diff options
author | Legrandin <gooksankoo@hoiptorrow.mailexpire.com> | 2011-10-02 22:30:07 +0200 |
---|---|---|
committer | Legrandin <gooksankoo@hoiptorrow.mailexpire.com> | 2011-10-02 22:37:36 +0200 |
commit | 9cb1a2d35d916180dee8351fe6f2ddf4f6dba72d (patch) | |
tree | bb891e868546746a8a756ba8052bb70e79100a16 /lib/Crypto/Signature | |
parent | 02103e2a5aca97b299b63723fb6752c2cbc00b23 (diff) | |
download | pycrypto-9cb1a2d35d916180dee8351fe6f2ddf4f6dba72d.tar.gz |
To simplify, no RNG needs to be provided with PKCS1 encryption: the one belonging to each RSA key is reused.
Error detection is internally implemented in a simpler (and safer) way for PKCS1 OAEP decryption.
General fixes to documentation for PKCS1.
Diffstat (limited to 'lib/Crypto/Signature')
-rw-r--r-- | lib/Crypto/Signature/PKCS1_PSS.py | 29 | ||||
-rw-r--r-- | lib/Crypto/Signature/PKCS1_v1_5.py | 29 | ||||
-rw-r--r-- | lib/Crypto/Signature/__init__.py | 4 |
3 files changed, 34 insertions, 28 deletions
diff --git a/lib/Crypto/Signature/PKCS1_PSS.py b/lib/Crypto/Signature/PKCS1_PSS.py index 9dbeff3..4b43655 100644 --- a/lib/Crypto/Signature/PKCS1_PSS.py +++ b/lib/Crypto/Signature/PKCS1_PSS.py @@ -22,8 +22,7 @@ """RSA digital signature protocol with appendix according to PKCS#1 PSS. -See RFC3447 or the original RSA Labs specification at -http://www.rsa.com/rsalabs/node.asp?id=2125. +See RFC3447__ or the `original RSA Labs specification`__. This scheme is more properly called ``RSASSA-PSS``. @@ -36,16 +35,15 @@ this: >>> from Crypto import Random >>> >>> message = 'To be signed' - >>> rng = Random.new().read - >>> key = RSA.importKey('privkey.der') + >>> key = RSA.importKey(open('privkey.der').read()) >>> h = SHA.new() >>> h.update(message) - >>> signature = PKCS1_PSS.sign(h, key, rng) + >>> signature = PKCS1_PSS.sign(h, key) At the receiver side, verification can be done like using the public part of the RSA key: - >>> key = RSA.importKey('pubkey.der') + >>> key = RSA.importKey(open('pubkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> if PKCS1_PSS.verify(h, key, signature): @@ -53,6 +51,10 @@ the RSA key: >>> else: >>> print "The signature is not authentic." +:undocumented: __revision__, __package__ + +.. __: http://www.ietf.org/rfc/rfc3447.txt +.. __: http://www.rsa.com/rsalabs/node.asp?id=2125 """ # Allow nested scopes in Python 2.1 @@ -66,7 +68,7 @@ import Crypto.Util.number from Crypto.Util.number import ceil_shift, ceil_div, long_to_bytes from Crypto.Util.strxor import strxor -def sign(mhash, key, randfunc, mgfunc=None, saltLen=None): +def sign(mhash, key, mgfunc=None, saltLen=None): """Produce the PKCS#1 PSS signature of a message. This function is named ``RSASSA-PSS-SIGN``, and is specified in @@ -79,10 +81,6 @@ def sign(mhash, key, randfunc, mgfunc=None, saltLen=None): key : RSA key object The key to use to sign the message. This is a `Crypto.PublicKey.RSA` object and must have its private half. - randfunc : callable - An RNG function that accepts as only parameter an int, and returns - a string of random bytes, to be used as salt. - This parameter is ignored if salt length is zero. