updated pycrypto

modules/Crypto/Signature/PKCS1_PSS.py

@@ -30,22 +30,22 @@ For example, a sender may authenticate a message using SHA-1 and PSS like
 this:
 
     >>> from Crypto.Signature import PKCS1_PSS
-    >>> from Crypto.Hash import SHA1
-    >>> from Crypto.PublicKey import RSA1
+    >>> from Crypto.Hash import SHA
+    >>> from Crypto.PublicKey import RSA
     >>> from Crypto import Random
     >>>
     >>> message = 'To be signed'
     >>> key = RSA.importKey(open('privkey.der').read())
-    >>> h = SHA1.new()
+    >>> h = SHA.new()
     >>> h.update(message)
     >>> signer = PKCS1_PSS.new(key)
-    >>> signature = signer.sign(key)
+    >>> signature = PKCS1_PSS.sign(key)
 
 At the receiver side, verification can be done like using the public part of
 the RSA key:
 
     >>> key = RSA.importKey(open('pubkey.der').read())
-    >>> h = SHA1.new()
+    >>> h = SHA.new()
     >>> h.update(message)
     >>> verifier = PKCS1_PSS.new(key)
     >>> if verifier.verify(h, signature):
@@ -72,7 +72,6 @@ if sys.version_info[0] == 2 and sys.version_info[1] == 1:
 import Crypto.Util.number
 from Crypto.Util.number import ceil_shift, ceil_div, long_to_bytes
 from Crypto.Util.strxor import strxor
-from Crypto.Hash import new as Hash_new
 
 class PSS_SigScheme:
     """This signature scheme can perform PKCS#1 PSS RSA signature or verification."""
@@ -204,11 +203,7 @@ def MGF1(mgfSeed, maskLen, hash):
     T = b("")
     for counter in xrange(ceil_div(maskLen, hash.digest_size)):
         c = long_to_bytes(counter, 4)
-        try:
-            T = T + hash.new(mgfSeed + c).digest()
-        except AttributeError:
-            # hash object doesn't have a "new" method.  Use Crypto.Hash.new() to instantiate it
-            T = T + Hash_new(hash, mgfSeed + c).digest()
+        T = T + hash.new(mgfSeed + c).digest()
     assert(len(T)>=maskLen)
     return T[:maskLen]
 
@@ -258,11 +253,7 @@ def EMSA_PSS_ENCODE(mhash, emBits, randFunc, mgf, sLen):
     if randFunc and sLen>0:
         salt = randFunc(sLen)
     # Step 5 and 6
-    try:
-        h = mhash.new(bchr(0x00)*8 + mhash.digest() + salt)
-    except AttributeError:
-        # hash object doesn't have a "new" method.  Use Crypto.Hash.new() to instantiate it
-        h = Hash_new(mhash, bchr(0x00)*8 + mhash.digest() + salt)
+    h = mhash.new(bchr(0x00)*8 + mhash.digest() + salt)
     # Step 7 and 8
     db = bchr(0x00)*(emLen-sLen-mhash.digest_size-2) + bchr(0x01) + salt
     # Step 9
@@ -337,11 +328,7 @@ def EMSA_PSS_VERIFY(mhash, em, emBits, mgf, sLen):
     salt = b("")
     if sLen: salt = db[-sLen:]
     # Step 12 and 13
-    try:
-        hp = mhash.new(bchr(0x00)*8 + mhash.digest() + salt).digest()
-    except AttributeError:
-        # hash object doesn't have a "new" method.  Use Crypto.Hash.new() to instantiate it
-        hp = Hash_new(mhash, bchr(0x00)*8 + mhash.digest() + salt).digest()
+    hp = mhash.new(bchr(0x00)*8 + mhash.digest() + salt).digest()
     # Step 14
     if h!=hp:
         return False

modules/Crypto/Signature/PKCS1_v1_5.py

@@ -60,13 +60,9 @@ the RSA key:
 __revision__ = "$Id$"
 __all__ = [ 'new', 'PKCS115_SigScheme' ]
 
