Пример #1
0
 def testRSASig(self):
     length = Random().randrange(1, 1024)
     length = 128
     M = WeakRandom().myrandom(length, True)
     rsa = RSA_Sig()
     (pk, sk) = rsa.keygen(1024)
     S = rsa.sign(sk, M)
     assert rsa.verify(pk, M, S)
Пример #2
0
    def testPSSVector(self):
        # ==================================
        # Example 1: A 1024-bit RSA Key Pair
        # ==================================
        
        # ------------------------------
        # Components of the RSA Key Pair
        # ------------------------------
        
        # RSA modulus n: 
        n = a2b_hex(bytes('\
        a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95 \
        02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e \
        57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4 \
        b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88 \
        8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95 \
        5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75 \
        12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee \
        b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5 '.replace(' ',''),'utf-8'))
        n = Conversion.OS2IP(n, True)
        
        # RSA public exponent e: 
        e = a2b_hex(bytes('01 00 01'.replace(' ',''),'utf-8'))
        e = Conversion.OS2IP(e, True)
        
        
        # Prime p: 
        p = a2b_hex(bytes('\
        d1 7f 65 5b f2 7c 8b 16 d3 54 62 c9 05 cc 04 a2 \
        6f 37 e2 a6 7f a9 c0 ce 0d ce d4 72 39 4a 0d f7 \
        43 fe 7f 92 9e 37 8e fd b3 68 ed df f4 53 cf 00 \
        7a f6 d9 48 e0 ad e7 57 37 1f 8a 71 1e 27 8f 6b '.replace(' ',''),'utf-8'))
        p = Conversion.OS2IP(p, True)
        
        # Prime q: 
        q = a2b_hex(bytes('\
        c6 d9 2b 6f ee 74 14 d1 35 8c e1 54 6f b6 29 87 \
        53 0b 90 bd 15 e0 f1 49 63 a5 e2 63 5a db 69 34 \
        7e c0 c0 1b 2a b1 76 3f d8 ac 1a 59 2f b2 27 57 \
        46 3a 98 24 25 bb 97 a3 a4 37 c5 bf 86 d0 3f 2f'.replace(' ',''),'utf-8'))
        q = Conversion.OS2IP(q, True)
        
        phi_N = (p - 1) * (q - 1)
        e = e % phi_N

        d = e ** -1
        
        # ---------------------------------
        # Step-by-step RSASSA-PSS Signature
        # ---------------------------------
        
        # Message to be signed:
        m = a2b_hex(bytes('\
        85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55 \
        bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64 \
        78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17 \
        3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27 \
        12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0 \
        4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74 \
        ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98 \
        90 fc '.replace(' ',''),'utf-8'))        
        
        # mHash:
        mHash = a2b_hex(bytes('\
        37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1 \
        10 e6 2d 6a'.replace(' ',''),'utf-8'))
        
        # salt:
        salt = a2b_hex(bytes('\
        e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 \
        3b ce 7e 61'.replace(' ',''),'utf-8'))
        
        # M':
        mPrime = a2b_hex(bytes('\
        00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35 \
        3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0 \
        02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(' ',''),'utf-8'))
        
        # H:
        H = a2b_hex(bytes('\
        df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54 \
        6f be 8c fe'.replace(' ',''),'utf-8'))
        
        # DB:
        DB = a2b_hex(bytes('\
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \
        00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c \
        2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(' ',''),'utf-8'))
        
        # dbMask:
        dbMask = a2b_hex(bytes('\
        66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 \
        d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af \
        50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 \
        d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 \
        e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec \
        d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46 \
        5e 87 a4 53 5c d4 c5 9b 10 02 8d'.replace(' ',''),'utf-8'))
        
        # maskedDB:
        maskedDB = a2b_hex(bytes('\
        66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 \
        d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af \
        50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 \
        d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 \
        e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec \
        d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a \
        75 e2 4b db fd 5c 1d a0 de 7c ec'.replace(' ',''),'utf-8'))
        
        # Encoded message EM:
        EM = a2b_hex(bytes('\
        66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 \
        d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af \
        50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 \
        d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 \
        e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec \
        d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a \
        75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d \
        8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc'.replace(' ',''),'utf-8'))
        
        # Signature S, the RSA decryption of EM:
        S = a2b_hex(bytes('\
        8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44 \
        06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54 \
        dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76 \
        97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42 \
        be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87 \
        6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3 \
        48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89 \
        71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e'.replace(' ',''),'utf-8'))
        
        
        if debug: 
            print("PSS Test Step by Step")
            print("mHash    = Hash(M)", mHash)
            print("salt     = random ", salt)
            print("M'       = Padding || mHash || salt", mPrime)
            print("H        = Hash(M')", H)
            print("DB       = Padding || salt", DB) 
            print("dbMask   = MGF(H, length(DB))", dbMask)
            print("maskedDB = DB xor dbMask", maskedDB)
            print("EM       = maskedDB || H || 0xbc", EM)
            print("S        = RSA decryption of EM", S)
        
        rsa = RSA_Sig()
        sk = { 'phi_N':phi_N, 'd':d , 'N': n}
        sig = rsa.sign(sk, m, salt)
        assert S == sig