def verify(public_key, message, signature, hash_class=hashlib.sha1):
'''Verify a signature of a message using a RSA public key and PKCS#1.5
padding.
Parameters:
public_key - a RSA public key
message - the signed string
signature - the signature string
Result:
True if the signature matches the message, False otherwise.
'''
if len(signature) != public_key.byte_size:
raise exceptions.InvalidSignature
s = primitives.os2ip(signature)
try:
m = public_key.rsavp1(s)
except ValueError:
raise exceptions.InvalidSignature
try:
em = primitives.i2osp(m, public_key.byte_size)
except ValueError:
raise exceptions.InvalidSignature
try:
em_prime = emsa_pkcs1_v15.encode(message, public_key.byte_size,
hash_class=hash_class)
except ValueError:
raise exceptions.RSAModulusTooShort
return primitives.constant_time_cmp(em, em_prime)
def verify(public_key, message, signature):
'''Verify a signature of a message using a RSA public key and PKCS#1.5
padding.
Parameters:
public_key - a RSA public key
message - the signed string
signature - the signature string
Result:
True if the signature matches the message, False otherwise.
'''
if len(signature) != public_key.byte_size:
raise exceptions.InvalidSignature
s = primitives.os2ip(signature)
try:
m = public_key.rsavp1(s)
except ValueError:
raise exceptions.InvalidSignature
try:
em = primitives.i2osp(m, public_key.byte_size)
except ValueError:
raise exceptions.InvalidSignature
try:
em_prime = emsa_pkcs1_v15.encode(message, public_key.byte_size)
except ValueError:
raise exceptions.RSAModulusTooShort
return primitives.constant_time_cmp(em, em_prime)
def verify(m, em, embits, hash_class=hashlib.sha1, mgf=mgf.mgf1, s_len=None):
'''
Verify that a message padded using the PKCS#1 v2 PSS algorithm matched a
given message string.
m - the message to match
em - the padded message
embits - the length in bits of the padded message
hash_class - the hash algorithm used to compute the digest of the message
mgf - the mask generation function
s_len - the length of the salt string, if None the length of the digest is used.
Return: True if the message matches, False otherwise.
'''
# 1. cannot verify, does not know the max input length of hash_class
# 2.
m_hash = hash_class(m).digest()
h_len = len(m_hash)
if s_len is None:
s_len = h_len
em_len = primitives.integer_ceil(embits, 8)
# 3.
if em_len < len(m_hash) + s_len + 2:
return False
# 4.
if em[-1] != '\xbc':
return False
# 5.
masked_db, h = em[:em_len-h_len-1], em[em_len-h_len-1:-1]
# 6.
octets, bits = (8 * em_len - embits) / 8, (8*em_len-embits) % 8
zero = masked_db[:octets] + chr(ord(masked_db[octets]) & ~(255 >>bits))
for c in zero:
if c != '\x00':
return False
# 7.
db_mask = mgf(h, em_len - h_len - 1, hash_class=hash_class)
# 8.
db = primitives.string_xor(masked_db, db_mask)
# 9.
new_byte = chr(ord(db[octets]) & (255 >> bits))
db = ('\x00' * octets) + new_byte + db[octets+1:]
# 10.
for c in db[:em_len-h_len-s_len-2]:
if c != '\x00':
return False
if db[em_len-h_len-s_len-2] != '\x01':
return False
# 11.
salt = db[-s_len:]
# 12.
m_prime = ('\x00' * 8) + m_hash + salt
# 13.
h_prime = hash_class(m_prime).digest()
# 14.
return primitives.constant_time_cmp(h_prime, h)
def verify(m, em, embits, hash_class=hashlib.sha1, mgf=mgf.mgf1, s_len=None):
'''
Verify that a message padded using the PKCS#1 v2 PSS algorithm matched a
given message string.
m - the message to match
em - the padded message
embits - the length in bits of the padded message
hash_class - the hash algorithm used to compute the digest of the message
mgf - the mask generation function
s_len - the length of the salt string, if None the length of the digest is used.
Return: True if the message matches, False otherwise.
'''
# 1. cannot verify, does not know the max input length of hash_class
# 2.
m_hash = hash_class(m).digest()
h_len = len(m_hash)
if s_len is None:
s_len = h_len
em_len = primitives.integer_ceil(embits, 8)
# 3.
if em_len < len(m_hash) + s_len + 2:
return False
# 4.
if em[-1] != '\xbc':
return False
# 5.
masked_db, h = em[:em_len - h_len - 1], em[em_len - h_len - 1:-1]
# 6.
octets, bits = (8 * em_len - embits) / 8, (8 * em_len - embits) % 8
zero = masked_db[:octets] + chr(ord(masked_db[octets]) & ~(255 >> bits))
for c in zero:
if c != '\x00':
return False
# 7.
db_mask = mgf(h, em_len - h_len - 1)
# 8.
db = primitives.string_xor(masked_db, db_mask)
# 9.
new_byte = chr(ord(db[octets]) & (255 >> bits))
db = ('\x00' * octets) + new_byte + db[octets + 1:]
# 10.
for c in db[:em_len - h_len - s_len - 2]:
if c != '\x00':
return False
if db[em_len - h_len - s_len - 2] != '\x01':
return False
# 11.
salt = db[-s_len:]
# 12.
m_prime = ('\x00' * 8) + m_hash + salt
# 13.
h_prime = hash_class(m_prime).digest()
# 14.
return primitives.constant_time_cmp(h_prime, h)
def verify(m, em, embits, hash_class=hashlib.sha1, mgf=mgf.mgf1, s_len=None):
# 1. cannot verify, does not know the max input length of hash_class
# 2.
m_hash = hash_class(m).digest()
h_len = len(m_hash)
if s_len is None:
s_len = h_len
em_len = primitives.integer_ceil(embits, 8)
# 3.
if em_len < len(m_hash) + s_len + 2:
return False
# 4.
if em[-1] != '\xbc':
return False
# 5.
masked_db, h = em[:em_len-h_len-1], em[em_len-h_len-1:-1]
# 6.
octets, bits = (8 * em_len - embits) / 8, (8*em_len-embits) % 8
zero = masked_db[:octets] + chr(ord(masked_db[octets]) & ~(255 >>bits))
for c in zero:
if c != '\x00':
return False
# 7.
db_mask = mgf(h, em_len - h_len - 1)
# 8.
db = primitives.string_xor(masked_db, db_mask)
# 9.
new_byte = chr(ord(db[octets]) & (255 >> bits))
db = ('\x00' * octets) + new_byte + db[octets+1:]
# 10.
for c in db[:em_len-h_len-s_len-2]:
if c != '\x00':
return False
if db[em_len-h_len-s_len-2] != '\x01':
return False
# 11.
salt = db[-s_len:]
# 12.
m_prime = ('\x00' * 8) + m_hash + salt
# 13.
h_prime = hash_class(m_prime).digest()
# 14.
return primitives.constant_time_cmp(h_prime, h)