-import sys
-
 import Crypto.Util.number
 from Crypto.Util.number import ceil_div
-from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString, DerObjectId
-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
-    from Crypto.Util.py21compat import *
+from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString
 from Crypto.Util.py3compat import *
 
 class PKCS115_SigScheme:
@@ -154,13 +150,7 @@ class PKCS115_SigScheme:
         em1 = bchr(0x00)*(k-len(m)) + m
         # Step 3
         try:
-            em2_with_params = EMSA_PKCS1_V1_5_ENCODE(mhash, k, True)
-            # MD hashes always require NULL params in AlgorithmIdentifier.
-            # For all others, it is optional.
-            if _HASH_OIDS[mhash.name].startswith('1.2.840.113549.2.'):  # MD2/MD4/MD5
-                em2_without_params = em2_with_params
-            else:
-                em2_without_params = EMSA_PKCS1_V1_5_ENCODE(mhash, k, False)
+            em2 = EMSA_PKCS1_V1_5_ENCODE(mhash, k)
         except ValueError:
             return 0
         # Step 4
@@ -168,9 +158,9 @@ class PKCS115_SigScheme:
         # of its components one at a time) we avoid attacks to the padding
         # scheme like Bleichenbacher's (see http://www.mail-archive.com/cryptography@metzdowd.com/msg06537).
         # 
-        return em1==em2_with_params or em1==em2_without_params
+        return em1==em2
     
-def EMSA_PKCS1_V1_5_ENCODE(hash, emLen, with_hash_parameters=True):
+def EMSA_PKCS1_V1_5_ENCODE(hash, emLen):
     """
     Implement the ``EMSA-PKCS1-V1_5-ENCODE`` function, as defined
     in PKCS#1 v2.1 (RFC3447, 9.2).
@@ -184,9 +174,6 @@ def EMSA_PKCS1_V1_5_ENCODE(hash, emLen, with_hash_parameters=True):
             The hash object that holds the digest of the message being signed.
      emLen : int
             The length the final encoding must have, in bytes.
-     with_hash_parameters:
-            If True (default), include NULL parameters for the hash
-            algorithm in the ``digestAlgorithm`` SEQUENCE.
 
     :attention: the early standard (RFC2313) stated that ``DigestInfo``
         had to be BER-encoded. This means that old signatures
@@ -194,6 +181,11 @@ def EMSA_PKCS1_V1_5_ENCODE(hash, emLen, with_hash_parameters=True):
         is not supported in DER. Such encoding cannot be
         reproduced by this function.
 
+    :attention: the same standard defined ``DigestAlgorithm`` to be
+        of ``AlgorithmIdentifier`` type, where the PARAMETERS
+        item is optional. Encodings for ``MD2/4/5`` without
+        ``PARAMETERS`` cannot be reproduced by this function.
+
     :Return: An ``emLen`` byte long string that encodes the hash.
     """
 
@@ -216,19 +208,7 @@ def EMSA_PKCS1_V1_5_ENCODE(hash, emLen, with_hash_parameters=True):
     #       { OID id-sha512 PARAMETERS NULL }
     #   }
     #
-    # Appendix B.1 also says that for SHA-1/-2 algorithms, the parameters
-    # should be omitted. They may be present, but when they are, they shall
-    # have NULL value.
-
-    if with_hash_parameters:
-        digestAlgo  = DerSequence([
-                        DerObjectId(_HASH_OIDS[hash.name]).encode(),
-                        DerNull().encode()
-                        ])
-    else:
-        digestAlgo  = DerSequence([
-                        DerObjectId(_HASH_OIDS[hash.name]).encode(),
-                        ])
+    digestAlgo  = DerSequence([hash.oid, DerNull().encode()])
     digest      = DerOctetString(hash.digest())
     digestInfo  = DerSequence([
                     digestAlgo.encode(),
@@ -238,7 +218,7 @@ def EMSA_PKCS1_V1_5_ENCODE(hash, emLen, with_hash_parameters=True):
     # We need at least 11 bytes for the remaining data: 3 fixed bytes and
     # at least 8 bytes of padding).
     if emLen<len(digestInfo)+11:
-        raise TypeError("Selected hash algorith has a too long digest (%d bytes)." % len(digest))
+        raise ValueError("Selected hash algorith has a too long digest (%d bytes)." % len(digest))
     PS = bchr(0xFF) * (emLen - len(digestInfo) - 3)
     return b("\x00\x01") + PS + bchr(0x00) + digestInfo
 
