def sign(private_key,
message,
emsa_pss_encode=emsa_pss.encode,
hash_class=hashlib.sha1,
mgf1=mgf.mgf1,
rnd=default_crypto_random):
'''Sign message using private_key and the PKCS#1 2.0 RSASSA-PSS
algorithm.
private_key - the private key to use
message - the byte string to sign
emsa_pss_encode - the encoding to use, default to EMSA-PSS encoding
hash_class - the hash algorithme to use, default to SHA-1 from the
Python hashlib package.
mgf1 - the mask generating function to use, default to MGF1
rnd - a random number generator to use for the PSS encoding,
default to a Python SystemRandom instance.
'''
mod_bits = private_key.bit_size
embits = mod_bits - 1
em = emsa_pss_encode(message,
embits,
hash_class=hash_class,
mgf=mgf1,
rnd=rnd)
m = primitives.os2ip(em)
s = private_key.rsasp1(m)
return primitives.i2osp(s, private_key.byte_size)
def verify(public_key, message, signature, hash_class=hashlib.sha1):
'''Verify a signature of a message using a RSA public key and PKCS#1.5
padding.
Parameters:
public_key - a RSA public key
message - the signed string
signature - the signature string
Result:
True if the signature matches the message, False otherwise.
'''
if len(signature) != public_key.byte_size:
raise exceptions.InvalidSignature
s = primitives.os2ip(signature)
try:
m = public_key.rsavp1(s)
except ValueError:
raise exceptions.InvalidSignature
try:
em = primitives.i2osp(m, public_key.byte_size)
except ValueError:
raise exceptions.InvalidSignature
try:
em_prime = emsa_pkcs1_v15.encode(message, public_key.byte_size,
hash_class=hash_class)
except ValueError:
raise exceptions.RSAModulusTooShort
return primitives.constant_time_cmp(em, em_prime)
def verify(public_key,
message,
signature,
emsa_pss_verify=emsa_pss.verify,
hash_class=hashlib.sha1,
mgf1=mgf.mgf1):
'''Verify the signature of message signed using private_key and the
PKCS#1 2.0 RSASSA-PSS algorithm.
private_key - the private key to use
message - the signed byte string
signature - the byte string of the signature of the message
emsa_pss_verify - the verify function for the used encoding,
default to EMSA-PSS verification function
hash_class - the hash algorithme to use, default to SHA-1 from the
Python hashlib package.
mgf1 - the mask generating function to use, default to MGF1
'''
mod_bits = public_key.bit_size
s = primitives.os2ip(signature)
m = public_key.rsavp1(s)
embits = mod_bits - 1
em_len = primitives.integer_ceil(embits, 8)
em = primitives.i2osp(m, em_len)
return emsa_pss_verify(message,
em,
embits,
hash_class=hash_class,
mgf=mgf1)
def verify(public_key, message, signature):
'''Verify a signature of a message using a RSA public key and PKCS#1.5
padding.
Parameters:
public_key - a RSA public key
message - the signed string
signature - the signature string
Result:
True if the signature matches the message, False otherwise.
'''
if len(signature) != public_key.byte_size:
raise exceptions.InvalidSignature
s = primitives.os2ip(signature)
try:
m = public_key.rsavp1(s)
except ValueError:
raise exceptions.InvalidSignature
try:
em = primitives.i2osp(m, public_key.byte_size)
except ValueError:
raise exceptions.InvalidSignature
try:
em_prime = emsa_pkcs1_v15.encode(message, public_key.byte_size)
except ValueError:
raise exceptions.RSAModulusTooShort
return primitives.constant_time_cmp(em, em_prime)
def sign(private_key, message,
emsa_pss_encode=emsa_pss.encode):
mod_bits = private_key.bit_size
embits = mod_bits - 1
em = emsa_pss_encode(message, embits)
m = primitives.os2ip(em)
s = private_key.rsasp1(m)
return primitives.i2osp(s, private_key.byte_size)
def verify(public_key, message, signature,
emsa_pss_verify=emsa_pss.verify):
mod_bits = public_key.bit_size
s = primitives.os2ip(signature)
m = public_key.rsavp1(s)
embits = mod_bits - 1
em_len = primitives.integer_ceil(embits, 8)
em = primitives.i2osp(m, em_len)
return emsa_pss_verify(message, em, embits)
def decrypt(private_key, encryption):
'''Decrypt encryption of a message using private_key and using PKCS#1 v1.5
padding scheme.
'''
k = private_key.byte_size
if len(encryption) != k:
raise exceptions.DecryptionError
c = primitives.os2ip(encryption)
m = private_key.rsadp(c)
em = primitives.i2osp(m, k)
return eme_pkcs1_v15.decode(em)
def decrypt(private_key, encryption):
'''Decrypt encryption of a message using private_key and using PKCS#1 v1.5
padding scheme.
