1 files changed, 17 insertions, 7 deletions

diff --git a/tools/certtools.py b/tools/certtools.py
index 307a728..beb2812 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -18,6 +18,10 @@ import zipfile
 import shutil
 from certkeys import publickeys
 
+from Crypto.Hash import SHA256
+import Crypto.PublicKey.RSA as RSA
+from Crypto.Signature import PKCS1_v1_5
+
 def get_cert_info(s):
     p = subprocess.Popen(
         ["openssl", "x509", "-noout", "-subject", "-issuer", "-inform", "der"],
@@ -257,12 +261,19 @@ def check_signature(baseurl, signature, data, publickey=None):
     (hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
     assert hash_alg == 4, \
         "hash_alg is %d, expected 4" % (hash_alg,) # sha256
-    assert signature_alg == 3, \
-        "signature_alg is %d, expected 3" % (signature_alg,) # ecdsa
+    assert (signature_alg == 3 or signature_alg == 1), \
+        "signature_alg is %d, expected 1 or 3" % (signature_alg,) # ecdsa
 
-    vk = ecdsa.VerifyingKey.from_der(publickey)
-    vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
+    if signature_alg == 3:
+        vk = ecdsa.VerifyingKey.from_der(publickey)
+        vk.verify(unpacked_signature, data, hashfunc=hashlib.sha256,
               sigdecode=ecdsa.util.sigdecode_der)
+    else:
+        h = SHA256.new(data)
+        rsa_key = RSA.importKey(publickey)
+        verifier = PKCS1_v1_5.new(rsa_key)
+        assert verifier.verify(h, unpacked_signature), \
+            "could not verify RSA signature"
 
 def parse_auth_header(authheader):
     splittedheader = authheader.split(";")
@@ -436,7 +447,8 @@ def internal_hash(pair):
         hash.update(struct.pack(">b", 1))
         hash.update(pair[0])
         hash.update(pair[1])
-        return hash.digest()
+        digest = hash.digest()
+        return digest
 
 def chunks(l, n):
     return [l[i:i+n] for i in range(0, len(l), n)]
@@ -700,10 +712,8 @@ def nodes_for_index(pos, treesize):
     nodes = []
     level = 0
     pos ^= 1
-    #print pos, level
     while level < height:
         pos_level0 = pos * (2 ** level)
-        #print pos, level
         if pos_level0 < treesize:
             nodes.append((pos, level))
         pos >>= 1