Python cryptography.hazmat.primitives.hashes 模块，SHA384 实例源码

def __init__(self, curve_class, nist_name):
        self.nist_name = nist_name
        self.key_length = curve_class.key_size

        # Defined in RFC 5656 6.2
        self.key_format_identifier = "ecdsa-sha2-" + self.nist_name

        # Defined in RFC 5656 6.2.1
        if self.key_length <= 256:
            self.hash_object = hashes.SHA256
        elif self.key_length <= 384:
            self.hash_object = hashes.SHA384
        else:
            self.hash_object = hashes.SHA512

        self.curve_class = curve_class

def __init__(self, curve_class, nist_name):
        self.nist_name = nist_name
        self.key_length = curve_class.key_size

        # Defined in RFC 5656 6.2
        self.key_format_identifier = "ecdsa-sha2-" + self.nist_name

        # Defined in RFC 5656 6.2.1
        if self.key_length <= 256:
            self.hash_object = hashes.SHA256
        elif self.key_length <= 384:
            self.hash_object = hashes.SHA384
        else:
            self.hash_object = hashes.SHA512

        self.curve_class = curve_class

def get_default_algorithms():
    """
    Returns the algorithms that are implemented by the library.
    """
    default_algorithms = {
        'none': NoneAlgorithm(),
        'HS256': HMACAlgorithm(HMACAlgorithm.SHA256),
        'HS384': HMACAlgorithm(HMACAlgorithm.SHA384),
        'HS512': HMACAlgorithm(HMACAlgorithm.SHA512)
    }

    if has_crypto:
        default_algorithms.update({
            'RS256': RSAAlgorithm(RSAAlgorithm.SHA256),
            'RS384': RSAAlgorithm(RSAAlgorithm.SHA384),
            'RS512': RSAAlgorithm(RSAAlgorithm.SHA512),
            'ES256': ECAlgorithm(ECAlgorithm.SHA256),
            'ES384': ECAlgorithm(ECAlgorithm.SHA384),
            'ES512': ECAlgorithm(ECAlgorithm.SHA512),
            'PS256': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
            'PS384': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
            'PS512': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512)
        })

    return default_algorithms

def __init__(self, curve_class, nist_name):
        self.nist_name = nist_name
        self.key_length = curve_class.key_size

        # Defined in RFC 5656 6.2
        self.key_format_identifier = "ecdsa-sha2-" + self.nist_name

        # Defined in RFC 5656 6.2.1
        if self.key_length <= 256:
            self.hash_object = hashes.SHA256
        elif self.key_length <= 384:
            self.hash_object = hashes.SHA384
        else:
            self.hash_object = hashes.SHA512

        self.curve_class = curve_class

def __init__(self, curve_class, nist_name):
        self.nist_name = nist_name
        self.key_length = curve_class.key_size

        # Defined in RFC 5656 6.2
        self.key_format_identifier = "ecdsa-sha2-" + self.nist_name

        # Defined in RFC 5656 6.2.1
        if self.key_length <= 256:
            self.hash_object = hashes.SHA256
        elif self.key_length <= 384:
            self.hash_object = hashes.SHA384
        else:
            self.hash_object = hashes.SHA512

        self.curve_class = curve_class

def __init__(self, security_level=CURVE_P_256_Size, hash_algorithm=SHA2):
        """ Init curve and hash function.

        :param security_level: security level
        :param hash_algorithm: hash function
        """
        if security_level == CURVE_P_256_Size:
            # order = openssl.backend._lib.BN_new()
            # curve = openssl.backend._lib.EC_GROUP_new_by_curve_name(
            #     openssl.backend._lib.NID_X9_62_prime256v1)
            # openssl.backend._lib.EC_GROUP_get_order(
            #     curve, order, openssl.backend._ffi.NULL)
            self.order = int("115792089210356248762697446949407573529"
                             "996955224135760342422259061068512044369")
            self.half_order = self.order >> 1
            self.curve = ec.SECP256R1
            self.sign_hash_algorithm = hashes.SHA256()
        else:
            # order = openssl.backend._lib.BN_new()
            # curve = openssl.backend._lib.EC_GROUP_new_by_curve_name(
            #     openssl.backend._lib.NID_secp384r1)
            # openssl.backend._lib.EC_GROUP_get_order(
            #     curve, order, openssl.backend._ffi.NULL)
            self.order = int("39402006196394479212279040100"
                             "14361380507973927046544666794"
                             "69052796276593991132635693989"
                             "56308152294913554433653942643")
            self.half_order = self.order >> 1
            self.curve = ec.SECP384R1
            self.sign_hash_algorithm = hashes.SHA384()

