ÿØÿàJFIFÿþ ÿÛC       ÿÛC ÿÀÿÄÿÄ"#QrÿÄÿÄ&1!A"2qQaáÿÚ ?Øy,æ/3JæݹÈ߲؋5êXw²±ÉyˆR”¾I0ó2—PI¾IÌÚiMö¯–þrìN&"KgX:Šíµ•nTJnLK„…@!‰-ý ùúmë;ºgµŒ&ó±hw’¯Õ@”Ü— 9ñ-ë.²1<yà‚¹ïQÐU„ہ?.’¦èûbß±©Ö«Âw*VŒ) `$‰bØԟ’ëXÖ-ËTÜíGÚ3ð«g Ÿ§¯—Jx„–’U/ÂÅv_s(Hÿ@TñJÑãõçn­‚!ÈgfbÓc­:él[ðQe 9ÀPLbÃãCµm[5¿ç'ªjglå‡Ûí_§Úõl-;"PkÞÞÁQâ¼_Ñ^¢SŸx?"¸¦ùY騐ÒOÈ q’`~~ÚtËU¹CڒêV  I1Áß_ÿÙ Bd\Rc@sdZddlmZdZddgZddlTejddkreejd d kreddlTndd l Z dd l m Z m Z m Z dd lmZddd YZdZdZdZd d dZd S(sRSA digital signature protocol with appendix according to PKCS#1 PSS. See RFC3447__ or the `original RSA Labs specification`__. This scheme is more properly called ``RSASSA-PSS``. For example, a sender may authenticate a message using SHA-1 and PSS like this: >>> from Crypto.Signature import PKCS1_PSS >>> from Crypto.Hash import SHA >>> from Crypto.PublicKey import RSA >>> from Crypto import Random >>> >>> message = 'To be signed' >>> key = RSA.importKey(open('privkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> signer = PKCS1_PSS.new(key) >>> signature = PKCS1_PSS.sign(key) At the receiver side, verification can be done like using the public part of the RSA key: >>> key = RSA.importKey(open('pubkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> verifier = PKCS1_PSS.new(key) >>> if verifier.verify(h, signature): >>> print "The signature is authentic." >>> else: >>> print "The signature is not authentic." :undocumented: __revision__, __package__ .. __: http://www.ietf.org/rfc/rfc3447.txt .. __: http://www.rsa.com/rsalabs/node.asp?id=2125 i(t nested_scopess$Id$tnewt PSS_SigScheme(t*iiiN(t ceil_shifttceil_divt long_to_bytes(tstrxorcBs2eZdZdZdZdZdZRS(sKThis signature scheme can perform PKCS#1 PSS RSA signature or verification.cCs||_||_||_dS(s!Initialize this PKCS#1 PSS signature scheme object. :Parameters: key : an RSA key object If a private half is given, both signature and verification are possible. If a public half is given, only verification is possible. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. saltLen : int Length of the salt, in bytes. N(t_keyt_saltLent_mgfunc(tselftkeytmgfunctsaltLen((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt__init__Os  cCs |jjS(sCReturn True if this cipher object can be used for signing messages.(Rt has_private(R ((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytcan_sign`sc s|jj}|jdkr'j}n |j}|jrE|j}nfd}tjjj |jj }t |d}t |d|||}|jj |}td|t||} | S(sBProduce the PKCS#1 PSS signature of a message. This function is named ``RSASSA-PSS-SIGN``, and is specified in section 8.1.1 of RFC3447. :Parameters: mhash : hash object The hash that was carried out over the message. This is an object belonging to the `Crypto.Hash` module. :Return: The PSS signature encoded as a string. :Raise ValueError: If the RSA key length is not sufficiently long to deal with the given hash algorithm. :Raise TypeError: If the RSA key has no private half. :attention: Modify the salt length and the mask generation function only if you know what you are doing. The receiver must use the same parameters too. cst||S(N(tMGF1(txty(tmhash(sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyttiiiN(Rt _randfuncR tNonet digest_sizeR tCryptotUtiltnumbertsizetnRtEMSA_PSS_ENCODEtdecrypttbchrtlen( R RtrandfunctsLentmgftmodBitstktemtmtS((RsM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytsignds     c s |jdkrj}n |j}|jr9|j}nfd}tjjj|jj }t |d}t ||krt S|jj |dd}t |dd}td|t ||}y t||d||} Wntk rt SX| S(sVerify that a certain PKCS#1 PSS signature is authentic. This function checks if