| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- from typing import Type
- from cryptography.hazmat.primitives import serialization
- from cryptography.hazmat.primitives.asymmetric import ed448, ed25519
- from dns.dnssecalgs.cryptography import CryptographyPrivateKey, CryptographyPublicKey
- from dns.dnssectypes import Algorithm
- from dns.rdtypes.ANY.DNSKEY import DNSKEY
- class PublicEDDSA(CryptographyPublicKey):
- def verify(self, signature: bytes, data: bytes) -> None:
- self.key.verify(signature, data)
- def encode_key_bytes(self) -> bytes:
- """Encode a public key per RFC 8080, section 3."""
- return self.key.public_bytes(
- encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw
- )
- @classmethod
- def from_dnskey(cls, key: DNSKEY) -> "PublicEDDSA":
- cls._ensure_algorithm_key_combination(key)
- return cls(
- key=cls.key_cls.from_public_bytes(key.key),
- )
- class PrivateEDDSA(CryptographyPrivateKey):
- public_cls: Type[PublicEDDSA]
- def sign(
- self,
- data: bytes,
- verify: bool = False,
- deterministic: bool = True,
- ) -> bytes:
- """Sign using a private key per RFC 8080, section 4."""
- signature = self.key.sign(data)
- if verify:
- self.public_key().verify(signature, data)
- return signature
- @classmethod
- def generate(cls) -> "PrivateEDDSA":
- return cls(key=cls.key_cls.generate())
- class PublicED25519(PublicEDDSA):
- key: ed25519.Ed25519PublicKey
- key_cls = ed25519.Ed25519PublicKey
- algorithm = Algorithm.ED25519
- class PrivateED25519(PrivateEDDSA):
- key: ed25519.Ed25519PrivateKey
- key_cls = ed25519.Ed25519PrivateKey
- public_cls = PublicED25519
- class PublicED448(PublicEDDSA):
- key: ed448.Ed448PublicKey
- key_cls = ed448.Ed448PublicKey
- algorithm = Algorithm.ED448
- class PrivateED448(PrivateEDDSA):
- key: ed448.Ed448PrivateKey
- key_cls = ed448.Ed448PrivateKey
- public_cls = PublicED448
|