@@ -254,75 +234,3 @@ def new(key):
     """
     return PKCS115_SigScheme(key)
 
-# AlgorithmIdentifier OIDs for use with PKCS#1 v1.5.
-#
-# These map names to the associated OIDs.  We should try to be compatible
-# with the standard library's hashlib modules, where possible.
-#
-# XXX - These will probably be moved somewhere else soon.
-_HASH_OIDS = {
-    #:  id-md2 OBJECT IDENTIFIER ::= {
-    #:      iso(1) member-body(2) us(840) rsadsi(113549)
-    #:       digestAlgorithm(2) 2
-    #:  }
-    "MD2": "1.2.840.113549.2.2",
-    "md2": "1.2.840.113549.2.2",
-
-    #:  id-md4 OBJECT IDENTIFIER ::= {
-    #:      iso(1) member-body(2) us(840) rsadsi(113549)
-    #:       digestAlgorithm(2) 4
-    #:  }
-    "MD4": "1.2.840.113549.2.4",
-    "md4": "1.2.840.113549.2.4",
-
-    #:  id-md5      OBJECT IDENTIFIER ::= {
-    #:      iso(1) member-body(2) us(840) rsadsi(113549)
-    #:       digestAlgorithm(2) 5
-    #:  }
-    "MD5": "1.2.840.113549.2.5",
-    "md5": "1.2.840.113549.2.5",
-
-    #:  id-ripemd160 OBJECT IDENTIFIER ::= {
-    #:      iso(1) identified-organization(3) teletrust(36)
-    #:       algorithm(3) hashAlgorithm(2) ripemd160(1)
-    #:  }
-    "RIPEMD160": "1.3.36.3.2.1",
-    "ripemd160": "1.3.36.3.2.1",
-
-    #:  id-sha1    OBJECT IDENTIFIER ::= {
-    #:      iso(1) identified-organization(3) oiw(14) secsig(3)
-    #:       algorithms(2) 26
-    #:  }
-    "SHA1": "1.3.14.3.2.26",
-    "sha1": "1.3.14.3.2.26",
-
-    #:  id-sha224    OBJECT IDENTIFIER ::= {
-    #:      joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3)
-    #:      nistalgorithm(4) hashalgs(2) 4
-    #:  }
-    "SHA224": '2.16.840.1.101.3.4.2.4',
-    "sha224": '2.16.840.1.101.3.4.2.4',
-
-    #:  id-sha256    OBJECT IDENTIFIER ::= {
-    #:      joint-iso-itu-t(2) country(16) us(840) organization(1)
-    #:       gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1
-    #:  }
-    "SHA256": "2.16.840.1.101.3.4.2.1",
-    "sha256": "2.16.840.1.101.3.4.2.1",
-
-    #:  id-sha384    OBJECT IDENTIFIER ::= {
-    #:      joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3)
-    #:	     nistalgorithm(4) hashalgs(2) 2
-    #:  }
-    "SHA384": '2.16.840.1.101.3.4.2.2',
-    "sha384": '2.16.840.1.101.3.4.2.2',
-
-    #:  id-sha512    OBJECT IDENTIFIER ::= {
-    #:	    joint-iso-itu-t(2)
-    #:	    country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3
-    #:  }
-    "SHA512": "2.16.840.1.101.3.4.2.3",
-    "sha512": "2.16.840.1.101.3.4.2.3",
-
-}
-