'''
k = private_key.byte_size
if len(encryption) != k:
raise exceptions.DecryptionError
c = primitives.os2ip(encryption)
m = private_key.rsadp(c)
em = primitives.i2osp(m, k)
return eme_pkcs1_v15.decode(em)
def encrypt(public_key, message, ps=None, rnd=default_crypto_random):
'''Encrypt message using public_key applying PKCS#1 v1.5 padding
If ps is not None it is used as the pseudo-random padding bytes,
otherwise random is used to generate them
'''
k = public_key.byte_size
m_len = len(message)
if m_len > k - 11:
raise exceptions.MessageTooLong
em = eme_pkcs1_v15.encode(message, k, ps=ps, rnd=rnd)
m = primitives.os2ip(em)
c = public_key.rsaep(m)
return primitives.i2osp(c, k)
def encrypt(public_key, message, ps=None, rnd=random.SystemRandom):
'''Encrypt message using public_key applying PKCS#1 v1.5 padding
If ps is not None it is used as the pseudo-random padding bytes,
otherwise random is used to generate them
'''
k = public_key.byte_size
m_len = len(message)
if m_len > k - 11:
raise exceptions.MessageTooLong
em = eme_pkcs1_v15.encode(message, k, ps=ps, rnd=rnd)
m = primitives.os2ip(em)
c = public_key.rsaep(m)
return primitives.i2osp(c, k)
def decrypt(private_key,
message,
label='',
hash_class=hashlib.sha1,
mgf=mgf.mgf1):
'''Decrypt a byte message using a RSA private key and the OAEP wrapping algorithm,
Parameters:
public_key - an RSA public key
message - a byte string
label - a label a per-se PKCS#1 standard
hash_class - a Python class for a message digest algorithme respecting
the hashlib interface
mgf1 - a mask generation function
Return value:
the string before encryption (decrypted)
'''
hash = hash_class()
h_len = hash.digest_size
k = private_key.byte_size
# 1. check length
if len(message) != k or k < 2 * h_len + 2:
raise ValueError('decryption error')
# 2. RSA decryption
c = primitives.os2ip(message)
m = private_key.rsadp(c)
em = primitives.i2osp(m, k)
# 4. EME-OAEP decoding
hash.update(label)
label_hash = hash.digest()
y, masked_seed, masked_db = em[0], em[1:h_len + 1], em[1 + h_len:]
if y != '\x00':
raise ValueError('decryption error')
seed_mask = mgf(masked_db, h_len, hash_class=hash_class)
seed = primitives.string_xor(masked_seed, seed_mask)
db_mask = mgf(seed, k - h_len - 1, hash_class=hash_class)
db = primitives.string_xor(masked_db, db_mask)
label_hash_prime, rest = db[:h_len], db[h_len:]
i = rest.find('\x01')
if i == -1:
raise exceptions.DecryptionError
if rest[:i].strip('\x00') != '':
raise exceptions.DecryptionError
m = rest[i + 1:]
if label_hash_prime != label_hash:
raise exceptions.DecryptionError
return m
def encrypt(public_key,
message,
label='',
hash_class=hashlib.sha1,
mgf=mgf.mgf1,
seed=None,
rnd=default_crypto_random):
'''Encrypt a byte message using a RSA public key and the OAEP wrapping
algorithm,
Parameters:
public_key - an RSA public key
message - a byte string
label - a label a per-se PKCS#1 standard
hash_class - a Python class for a message digest algorithme respecting
the hashlib interface
mgf1 - a mask generation function
seed - a seed to use instead of generating it using a random generator
rnd - a random generator class, respecting the random generator
interface from the random module, if seed is None, it is used to
generate it.
Return value:
the encrypted string of the same length as the public key
'''
hash = hash_class()
h_len = hash.digest_size
k = public_key.byte_size
max_message_length = k - 2 * h_len - 2
if len(message) > max_message_length:
raise exceptions.MessageTooLong
hash.update(label)
label_hash = hash.digest()
ps = '\0' * int(max_message_length - len(message))
db = ''.join((label_hash, ps, '\x01', message))
if not seed:
seed = primitives.i2osp(rnd.getrandbits(h_len * 8), h_len)
db_mask = mgf(seed, k - h_len - 1, hash_class=hash_class)
masked_db = primitives.string_xor(db, db_mask)
seed_mask = mgf(masked_db, h_len, hash_class=hash_class)
masked_seed = primitives.string_xor(seed, seed_mask)
em = ''.join(('\x00', masked_seed, masked_db))
m = primitives.os2ip(em)
c = public_key.rsaep(m)
output = primitives.i2osp(c, k)
return output
def sign(private_key, message):
'''Produce a signature of string using a RSA private key and PKCS#1.5
padding.
