//VerifySignature verifies the signature of a message
func (rsaKey *RsaKey) VerifySignature(message string, signature string) (err error) {
hashAlgorithm := crypto.SHA256
if rsaKey.privateKey == nil {
err = errors.New("privateKey is nil")
return
}
messageBytes := bytes.NewBufferString(message)
//hash
pssh := hashAlgorithm.New()
pssh.Write(messageBytes.Bytes())
messageHash := pssh.Sum(nil)
var signatureBytes []byte
signatureBytes, err = base64.StdEncoding.DecodeString(signature)
if err != nil {
return
}
//Verify signature
var opts rsa.PSSOptions
opts.SaltLength = rsa.PSSSaltLengthAuto
err = rsa.VerifyPSS(&rsaKey.privateKey.PublicKey, hashAlgorithm, messageHash, signatureBytes, &opts)
return
}
// Verify the given payload
func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
var hash crypto.Hash
switch alg {
case RS256, PS256:
hash = crypto.SHA256
case RS384, PS384:
hash = crypto.SHA384
case RS512, PS512:
hash = crypto.SHA512
default:
return ErrUnsupportedAlgorithm
}
hasher := hash.New()
// According to documentation, Write() on hash never fails
_, _ = hasher.Write(payload)
hashed := hasher.Sum(nil)
switch alg {
case RS256, RS384, RS512:
return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature)
case PS256, PS384, PS512:
return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil)
}
return ErrUnsupportedAlgorithm
}
// Implements the Verify method from SigningMethod
// For this verify method, key must be an rsa.PublicKey struct
func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interface{}) error {
var err error
// Decode the signature
var sig []byte
if sig, err = DecodeSegment(signature); err != nil {
return err
}
var rsaKey *rsa.PublicKey
switch k := key.(type) {
case *rsa.PublicKey:
rsaKey = k
default:
return ErrInvalidKey
}
// Create hasher
if !m.Hash.Available() {
return ErrHashUnavailable
}
hasher := m.Hash.New()
hasher.Write([]byte(signingString))
return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, m.Options)
}
func (alg *RsaPssUsingSha) Verify(securedInput, signature []byte, key interface{}) error {
if pubKey, ok := key.(*rsa.PublicKey); ok {
return rsa.VerifyPSS(pubKey, hashFunc(alg.keySizeBits), sha(alg.keySizeBits, securedInput), signature, &rsa.PSSOptions{SaltLength: alg.saltSizeBytes})
}
return errors.New("RsaPssUsingSha.Verify(): expects key to be '*rsa.PublicKey'")
}
func verify(pub *rsa.PublicKey, msg string, signature string) (err error) {
sig, _ := decodeBase64(signature)
h := sha256.New()
h.Write([]byte(msg))
d := h.Sum(nil)
return rsa.VerifyPSS(pub, crypto.SHA256, d, sig, nil)
}
// Verify implements the Verify method from SigningMethod.
// For this verify method, key must be an *rsa.PublicKey.
func (m *SigningMethodRSAPSS) Verify(raw []byte, signature Signature, key interface{}) error {
rsaKey, ok := key.(*rsa.PublicKey)
if !ok {
return ErrInvalidKey
}
return rsa.VerifyPSS(rsaKey, m.Hash, m.sum(raw), signature, m.Options)
}
func ValidateSignatureForMessage(msg string, sig []byte, pub *rsa.PublicKey) (err error) {
hashFunction := sha256.New()
io.WriteString(hashFunction, msg)
hashSum := hashFunction.Sum(nil)
err = rsa.VerifyPSS(pub, crypto.SHA256, hashSum, sig, nil)
return
}
func BenchmarkRsaVerify(b *testing.B) {
key, _ := rsa.GenerateKey(rand.Reader, 2048)
val := sha256.Sum256(make([]byte, 32, 32))
sig, _ := rsa.SignPSS(rand.Reader, key, crypto.SHA256, val[:], nil)
b.ResetTimer()
for i := 0; i < b.N; i++ {
rsa.VerifyPSS(&key.PublicKey, crypto.SHA256, val[:], sig, nil)
}
}
func (r *rsaPSSSigner) verifyMessage(key crypto.PublicKey, msg, sig []byte) error {
rsaKey, ok := key.(*rsa.PublicKey)
if !ok {
return errors.New("invalid key type for RSA-PSS")
}
h := r.hash.New()
h.Write(msg)
