• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2016 Joseph Birr-Pixton.
2#
3# Permission to use, copy, modify, and/or distribute this software for any
4# purpose with or without fee is hereby granted, provided that the above
5# copyright notice and this permission notice appear in all copies.
6#
7# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15import subprocess
16import glob
17import hashlib
18import os
19
20TOP = '../../../../../'
21
22def dump(bin, type):
23    return '-----BEGIN %s-----\n%s-----END %s-----\n' % \
24            (type, bin.encode('base64'), type)
25
26def gen(outfile, paramfile, hashfn):
27    param = open(paramfile).read()
28
29    rand = os.urandom(64)
30    hash = getattr(hashlib, hashfn)(rand).digest()
31
32    proc = subprocess.Popen(['openssl', 'pkeyutl',
33        '-inkey', 'priv.pem',
34        '-sign',
35        '-pkeyopt', 'rsa_padding_mode:pss',
36        '-pkeyopt', 'rsa_pss_saltlen:-1',
37        '-pkeyopt', 'digest:%s' % hashfn
38        ],
39        stdout = subprocess.PIPE,
40        stdin = subprocess.PIPE)
41
42    sig, _ = proc.communicate(hash)
43
44    with open(outfile, 'w') as f:
45        print >>f, dump(open('pub.der').read(), 'PUBLIC KEY')
46        print >>f, dump(param, 'ALGORITHM')
47        print >>f, dump(rand, 'DATA')
48
49        assert len(sig) == 256 # only works with 2048-bit keys
50        # turn it into a DER bitstring
51        print >>f, dump('\x03\x82\x01\x01\x00' + sig, 'SIGNATURE')
52
53if __name__ == '__main__':
54    subprocess.check_call('openssl genrsa -out priv.pem 2048', shell = True)
55    subprocess.check_call('openssl rsa -pubout -out pub.pem -in priv.pem', shell = True)
56    subprocess.check_call('openssl asn1parse -inform pem -in pub.pem -out pub.der', shell = True)
57    gen('rsa-pss-sha256-salt32.pem', TOP + 'src/data/alg-pss-sha256.der', 'sha256')
58    gen('rsa-pss-sha384-salt48.pem', TOP + 'src/data/alg-pss-sha384.der', 'sha384')
59    gen('rsa-pss-sha512-salt64.pem', TOP + 'src/data/alg-pss-sha512.der', 'sha512')
60