Parameters:
private_key - a RSA private key
message - a string to sign
Result:
the signature string
'''
em = emsa_pkcs1_v15.encode(message, private_key.byte_size)
m = primitives.os2ip(em)
s = private_key.rsasp1(m)
return primitives.i2osp(s, private_key.byte_size)
def decrypt(private_key, message, label='', hash_class=hashlib.sha1,
mgf=mgf.mgf1):
'''Decrypt a byte message using a RSA private key and the OAEP wrapping algorithm,
Parameters:
public_key - an RSA public key
message - a byte string
label - a label a per-se PKCS#1 standard
hash_class - a Python class for a message digest algorithme respecting
the hashlib interface
mgf1 - a mask generation function
Return value:
the string before encryption (decrypted)
'''
hash = hash_class()
h_len = hash.digest_size
k = private_key.byte_size
# 1. check length
if len(message) != k or k < 2 * h_len + 2:
raise ValueError('decryption error')
# 2. RSA decryption
c = primitives.os2ip(message)
m = private_key.rsadp(c)
em = primitives.i2osp(m, k)
# 4. EME-OAEP decoding
hash.update(label)
label_hash = hash.digest()
y, masked_seed, masked_db = em[0], em[1:h_len+1], em[1+h_len:]
if y != '\x00':
raise ValueError('decryption error')
seed_mask = mgf(masked_db, h_len)
seed = primitives.string_xor(masked_seed, seed_mask)
db_mask = mgf(seed, k - h_len - 1)
db = primitives.string_xor(masked_db, db_mask)
label_hash_prime, rest = db[:h_len], db[h_len:]
i = rest.find('\x01')
if i == -1:
raise exceptions.DecryptionError
if rest[:i].strip('\x00') != '':
raise exceptions.DecryptionError
m = rest[i+1:]
if label_hash_prime != label_hash:
raise exceptions.DecryptionError
return m
def sign(private_key, message, hash_class=hashlib.sha1):
'''Produce a signature of string using a RSA private key and PKCS#1.5
padding.
Parameters:
private_key - a RSA private key
message - a string to sign
Result:
the signature string
'''
em = emsa_pkcs1_v15.encode(message, private_key.byte_size,
hash_class=hash_class)
m = primitives.os2ip(em)
s = private_key.rsasp1(m)
return primitives.i2osp(s, private_key.byte_size)
def encrypt(public_key, message, label='', hash_class=hashlib.sha1,
mgf=mgf.mgf1, seed=None, random=random.SystemRandom):
'''Encrypt a byte message using a RSA public key and the OAEP wrapping
algorithm,
Parameters:
public_key - an RSA public key
message - a byte string
label - a label a per-se PKCS#1 standard
hash_class - a Python class for a message digest algorithme respecting
the hashlib interface
mgf1 - a mask generation function
seed - a seed to use instead of generating it using a random generator
random - a random generator class, respecting the random generator
interface from the random module, if seed is None, it is used to
generate it.
Return value:
the encrypted string of the same length as the public key
'''
hash = hash_class()
h_len = hash.digest_size
k = public_key.byte_size
max_message_length = k - 2 * h_len - 2
if len(message) > max_message_length:
raise exceptions.MessageTooLong
hash.update(label)
label_hash = hash.digest()
ps = '\0' * int(max_message_length - len(message))
db = ''.join((label_hash, ps, '\x01', message))
if not seed:
seed = primitives.i2osp(random().getrandbits(h_len*8), h_len)
db_mask = mgf(seed, k - h_len - 1, hash_class=hash_class)
masked_db = primitives.string_xor(db, db_mask)
seed_mask = mgf(masked_db, h_len, hash_class=hash_class)
masked_seed = primitives.string_xor(seed, seed_mask)
em = ''.join(('\x00', masked_seed, masked_db))
m = primitives.os2ip(em)
c = public_key.rsaep(m)
output = primitives.i2osp(c, k)
return output
def sign(private_key, message,
emsa_pss_encode=emsa_pss.encode,
hash_class=hashlib.sha1,
mgf1=mgf.mgf1,
rnd=default_crypto_random):
'''Sign message using private_key and the PKCS#1 2.0 RSASSA-PSS
algorithm.
private_key - the private key to use
message - the byte string to sign
emsa_pss_encode - the encoding to use, default to EMSA-PSS encoding
hash_class - the hash algorithme to use, default to SHA-1 from the
Python hashlib package.
mgf1 - the mask generating function to use, default to MGF1
rnd - a random number generator to use for the PSS encoding,
default to a Python SystemRandom instance.
'''
mod_bits = private_key.bit_size
embits = mod_bits - 1
em = emsa_pss_encode(message, embits, hash_class=hash_class,
mgf=mgf1, rnd=rnd)
m = primitives.os2ip(em)
s = private_key.rsasp1(m)
return primitives.i2osp(s, private_key.byte_size)
def verify(public_key, message, signature,
emsa_pss_verify=emsa_pss.verify,
hash_class=hashlib.sha1,
mgf1=mgf.mgf1):
'''Verify the signature of message signed using private_key and the
PKCS#1 2.0 RSASSA-PSS algorithm.
private_key - the private key to use
message - the signed byte string
signature - the byte string of the signature of the message
emsa_pss_verify - the verify function for the used encoding,
default to EMSA-PSS verification function
hash_class - the hash algorithme to use, default to SHA-1 from the
Python hashlib package.
mgf1 - the mask generating function to use, default to MGF1
'''
mod_bits = public_key.bit_size
s = primitives.os2ip(signature)
m = public_key.rsavp1(s)
embits = mod_bits - 1
em_len = primitives.integer_ceil(embits, 8)
em = primitives.i2osp(m, em_len)
return emsa_pss_verify(message, em, embits, hash_class=hash_class,
mgf=mgf1)
