Authentication

QOSST core module for authentication. Contains the BaseAuthenticator class along with some implementations.

Base

Basic Authenticator classes.

class qosst_core.authentication.base.BaseAuthenticator

The abstract class for Authenticators.

abstract sign_digest(digest: bytes) bytes

Sign a digest.

Parameters:

digest (bytes) – digest to sign.

Returns:

the signed digest.

Return type:

bytes

abstract check_digest(digest: bytes, signed_digest: bytes) bool

Check a signed digest.

Parameters:

  • digest (bytes) – the unsigned digest.

  • signed_digest (bytes) – the signed digest.

Returns:

True if the verification is successful, False, otherwise.

Return type:

bool

class qosst_core.authentication.base.NoneAuthenticator

Class for no Authentication.

sign_digest(digest: bytes) bytes

Sign a digest using the identity function

Parameters:

digest (bytes) – the digest to sign.

Returns:

the signed digest.

Return type:

bytes

check_digest(digest: bytes, signed_digest: bytes) bool

Check the digest against itself (identity).

Parameters:

  • digest (bytes) – the unsigned digest.

  • signed_digest (bytes) – the signed digest.

Returns:

True if the two digits are equal, False otherwise.

Return type:

bool

Falcon

Class for authentication using the Falcon algorithm (PQC)

class qosst_core.authentication.falcon.FalconAuthenticator(secret_key: List[List[int]], remote_public_key: List[int])

Class for the Falcon Authenticator.

Parameters:

  • secret_key (List[List[int]]) – secret key (to sign digests).

  • remote_public_key (List[int]) – public key of the remote party (to check digests).

sign_digest(digest: bytes) bytes

Sign a digest using the secret_key.

Parameters:

digest (bytes) – digest to sign.

Returns:

the signed digest.

Return type:

bytes

check_digest(digest: bytes, signed_digest: bytes) bool

Check a signed digest again the remote_public_key.

Parameters:

  • digest (bytes) – the unsigned digest.

  • signed_digest (bytes) – the signed digest.

Returns:

True if the verification is successful, False otherwise.

Return type:

bool

static generate_keys(size: int = 512, directory: str = 'keys', secret_key_name: str = 'secret_key.json', public_key_name: str = 'public_key.json', force=False) bool

Generate a new key-pair.

Parameters:

  • size (int, optional) – size of the key. Defaults to 512.

  • directory (str, optional) – directory where to save the key. Defaults to “keys”.

  • secret_key_name (str, optional) – name of the secret key file. Defaults to “secret_key.json”.

  • public_key_name (str, optional) – name of the public key file. Defaults to “public_key.json”.

  • force (bool, optional) – if True, the script will overwrite pre-existing keys. Defaults to False.

Returns:

True if the generation was successful, False otherwise.

Return type:

bool