Bd\Rc@sdZddlmZdZddgZddlTejddkreejd d kreddlTndd l Z dd l m Z m Z m Z dd lmZddd YZdZdZdZd d dZd S(sRSA digital signature protocol with appendix according to PKCS#1 PSS. See RFC3447__ or the `original RSA Labs specification`__. This scheme is more properly called ``RSASSA-PSS``. For example, a sender may authenticate a message using SHA-1 and PSS like this: >>> from Crypto.Signature import PKCS1_PSS >>> from Crypto.Hash import SHA >>> from Crypto.PublicKey import RSA >>> from Crypto import Random >>> >>> message = 'To be signed' >>> key = RSA.importKey(open('privkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> signer = PKCS1_PSS.new(key) >>> signature = PKCS1_PSS.sign(key) At the receiver side, verification can be done like using the public part of the RSA key: >>> key = RSA.importKey(open('pubkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> verifier = PKCS1_PSS.new(key) >>> if verifier.verify(h, signature): >>> print "The signature is authentic." >>> else: >>> print "The signature is not authentic." :undocumented: __revision__, __package__ .. __: http://www.ietf.org/rfc/rfc3447.txt .. __: http://www.rsa.com/rsalabs/node.asp?id=2125 i(t nested_scopess$Id$tnewt PSS_SigScheme(t*iiiN(t ceil_shifttceil_divt long_to_bytes(tstrxorcBs2eZdZdZdZdZdZRS(sKThis signature scheme can perform PKCS#1 PSS RSA signature or verification.cCs||_||_||_dS(s!Initialize this PKCS#1 PSS signature scheme object. :Parameters: key : an RSA key object If a private half is given, both signature and verification are possible. If a public half is given, only verification is possible. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. saltLen : int Length of the salt, in bytes. N(t_keyt_saltLent_mgfunc(tselftkeytmgfunctsaltLen((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt__init__Os  cCs |jjS(sCReturn True if this cipher object can be used for signing messages.(Rt has_private(R ((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytcan_sign`sc s|jj}|jdkr'j}n |j}|jrE|j}nfd}tjjj |jj }t |d}t |d|||}|jj |}td|t||} | S(sBProduce the PKCS#1 PSS signature of a message. This function is named ``RSASSA-PSS-SIGN``, and is specified in section 8.1.1 of RFC3447. :Parameters: mhash : hash object The hash that was carried out over the message. This is an object belonging to the `Crypto.Hash` module. :Return: The PSS signature encoded as a string. :Raise ValueError: If the RSA key length is not sufficiently long to deal with the given hash algorithm. :Raise TypeError: If the RSA key has no private half. :attention: Modify the salt length and the mask generation function only if you know what you are doing. The receiver must use the same parameters too. cst||S(N(tMGF1(txty(tmhash(s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytsiiiN(Rt _randfuncR tNonet digest_sizeR tCryptotUtiltnumbertsizetnRtEMSA_PSS_ENCODEtdecrypttbchrtlen( R RtrandfunctsLentmgftmodBitstktemtmtS((Rs@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytsignds     c s |jdkrj}n |j}|jr9|j}nfd}tjjj|jj }t |d}t ||krt S|jj |dd}t |dd}td|t ||}y t||d||} Wntk rt SX| S(sVerify that a certain PKCS#1 PSS signature is authentic. This function checks if the party holding the private half of the given RSA key has really signed the message. This function is called ``RSASSA-PSS-VERIFY``, and is specified in section 8.1.2 of RFC3447. :Parameters: mhash : hash object The hash that was carried out over the message. This is an object belonging to the `Crypto.Hash` module. S : string The signature that needs to be validated. :Return: True if verification is correct. False otherwise. cst||S(N(R(RR(R(s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRsiiiN(R RRR RRRRRRRR"tFalsetencryptR!tEMSA_PSS_VERIFYt ValueError( R RR*R$R%R&R'R(temLentresult((Rs@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytverifys$      (t__name__t __module__t__doc__RRR+R2(((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRLs    0cCsctd}xLtt||jD]2}t|d}||j||j}q%W|| S(s,Mask Generation Function, described in B.2.1ti(tbtxrangeRRRRtdigest(tmgfSeedtmaskLenthashtTtcountertc((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRs  !cCsYt|d}d}x*td||D]}|d?dB}q*W||j|dkrhtdntd}|r|dkr||}n|jtdd|j|} td|||jdtd|} || j||jd} t| | } tt | d|@| d} | | jtd} | S( s% Implement the ``EMSA-PSS-ENCODE`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.1). The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message being signed. emBits : int Maximum length of the final encoding, in bits. randFunc : callable An RNG function that accepts as only parameter an int, and returns a string of random bytes, to be used as salt. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: An ``emLen`` byte long string that encodes the hash (with ``emLen = \ceil(emBits/8)``). :Raise ValueError: When digest or salt length are too big. iiiiis6Digest or salt length are too long for given key size.R6i( RR8RR/R7RR!R9Rtbord(RtemBitstrandFuncR%R$R0tlmasktitsaltthtdbtdbMasktmaskedDBR(((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRs  '- #cCst|d}d}x*td||D]}|d?dB}q*W||j|dkr]tSt|ddkrwtS|||jd }|||jdd!} |t|d@rtS|| ||jd} t|| } tt| d|@| d} | jtd||j|dtds>tSt d} |r^| | } n|j tdd|j | j } | | krtSt S( s Implement the ``EMSA-PSS-VERIFY`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.2). ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message to be verified. em : string The signature to verify, therefore proving that the sender really signed the message that was received. emBits : int Length of the final encoding (em), in bits. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: 0 if the encoding is consistent, 1 if it is inconsistent. :Raise ValueError: When digest or salt length are too big. iiiiiiiR6( RR8RR,tordR@RR!t startswithR7RR9tTrue(RR(RAR%R$R0RCRDRIRFRHRGREthp((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR. s0#2 - cCst|||S(sReturn a signature scheme object `PSS_SigScheme` that can be used to perform PKCS#1 PSS signature or verification. :Parameters: key : RSA key object The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object. Signing is only possible if *key* is a private RSA key. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. If not specified, the standard MGF1 is used. saltLen : int Length of the salt, in bytes. If not specified, it matches the output size of the hash function. (R(R R R((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRQs((R5t __future__Rt __revision__t__all__tCrypto.Util.py3compattsyst version_infotCrypto.Util.py21compattCrypto.Util.numberRRRRtCrypto.Util.strxorRRRRR.RR(((s@/usr/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt<s  &  } ; D