        if hash_algorithm == SHA2:
            self._hash = hashlib.sha256
        elif hash_algorithm == SHA3 and security_level == CURVE_P_256_Size:
            self._hash = hashlib.sha3_256
        else:
            self._hash = hashlib.sha3_384

def _oaep_hash_supported(self, algorithm):
        if self._lib.Cryptography_HAS_RSA_OAEP_MD:
            return isinstance(
                algorithm, (
                    hashes.SHA1,
                    hashes.SHA224,
                    hashes.SHA256,
                    hashes.SHA384,
                    hashes.SHA512,
                )
            )
        else:
            return isinstance(algorithm, hashes.SHA1)

def hash_func(self):
        return {
            self.MD5: hashes.MD5,
            self.SHA1: hashes.SHA1,
            self.SHA224: hashes.SHA224,
            self.SHA256: hashes.SHA256,
            self.SHA384: hashes.SHA384,
            self.SHA512: hashes.SHA512,
        }[self]

def rsa_pkcs1v15_signature_algorithm_for_hash_id(hash_id):
    signature_algorithms = {
        HashID.SHA512: RS512,
        HashID.SHA384: RS384,
    }
    return signature_algorithms.get(hash_id, RS256)

def get_default_algorithms():
    """
    Returns the algorithms that are implemented by the library.
    """
    default_algorithms = {
        'none': NoneAlgorithm(),
        'HS256': HMACAlgorithm(HMACAlgorithm.SHA256),
        'HS384': HMACAlgorithm(HMACAlgorithm.SHA384),
        'HS512': HMACAlgorithm(HMACAlgorithm.SHA512)
    }

    if has_crypto:
        default_algorithms.update({
            'RS256': RSAAlgorithm(RSAAlgorithm.SHA256),
            'RS384': RSAAlgorithm(RSAAlgorithm.SHA384),
            'RS512': RSAAlgorithm(RSAAlgorithm.SHA512),
            'ES256': ECAlgorithm(ECAlgorithm.SHA256),
            'ES384': ECAlgorithm(ECAlgorithm.SHA384),
            'ES521': ECAlgorithm(ECAlgorithm.SHA512),
            'ES512': ECAlgorithm(ECAlgorithm.SHA512),  # Backward compat for #219 fix
            'PS256': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
            'PS384': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
            'PS512': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512)
        })

    return default_algorithms

def __init__(self):
        """
        Construct a CryptographyEngine.
        """
        self.logger = logging.getLogger('kmip.server.engine.cryptography')

        self._symmetric_key_algorithms = {
            enums.CryptographicAlgorithm.TRIPLE_DES: algorithms.TripleDES,
            enums.CryptographicAlgorithm.AES: algorithms.AES,
            enums.CryptographicAlgorithm.BLOWFISH: algorithms.Blowfish,
            enums.CryptographicAlgorithm.CAMELLIA: algorithms.Camellia,
            enums.CryptographicAlgorithm.CAST5: algorithms.CAST5,
            enums.CryptographicAlgorithm.IDEA: algorithms.IDEA,
            enums.CryptographicAlgorithm.RC4: algorithms.ARC4
        }
        self._asymetric_key_algorithms = {
            enums.CryptographicAlgorithm.RSA: self._create_rsa_key_pair
        }
        self._hash_algorithms = {
            enums.CryptographicAlgorithm.HMAC_SHA1: hashes.SHA1,
            enums.CryptographicAlgorithm.HMAC_SHA224: hashes.SHA224,
            enums.CryptographicAlgorithm.HMAC_SHA256: hashes.SHA256,
            enums.CryptographicAlgorithm.HMAC_SHA384: hashes.SHA384,
            enums.CryptographicAlgorithm.HMAC_SHA512: hashes.SHA512,
            enums.CryptographicAlgorithm.HMAC_MD5: hashes.MD5
        }

