File: //opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyc
��
Bd\Rc������������@���s����d��Z��d��d��l��m��Z���d��Z��d��d��g��Z��d��d��l��Te��j��d���d��k��re�e��j��d ��d �k��re�d��d��l��Tn��d��d
�l �Z
�d��d��l �m��Z��m��Z��m
�Z
��d��d��l��m��Z���d��d��d
�������YZ��d�����Z��d�����Z��d�����Z��d
�d
�d�����Z��d
�S(����s����RSA digital signature protocol with appendix according to PKCS#1 PSS.
See RFC3447__ or the `original RSA Labs specification`__.
This scheme is more properly called ``RSASSA-PSS``.
For example, a sender may authenticate a message using SHA-1 and PSS like
this:
>>> from Crypto.Signature import PKCS1_PSS
>>> from Crypto.Hash import SHA
>>> from Crypto.PublicKey import RSA
>>> from Crypto import Random
>>>
>>> message = 'To be signed'
>>> key = RSA.importKey(open('privkey.der').read())
>>> h = SHA.new()
>>> h.update(message)
>>> signer = PKCS1_PSS.new(key)
>>> signature = PKCS1_PSS.sign(key)
At the receiver side, verification can be done like using the public part of
the RSA key:
>>> key = RSA.importKey(open('pubkey.der').read())
>>> h = SHA.new()
>>> h.update(message)
>>> verifier = PKCS1_PSS.new(key)
>>> if verifier.verify(h, signature):
>>> print "The signature is authentic."
>>> else:
>>> print "The signature is not authentic."
:undocumented: __revision__, __package__
.. __: http://www.ietf.org/rfc/rfc3447.txt
.. __: http://www.rsa.com/rsalabs/node.asp?id=2125
i����(����t
���nested_scopess����$Id$t����newt
���PSS_SigScheme(����t����*i����i����i����N(����t
���ceil_shiftt����ceil_divt
���long_to_bytes(����t����strxorc������������B���s2���e��Z��d��Z��d�����Z��d�����Z��d�����Z��d�����Z��RS(����sK���This signature scheme can perform PKCS#1 PSS RSA signature or verification.c������������C���s����|��|��_��|��|��_��|��|��_��d��S(����s!���Initialize this PKCS#1 PSS signature scheme object.
:Parameters:
key : an RSA key object
If a private half is given, both signature and verification are possible.
If a public half is given, only verification is possible.
mgfunc : callable
A mask generation function that accepts two parameters: a string to
use as seed, and the lenth of the mask to generate, in bytes.
saltLen : int
Length of the salt, in bytes.
N(����t����_keyt����_saltLent����_mgfunc(����t����selft����keyt����mgfunct����saltLen(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt����__init__O���s�����
� �c������������C���s
���|��j��j�����S(����sC���Return True if this cipher object can be used for signing messages.(����R����t����has_private(����R����(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt����can_sign`���s������c����
�����������s����|��j��j��}��|��j��d��k��r'����j��}��n �|��j��}��|��j��rE�|��j��}��n�����f��d�����}��t��j��j��j �|��j��j
����}��t��|��d�����}��t�����|��d���|��|��|�����}��|��j��j
�|�����}��t��d�����|��t��|�������|���} �| �S(����sB���Produce the PKCS#1 PSS signature of a message.
This function is named ``RSASSA-PSS-SIGN``, and is specified in
section 8.1.1 of RFC3447.
:Parameters:
mhash : hash object
The hash that was carried out over the message. This is an object
belonging to the `Crypto.Hash` module.
:Return: The PSS signature encoded as a string.
:Raise ValueError:
If the RSA key length is not sufficiently long to deal with the given
hash algorithm.
:Raise TypeError:
If the RSA key has no private half.
:attention: Modify the salt length and the mask generation function only
if you know what you are doing.
The receiver must use the same parameters too.
c����������������s����t��|��|��������S(����N(����t����MGF1(����t����xt����y(����t����mhash(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt����<lambda>����s����i����i����i����N(����R����t ���_randfuncR ���t����Nonet����digest_sizeR
���t����Cryptot����Utilt����numbert����sizet����nR����t����EMSA_PSS_ENCODEt����decryptt����bchrt����len(
���R����R����t����randfunct����sLent����mgft����modBitst����kt����emt����mt����S(����(����R����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt����signd���s������������ � ���������������c����
�����������s����|��j��d��k��r�����j��}��n �|��j��}��|��j��r9�|��j��}��n�����f��d�����}��t��j��j��j��|��j��j ����}��t
�|��d�����}��t��|�����|��k��r��t��S|��j��j
�|��d�����d���}��t
�|��d���d�����}��t��d�����|��t��|�������|���}��y �t�����|��|��d���|��|�����} �Wn���t��k
�r�����t��SX| �S(����s����Verify that a certain PKCS#1 PSS signature is authentic.
This function checks if the party holding the private half of the given
RSA key has really signed the message.
This function is called ``RSASSA-PSS-VERIFY``, and is specified in section
8.1.2 of RFC3447.
:Parameters:
mhash : hash object
The hash that was carried out over the message. This is an object
belonging to the `Crypto.Hash` module.
S : string
The signature that needs to be validated.
