Skip to content

feat: Use cryptography package and verify certificate signatures #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sylvainpelissier wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Use cryptography package and verify certificate signatures #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions readme.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,9 @@ TODO

* Full certificate chain verification

* Automatic chain lookup and updates (for now, this is lazy and
there is a copy of public keychains in package).
* Verify revocation lists

* Verify certificate validity time

License
=======
Expand Down
2 changes: 1 addition & 1 deletion samples/exemple-attestation-vaccination-certifiee.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DC04FR0000011E6D1E6DL101FRL0DUPONTL1PAULL201011951L3COVID-19L4J07BX03L5PFIZER/BIONTECH - COMIRNATYL6PFIZER/BIONTECH - COMIRNATYL72L82L930042021LATECQW65D5MKNORNP2ZZJQECTCZAMG7H2ZTV35Z3PWPKJBM3DTA3YMBOD53OIEIXDD4WRSS46M7TG5EUWDVBEDLHAF7WTGU3GCTMHWRANQ
DC04FR0000011E6D1E6DL101FRL0DUPONTL1PAULL201011951L3COVID-19L4J07BX03L5PFIZER/BIONTECH - COMIRNATYL6PFIZER/BIONTECH - COMIRNATYL72L82L930042021LATECQW65D5MKNORNP2ZZJQECTCZAMG7H2ZTV35Z3PWPKJBM3DTA3YMBOD53OIEIXDD4WRSS46M7TG5EUWDVBEDLHAF7WTGU3GCTMHWRANQ
2 changes: 1 addition & 1 deletion ...s/kit-deploiement_dispositif_de_controle_sanitaire_evenementiel/vaccine-invalid-cycle.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DC04FR03AV011E6A1E6AL101FRL0THEOULE SUR MERL1JEAN PIERREL231051962L3COVID-19L4J07BX03L5COMIRNATY PFIZER/BIONTECHL6COMIRNATY PFIZER/BIONTECHL71L82L901032021LACOJQQOXUNIHI3JIQJIWNZ6LIZUB5PDMI46BBNQVDYJU3QLXI647IH3DML3UC5GJNIOPDLPDWNALTKUKMA5O7FZW5GLJCB2T7IDVRDPQSY
DC04FR03AV011E6A1E6AL101FRL0THEOULE SUR MERL1JEAN PIERREL231051962L3COVID-19L4J07BX03L5COMIRNATY PFIZER/BIONTECHL6COMIRNATY PFIZER/BIONTECHL71L82L901032021LACOJQQOXUNIHI3JIQJIWNZ6LIZUB5PDMI46BBNQVDYJU3QLXI647IH3DML3UC5GJNIOPDLPDWNALTKUKMA5O7FZW5GLJCB2T7IDVRDPQSY
2 changes: 1 addition & 1 deletion ...es/kit-deploiement_dispositif_de_controle_sanitaire_evenementiel/vaccine-invalid-test.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DC04FR03AHP11E5C1E5CB201FRF0F1SPECIMEN NOMF201012000F3MF43333F5XF6120420210800QEGUIDRKTYXUX7BVG5HQ6U3SOCLJSMRWXFVMLSQHPHT3XJCRKIFALVLWWHUIBHRBERKKY3MAOGM6CPMOQXPY2WIKWVJEHSAUUOKIGJY
DC04FR03AHP11E5C1E5CB201FRF0F1SPECIMEN NOMF201012000F3MF43333F5XF6120420210800QEGUIDRKTYXUX7BVG5HQ6U3SOCLJSMRWXFVMLSQHPHT3XJCRKIFALVLWWHUIBHRBERKKY3MAOGM6CPMOQXPY2WIKWVJEHSAUUOKIGJY
2 changes: 1 addition & 1 deletion samples/kit-deploiement_dispositif_de_controle_sanitaire_evenementiel/vaccine-valid.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DC04FR03AV011E6A1E6AL101FRL0AZAY LE RIDEAUL1JEAN-PIERREL204081952L3COVID-19L4J07BX03L5COMIRNATY PFIZER/BIONTECHL6COMIRNATY PFIZER/BIONTECHL72L82L931032021LATE53QFM66P34HCD24I46HH2XGIV5OXWQ2UR5DW5ZCQBLE4ME5WOPTR4S6MDYGYMRGFCRNFZHN26NA2KAJDNERKKGV4FSPCO6OLPTFELJQ
DC04FR03AV011E6A1E6AL101FRL0AZAY LE RIDEAUL1JEAN-PIERREL204081952L3COVID-19L4J07BX03L5COMIRNATY PFIZER/BIONTECHL6COMIRNATY PFIZER/BIONTECHL72L82L931032021LATE53QFM66P34HCD24I46HH2XGIV5OXWQ2UR5DW5ZCQBLE4ME5WOPTR4S6MDYGYMRGFCRNFZHN26NA2KAJDNERKKGV4FSPCO6OLPTFELJQ
6 changes: 4 additions & 2 deletions setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,15 @@
"Programming Language :: Python",
],
package_data = {
'tdd': ['chains/*.der'],
'tdd': ['chains/*.der', 'chains/tsl_signed.xml'],
},
include_package_data = True,
use_2to3 = False,
packages = find_packages(),
install_requires = [
"pycryptodome",
"cryptography",
"lxml",
"requests"
],
dependency_links=[
],
Expand Down
0 tdd/chains/FR00.der → tdd/chains/FR000001.der
View file
Open in desktop
File renamed without changes.
Binary file removed tdd/chains/FR01.der
View file
Open in desktop
Binary file not shown.
Empty file removed tdd/chains/FR02.der
View file
Open in desktop
Empty file.
Binary file removed tdd/chains/FR03.der
View file
Open in desktop
Binary file not shown.
Binary file removed tdd/chains/FR04.der
View file
Open in desktop
Binary file not shown.
Binary file removed tdd/chains/FR05.der
View file
Open in desktop
Binary file not shown.
18 changes: 0 additions & 18 deletions tdd/chains/Makefile
View file
Open in desktop

This file was deleted.

126 changes: 120 additions & 6 deletions tdd/chains/tsl_signed.xml
View file
Open in desktop

Large diffs are not rendered by default.

12 changes: 10 additions & 2 deletions tdd/doc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
from .header import Header
from .message import C40Message
from base64 import b32decode
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric.utils import encode_dss_signature

__doc__ = """
Documentation representation.
Expand Down Expand Up @@ -41,7 +44,12 @@ def from_code(cls, doc):
def signature_is_valid(self, keychain):
"""
Check signature against given keychain. If key is not
available, KeyError is raised.
available, InvalidSignature is raised.
"""
cert = keychain.lookup(self.header.ca_id, self.header.cert_id)
return cert.pubkey.signature_is_valid(self.signed_data, self.signature)
r = int.from_bytes(self.signature[:32], "big")
s = int.from_bytes(self.signature[32:], "big")
signature = encode_dss_signature(r, s)
cert.public_key().verify(signature, self.signed_data, ec.ECDSA(hashes.SHA256()))
return True

Loading