def _oaep_hash_supported(self, algorithm):
        if self._lib.Cryptography_HAS_RSA_OAEP_MD:
            return isinstance(
                algorithm, (
                    hashes.SHA1,
                    hashes.SHA224,
                    hashes.SHA256,
                    hashes.SHA384,
                    hashes.SHA512,
                )
            )
        else:
            return isinstance(algorithm, hashes.SHA1)

def get_default_algorithms():
    """
    Returns the algorithms that are implemented by the library.
    """
    default_algorithms = {
        'none': NoneAlgorithm(),
        'HS256': HMACAlgorithm(HMACAlgorithm.SHA256),
        'HS384': HMACAlgorithm(HMACAlgorithm.SHA384),
        'HS512': HMACAlgorithm(HMACAlgorithm.SHA512)
    }

    if has_crypto:
        default_algorithms.update({
            'RS256': RSAAlgorithm(RSAAlgorithm.SHA256),
            'RS384': RSAAlgorithm(RSAAlgorithm.SHA384),
            'RS512': RSAAlgorithm(RSAAlgorithm.SHA512),
            'ES256': ECAlgorithm(ECAlgorithm.SHA256),
            'ES384': ECAlgorithm(ECAlgorithm.SHA384),
            'ES521': ECAlgorithm(ECAlgorithm.SHA512),
            'ES512': ECAlgorithm(ECAlgorithm.SHA512),  # Backward compat for #219 fix
            'PS256': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256),
            'PS384': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA384),
            'PS512': RSAPSSAlgorithm(RSAPSSAlgorithm.SHA512)
        })

    return default_algorithms

def _oaep_hash_supported(self, algorithm):
        if self._lib.Cryptography_HAS_RSA_OAEP_MD:
            return isinstance(
                algorithm, (
                    hashes.SHA1,
                    hashes.SHA224,
                    hashes.SHA256,
                    hashes.SHA384,
                    hashes.SHA512,
                )
            )
        else:
            return isinstance(algorithm, hashes.SHA1)

def _oaep_hash_supported(self, algorithm):
        if self._lib.Cryptography_HAS_RSA_OAEP_MD:
            return isinstance(
                algorithm, (
                    hashes.SHA1,
                    hashes.SHA224,
                    hashes.SHA256,
                    hashes.SHA384,
                    hashes.SHA512,
                )
            )
        else:
            return isinstance(algorithm, hashes.SHA1)

def jws_encapsulate(key,
                    header,
                    payload,
                    digest=hashes.SHA256,
                    padder=asymmetric.padding.PKCS1v15):
    if digest == hashes.SHA256:
        suffix = '256'
    elif digest == hashes.SHA384:
        suffix = '384'
    elif digest == hashes.SHA512:
        suffix = '512'
    else:
        raise ValueError('RFC 7518 non-compliant digest: ' + digest)

    if isinstance(key, bytes):
        algorithm = 'HS' + suffix
        signer = hmac.HMAC(key, digest(), backend)
    elif isinstance(key, ec.EllipticCurvePrivateKey):
        algorithm = 'ES' + suffix
        signer = key.signer(ec.ECDSA(digest()))
    elif isinstance(key, rsa.RSAPrivateKey):
        if padder == asymmetric.padding.PSS:
            algorithm = 'PS' + suffix
            signer = key.signer(padder(padding.MGF1(digest()),
                                       padder.MAX_LENGTH).
                                digest())
        elif padder == asymmetric.padding.PKCS1v15:
            algorithm = 'RS' + suffix
            signer = key.signer(padder(), digest())
        else:
            raise ValueError('RFC 7518 non-compliant padding: ' + \
                             str(type(padder)))
    else:
        raise ValueError('RFC 7518 non-compliant key: ' + str(type(key)))

    pubkey = key_to_pubkey(key)

    header['alg'] = algorithm
    header['jwk'] = pubkey_to_jwk(pubkey)

    protected = jws_safe_obj(header)
    payload   = jws_safe_obj(payload)
    signer.update(protected + b'.' + payload)
    signature = acme_safe_b64_encode(signer.finalize())

    return json.dumps({
        'protected': protected.decode('ascii'),
        'payload':   payload.decode('ascii'),
        'signature': signature.decode('ascii'),
    }).encode('ascii')