:Return: True if verification is correct. False otherwise.
c����������������s����t��|��|��������S(����N(����R����(����R����R����(����R����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR��������s����i����i����i����N(����R ���R����R����R
���R����R����R����R����R����R����R����R"���t����Falset����encryptR!���t����EMSA_PSS_VERIFYt
���ValueError(
���R����R����R*���R$���R%���R&���R'���R(���t����emLent����result(����(����R����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt����verify����s$��������� � ��������������������� �
���(����t����__name__t
���__module__t����__doc__R����R����R+���R2���(����(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR����L���s
������� � � 0c������������C���s{���t��d�����}��xL�t��t��|��|��j��������D]2�}��t��|��d�����}��|��|��j��|��|������j������}��q%�Wt��|�����|��k��ss�t�����|��|�� S(����s,���Mask Generation Function, described in B.2.1t����i����( ���t����bt����xrangeR����R����R����R����t����digestR"���t����AssertionError(����t����mgfSeedt����maskLent����hasht����Tt����countert����c(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR��������s������������!���c������������C���sY���t��|��d�����}��d��}��x*�t��d��|���|������D]��}��|��d��?d��B}��q*�W|��|��j��|���d���k��rh�t��d��������n��t��d�����}��|��r��|��d��k��r��|��|�����}��n��|��j��t��d�����d���|��j������|������} �t��d�����|��|���|��j���d����t��d������|���}
�|��| �j�����|��|��j���d������}��t��|
�|�����}��t��t �|��d������|���@���|��d����}��|��| �j������t��d������}
�|
�S( ���s%���
Implement the ``EMSA-PSS-ENCODE`` function, as defined
in PKCS#1 v2.1 (RFC3447, 9.1.1).
The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input,
and hash it internally. Here, we expect that the message has already
been hashed instead.
:Parameters:
mhash : hash object
The hash object that holds the digest of the message being signed.
emBits : int
Maximum length of the final encoding, in bits.
randFunc : callable
An RNG function that accepts as only parameter an int, and returns
a string of random bytes, to be used as salt.
mgf : callable
A mask generation function that accepts two parameters: a string to
use as seed, and the lenth of the mask to generate, in bytes.
sLen : int
Length of the salt, in bytes.
:Return: An ``emLen`` byte long string that encodes the hash
(with ``emLen = \ceil(emBits/8)``).
:Raise ValueError:
When digest or salt length are too big.
i����i����i����i����i����s6���Digest or salt length are too long for given key size.R6���i����(
���R����R8���R����R/���R7���R����R!���R9���R����t����bord(����R����t����emBitst����randFuncR%���R$���R0���t����lmaskt����it����saltt����ht����dbt����dbMaskt����maskedDBR(���(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR��������s �����������������������'�-� ���#���c������������C���s����t��|��d�����}��d��}��x*�t��d��|���|������D]��}��|��d��?d��B}��q*�W|��|��j��|���d���k��r]�t��St��|��d������d��k��rw�t��S|��|��|��j���d��� }��|��|��|��j���d���d��!} �|��t��|��d������@r��t��S|��| �|��|��j���d������}
�t��|��|
����}��t��t��|��d������|���@���|��d����}��|��j��t��d�����|��|��j���|���d����t��d���������s>�t��St �d�����}��|��r^�|��|����}��n��|��j
�t��d�����d���|��j������|������j�����}
�| �|
�k��r��t��St��S( ���s����
Implement the ``EMSA-PSS-VERIFY`` function, as defined
in PKCS#1 v2.1 (RFC3447, 9.1.2).
``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input,
and hash it internally. Here, we expect that the message has already
been hashed instead.
:Parameters:
mhash : hash object
The hash object that holds the digest of the message to be verified.
em : string
The signature to verify, therefore proving that the sender really signed
the message that was received.
emBits : int
Length of the final encoding (em), in bits.
mgf : callable
A mask generation function that accepts two parameters: a string to
use as seed, and the lenth of the mask to generate, in bytes.
sLen : int
Length of the salt, in bytes.
:Return: 0 if the encoding is consistent, 1 if it is inconsistent.
:Raise ValueError:
When digest or salt length are too big.
i����i����i����i����i����i����i����R6���(
���R����R8���R����R,���t����ordRA���R����R!���t
���startswithR7���R����R9���t����True(����R����R(���RB���R%���R$���R0���RD���RE���RJ���RG���RI���RH���RF���t����hp(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR.���
���s0���������������������������������#�2���������-�����c������������C���s����t��|��|��|�����S(����s����Return a signature scheme object `PSS_SigScheme` that
can be used to perform PKCS#1 PSS signature or verification.
:Parameters:
key : RSA key object
The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object.
Signing is only possible if *key* is a private RSA key.
mgfunc : callable
A mask generation function that accepts two parameters: a string to
use as seed, and the lenth of the mask to generate, in bytes.
If not specified, the standard MGF1 is used.
saltLen : int
Length of the salt, in bytes. If not specified, it matches the output
size of the hash function.
(����R����(����R����R
���R����(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR����Q���s������(����(����R5���t
���__future__R����t����__revision__t����__all__t����Crypto.Util.py3compatt����syst����version_infot����Crypto.Util.py21compatt����Crypto.Util.numberR����R����R����R����t����Crypto.Util.strxorR����R����R����R����R.���R����R����(����(����(����sM���/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt����<module><���s������������
�&�
��������} ; D