the party holding the private half of the given RSA key has really signed the message. This function is called ``RSASSA-PSS-VERIFY``, and is specified in section 8.1.2 of RFC3447. :Parameters: mhash : hash object The hash that was carried out over the message. This is an object belonging to the `Crypto.Hash` module. S : string The signature that needs to be validated. :Return: True if verification is correct. False otherwise. cst||S(N(R(RR(R(sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRRiiiN(R RRR RRRRRRRR#tFalsetencryptR"tEMSA_PSS_VERIFYt ValueError( R RR+R%R&R'R(R)temLentresult((RsM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pytverifys$      (t__name__t __module__t__doc__RRR,R3(((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRLs    0cCsctd}xLtt||jD]2}t|d}||j||j}q%W|| S(s,Mask Generation Function, described in B.2.1Ri(tbtxrangeRRRRtdigest(tmgfSeedtmaskLenthashtTtcountertc((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRs  !cCsYt|d}d}x*td||D]}|d?dB}q*W||j|dkrhtdntd}|r|dkr||}n|jtdd|j|} td|||jdtd|} || j||jd} t| | } tt | d|@| d} | | jtd} | S( s% Implement the ``EMSA-PSS-ENCODE`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.1). The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message being signed. emBits : int Maximum length of the final encoding, in bits. randFunc : callable An RNG function that accepts as only parameter an int, and returns a string of random bytes, to be used as salt. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: An ``emLen`` byte long string that encodes the hash (with ``emLen = \ceil(emBits/8)``). :Raise ValueError: When digest or salt length are too big. iiiiis6Digest or salt length are too long for given key size.Ri( RR8RR0R7RR"R9Rtbord(RtemBitstrandFuncR&R%R1tlmasktitsaltthtdbtdbMasktmaskedDBR)((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR s  '- #cCst|d}d}x*td||D]}|d?dB}q*W||j|dkr]tSt|ddkrwtS|||jd }|||jdd!} |t|d@rtS|| ||jd} t|| } tt| d|@| d} | jtd||j|dtds>tSt d} |r^| | } n|j tdd|j | j } | | krtSt S( s Implement the ``EMSA-PSS-VERIFY`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.2). ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message to be verified. em : string The signature to verify, therefore proving that the sender really signed the message that was received. emBits : int Length of the final encoding (em), in bits. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: 0 if the encoding is consistent, 1 if it is inconsistent. :Raise ValueError: When digest or salt length are too big. iiiiiiiR( RR8RR-tordR@RR"t startswithR7RR9tTrue(RR)RAR&R%R1RCRDRIRFRHRGREthp((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyR/ s0#2 - cCst|||S(sReturn a signature scheme object `PSS_SigScheme` that can be used to perform PKCS#1 PSS signature or verification. :Parameters: key : RSA key object The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object. Signing is only possible if *key* is a private RSA key. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. If not specified, the standard MGF1 is used. saltLen : int Length of the salt, in bytes. If not specified, it matches the output size of the hash function. (R(R R R((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyRQs((R6t __future__Rt __revision__t__all__tCrypto.Util.py3compattsyst version_infotCrypto.Util.py21compattCrypto.Util.numberRRRRtCrypto.Util.strxorRRRR R/RR(((sM/opt/alt/python27/lib64/python2.7/site-packages/Crypto/Signature/PKCS1_PSS.pyt<s  &  } ; D