return rsa.VerifyPSS(rsaKey, r.hash, h.Sum(nil), sig, &pssOptions)
}
func VerifyMessage(pmsg PeerMessage) error {
if pmsg.Body.Action != "NewPeer" {
newhash := crypto.SHA1
peer_pbkey := myPeerKeys.m[pmsg.Addr]
err := rsa.VerifyPSS(&peer_pbkey, newhash, pmsg.Hashed, pmsg.Sig, nil)
return err
} else {
return nil
}
}
func VerifySenderMessage(senderPublicKey *rsa.PublicKey, plainText, signature []byte) error {
pssh := newhash.New()
_, err := pssh.Write(plainText)
if err != nil {
return err
}
hashed := pssh.Sum(nil)
return rsa.VerifyPSS(senderPublicKey, newhash, hashed, signature, opts)
}
func verifyPSS(key interface{}, digest, sig []byte) error {
rsaPub, ok := key.(*rsa.PublicKey)
if !ok {
logrus.Infof("value was not an RSA public key")
return ErrInvalid
}
opts := rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}
if err := rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
logrus.Infof("failed RSAPSS verification: %s", err)
return ErrInvalid
}
return nil
}
func main() {
priv, err := rsa.GenerateKey(rand.Reader, 2048)
checkFatal(err)
message := []byte("Binding contractual agreement...")
h := sha256.New()
h.Write(message)
digest := h.Sum(nil)
sig, err := rsa.SignPSS(rand.Reader, priv, crypto.SHA256, digest, nil)
checkFatal(err)
fmt.Printf("Signature: %x\n", sig)
err = rsa.VerifyPSS(&priv.PublicKey, crypto.SHA256, digest, sig, nil)
fmt.Printf("Signature OK: %v\n", err == nil)
}
// VerifySignature validates the signature string
func VerifySignature(key *rsa.PublicKey, signed []byte, signature string) error {
dec, err := base64.URLEncoding.DecodeString(signature)
if err != nil {
return errors.New("Could not decode signature string")
}
h := sha256.New()
h.Write(signed)
d := h.Sum(nil)
err = rsa.VerifyPSS(key, crypto.SHA256, d, dec, nil)
if err != nil {
return err
}
return nil
}
func (v RsaVerify) PayloadVerify(payload, signature []byte) error {
pubkey := v.pubkey
hfunc := v.hash
h := hfunc.New()
h.Write(payload)
var err error
switch v.alg {
case jwa.RS256, jwa.RS384, jwa.RS512:
err = rsa.VerifyPKCS1v15(pubkey, hfunc, h.Sum(nil), signature)
case jwa.PS256, jwa.PS384, jwa.PS512:
err = rsa.VerifyPSS(pubkey, hfunc, h.Sum(nil), signature, nil)
}
if err != nil {
return err
}
return nil
}
// Decrypt decrypts the message using the private key and verifies that
// the signature was made by the certificate.
func Decrypt(priv *rsa.PrivateKey, cert *x509.Certificate, enc []byte) ([]byte, bool) {
var pub *rsa.PublicKey
switch certPub := cert.PublicKey.(type) {
case *rsa.PublicKey:
pub = certPub
default:
return nil, false
}
var message message
_, err := asn1.Unmarshal(enc, &message)
if err != nil {
return nil, false
}
h := sha256.New()
key, err := rsa.DecryptOAEP(h, rand.Reader, priv, message.Key, nil)
if err != nil {
return nil, false
}
dec, ok := aesgcm.Decrypt(key, message.Signed)
if !ok {
return nil, false
}
var signed signature
_, err = asn1.Unmarshal(dec, &signed)
if err != nil {
return nil, false
}
h.Reset()
h.Write(signed.Message)
err = rsa.VerifyPSS(pub, crypto.SHA256, h.Sum(nil), signed.Signature, nil)
if err != nil {
return nil, false
}
return signed.Message, true
}
func (m *Msg) Message(fromkey *rsa.PublicKey, dstkey *rsa.PrivateKey) (data []byte, err error) {
hash := crypto.SHA256
data = make([]byte, 0)
for i, d := range m.Data {
plainText, err := rsa.DecryptOAEP(hash.New(), rand.Reader, dstkey, d, []byte(""))
if err != nil {
return nil, e.Push(err, "can't decrypt the message")
}
pssh := hash.New()
pssh.Write(plainText)
hashed := pssh.Sum(nil)
var opts rsa.PSSOptions
opts.SaltLength = rsa.PSSSaltLengthAuto
err = rsa.VerifyPSS(fromkey, hash, hashed, m.Signature[i], &opts)
if err != nil {
return nil, e.Push(err, "can't verify the signature")
}
data = append(data, plainText...)