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. @@ -104,6 +102,8 @@ def sign(mhash, key, randfunc, mgfunc=None, saltLen=None): """ # TODO: Verify the key is RSA + randfunc = key._randfunc + # Set defaults for salt length and mask generation function if saltLen == None: sLen = mhash.digest_size @@ -216,7 +216,7 @@ def EMSA_PSS_ENCODE(mhash, emBits, randFunc, mgf, sLen): randFunc : callable An RNG function that accepts as only parameter an int, and returns a string of random bytes, to be used as salt. - mfg : callable + mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int @@ -275,10 +275,7 @@ def EMSA_PSS_VERIFY(mhash, em, emBits, mgf, sLen): the message that was received. emBits : int Length of the final encoding (em), in bits. - randfunc : callable - An RNG function that accepts as only parameter an int, and returns - a string of random bytes, to be used as salt. - mfg : callable + mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int diff --git a/lib/Crypto/Signature/PKCS1_v1_5.py b/lib/Crypto/Signature/PKCS1_v1_5.py index 3c8e8e3..6e0817d 100644 --- a/lib/Crypto/Signature/PKCS1_v1_5.py +++ b/lib/Crypto/Signature/PKCS1_v1_5.py @@ -20,10 +20,10 @@ # SOFTWARE. # =================================================================== -"""RSA digital signature protocol according to PKCS#1 v1.5 +""" +RSA digital signature protocol according to PKCS#1 v1.5 -See RFC3447 or the original RSA Labs specification at -http://www.rsa.com/rsalabs/node.asp?id=2125. +See RFC3447__ or the `original RSA Labs specification`__. This scheme is more properly called ``RSASSA-PKCS1-v1_5``. @@ -35,21 +35,24 @@ this: >>> from Crypto.PublicKey import RSA >>> >>> message = 'To be signed' - >>> key = RSA.importKey('key.der') - >>> h = SHA.new() - >>> h.update(message) - >>>> signature = PKCS1_v1_5.sign(h, key) + >>> key = RSA.importKey(open('privkey.der').read()) + >>> h = SHA.new(message) + >>> signature = PKCS1_v1_5.sign(h, key) At the receiver side, verification can be done using the public part of the RSA key: - >>> key = RSA.importKey('pubkey.der') - >>> h = SHA.new() - >>> h.update(message) + >>> key = RSA.importKey(open('pubkey.der').read()) + >>> h = SHA.new(message) >>> if PKCS.verify(h, key, signature): >>> print "The signature is authentic." >>> else: >>> print "The signature is not authentic." + +:undocumented: __revision__, __package__ + +.. __: http://www.ietf.org/rfc/rfc3447.txt +.. __: http://www.rsa.com/rsalabs/node.asp?id=2125 """ __revision__ = "$Id$" @@ -113,7 +116,7 @@ def verify(mhash, key, S): S : string The signature that needs to be validated. - :Return: True if verification is correct. False otherwise. + :Return: True (1) if verification is correct. False (0) otherwise. """ # TODO: Verify the key is RSA @@ -137,6 +140,10 @@ def verify(mhash, key, S): except ValueError: return 0 # Step 4 + # By comparing the full encodings (as opposed to checking each + # of its components one at a time) we avoid attacks to the padding + # scheme like Bleichenbacher's (see http://www.mail-archive.com/cryptography@metzdowd.com/msg06537). + # return em1==em2 def EMSA_PKCS1_V1_5_ENCODE(hash, emLen): diff --git a/lib/Crypto/Signature/__init__.py b/lib/Crypto/Signature/__init__.py index 3104220..ed523b4 100644 --- a/lib/Crypto/Signature/__init__.py +++ b/lib/Crypto/Signature/__init__.py @@ -20,7 +20,9 @@ """Digital signature protocols -A collection of standardized protocols to carry out digital signature. +A collection of standardized protocols to carry out digital signatures. + +:undocumented: __revision__, __package__ """ __all__ = [ 'PKCS1_v1_5', 'PKCS1_PSS' ] |