def sign(self, message):
signer = self._key.signer(
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
signer.update(message)
return signer.finalize()
python类PSS的实例源码
def verify(self, message, signature):
verifier = self._key.verifier(
signature,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
verifier.update(message)
verifier.verify()
return True
def sign(self, caller: NodeId, message: bytes) -> str:
signature = self._private_keys[caller].sign(
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return base64.b64encode(signature)
def verify(self, caller: NodeId, signature: str, message: bytes, sender_id: NodeId) -> bool:
public_key = self._private_keys[sender_id].public_key()
try:
public_key.verify(
base64.b64decode(signature),
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return True
except InvalidSignature:
return False
def _basic_rsa_signature(formatted, options):
private_key = serialization.load_pem_private_key(
options["privateKeyPem"],
password=None,
backend=default_backend())
signed = private_key.sign(
formatted,
# I'm guessing this is the right padding function...?
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH),
hashes.SHA256())
return base64.b64encode(signed).decode("utf-8")
test_signature_utils.py 文件源码
项目:Trusted-Platform-Module-nova
作者: BU-NU-CLOUD-SP16
项目源码
文件源码
阅读 23
收藏 0
点赞 0
评论 0
def test_signature_key_type_lookup_fail(self):
self.assertRaisesRegex(exception.SignatureVerificationError,
'Invalid signature key type: .*',
signature_utils.SignatureKeyType.lookup,
'RSB-PSS')
def pkcs_emsa_pss_encode(M, emBits, h, mgf, sLen):
"""
Implements EMSA-PSS-ENCODE() function described in Sect. 9.1.1 of RFC 3447
Input:
M : message to be encoded, an octet string
emBits: maximal bit length of the integer resulting of pkcs_os2ip(EM),
where EM is the encoded message, output of the function.
h : hash function name (in 'md2', 'md4', 'md5', 'sha1', 'tls',
'sha256', 'sha384'). hLen denotes the length in octets of
the hash function output.
mgf : the mask generation function f : seed, maskLen -> mask
sLen : intended length in octets of the salt
Output:
encoded message, an octet string of length emLen = ceil(emBits/8)
On error, None is returned.
"""
# 1) is not done
hLen = _hashFuncParams[h][0] # 2)
hFunc = _hashFuncParams[h][1]
mHash = hFunc(M)
emLen = int(math.ceil(emBits/8.))
if emLen < hLen + sLen + 2: # 3)
warning("encoding error (emLen < hLen + sLen + 2)")
return None
salt = randstring(sLen) # 4)
MPrime = '\x00'*8 + mHash + salt # 5)
H = hFunc(MPrime) # 6)
PS = '\x00'*(emLen - sLen - hLen - 2) # 7)
DB = PS + '\x01' + salt # 8)
dbMask = mgf(H, emLen - hLen - 1) # 9)
maskedDB = strxor(DB, dbMask) # 10)
l = (8*emLen - emBits)/8 # 11)
rem = 8*emLen - emBits - 8*l # additionnal bits
andMask = l*'\x00'
if rem:
j = chr(reduce(lambda x,y: x+y, map(lambda x: 1<<x, range(8-rem))))
andMask += j
l += 1
maskedDB = strand(maskedDB[:l], andMask) + maskedDB[l:]
EM = maskedDB + H + '\xbc' # 12)
return EM # 13)
def pkcs_emsa_pss_verify(M, EM, emBits, h, mgf, sLen):
"""
Implements EMSA-PSS-VERIFY() function described in Sect. 9.1.2 of RFC 3447
Input:
M : message to be encoded, an octet string
EM : encoded message, an octet string of length emLen = ceil(emBits/8)
emBits: maximal bit length of the integer resulting of pkcs_os2ip(EM)
h : hash function name (in 'md2', 'md4', 'md5', 'sha1', 'tls',
'sha256', 'sha384'). hLen denotes the length in octets of
the hash function output.
mgf : the mask generation function f : seed, maskLen -> mask
sLen : intended length in octets of the salt
Output:
True if the verification is ok, False otherwise.
"""
# 1) is not done
hLen = _hashFuncParams[h][0] # 2)
hFunc = _hashFuncParams[h][1]
mHash = hFunc(M)
emLen = int(math.ceil(emBits/8.)) # 3)
if emLen < hLen + sLen + 2:
return False
if EM[-1] != '\xbc': # 4)
return False
l = emLen - hLen - 1 # 5)
maskedDB = EM[:l]
H = EM[l:l+hLen]
l = (8*emLen - emBits)/8 # 6)
rem = 8*emLen - emBits - 8*l # additionnal bits
andMask = l*'\xff'
if rem:
val = reduce(lambda x,y: x+y, map(lambda x: 1<<x, range(8-rem)))
j = chr(~val & 0xff)
andMask += j
l += 1
if strand(maskedDB[:l], andMask) != '\x00'*l:
return False
dbMask = mgf(H, emLen - hLen - 1) # 7)
DB = strxor(maskedDB, dbMask) # 8)
l = (8*emLen - emBits)/8 # 9)
rem = 8*emLen - emBits - 8*l # additionnal bits
andMask = l*'\x00'
if rem:
j = chr(reduce(lambda x,y: x+y, map(lambda x: 1<<x, range(8-rem))))
andMask += j
l += 1
DB = strand(DB[:l], andMask) + DB[l:]
l = emLen - hLen - sLen - 1 # 10)
if DB[:l] != '\x00'*(l-1) + '\x01':
return False
salt = DB[-sLen:] # 11)
MPrime = '\x00'*8 + mHash + salt # 12)
HPrime = hFunc(MPrime) # 13)
return H == HPrime # 14)
def _rsassa_pss_sign(self, M, h=None, mgf=None, sLen=None):
"""
Implements RSASSA-PSS-SIGN() function described in Sect. 8.1.1 of
RFC 3447.