}
return data, nil
}
// Verify does the actual check.
// N.B. We have not been able to make this work in a way that is compatible
// with PyCrypto.
func (v RSAPSSVerifier) Verify(key data.Key, sig []byte, msg []byte) error {
digest := sha256.Sum256(msg)
k, _ := pem.Decode([]byte(key.Public()))
pub, err := x509.ParsePKIXPublicKey(k.Bytes)
if err != nil {
logrus.Infof("Failed to parse public key: %s\n", err)
return ErrInvalid
}
rsaPub, ok := pub.(*rsa.PublicKey)
if !ok {
logrus.Infof("Value returned from ParsePKIXPublicKey was not an RSA public key")
return ErrInvalid
}
opts := rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}
if err = rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
logrus.Infof("Failed verification: %s", err)
return ErrInvalid
}
return nil
}
func (job *ProofVerifyJob) CheckSignature(cert *x509.Certificate) error {
switch pub := cert.PublicKey.(type) {
case *rsa.PublicKey:
// cert.CheckSignature() uses PKCS1v15, not PSS. So we cannot use that on RSA
h := sha256.New()
h.Write(ProofSignatureLabel)
h.Write(job.serverConfig)
if err := rsa.VerifyPSS(pub, crypto.SHA256, h.Sum(nil), job.signature, nil); err != nil {
return err
}
case *ecdsa.PublicKey:
// TODO(hodduc): TEST needed
if err := cert.CheckSignature(x509.ECDSAWithSHA256, job.serverConfig, job.signature); err != nil {
return err
}
default:
return errors.New("Unsupported Public key type")
}
return nil
}
func verifyPSS(key interface{}, digest, sig []byte) error {
rsaPub, ok := key.(*rsa.PublicKey)
if !ok {
logrus.Debugf("value was not an RSA public key")
return ErrInvalid
}
if rsaPub.N.BitLen() < minRSAKeySizeBit {
logrus.Debugf("RSA keys less than 2048 bits are not acceptable, provided key has length %d.", rsaPub.N.BitLen())
return ErrInvalidKeyLength{msg: fmt.Sprintf("RSA key must be at least %d bits.", minRSAKeySizeBit)}
}
if len(sig) < minRSAKeySizeByte {
logrus.Debugf("RSA keys less than 2048 bits are not acceptable, provided signature has length %d.", len(sig))
return ErrInvalid
}
opts := rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}
if err := rsa.VerifyPSS(rsaPub, crypto.SHA256, digest[:], sig, &opts); err != nil {
logrus.Debugf("failed RSAPSS verification: %s", err)
return ErrInvalid
}
return nil
}
var rsaMethodPKCS1v15 = rsaMethod{
signFunc: rsa.SignPKCS1v15,
verifyFunc: rsa.VerifyPKCS1v15,
}
// rsaMethodPSS provides a RSA method that signs and verifies with PSS.
var rsaMethodPSS = rsaMethod{
signFunc: func(rand io.Reader, priv *rsa.PrivateKey, hash crypto.Hash, hashed []byte) ([]byte, error) {
return rsa.SignPSS(rand, priv, hash, hashed, &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthAuto,
Hash: hash,
})
},
verifyFunc: func(pub *rsa.PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error {
return rsa.VerifyPSS(pub, hash, hashed, sig, &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthAuto,
Hash: hash,
})
},
}
// rsaSigner provides a RSA Signer.
type rsaSigner struct {
alg Algorithm
method RSASignerVerifier
hash crypto.Hash
priv *rsa.PrivateKey
pub *rsa.PublicKey
}
// NewRSASigner creates an RSA Signer for the specified Algorithm and provided
// low level RSA implementation.
