Verify signature with pyopenssl

jvc26 picture jvc26 · Aug 27, 2012 · Viewed 8.1k times · Source

I believe that since this question, pyOpenSSL has started supporting the verification of signatures (as of pyOpenSSL 0.11.

I am working on a project which was started by someone else using M2Crypto. M2Crypto is really painful to include on platforms such as Heroku as it requires the use of SWIG. Consequently I am trying to remove the dependency on M2Crypto and replace with pyOpenSSL which is easy to install via Pip, and doesn't require custom buildpacks and more which SWIG-related things do.

The issue I'm having is replacing a bit of code:

key = cert.get_pubkey() # Cert is an M2Crypto X509 object
key = key.get_rsa()
ret = key.verify(hashed, self.sig)
if ret != 1:
    # Cert invalid ... etc.

Ideally I'd like to implement the same functionality via pyOpenSSL, but feel I might have got the wrong end of the stick - I've tried using:

crypto.verify(cert, self.sig, hashed, 'sha1')

But this fails -

[('rsa routines', 'RSA_verify', 'bad signature')]

I can't work out whether it is failing because the signature is actually bad, or because the values I'm providing crypto.verify are actually not what it is supposed to be used for!

The original code I've been playing with is here and needs quite a bit of work to tidy up, but was trying to do it one step at a time replacing functionality before a total refactoring. Any pointers would be much appreciated! Does pyOpenSSL have the capability to replace the M2Crypto functionality here, and am I going about it the right way?

Answer

jvc26 picture jvc26 · Aug 31, 2012

So the answer comes from reading a bit more of the source of pyOpenSSL, with a pointer from exarkun. pyOpenSSL can indeed replace the M2Crypto dependency here, with very minor changes to the underlying code.

The unittest for the crypto.verify() function here shows the call taking:

verify(good_cert, sig, content, digest)

Consequently there was an error in my above code:

crypto.verify(cert, self.sig, hashed, 'sha1')

Which should have simply taken 'data', rather than hashed, as the signature was applied to the raw data string:

# N.B. cert = X509 object (from crypto.load_certificate())
crypto.verify(cert, self.sig, data, 'sha1')

This behaviour appears different to that of M2Crypto's verify which takes the hashed data string to perform its verification. Note I haven't dug particularly deep into M2Crypto's functions to work out what is going on.

Thanks to exarkun for his response on the pyOpenSSL mailing list which pointed me to the error being in my call to verify(), rather than my understanding of what verify() was doing.