作者:useide
项目:notar
func (alg *RsaPssUsingSha) Verify(securedInput, signature []byte, key interface{}) error {
if pubKey, ok := key.(*rsa.PublicKey); ok {
return rsa.VerifyPSS(pubKey, hashFunc(alg.keySizeBits), sha(alg.keySizeBits, securedInput), signature, &rsa.PSSOptions{SaltLength: alg.saltSizeBytes})
}
return errors.New("RsaPssUsingSha.Verify(): expects key to be '*rsa.PublicKey'")
}
作者:CadeLaRe
项目:traffic_contro
// Implements the Verify method from SigningMethod
// For this verify method, key must be an rsa.PublicKey struct
func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interface{}) error {
var err error
// Decode the signature
var sig []byte
if sig, err = DecodeSegment(signature); err != nil {
return err
}
var rsaKey *rsa.PublicKey
switch k := key.(type) {
case *rsa.PublicKey:
rsaKey = k
default:
return ErrInvalidKey
}
// Create hasher
if !m.Hash.Available() {
return ErrHashUnavailable
}
hasher := m.Hash.New()
hasher.Write([]byte(signingString))
return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, m.Options)
}
作者:aw
项目:amazon-ssm-agen
//VerifySignature verifies the signature of a message
func (rsaKey *RsaKey) VerifySignature(message string, signature string) (err error) {
hashAlgorithm := crypto.SHA256
if rsaKey.privateKey == nil {
err = errors.New("privateKey is nil")
return
}
messageBytes := bytes.NewBufferString(message)
//hash
pssh := hashAlgorithm.New()
pssh.Write(messageBytes.Bytes())
messageHash := pssh.Sum(nil)
var signatureBytes []byte
signatureBytes, err = base64.StdEncoding.DecodeString(signature)
if err != nil {
return
}
//Verify signature
var opts rsa.PSSOptions
opts.SaltLength = rsa.PSSSaltLengthAuto
err = rsa.VerifyPSS(&rsaKey.privateKey.PublicKey, hashAlgorithm, messageHash, signatureBytes, &opts)
return
}
作者:nicnys-
项目:md
func verify(pub *rsa.PublicKey, msg string, signature string) (err error) {
sig, _ := decodeBase64(signature)
h := sha256.New()
h.Write([]byte(msg))
d := h.Sum(nil)
return rsa.VerifyPSS(pub, crypto.SHA256, d, sig, nil)
}
作者:ossr
项目:go-oryx-li
// Verify the given payload
func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
var hash crypto.Hash
switch alg {
case RS256, PS256:
hash = crypto.SHA256
case RS384, PS384:
hash = crypto.SHA384
case RS512, PS512:
hash = crypto.SHA512
default:
return ErrUnsupportedAlgorithm
}
hasher := hash.New()
// According to documentation, Write() on hash never fails
_, _ = hasher.Write(payload)
hashed := hasher.Sum(nil)
switch alg {
case RS256, RS384, RS512:
return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature)
case PS256, PS384, PS512:
return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil)
}
return ErrUnsupportedAlgorithm
}
作者:andrefreita
项目:jos
// Verify implements the Verify method from SigningMethod.
// For this verify method, key must be an *rsa.PublicKey.
