From 9a3ca0dc310d58cef1428d5cfaa200c3b4fd1754 Mon Sep 17 00:00:00 2001 From: ThomasV Date: Mon, 30 Jun 2014 20:19:18 +0200 Subject: [PATCH] add support for RSA_SHA256 --- lib/paymentrequest.py | 16 +++++++++++----- lib/x509.py | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/lib/paymentrequest.py b/lib/paymentrequest.py index 9d4138a5e..9d5bae9a0 100644 --- a/lib/paymentrequest.py +++ b/lib/paymentrequest.py @@ -189,13 +189,19 @@ class PaymentRequest: prev_x = x509_chain[i-1] algo, sig, data = prev_x.extract_sig() - if algo.getComponentByName('algorithm') != x509.ALGO_RSA_SHA1: - self.error = "Algorithm not suported" - return - sig = bytearray(sig[5:]) pubkey = x.publicKey - verify = pubkey.hashAndVerify(sig, data) + if algo.getComponentByName('algorithm') == x509.ALGO_RSA_SHA1: + verify = pubkey.hashAndVerify(sig, data) + elif algo.getComponentByName('algorithm') == x509.ALGO_RSA_SHA256: + hashBytes = bytearray(hashlib.sha256(data).digest()) + prefixBytes = bytearray([0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20]) + verify = pubkey.verify(sig, prefixBytes + hashBytes) + else: + self.error = "Algorithm not supported" + util.print_error(self.error, algo.getComponentByName('algorithm')) + return + if not verify: self.error = "Certificate not Signed by Provided CA Certificate Chain" return diff --git a/lib/x509.py b/lib/x509.py index e9cc85784..80f9919ca 100644 --- a/lib/x509.py +++ b/lib/x509.py @@ -51,7 +51,7 @@ from pyasn1_modules.rfc2459 import id_ce_basicConstraints, BasicConstraints XMPP_ADDR = ObjectIdentifier('1.3.6.1.5.5.7.8.5') SRV_NAME = ObjectIdentifier('1.3.6.1.5.5.7.8.7') ALGO_RSA_SHA1 = ObjectIdentifier('1.2.840.113549.1.1.5') - +ALGO_RSA_SHA256 = ObjectIdentifier('1.2.840.113549.1.1.11') class CertificateError(Exception): pass