aboutsummaryrefslogtreecommitdiff
path: root/frozen_deps/Cryptodome/Signature
diff options
context:
space:
mode:
Diffstat (limited to 'frozen_deps/Cryptodome/Signature')
-rw-r--r--frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi27
-rw-r--r--frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi14
-rw-r--r--frozen_deps/Cryptodome/Signature/eddsa.py12
-rw-r--r--frozen_deps/Cryptodome/Signature/eddsa.pyi2
-rw-r--r--frozen_deps/Cryptodome/Signature/pkcs1_15.py11
-rw-r--r--frozen_deps/Cryptodome/Signature/pss.py11
-rw-r--r--frozen_deps/Cryptodome/Signature/pss.pyi2
7 files changed, 57 insertions, 22 deletions
diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi
index 7ed68e6..e7424f5 100644
--- a/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi
+++ b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi
@@ -1,7 +1,28 @@
-from typing import Optional, Callable
+from typing import Union, Callable, Optional
+from typing_extensions import Protocol
from Cryptodome.PublicKey.RSA import RsaKey
-from Cryptodome.Signature.pss import PSS_SigScheme
-def new(rsa_key: RsaKey, mgfunc: Optional[Callable]=None, saltLen: Optional[int]=None, randfunc: Optional[Callable]=None) -> PSS_SigScheme: ...
+class Hash(Protocol):
+ def digest(self) -> bytes: ...
+ def update(self, bytes) -> None: ...
+
+
+class HashModule(Protocol):
+ @staticmethod
+ def new(data: Optional[bytes]) -> Hash: ...
+
+
+MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]
+RndFunction = Callable[[int], bytes]
+
+class PSS_SigScheme:
+ def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ...
+ def can_sign(self) -> bool: ...
+ def sign(self, msg_hash: Hash) -> bytes: ...
+ def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...
+
+
+
+def new(rsa_key: RsaKey, mgfunc: Optional[MaskFunction]=None, saltLen: Optional[int]=None, randfunc: Optional[RndFunction]=None) -> PSS_SigScheme: ...
diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi
index 5851e5b..d02555c 100644
--- a/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi
+++ b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi
@@ -1,6 +1,16 @@
+from typing import Optional
+from typing_extensions import Protocol
+
from Cryptodome.PublicKey.RSA import RsaKey
-from Cryptodome.Signature.pkcs1_15 import PKCS115_SigScheme
+class Hash(Protocol):
+ def digest(self) -> bytes: ...
+
+class PKCS115_SigScheme:
+ def __init__(self, rsa_key: RsaKey) -> None: ...
+ def can_sign(self) -> bool: ...
+ def sign(self, msg_hash: Hash) -> bytes: ...
+ def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...
-def new(rsa_key: RsaKey) -> PKCS115_SigScheme: ... \ No newline at end of file
+def new(rsa_key: RsaKey) -> PKCS115_SigScheme: ...
diff --git a/frozen_deps/Cryptodome/Signature/eddsa.py b/frozen_deps/Cryptodome/Signature/eddsa.py
index e80a866..638b96b 100644
--- a/frozen_deps/Cryptodome/Signature/eddsa.py
+++ b/frozen_deps/Cryptodome/Signature/eddsa.py
@@ -39,8 +39,9 @@ from Cryptodome.PublicKey.ECC import (EccKey,
def import_public_key(encoded):
- """Import an EdDSA ECC public key, when encoded as raw ``bytes`` as described
- in RFC8032.
+ """Create a new Ed25519 or Ed448 public key object,
+ starting from the key encoded as raw ``bytes``,
+ in the format described in RFC8032.
Args:
encoded (bytes):
@@ -66,8 +67,9 @@ def import_public_key(encoded):
def import_private_key(encoded):
- """Import an EdDSA ECC private key, when encoded as raw ``bytes`` as described
- in RFC8032.
+ """Create a new Ed25519 or Ed448 private key object,
+ starting from the key encoded as raw ``bytes``,
+ in the format described in RFC8032.
Args:
encoded (bytes):
@@ -313,7 +315,7 @@ def new(key, mode, context=None):
can perform or verify an EdDSA signature.
Args:
- key (:class:`Cryptodome.PublicKey.ECC` object:
+ key (:class:`Cryptodome.PublicKey.ECC` object):
The key to use for computing the signature (*private* keys only)
or for verifying one.
