From 01998a6b0b1aff11d2d33610cc31ab2034611ff0 Mon Sep 17 00:00:00 2001 From: Sylvain Bellemare Date: Wed, 21 Jun 2017 16:04:09 +0200 Subject: [PATCH] Cleaned up rsa module a bit --- cryptoconditions/types/rsa.py | 48 +++++++++-------------------------- 1 file changed, 12 insertions(+), 36 deletions(-) diff --git a/cryptoconditions/types/rsa.py b/cryptoconditions/types/rsa.py index 19f842e..7c29ebb 100644 --- a/cryptoconditions/types/rsa.py +++ b/cryptoconditions/types/rsa.py @@ -7,36 +7,30 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers - -#from pyasn1.codec.der.decoder import decode as der_decode from pyasn1.codec.der.encoder import encode as der_encode from pyasn1.codec.native.decoder import decode as nat_decode -#from pyasn1.codec.native.encoder import encode as nat_encode -# -#from cryptoconditions.condition import Condition -#from cryptoconditions.fulfillment import Fulfillment + from cryptoconditions.crypto import base64_add_padding from cryptoconditions.exceptions import MissingDataError, ValidationError from cryptoconditions.types.base_sha256 import BaseSha256 from cryptoconditions.schemas.fingerprint import RsaFingerprintContents -# Instantiate RSA signer with standard settings -#rsa = Rsa() PUBLIC_EXPONENT = 65537 -#SALT_LENGTH = padding.PSS.MAX_LENGTH SALT_LENGTH = 32 + class RsaSha256(BaseSha256): """RSA-SHA-256: RSA signature condition using SHA-256. - This RSA condition uses RSA-PSS padding with SHA-256. The salt length is set - equal the digest length of 32 bytes. + This RSA condition uses RSA-PSS padding with SHA-256. The salt + length is set equal the digest length of 32 bytes. - The public exponent is fixed at 65537 and the public modulus must be between - 128 (1017 bits) and 512 bytes (4096 bits) long. + The public exponent is fixed at 65537 and the public modulus must + be between 128 (1017 bits) and 512 bytes (4096 bits) long. - RSA-SHA-256 is assigned the type ID 3. It relies on the SHA-256 and RSA-PSS - feature suites which corresponds to a feature bitmask of 0x11. + RSA-SHA-256 is assigned the type ID 3. It relies on the SHA-256 and + RSA-PSS feature suites which corresponds to a feature bitmask of + 0x11. """ TYPE_ID = 3 @@ -48,11 +42,10 @@ class RsaSha256(BaseSha256): COST_RIGHT_SHIFT = 6 # 2**6 = 64 - def __init__(self, asn1=None): + def __init__(self): super().__init__() self.modulus = None self.signature = None - self.asn1 = asn1 def parse_json(self, json): self.modulus = urlsafe_b64decode(base64_add_padding(json['modulus'])) @@ -135,11 +128,11 @@ def sign(self, message, private_key): Args: message (bytes): Message to sign. - private_key (str): RSA private key. + private_key (bytes): RSA private key. """ private_key_obj = serialization.load_pem_private_key( - private_key.encode(), + private_key, password=None, backend=default_backend(), ) @@ -158,8 +151,6 @@ def sign(self, message, private_key): hashes.SHA256(), ) signer.update(message) - - #self.signature = rsa.sign(private_key, message) self.signature = signer.finalize() def calculate_cost(self): @@ -208,18 +199,6 @@ def validate(self, message): int.from_bytes(self.modulus, byteorder='big'), ) public_key = public_numbers.public_key(default_backend()) - try: - public_key.verify( - self.signature, - message, - padding.PSS( - mgf=padding.MGF1(hashes.SHA256()), - salt_length=SALT_LENGTH, - ), - hashes.SHA256() - ) - except InvalidSignature as exc: - raise ValidationError('Invalid RSA signature') from exc verifier = public_key.verifier( self.signature, padding.PSS( @@ -234,7 +213,4 @@ def validate(self, message): except InvalidSignature as exc: raise ValidationError('Invalid RSA signature') from exc - #pss_result = rsa.verify(self.modulus, message, self.signature) - #if not pss_result: - # raise ValidationError('Invalid RSA signature') return True