From 74af7a350e85a44215d7d2e87b8bf603ec48bedd Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Thu, 31 Oct 2013 12:39:00 -0700 Subject: [PATCH] per ENISA report, switched to PKCS#1 PSS signature method --- popchallenge.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/popchallenge.py b/popchallenge.py index a7226650a..b2135e68c 100644 --- a/popchallenge.py +++ b/popchallenge.py @@ -3,7 +3,7 @@ from pyasn1.type import univ, namedtype from pyasn1.codec.der import encoder as der_encoder from Crypto.PublicKey import RSA -from Crypto.Signature import PKCS1_v1_5 +from Crypto.Signature import PKCS1_PSS from Crypto.Hash import SHA, SHA512 from Crypto.Random import random @@ -74,9 +74,9 @@ class POPChallengeResponder(object): return None to_sign = "chocolate protocol %s %s" % (self.nonce, self.server_nonce) # XXX TODO What is an appropriate and safe RSA signature algorithm to - # use for creating signatures? Is the use of PKCS#1 1.5 with SHA-512 + # use for creating signatures? Is the use of PKCS#1 PSS with SHA-512 # safe? Is this implementation free of timing attacks? - sig = PKCS1_v1_5.new(self.privkey).sign(SHA512.new(to_sign)) + sig = PKCS1_PSS.new(self.privkey).sign(SHA512.new(to_sign)) # Try to forget the private key now that it's been used. self.privkey = None return (self.nonce, sig) @@ -100,4 +100,4 @@ def verify_challenge_response(pubkey, challenge_string, client_nonce, sig): except: return False text = "chocolate protocol %s %s" % (client_nonce, challenge_string) - return PKCS1_v1_5.new(key).verify(SHA512.new(text), sig) + return PKCS1_PSS.new(key).verify(SHA512.new(text), sig)