Signature Schemes¶

class siotls.crypto.signature_schemes.TLSSignatureScheme¶

Abstract base class and registry for siotls.iana.SignatureScheme.

classmethod for_key_algo(asn1_key_algo)¶

Find the (potentialyl many) TLSSignatureScheme that correspond to the given public or private key algorithm.

The list can me empty if no signature scheme is installed for the given key algorithm.

The list can holds multiple values, shall a single key algorithm be compatible with many signature schemes (usually the case for RSA).

Parameters:: asn1_key_algo (PrivateKeyAlgorithm | PublicKeyAlgorithm) – The algorithm field of a public or private key.
Return type:: A list of concrete TLSSignatureScheme.

classmethod for_signature_algo(asn1_signature_algo)¶

Find the TLSSignatureScheme that can verify a certificate.

Parameters:: asn1_signature_algo (SignedDigestAlgorithm) – the signatureAlgorithm field of a certificate.
Return type:: A concrete TLSSignatureScheme.

classmethod install(*, duplicate='raise')¶

Install this signature scheme in the registry.

Called by siotls.crypto.install() which is the preferred way of installing signature schemes.

class siotls.crypto.signature_schemes.ISign¶

Interface that must be implemented by every concrete signature scheme.

abstractmethod __init__(*, public_key=None, private_key=None)¶

Initialize a new scheme with either a public key, a private key or both.

Parameters:

public_key (DerPublicKey | None) – a DER-encoded SubjectPublicKeyInfo ASN.1 type, or None. Usually the public key of the peer.
private_key (DerPrivateKey | None) – a DER-encoded PrivateKeyInfo ASN.1 type, or None. Usually our private key.

Raises:

SignatureKeyError – When any of the key is invalid.

abstractmethod sign(message)¶

Sign a message using the private key.

Parameters:: message (bytes) – The message to sign.
Returns:: A signature. Each algorithm has its own way of serializing it. RSA and EdDSA generate a single value. ECDSA generates two values that are stored in a DER-encoded Dss-Sig-Value ASN.1 type.
Raises:: SignatureSignError – When is was not possible to produce a signature.
Return type:: bytes

abstractmethod verify(signature, message)¶

Verify a signature using the public key.

Parameters:

signature (bytes) – The signature of the message.
message (bytes) – The message that is signed.

Raises:

SignatureVerifyError – When the signature doesn’t match.

Return type:

None

class siotls.crypto.signature_schemes.SignatureKeyError¶: A private key or public key is invalid.

class siotls.crypto.signature_schemes.SignatureSignError¶: There was a problem signing a message.

class siotls.crypto.signature_schemes.SignatureVerifyError¶: The signature doesn’t match.

Backend¶

class siotls.crypto.signature_schemes.RsaPkcs1Sha256Mixin¶

Mixin for RSASSA PKCS1 v1.5 with a SHA256 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pkcs1_sha256.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPkcs1Sha384Mixin¶

Mixin for RSASSA PKCS1 v1.5 with a SHA384 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pkcs1_sha384.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPkcs1Sha512Mixin¶

Mixin for RSASSA PKCS1 v1.5 with a SHA512 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pkcs1_sha512.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPssRsaeSha256Mixin¶

Mixin for RSASSA PSS with a rsaEncryption public key OID and a SHA256 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pss_rsae_sha256.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPssRsaeSha384Mixin¶

Mixin for RSASSA PSS with a rsaEncryption public key OID and a SHA384 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pss_rsae_sha384.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPssRsaeSha512Mixin¶

Mixin for RSASSA PSS with a rsaEncryption public key OID and a SHA512 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pss_rsae_sha512.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPssPssSha256Mixin¶

Mixin for RSASSA PSS with a RSASSA-PSS public key OID and a SHA256 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pss_rsae_sha256.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPssPssSha384Mixin¶

Mixin for RSASSA PSS with a RSASSA-PSS public key OID and a SHA384 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pss_rsae_sha384.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.RsaPssPssSha512Mixin¶

Mixin for RSASSA PSS with a RSASSA-PSS public key OID and a SHA512 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to rsa_pss_rsae_sha512.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.EcdsaSecp256r1Sha256Mixin¶

Mixin for ECDSA SEC P-256 R1 with a SHA256 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to ecdsa_secp256r1_sha256.

Specifically, this mixin has values for: iana_id, sign_oid, pubkey_oid, and curve_oid.

class siotls.crypto.signature_schemes.EcdsaSecp384r1Sha384Mixin¶

Mixin for ECDSA SEC P-384 R1 with a SHA384 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to ecdsa_secp384r1_sha384.

Specifically, this mixin has values for: iana_id, sign_oid, pubkey_oid, and curve_oid.

class siotls.crypto.signature_schemes.EcdsaSecp521r1Sha512Mixin¶

Mixin for ECDSA SEC P-521 R1 with a SHA512 digest.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to ecdsa_secp521r1_sha512.

Specifically, this mixin has values for: iana_id, sign_oid, pubkey_oid, and curve_oid.

class siotls.crypto.signature_schemes.Ed25519Mixin¶

Mixin for Ed25519.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to ed25519.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.

class siotls.crypto.signature_schemes.Ed448Mixin¶

Mixin for Ed448.

This mixin can be inherited by crypto backends to feed all the attributes required by TLSSignatureScheme that are specific to ed448.

Specifically, this mixin has values for: iana_id, sign_oid, and pubkey_oid.