// Verify verifies an RSA digital signature for the given public key.
func Verify(pub *rsa.PublicKey, m, sig []byte) (err error) {
h := sha256.New()
h.Write(m)
d := h.Sum(nil)
return rsa.VerifyPSS(pub, crypto.SHA256, d, sig, nil)
}
func main() {
// Generate RSA Keys
miryanPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Println(err.Error)
os.Exit(1)
}
miryanPublicKey := &miryanPrivateKey.PublicKey
raulPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Println(err.Error)
os.Exit(1)
}
raulPublicKey := &raulPrivateKey.PublicKey
fmt.Println("Private Key : ", miryanPrivateKey)
fmt.Println("Public key ", miryanPublicKey)
fmt.Println("Private Key : ", raulPrivateKey)
fmt.Println("Public key ", raulPublicKey)
//Encrypt Miryan Message
message := []byte("the code must be like a piece of music")
label := []byte("")
hash := sha256.New()
ciphertext, err := rsa.EncryptOAEP(hash, rand.Reader, raulPublicKey, message, label)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Printf("OAEP encrypted [%s] to \n[%x]\n", string(message), ciphertext)
fmt.Println()
// Message - Signature
var opts rsa.PSSOptions
opts.SaltLength = rsa.PSSSaltLengthAuto // for simple example
PSSmessage := message
newhash := crypto.SHA256
pssh := newhash.New()
pssh.Write(PSSmessage)
hashed := pssh.Sum(nil)
signature, err := rsa.SignPSS(rand.Reader, miryanPrivateKey, newhash, hashed, &opts)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Printf("PSS Signature : %x\n", signature)
// Decrypt Message
plainText, err := rsa.DecryptOAEP(hash, rand.Reader, raulPrivateKey, ciphertext, label)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Printf("OAEP decrypted [%x] to \n[%s]\n", ciphertext, plainText)
//Verify Signature
err = rsa.VerifyPSS(miryanPublicKey, newhash, hashed, signature, &opts)
if err != nil {
fmt.Println("Who are U? Verify Signature failed")
os.Exit(1)
} else {
fmt.Println("Verify Signature successful")
}
}
// Verify verifies signature against key k and digest
func (csp *impl) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) {
// Validate arguments
if k == nil {
return false, errors.New("Invalid Key. It must not be nil.")
}
if len(signature) == 0 {
return false, errors.New("Invalid signature. Cannot be empty.")
}
if len(digest) == 0 {
return false, errors.New("Invalid digest. Cannot be empty.")
}
// Check key type
switch k.(type) {
case *ecdsaPrivateKey:
ecdsaSignature := new(ecdsaSignature)
_, err := asn1.Unmarshal(signature, ecdsaSignature)
if err != nil {
return false, fmt.Errorf("Failed unmashalling signature [%s]", err)
}
return ecdsa.Verify(&(k.(*ecdsaPrivateKey).privKey.PublicKey), digest, ecdsaSignature.R, ecdsaSignature.S), nil
case *ecdsaPublicKey:
ecdsaSignature := new(ecdsaSignature)
_, err := asn1.Unmarshal(signature, ecdsaSignature)
if err != nil {
return false, fmt.Errorf("Failed unmashalling signature [%s]", err)
}
return ecdsa.Verify(k.(*ecdsaPublicKey).pubKey, digest, ecdsaSignature.R, ecdsaSignature.S), nil
case *rsaPrivateKey:
if opts == nil {
return false, errors.New("Invalid options. It must not be nil.")
}
switch opts.(type) {
case *rsa.PSSOptions:
err := rsa.VerifyPSS(&(k.(*rsaPrivateKey).privKey.PublicKey),
(opts.(*rsa.PSSOptions)).Hash,
digest, signature, opts.(*rsa.PSSOptions))
return err == nil, err
default:
return false, fmt.Errorf("Opts type not recognized [%s]", opts)
}
case *rsaPublicKey:
if opts == nil {
return false, errors.New("Invalid options. It must not be nil.")
}
switch opts.(type) {
case *rsa.PSSOptions:
err := rsa.VerifyPSS(k.(*rsaPublicKey).pubKey,
(opts.(*rsa.PSSOptions)).Hash,
digest, signature, opts.(*rsa.PSSOptions))
return err == nil, err
default:
return false, fmt.Errorf("Opts type not recognized [%s]", opts)
}
default:
return false, fmt.Errorf("Key type not recognized [%s]", k)
}
}
