def verify(public_key, message, signature, hash_class=hashlib.sha1): '''Verify a signature of a message using a RSA public key and PKCS#1.5 padding. Parameters: public_key - a RSA public key message - the signed string signature - the signature string Result: True if the signature matches the message, False otherwise. ''' if len(signature) != public_key.byte_size: raise exceptions.InvalidSignature s = primitives.os2ip(signature) try: m = public_key.rsavp1(s) except ValueError: raise exceptions.InvalidSignature try: em = primitives.i2osp(m, public_key.byte_size) except ValueError: raise exceptions.InvalidSignature try: em_prime = emsa_pkcs1_v15.encode(message, public_key.byte_size, hash_class=hash_class) except ValueError: raise exceptions.RSAModulusTooShort return primitives.constant_time_cmp(em, em_prime)
def verify(public_key, message, signature): '''Verify a signature of a message using a RSA public key and PKCS#1.5 padding. Parameters: public_key - a RSA public key message - the signed string signature - the signature string Result: True if the signature matches the message, False otherwise. ''' if len(signature) != public_key.byte_size: raise exceptions.InvalidSignature s = primitives.os2ip(signature) try: m = public_key.rsavp1(s) except ValueError: raise exceptions.InvalidSignature try: em = primitives.i2osp(m, public_key.byte_size) except ValueError: raise exceptions.InvalidSignature try: em_prime = emsa_pkcs1_v15.encode(message, public_key.byte_size) except ValueError: raise exceptions.RSAModulusTooShort return primitives.constant_time_cmp(em, em_prime)
def verify(m, em, embits, hash_class=hashlib.sha1, mgf=mgf.mgf1, s_len=None): ''' Verify that a message padded using the PKCS#1 v2 PSS algorithm matched a given message string. m - the message to match em - the padded message embits - the length in bits of the padded message hash_class - the hash algorithm used to compute the digest of the message mgf - the mask generation function s_len - the length of the salt string, if None the length of the digest is used. Return: True if the message matches, False otherwise. ''' # 1. cannot verify, does not know the max input length of hash_class # 2. m_hash = hash_class(m).digest() h_len = len(m_hash) if s_len is None: s_len = h_len em_len = primitives.integer_ceil(embits, 8) # 3. if em_len < len(m_hash) + s_len + 2: return False # 4. if em[-1] != '\xbc': return False # 5. masked_db, h = em[:em_len-h_len-1], em[em_len-h_len-1:-1] # 6. octets, bits = (8 * em_len - embits) / 8, (8*em_len-embits) % 8 zero = masked_db[:octets] + chr(ord(masked_db[octets]) & ~(255 >>bits)) for c in zero: if c != '\x00': return False # 7. db_mask = mgf(h, em_len - h_len - 1, hash_class=hash_class) # 8. db = primitives.string_xor(masked_db, db_mask) # 9. new_byte = chr(ord(db[octets]) & (255 >> bits)) db = ('\x00' * octets) + new_byte + db[octets+1:] # 10. for c in db[:em_len-h_len-s_len-2]: if c != '\x00': return False if db[em_len-h_len-s_len-2] != '\x01': return False # 11. salt = db[-s_len:] # 12. m_prime = ('\x00' * 8) + m_hash + salt # 13. h_prime = hash_class(m_prime).digest() # 14. return primitives.constant_time_cmp(h_prime, h)
def verify(m, em, embits, hash_class=hashlib.sha1, mgf=mgf.mgf1, s_len=None): ''' Verify that a message padded using the PKCS#1 v2 PSS algorithm matched a given message string. m - the message to match em - the padded message embits - the length in bits of the padded message hash_class - the hash algorithm used to compute the digest of the message mgf - the mask generation function s_len - the length of the salt string, if None the length of the digest is used. Return: True if the message matches, False otherwise. ''' # 1. cannot verify, does not know the max input length of hash_class # 2. m_hash = hash_class(m).digest() h_len = len(m_hash) if s_len is None: s_len = h_len em_len = primitives.integer_ceil(embits, 8) # 3. if em_len < len(m_hash) + s_len + 2: return False # 4. if em[-1] != '\xbc': return False # 5. masked_db, h = em[:em_len - h_len - 1], em[em_len - h_len - 1:-1] # 6. octets, bits = (8 * em_len - embits) / 8, (8 * em_len - embits) % 8 zero = masked_db[:octets] + chr(ord(masked_db[octets]) & ~(255 >> bits)) for c in zero: if c != '\x00': return False # 7. db_mask = mgf(h, em_len - h_len - 1) # 8. db = primitives.string_xor(masked_db, db_mask) # 9. new_byte = chr(ord(db[octets]) & (255 >> bits)) db = ('\x00' * octets) + new_byte + db[octets + 1:] # 10. for c in db[:em_len - h_len - s_len - 2]: if c != '\x00': return False if db[em_len - h_len - s_len - 2] != '\x01': return False # 11. salt = db[-s_len:] # 12. m_prime = ('\x00' * 8) + m_hash + salt # 13. h_prime = hash_class(m_prime).digest() # 14. return primitives.constant_time_cmp(h_prime, h)
def verify(m, em, embits, hash_class=hashlib.sha1, mgf=mgf.mgf1, s_len=None): # 1. cannot verify, does not know the max input length of hash_class # 2. m_hash = hash_class(m).digest() h_len = len(m_hash) if s_len is None: s_len = h_len em_len = primitives.integer_ceil(embits, 8) # 3. if em_len < len(m_hash) + s_len + 2: return False # 4. if em[-1] != '\xbc': return False # 5. masked_db, h = em[:em_len-h_len-1], em[em_len-h_len-1:-1] # 6. octets, bits = (8 * em_len - embits) / 8, (8*em_len-embits) % 8 zero = masked_db[:octets] + chr(ord(masked_db[octets]) & ~(255 >>bits)) for c in zero: if c != '\x00': return False # 7. db_mask = mgf(h, em_len - h_len - 1) # 8. db = primitives.string_xor(masked_db, db_mask) # 9. new_byte = chr(ord(db[octets]) & (255 >> bits)) db = ('\x00' * octets) + new_byte + db[octets+1:] # 10. for c in db[:em_len-h_len-s_len-2]: if c != '\x00': return False if db[em_len-h_len-s_len-2] != '\x01': return False # 11. salt = db[-s_len:] # 12. m_prime = ('\x00' * 8) + m_hash + salt # 13. h_prime = hash_class(m_prime).digest() # 14. return primitives.constant_time_cmp(h_prime, h)