func (m *SigningMethodRSAPSS) Verify(raw []byte, signature Signature, key interface{}) error {
rsaKey, ok := key.(*rsa.PublicKey)
if !ok {
return ErrInvalidKey
}
return rsa.VerifyPSS(rsaKey, m.Hash, m.sum(raw), signature, m.Options)
}
作者:omarqaz
项目:logistic
func ValidateSignatureForMessage(msg string, sig []byte, pub *rsa.PublicKey) (err error) {
hashFunction := sha256.New()
io.WriteString(hashFunction, msg)
hashSum := hashFunction.Sum(nil)
err = rsa.VerifyPSS(pub, crypto.SHA256, hashSum, sig, nil)
return
}
作者:hyperledge
项目:fabri
func BenchmarkRsaVerify(b *testing.B) {
key, _ := rsa.GenerateKey(rand.Reader, 2048)
val := sha256.Sum256(make([]byte, 32, 32))
sig, _ := rsa.SignPSS(rand.Reader, key, crypto.SHA256, val[:], nil)
b.ResetTimer()
for i := 0; i < b.N; i++ {
rsa.VerifyPSS(&key.PublicKey, crypto.SHA256, val[:], sig, nil)
}
}
作者:onedat
项目:helper
func (r *rsaPSSSigner) verifyMessage(key crypto.PublicKey, msg, sig []byte) error {
rsaKey, ok := key.(*rsa.PublicKey)
if !ok {
return errors.New("invalid key type for RSA-PSS")
}
h := r.hash.New()
h.Write(msg)
return rsa.VerifyPSS(rsaKey, r.hash, h.Sum(nil), sig, &pssOptions)
}
作者:imgem
项目:WeTub
func VerifyMessage(pmsg PeerMessage) error {
if pmsg.Body.Action != "NewPeer" {
newhash := crypto.SHA1
peer_pbkey := myPeerKeys.m[pmsg.Addr]
err := rsa.VerifyPSS(&peer_pbkey, newhash, pmsg.Hashed, pmsg.Sig, nil)
return err
} else {
return nil
}
}
作者:golang-devop
项目:go-psexe
func VerifySenderMessage(senderPublicKey *rsa.PublicKey, plainText, signature []byte) error {
pssh := newhash.New()
_, err := pssh.Write(plainText)
if err != nil {
return err
}
hashed := pssh.Sum(nil)
return rsa.VerifyPSS(senderPublicKey, newhash, hashed, signature, opts)
}
作者:RichardScother
项目:notar
func verifyPSS(key interface{}, digest, sig []byte) error {
rsaPub, ok := key.(*rsa.PublicKey)
if !ok {
logrus.Infof("value was not an RSA public key")
return ErrInvalid
}
opts := rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}
if err := rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
logrus.Infof("failed RSAPSS verification: %s", err)
return ErrInvalid
}
return nil
}
作者:kiso
项目:gosf20140
func main() {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
checkFatal(err)
message := []byte("Binding contractual agreement...")
h := sha256.New()
h.Write(message)
digest := h.Sum(nil)
sig, err := rsa.SignPSS(rand.Reader, priv, crypto.SHA256, digest, nil)
checkFatal(err)
fmt.Printf("Signature: %x\n", sig)
err = rsa.VerifyPSS(&priv.PublicKey, crypto.SHA256, digest, sig, nil)
fmt.Printf("Signature OK: %v\n", err == nil)
}
作者:sethjbac
项目:gob
// VerifySignature validates the signature string
func VerifySignature(key *rsa.PublicKey, signed []byte, signature string) error {
dec, err := base64.URLEncoding.DecodeString(signature)
if err != nil {
return errors.New("Could not decode signature string")
}
h := sha256.New()
h.Write(signed)
d := h.Sum(nil)
err = rsa.VerifyPSS(key, crypto.SHA256, d, dec, nil)
if err != nil {
return err
}
return nil
}
作者:nabeke
项目:go-jw
func (v RsaVerify) PayloadVerify(payload, signature []byte) error {
pubkey := v.pubkey
hfunc := v.hash
h := hfunc.New()
h.Write(payload)
var err error
switch v.alg {
case jwa.RS256, jwa.RS384, jwa.RS512:
err = rsa.VerifyPKCS1v15(pubkey, hfunc, h.Sum(nil), signature)
case jwa.PS256, jwa.PS384, jwa.PS512:
err = rsa.VerifyPSS(pubkey, hfunc, h.Sum(nil), signature, nil)
}
if err != nil {
return err
}
return nil
}
作者:kiso
项目:tlscryp
// Decrypt decrypts the message using the private key and verifies that
// the signature was made by the certificate.
