ffz4ddlmZmZmZddlZddlmZmZmZddl m Z ddlm Z GddZ dZ d Zd Zd ZdS) )bchrbord iter_rangeN)ceil_div long_to_bytes bytes_to_long)strxor)Randomc*eZdZdZdZdZdZdZdS) PSS_SigSchemezvA signature object for ``RSASSA-PSS``. Do not instantiate directly. Use :func:`Crypto.Signature.pss.new`. c>||_||_||_||_dS)atInitialize this PKCS#1 PSS signature scheme object. :Parameters: key : an RSA key object If a private half is given, both signature and verification are possible. If a public half is given, only verification is possible. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. saltLen : integer Length of the salt, in bytes. randfunc : callable A function that returns random bytes. N)_key_saltLen_mgfunc _randfunc)selfkeymgfuncsaltLenrandfuncs v/builddir/build/BUILD/imunify360-venv-2.3.5/opt/imunify360/venv/lib64/python3.11/site-packages/Crypto/Signature/pss.py__init__zPSS_SigScheme.__init__/s$$   !c4|jS)z`_. :parameter msg_hash: This is an object from the :mod:`Crypto.Hash` package. It has been used to digest the message to sign. :type msg_hash: hash object :return: the signature encoded as a *byte string*. :raise ValueError: if the RSA key is not long enough for the given hash algorithm. :raise TypeError: if the RSA key has no private half. Nc&t||SNMGF1xymsg_hashs rz$PSS_SigScheme.sign..btAq(33r)r digest_sizerCryptoUtilnumbersizernr_EMSA_PSS_ENCODErr_decryptr) rr%sLenmgfmodBitskemem_intm_int signatures ` rsignzPSS_SigScheme.signJs$ = 'DD=D < 3333CC,C+$))$)+66 Wa  h 4>3 M Mr"" ""6**!%++ rc|jj}n|j}|jr|j}nfd}tjj|jj}t|d}t||krtdt|}|j |}t|dz d} t|| } t| |dz ||dS)apCheck if the PKCS#1 PSS signature over a message is valid. This function is also called ``RSASSA-PSS-VERIFY`` and it is specified in `section 8.1.2 of RFC8037 `_. :parameter msg_hash: The hash that was carried out over the message. This is an object belonging to the :mod:`Crypto.Hash` module. :type parameter: hash object :parameter signature: The signature that needs to be validated. :type signature: bytes :raise ValueError: if the signature is not valid. Nc&t||Srr r"s rr&z&PSS_SigScheme.verify..r'rr(Incorrect signaturer))rr*rr+r,r-r.rr/rlen ValueErrorr_encryptr_EMSA_PSS_VERIFY) rr%r9r2r3r4r5 signature_intr7emLenr6s ` rverifyzPSS_SigScheme.verifyts( = 'DD=D < 4,CC3333C+$))$)+66 Wa  y>>Q  233 3%i00 ##M221a(( 65 ) )2wqy#t<<<<`_. :param mfgSeed: seed from which the mask is generated :type mfgSeed: byte string :param maskLen: intended length in bytes of the mask :type maskLen: integer :param hash_gen: A module or a hash object from :mod:`Crypto.Hash` :type hash_object: :return: the mask, as a *byte string* rN)rrr*rnewupdatedigestr>)mgfSeedmaskLenhash_genTcounterchobjs rr!r!s& Ahw0DEEFF '1 % %||~~ GaK     q66W     XgX;rct|d}d}td|z|z D] }|dz dz} ||j|zdzkrtd||}t ddz|z|z} |} | | t d||z |jz dz z} | t dz|z} || ||jz dz } t| | }t t|d|z|ddz}|| zt dz}|S) a Implement the ``EMSA-PSS-ENCODE`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.1). The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message being signed. emBits : int Maximum length of the final encoding, in bits. randFunc : callable An RNG function that accepts as only parameter an int, and returns a string of random bytes, to be used as salt. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: An ``emLen`` byte long string that encodes the hash (with ``emLen = \ceil(emBits/8)``). :Raise ValueError: When digest or salt length are too big. r(rr)z6Digest or salt length are too long for given key size.N) rrr*r?rrNrLrMr r)mhashemBitsrandFuncr3r2rClmaskisaltm_primehpsdbdbMaskmaskedDBr6s rr0r0s< VQ  E E % ' '"" T! u %a'''011 1 8D>>D1ggai%,,..(4/G AHHW a%*U..q0 1B d1gg B SU5#44Q6 7 7Fb&!!HD!%%.//(122,>H AHHJJ d +B Irct|d}d}td|z|z D] }|dz dz} ||j|zdzkrtdt |ddd krtd|d||jz dz }|||jz dz d} |t |dzrtd|| ||jz dz } t || } tt | d|z| ddz} | td||jz |z dz ztdzstd|dkr | | d} nd } tddz| z| z} | }| | | }| |krtddS) a Implement the ``EMSA-PSS-VERIFY`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.2). ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message to be verified. em : string The signature to verify, therefore proving that the sender really signed the message that was received. emBits : int Length of the final encoding (em), in bits. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Raise ValueError: When the encoding is inconsistent, or the digest or salt lengths are too big. r(rr)rWrXr=NrYr) rrr*r?ordrr r startswithrNrLrM)rZr6r[r3r2rCr]r^rerardrcr_r`rUhps rrArAs'8 VQ  E E % ' '"" T! u %a'''./// 2bcc7||t.///,5**1,,-H 5" "1 $R '(A tBqE{{0./// SE%++A- . .F & ! !B d2a5kkUF" # #bf ,B ==a%(9"9$">q"@ADGGK L L0./// axx4%&&z1ggai%,,..(4/G 99;;DKK BBww.///wrc ,|dd}|dd}|dd}| tj}|r1tdt |zt ||||S)aCreate an object for making or verifying PKCS#1 PSS signatures. :parameter rsa_key: The RSA key to use for signing or verifying the message. This is a :class:`Crypto.PublicKey.RSA` object. Signing is only possible when ``rsa_key`` is a **private** RSA key. :type rsa_key: RSA object :Keyword Arguments: * *mask_func* (``callable``) -- A function that returns the mask (as `bytes`). It must accept two parameters: a seed (as `bytes`) and the length of the data to return. If not specified, it will be the function :func:`MGF1` defined in `RFC8017 `_ and combined with the same hash algorithm applied to the message to sign or verify. If you want to use a different function, for instance still :func:`MGF1` but together with another hash, you can do:: from Crypto.Hash import SHA256 from Crypto.Signature.pss import MGF1 mgf = lambda x, y: MGF1(x, y, SHA256) * *salt_bytes* (``integer``) -- Length of the salt, in bytes. It is a value between 0 and ``emLen - hLen - 2``, where ``emLen`` is the size of the RSA modulus and ``hLen`` is the size of the digest applied to the message to sign or verify. The salt is generated internally, you don't need to provide it. If not specified, the salt length will be ``hLen``. If it is zero, the signature scheme becomes deterministic. Note that in some implementations such as OpenSSL the default salt length is ``emLen - hLen - 2`` (even though it is not more secure than ``hLen``). * *rand_func* (``callable``) -- A function that returns random ``bytes``, of the desired length. The default is :func:`Crypto.Random.get_random_bytes`. :return: a :class:`PSS_SigScheme` signature object mask_funcN salt_bytes rand_funczUnknown keywords: )popr get_random_bytesr?strkeysr )rsa_keykwargsrlsalt_lenrns rrLrLIsd ;--Izz,--H ;--I+  D-FKKMM0B0BBCCC )Xy A AAr)Crypto.Util.py3compatrrrCrypto.Util.numberr+rrrCrypto.Util.strxorr r r r!r0rArLrIrrrys >9888888888""""""""""&%%%%%w=w=w=w=w=w=w=w=t:===@F0F0F0R9B9B9B9B9Br