIO-1xs5r1FLCNHgfu0PmuKoYp9S3zsJtTXR2M2GUfxkiz8ST5dCZ4v7GwpgOmX_eGfxR0STARj23KgnoRehg9RAijmPXxi9-1PVHu_oG3ML5uZ05nZBPQJZgqGXvDCQyVw6tyXgKrWmPXb8eILms", - "e":"AQAB", - "d":"P-yeWFYGZRotqifHPHf49tTWsffHS_w5KGQedCrzxKKsdNQr-BArGR6qS_g6Kg19fdfc9I7lRgecdqUqowyUKXAR_CyRNLKcWD2Jy-9yQHZSDZnUvbkW20g-kJ6DDUC0yx-UMbvlQ2GxTKksuNmWnXZS2Z0Dlrs15joGFTr_Rgk" -} -jwk_pub = copy(jwk_priv) -del jwk_pub["d"] - - -cert = """ -MIICBjCCAW+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEN -MAsGA1UEAxMEYXNkZjETMBEGCSqGSIb3DQEJARMEYXNkZjAeFw0xMzA4MjIyMTMx -NTNaFw0xNDA4MjIyMTMxNTNaMDExCzAJBgNVBAYTAlVTMQ0wCwYDVQQDEwRhc2Rm -MRMwEQYJKoZIhvcNAQkBEwRhc2RmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQCZdrbHbZ87wBILsrQvJLB50Eg77XGzmvUUsI0eB+7Q+a4qhin1LfOwm1NdHYzY -ZR/GSLPxJPl0Jni/sbCmA6Zf94Z/FHRJMBGPbcqCehF6GD1ECKOY9fGL37U9Ue7+ -gbcwvm5nTmdkE9AlmCoZe8MJDJXDq3JeAqtaY9dvx4guawIDAQABoy4wLDAMBgNV -HRMEBTADAQH/MAsGA1UdDwQEAwIC9DAPBgNVHREECDAGgQRhc2RmMA0GCSqGSIb3 -DQEBBQUAA4GBACNbRRnq5utziHBiUAh7z87Mgm9EzsNOz/tYRqbiHYqNpHiYAaCV -0puGCKeB+kU/kIqFI0nQ4aWjZDQmtgPj39oI2EuzL0c+J3ux9NhiE5YIg2Bkrf2z -f56W5ExLLyiBerztpkt430HoDmoK13wBr+nzEX8JIeD+KFvlcizUHEM0 -""" - -payload = "Shall I compare the to a summer's day?" - -# Test sign / verify with jwk -jws1 = jose.sign({ "alg":"RS256", "jwk": jwk_pub }, [jwk_priv], payload ) -ver1 = jose.verify(jws1, []) -print jws1 -print -print ver1 -print - -# Test sign / verify with x5c -jws2 = jose.sign({ "alg":"RS256", "x5c": [cert] }, [jwk_priv], payload ) -ver2 = jose.verify(jws1, []) -print jws2 -print -print ver2 -print +import jose +from copy import copy + +jwk_priv = { + "kty": "RSA", + "n":"mXa2x22fO8ASC7K0LySwedBIO-1xs5r1FLCNHgfu0PmuKoYp9S3zsJtTXR2M2GUfxkiz8ST5dCZ4v7GwpgOmX_eGfxR0STARj23KgnoRehg9RAijmPXxi9-1PVHu_oG3ML5uZ05nZBPQJZgqGXvDCQyVw6tyXgKrWmPXb8eILms", + "e":"AQAB", + "d":"P-yeWFYGZRotqifHPHf49tTWsffHS_w5KGQedCrzxKKsdNQr-BArGR6qS_g6Kg19fdfc9I7lRgecdqUqowyUKXAR_CyRNLKcWD2Jy-9yQHZSDZnUvbkW20g-kJ6DDUC0yx-UMbvlQ2GxTKksuNmWnXZS2Z0Dlrs15joGFTr_Rgk" +} +jwk_pub = copy(jwk_priv) +del jwk_pub["d"] + + +cert = """ +MIICBjCCAW+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEN +MAsGA1UEAxMEYXNkZjETMBEGCSqGSIb3DQEJARMEYXNkZjAeFw0xMzA4MjIyMTMx +NTNaFw0xNDA4MjIyMTMxNTNaMDExCzAJBgNVBAYTAlVTMQ0wCwYDVQQDEwRhc2Rm +MRMwEQYJKoZIhvcNAQkBEwRhc2RmMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQCZdrbHbZ87wBILsrQvJLB50Eg77XGzmvUUsI0eB+7Q+a4qhin1LfOwm1NdHYzY +ZR/GSLPxJPl0Jni/sbCmA6Zf94Z/FHRJMBGPbcqCehF6GD1ECKOY9fGL37U9Ue7+ +gbcwvm5nTmdkE9AlmCoZe8MJDJXDq3JeAqtaY9dvx4guawIDAQABoy4wLDAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIC9DAPBgNVHREECDAGgQRhc2RmMA0GCSqGSIb3 +DQEBBQUAA4GBACNbRRnq5utziHBiUAh7z87Mgm9EzsNOz/tYRqbiHYqNpHiYAaCV +0puGCKeB+kU/kIqFI0nQ4aWjZDQmtgPj39oI2EuzL0c+J3ux9NhiE5YIg2Bkrf2z +f56W5ExLLyiBerztpkt430HoDmoK13wBr+nzEX8JIeD+KFvlcizUHEM0 +""" + +payload = "Shall I compare the to a summer's day?" + +# Test sign / verify with jwk +jws1 = jose.sign({ "alg":"RS256", "jwk": jwk_pub }, [jwk_priv], payload ) +ver1 = jose.verify(jws1, []) +print(jws1) +print() +print(ver1) +print() + +# Test sign / verify with x5c +jws2 = jose.sign({ "alg":"RS256", "x5c": [cert] }, [jwk_priv], payload ) +ver2 = jose.verify(jws1, []) +print(jws2) +print() +print(ver2) +print() diff --git a/jose/test/zipcrit.py b/jose/test/zipcrit.py index 186d8b0..4719517 100644 --- a/jose/test/zipcrit.py +++ b/jose/test/zipcrit.py @@ -13,14 +13,14 @@ jwe1 = jose.encrypt(jwe_header, keys, plaintext, protect="*") dec1 = jose.decrypt(jwe1, keys) -print "Compact JWE with compression:" +print("Compact JWE with compression:") #print json.dumps(jwe1, indent=4, sort_keys=True) -print serialize_compact(jwe1) -print +print(serialize_compact(jwe1)) +print() -print "Decrypted, decompressed JWE:" -print dec1 -print +print("Decrypted, decompressed JWE:") +print(dec1) +print() # Criticality test @@ -35,8 +35,8 @@ jws1 = jose.sign(jws_header1, keys, payload) ver1 = jose.verify(jws1, keys) except Exception as e: - print e -print + print(e) +print() # Test 2: Should fail on verify @@ -44,5 +44,5 @@ jws2 = jose.sign(jws_header2, keys, payload) ver2 = jose.verify(jws2, keys) except Exception as e: - print e -print + print(e) +print() diff --git a/jose/util.py b/jose/util.py index ffe4ff8..8473a28 100755 --- a/jose/util.py +++ b/jose/util.py @@ -95,7 +95,7 @@ def splitHeader(header, protect): unprotected header, and the second is the protected. """ if protect == "*": - protect = header.keys() + protect = list(header.keys()) protected = dict([(name, header[name]) \ for name in header if name in protect]) unprotected = dict([(name, header[name]) \ diff --git a/jose/validate/__init__.py b/jose/validate/__init__.py index b508b1f..e1412fb 100644 --- a/jose/validate/__init__.py +++ b/jose/validate/__init__.py @@ -17,8 +17,8 @@ # etc. """ -from unserialized import * -from serialized import * +from .unserialized import * +from .serialized import * ### JOSE general diff --git a/jose/validate/serialized.py b/jose/validate/serialized.py index a61bfa3..931ed60 100644 --- a/jose/validate/serialized.py +++ b/jose/validate/serialized.py @@ -8,7 +8,7 @@ """ from jose.serialize import deserialize_compact, deserialize_JSON, deserialize_msgpack -from unserialized import * +from .unserialized import * ### JSON-serialized