func Decrypt(priv *rsa.PrivateKey, cert *x509.Certificate, enc []byte) ([]byte, bool) {
var pub *rsa.PublicKey
switch certPub := cert.PublicKey.(type) {
case *rsa.PublicKey:
pub = certPub
default:
return nil, false
}
var message message
_, err := asn1.Unmarshal(enc, &message)
if err != nil {
return nil, false
}
h := sha256.New()
key, err := rsa.DecryptOAEP(h, rand.Reader, priv, message.Key, nil)
if err != nil {
return nil, false
}
dec, ok := aesgcm.Decrypt(key, message.Signed)
if !ok {
return nil, false
}
var signed signature
_, err = asn1.Unmarshal(dec, &signed)
if err != nil {
return nil, false
}
h.Reset()
h.Write(signed.Message)
err = rsa.VerifyPSS(pub, crypto.SHA256, h.Sum(nil), signed.Signature, nil)
if err != nil {
return nil, false
}
return signed.Message, true
}
作者:fcavan
项目:discove
func (m *Msg) Message(fromkey *rsa.PublicKey, dstkey *rsa.PrivateKey) (data []byte, err error) {
hash := crypto.SHA256
data = make([]byte, 0)
for i, d := range m.Data {
plainText, err := rsa.DecryptOAEP(hash.New(), rand.Reader, dstkey, d, []byte(""))
if err != nil {
return nil, e.Push(err, "can't decrypt the message")
}
pssh := hash.New()
pssh.Write(plainText)
hashed := pssh.Sum(nil)
var opts rsa.PSSOptions
opts.SaltLength = rsa.PSSSaltLengthAuto
err = rsa.VerifyPSS(fromkey, hash, hashed, m.Signature[i], &opts)
if err != nil {
return nil, e.Push(err, "can't verify the signature")
}
data = append(data, plainText...)
}
return data, nil
}
作者:aaronlehman
项目:notar
// Verify does the actual check.
// N.B. We have not been able to make this work in a way that is compatible
// with PyCrypto.
func (v RSAPSSVerifier) Verify(key data.Key, sig []byte, msg []byte) error {
digest := sha256.Sum256(msg)
k, _ := pem.Decode([]byte(key.Public()))
pub, err := x509.ParsePKIXPublicKey(k.Bytes)
if err != nil {
logrus.Infof("Failed to parse public key: %s\n", err)
return ErrInvalid
}
rsaPub, ok := pub.(*rsa.PublicKey)
if !ok {
logrus.Infof("Value returned from ParsePKIXPublicKey was not an RSA public key")
return ErrInvalid
}
opts := rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}
if err = rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
logrus.Infof("Failed verification: %s", err)
return ErrInvalid
}
return nil
}
作者:zzragid
项目:goqui
func (job *ProofVerifyJob) CheckSignature(cert *x509.Certificate) error {
switch pub := cert.PublicKey.(type) {
case *rsa.PublicKey:
// cert.CheckSignature() uses PKCS1v15, not PSS. So we cannot use that on RSA
h := sha256.New()
h.Write(ProofSignatureLabel)
h.Write(job.serverConfig)
if err := rsa.VerifyPSS(pub, crypto.SHA256, h.Sum(nil), job.signature, nil); err != nil {
return err
}
case *ecdsa.PublicKey:
// TODO(hodduc): TEST needed
if err := cert.CheckSignature(x509.ECDSAWithSHA256, job.serverConfig, job.signature); err != nil {
return err
}
default:
return errors.New("Unsupported Public key type")
}
return nil
}
作者:jfrazell
项目:notar
func verifyPSS(key interface{}, digest, sig []byte) error {
rsaPub, ok := key.(*rsa.PublicKey)
if !ok {
logrus.Debugf("value was not an RSA public key")
return ErrInvalid
}
if rsaPub.N.BitLen() < minRSAKeySizeBit {
logrus.Debugf("RSA keys less than 2048 bits are not acceptable, provided key has length %d.", rsaPub.N.BitLen())
return ErrInvalidKeyLength{msg: fmt.Sprintf("RSA key must be at least %d bits.", minRSAKeySizeBit)}
}
if len(sig) < minRSAKeySizeByte {
logrus.Debugf("RSA keys less than 2048 bits are not acceptable, provided signature has length %d.", len(sig))
return ErrInvalid
}
opts := rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}
if err := rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
logrus.Debugf("failed RSAPSS verification: %s", err)
return ErrInvalid
}
return nil
}
