third-party/chromium/data/verify_signed_data/ours/make-pss.py - platform/external/rust/crates/webpki - Git at Google

 # Copyright 2016 Joseph Birr-Pixton.
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 import subprocess
 import glob
 import hashlib
 import os

 TOP = '../../../../../'

 def dump(bin, type):
     return '-----BEGIN %s-----\n%s-----END %s-----\n' % \
             (type, bin.encode('base64'), type)

 def gen(outfile, paramfile, hashfn):
     param = open(paramfile).read()

     rand = os.urandom(64)
     hash = getattr(hashlib, hashfn)(rand).digest()

     proc = subprocess.Popen(['openssl', 'pkeyutl',
         '-inkey', 'priv.pem',
         '-sign',
         '-pkeyopt', 'rsa_padding_mode:pss',
         '-pkeyopt', 'rsa_pss_saltlen:-1',
         '-pkeyopt', 'digest:%s' % hashfn
         ],
         stdout = subprocess.PIPE,
         stdin = subprocess.PIPE)

     sig, _ = proc.communicate(hash)

     with open(outfile, 'w') as f:
         print >>f, dump(open('pub.der').read(), 'PUBLIC KEY')
         print >>f, dump(param, 'ALGORITHM')
         print >>f, dump(rand, 'DATA')

         assert len(sig) == 256 # only works with 2048-bit keys
         # turn it into a DER bitstring
         print >>f, dump('\x03\x82\x01\x01\x00' + sig, 'SIGNATURE')

 if __name__ == '__main__':
     subprocess.check_call('openssl genrsa -out priv.pem 2048', shell = True)
     subprocess.check_call('openssl rsa -pubout -out pub.pem -in priv.pem', shell = True)
     subprocess.check_call('openssl asn1parse -inform pem -in pub.pem -out pub.der', shell = True)
     gen('rsa-pss-sha256-salt32.pem', TOP + 'src/data/alg-pss-sha256.der', 'sha256')
     gen('rsa-pss-sha384-salt48.pem', TOP + 'src/data/alg-pss-sha384.der', 'sha384')
     gen('rsa-pss-sha512-salt64.pem', TOP + 'src/data/alg-pss-sha512.der', 'sha512')
	# Copyright 2016 Joseph Birr-Pixton.
	#
	# Permission to use, copy, modify, and/or distribute this software for any
	# purpose with or without fee is hereby granted, provided that the above
	# copyright notice and this permission notice appear in all copies.
	#
	# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
	# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
	# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

	import subprocess
	import glob
	import hashlib
	import os

	TOP = '../../../../../'

	def dump(bin, type):
	return '-----BEGIN %s-----\n%s-----END %s-----\n' % \
	(type, bin.encode('base64'), type)

	def gen(outfile, paramfile, hashfn):
	param = open(paramfile).read()

	rand = os.urandom(64)
	hash = getattr(hashlib, hashfn)(rand).digest()

	proc = subprocess.Popen(['openssl', 'pkeyutl',
	'-inkey', 'priv.pem',
	'-sign',
	'-pkeyopt', 'rsa_padding_mode:pss',
	'-pkeyopt', 'rsa_pss_saltlen:-1',
	'-pkeyopt', 'digest:%s' % hashfn
	],
	stdout = subprocess.PIPE,
	stdin = subprocess.PIPE)

	sig, _ = proc.communicate(hash)

	with open(outfile, 'w') as f:
	print >>f, dump(open('pub.der').read(), 'PUBLIC KEY')
	print >>f, dump(param, 'ALGORITHM')
	print >>f, dump(rand, 'DATA')

	assert len(sig) == 256 # only works with 2048-bit keys
	# turn it into a DER bitstring
	print >>f, dump('\x03\x82\x01\x01\x00' + sig, 'SIGNATURE')

	if __name__ == '__main__':
	subprocess.check_call('openssl genrsa -out priv.pem 2048', shell = True)
	subprocess.check_call('openssl rsa -pubout -out pub.pem -in priv.pem', shell = True)
	subprocess.check_call('openssl asn1parse -inform pem -in pub.pem -out pub.der', shell = True)
	gen('rsa-pss-sha256-salt32.pem', TOP + 'src/data/alg-pss-sha256.der', 'sha256')
	gen('rsa-pss-sha384-salt48.pem', TOP + 'src/data/alg-pss-sha384.der', 'sha384')
	gen('rsa-pss-sha512-salt64.pem', TOP + 'src/data/alg-pss-sha512.der', 'sha512')