search

ehn-dcc-development / ehn-sign-verify-python-trivial

Extremely minimal python implementation of the eHN-S protocol.
European Union Public License 1.2
76 stars 41 forks source link

Support RSASSA-PSS in h1_verify.py #5

Open curiousleo opened 3 years ago

curiousleo commented 3 years ago

h1_verify.py assumes that ECDSA is used for verification, see https://github.com/Digitaler-Impfnachweis/certification-apis/issues/88#issuecomment-860081870 for context.

The CI script used in https://github.com/eu-digital-green-certificates/dgc-testdata shows how RSASSA-PSS can be supported:

        if isinstance(cert.public_key(), rsa.RSAPublicKey):
            e = int_to_bytes(cert.public_key().public_numbers().e)
            n = int_to_bytes(cert.public_key().public_numbers().n)
        elif isinstance(cert.public_key(), ec.EllipticCurvePublicKey):
            x = int_to_bytes(cert.public_key().public_numbers().x)
            y = int_to_bytes(cert.public_key().public_numbers().y)

        # ...

        if x and y:
            key = CoseKey.from_dict(
                {
                    KpKeyOps: [VerifyOp],
                    KpKty: KtyEC2,
                    EC2KpCurve: P256,  # Ought o be pk.curve - but the two libs clash
                    KpAlg: Es256,  # ECDSA using P-256 and SHA-256
                    EC2KpX: x,
                    EC2KpY: y,
                }
            )
        elif e and n:
            key = CoseKey.from_dict(
                {
                    KpKeyOps: [VerifyOp],
                    KpKty: KtyRSA,
                    KpAlg: Ps256,  # RSASSA-PSS using SHA-256 and MGF1 with SHA-256
                    RSAKpE: e,
                    RSAKpN: n,
                }
            )

Source