Input:
M: message to be signed, an octet string
Output:
signature, an octet string of length k, where k is the length in
octets of the RSA modulus n.
On error, None is returned.
"""
# Set default parameters if not provided
if h is None: # By default, sha1
h = "sha1"
if not h in _hashFuncParams:
warning("Key._rsassa_pss_sign(): unknown hash function "
"provided (%s)" % h)
return None
if mgf is None: # use mgf1 with underlying hash function
mgf = lambda x,y: pkcs_mgf1(x, y, h)
if sLen is None: # use Hash output length (A.2.3 of RFC 3447)
hLen = _hashFuncParams[h][0]
sLen = hLen
# 1) EMSA-PSS encoding
modBits = self.modulusLen
k = modBits / 8
EM = pkcs_emsa_pss_encode(M, modBits - 1, h, mgf, sLen)
if EM is None:
warning("Key._rsassa_pss_sign(): unable to encode")
return None
# 2) RSA signature
m = pkcs_os2ip(EM) # 2.a)
s = self._rsasp1(m) # 2.b)
S = pkcs_i2osp(s, k) # 2.c)
return S # 3)
def sign(self, M, t=None, h=None, mgf=None, sLen=None):
"""
Sign message 'M' using 't' signature scheme where 't' can be:
- None: the message 'M' is directly applied the RSASP1 signature
primitive, as described in PKCS#1 v2.1, i.e. RFC 3447 Sect
5.2.1. Simply put, the message undergo a modular exponentiation
using the private key. Additionnal method parameters are just
ignored.
- 'pkcs': the message 'M' is applied RSASSA-PKCS1-v1_5-SIGN signature
scheme as described in Sect. 8.2.1 of RFC 3447. In that context,
the hash function name is passed using 'h'. Possible values are
"md2", "md4", "md5", "sha1", "tls", "sha224", "sha256", "sha384"
and "sha512". If none is provided, sha1 is used. Other additionnal
parameters are ignored.
- 'pss' : the message 'M' is applied RSASSA-PSS-SIGN signature scheme as
described in Sect. 8.1.1. of RFC 3447. In that context,
o 'h' parameter provides the name of the hash method to use.
Possible values are "md2", "md4", "md5", "sha1", "tls", "sha224",
"sha256", "sha384" and "sha512". if none is provided, sha1
is used.
o 'mgf' is the mask generation function. By default, mgf
is derived from the provided hash function using the
generic MGF1 (see pkcs_mgf1() for details).
o 'sLen' is the length in octet of the salt. You can overload the
default value (the octet length of the hash value for provided
algorithm) by providing another one with that parameter.
"""
if t is None: # RSASP1
M = pkcs_os2ip(M)
n = self.modulus
if M > n-1:
warning("Message to be signed is too long for key modulus")
return None
s = self._rsasp1(M)
if s is None:
return None
return pkcs_i2osp(s, self.modulusLen/8)
elif t == "pkcs": # RSASSA-PKCS1-v1_5-SIGN
if h is None:
h = "sha1"
return self._rsassa_pkcs1_v1_5_sign(M, h)
elif t == "pss": # RSASSA-PSS-SIGN
return self._rsassa_pss_sign(M, h, mgf, sLen)
else:
warning("Key.sign(): Unknown signature type (%s) provided" % t)
return None
def _verify_signature(self, pub_key, data, signature):
"""
?? ??? ??
:param pub_key: ??? ???
:param data: ?? ?? ???
:param signature: ?? ???
:return: ?? ?? ??(True/False)
"""
validation_result = False
# ???? Type(RSA, ECC)? ?? ?? ?? ??
if isinstance(pub_key, ec.EllipticCurvePublicKeyWithSerialization):
# ECDSA ??
logging.debug("Verify ECDSA")
try:
pub_key.verify(
signature,
data,
ec.ECDSA(hashes.SHA256())
)
validation_result = True
except InvalidSignature:
logging.debug("InvalidSignature_ECDSA")
elif isinstance(pub_key, rsa.RSAPublicKeyWithSerialization):
# RSA ??
logging.debug("Verify RSA")
try:
pub_key.verify(
signature,
data,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
validation_result = True
except InvalidSignature:
logging.debug('InvalidSignature_RSA')
else:
logging.debug("Unknown PublicKey Type : %s", type(pub_key))
return validation_result