The key must be on the curve ``Ed25519`` or ``Ed448``.
diff --git a/frozen_deps/Cryptodome/Signature/eddsa.pyi b/frozen_deps/Cryptodome/Signature/eddsa.pyi
index bf985c4..809a7ad 100644
--- a/frozen_deps/Cryptodome/Signature/eddsa.pyi
+++ b/frozen_deps/Cryptodome/Signature/eddsa.pyi
@@ -18,4 +18,4 @@ class EdDSASigScheme(object):
def sign(self, msg_or_hash: Union[bytes, Hash, XOF]) -> bytes: ...
def verify(self, msg_or_hash: Union[bytes, Hash, XOF], signature: bytes) -> None: ...
-def new(key: EccKey, mode: bytes, context: Optional[bytes]=None) -> EdDSASigScheme: ...
+def new(key: EccKey, mode: str, context: Optional[bytes]=None) -> EdDSASigScheme: ...
diff --git a/frozen_deps/Cryptodome/Signature/pkcs1_15.py b/frozen_deps/Cryptodome/Signature/pkcs1_15.py
index ae9257e..bdde78a 100644
--- a/frozen_deps/Cryptodome/Signature/pkcs1_15.py
+++ b/frozen_deps/Cryptodome/Signature/pkcs1_15.py
@@ -77,10 +77,11 @@ class PKCS115_SigScheme:
em = _EMSA_PKCS1_V1_5_ENCODE(msg_hash, k)
# Step 2a (OS2IP)
em_int = bytes_to_long(em)
- # Step 2b (RSASP1)
- m_int = self._key._decrypt(em_int)
- # Step 2c (I2OSP)
- signature = long_to_bytes(m_int, k)
+ # Step 2b (RSASP1) and Step 2c (I2OSP)
+ signature = self._key._decrypt_to_bytes(em_int)
+ # Verify no faults occurred
+ if em_int != pow(bytes_to_long(signature), self._key.e, self._key.n):
+ raise ValueError("Fault detected in RSA private key operation")
return signature
def verify(self, msg_hash, signature):
@@ -202,7 +203,7 @@ def _EMSA_PKCS1_V1_5_ENCODE(msg_hash, emLen, with_hash_parameters=True):
# We need at least 11 bytes for the remaining data: 3 fixed bytes and
# at least 8 bytes of padding).
if emLen<len(digestInfo)+11:
- raise TypeError("Selected hash algorithm has a too long digest (%d bytes)." % len(digest))
+ raise TypeError("DigestInfo is too long for this RSA key (%d bytes)." % len(digestInfo))
PS = b'\xFF' * (emLen - len(digestInfo) - 3)
return b'\x00\x01' + PS + b'\x00' + digestInfo
diff --git a/frozen_deps/Cryptodome/Signature/pss.py b/frozen_deps/Cryptodome/Signature/pss.py
index 0b05ed2..b929e26 100644
--- a/frozen_deps/Cryptodome/Signature/pss.py
+++ b/frozen_deps/Cryptodome/Signature/pss.py
@@ -107,10 +107,11 @@ class PSS_SigScheme:
em = _EMSA_PSS_ENCODE(msg_hash, modBits-1, self._randfunc, mgf, sLen)
# Step 2a (OS2IP)
em_int = bytes_to_long(em)
- # Step 2b (RSASP1)
- m_int = self._key._decrypt(em_int)
- # Step 2c (I2OSP)
- signature = long_to_bytes(m_int, k)
+ # Step 2b (RSASP1) and Step 2c (I2OSP)
+ signature = self._key._decrypt_to_bytes(em_int)
+ # Verify no faults occurred
+ if em_int != pow(bytes_to_long(signature), self._key.e, self._key.n):
+ raise ValueError("Fault detected in RSA private key operation")
return signature
def verify(self, msg_hash, signature):
@@ -178,7 +179,7 @@ def MGF1(mgfSeed, maskLen, hash_gen):
:return: the mask, as a *byte string*
"""
-
+
T = b""
for counter in iter_range(ceil_div(maskLen, hash_gen.digest_size)):
c = long_to_bytes(counter, 4)
diff --git a/frozen_deps/Cryptodome/Signature/pss.pyi b/frozen_deps/Cryptodome/Signature/pss.pyi
index 9ca19ea..84a960e 100644
--- a/frozen_deps/Cryptodome/Signature/pss.pyi
+++ b/frozen_deps/Cryptodome/Signature/pss.pyi
@@ -18,7 +18,7 @@ MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]
RndFunction = Callable[[int], bytes]
class PSS_SigScheme:
- def __init__(self, key: RsaKey, mgfunc: RndFunction, saltLen: int, randfunc: RndFunction) -> None: ...
+ def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ...
def can_sign(self) -> bool: ...
def sign(self, msg_hash: Hash) -> bytes: ...
def verify(self, msg_hash: Hash, signature: bytes) -> None: ...
Powered by cgit, Themed by Ted Yin.