def _parse_messages(self):
""" Parses for messages in the buffer *buf*. It is assumed that
the buffer contains the start character for a message, but that it
may contain only part of the rest of the message.
Returns an array of messages, and the buffer remainder that
didn't contain any full messages."""
msgs = []
end_idx = 0
buf = self._buf
while buf:
frame_type = six.indexbytes(buf, 0)
if frame_type == 0:
# Normal message.
end_idx = buf.find(b"\xFF")
if end_idx == -1: # pragma NO COVER
break
msgs.append(buf[1:end_idx].decode('utf-8', 'replace'))
buf = buf[end_idx + 1:]
elif frame_type == 255:
# Closing handshake.
assert six.indexbytes(buf, 1) == 0, "Unexpected closing handshake: %r" % buf
self.websocket_closed = True
break
else:
raise ValueError("Don't understand how to parse this type of message: %r" % buf)
self._buf = buf
return msgs
def process_IAC(self, sock, cmd, option):
"""
Read in and parse IAC commands as passed by telnetlib.
SB/SE commands are stored in sbdataq, and passed in w/ a command
of SE.
"""
if cmd == DO:
if option == TM:
# timing mark - send WILL into outgoing stream
os.write(self.remote, IAC + WILL + TM)
else:
pass
elif cmd == IP:
# interrupt process
os.write(self.local, IPRESP)
elif cmd == SB:
pass
elif cmd == SE:
option = self.sbdataq[0]
if option == NAWS[0]:
# negotiate window size.
cols = six.indexbytes(self.sbdataq, 1)
rows = six.indexbytes(self.sbdataq, 2)
s = struct.pack('HHHH', rows, cols, 0, 0)
fcntl.ioctl(self.local, termios.TIOCSWINSZ, s)
elif cmd == DONT:
pass
else:
pass
def calculate(self, cred, timestamp=None):
# The 4.2.0-4.2.6 firmwares have a known issue with credentials that
# require touch: If this action is performed within 2 seconds of a
# command resulting in a long response (over 54 bytes),
# the command will hang. A workaround is to send an invalid command
# (resulting in a short reply) prior to the "calculate" command.
if self._426device and cred.touch:
self._driver.send_apdu(0, 0, 0, 0, '', check=SW.INVALID_INSTRUCTION)
if timestamp is None:
timestamp = int(time.time())
if cred.oath_type == OATH_TYPE.TOTP:
valid_from = timestamp - (timestamp % cred.period)
valid_to = valid_from + cred.period
challenge = time_challenge(timestamp, period=cred.period)
else:
valid_from = timestamp
valid_to = float('Inf')
challenge = b''
data = Tlv(TAG.NAME, cred.key) + Tlv(TAG.CHALLENGE, challenge)
resp = self.send_apdu(INS.CALCULATE, 0, 0, data)
resp = parse_tlvs(resp)[0].value
# Manual dynamic truncation is required
# for Steam entries, so let's do it for all.
digits = six.indexbytes(resp, 0)
resp = resp[1:]
offset = six.indexbytes(resp, -1) & 0xF
code_data = resp[offset:offset + 4]
code_data = parse_truncated(code_data)
code_value = format_code(code_data, digits, steam=cred.is_steam)
return Code(code_value, valid_from, valid_to)
def __new__(cls, *args):
if len(args) == 1:
data = args[0]
if isinstance(data, int): # Called with tag only, blank value
tag = data
value = b''
else: # Called with binary TLV data
tag = six.indexbytes(data, 0)
ln = six.indexbytes(data, 1)
offs = 2
if ln > 0x80:
n_bytes = ln - 0x80
ln = bytes2int(data[offs:offs + n_bytes])
offs = offs + n_bytes
value = data[offs:offs+ln]
elif len(args) == 2: # Called with tag and value.
(tag, value) = args
else:
raise TypeError('{}() takes at most 2 arguments ({} given)'.format(
cls, len(args)))
data = bytearray([tag])
length = len(value)
if length < 0x80:
data.append(length)
elif length < 0xff:
data.extend([0x81, length])
else:
data.extend([0x82, length >> 8, length & 0xff])
data += value
return super(Tlv, cls).__new__(cls, bytes(data))
def _multi_char_find(self, needle, start, stop, mask, skip):
i = start - 1
w = (stop - start) - len(needle)
while i + 1 <= start + w:
i += 1
if self._data[i + len(needle) - 1] == six.indexbytes(needle, -1):
for j in xrange(len(needle) - 1):
if self._data[i + j] != six.indexbytes(needle, j):
break
else:
return i
if (
i + len(needle) < len(self) and
not self._bloom(mask, self._data[i + len(needle)])
):
i += len(needle)
else:
i += skip
else:
if (
i + len(needle) < len(self) and
not self._bloom(mask, self._data[i + len(needle)])
):
i += len(needle)
return -1
def rldecode(data):
"""
RunLength decoder (Adobe version) implementation based on PDF Reference
version 1.4 section 3.3.4:
The RunLengthDecode filter decodes data that has been encoded in a
simple byte-oriented format based on run length. The encoded data
is a sequence of runs, where each run consists of a length byte
followed by 1 to 128 bytes of data. If the length byte is in the
range 0 to 127, the following length + 1 (1 to 128) bytes are
copied literally during decompression. If length is in the range
129 to 255, the following single byte is to be copied 257 - length
(2 to 128) times during decompression. A length value of 128
denotes EOD.
"""
decoded = b''
i = 0
while i < len(data):
#print 'data[%d]=:%d:' % (i,ord(data[i]))
length = six.indexbytes(data,i)
if length == 128:
break
if length >= 0 and length < 128:
for j in range(i+1,(i+1)+(length+1)):
decoded+=six.int2byte(six.indexbytes(data,j))
#print 'length=%d, run=%s' % (length+1,run)
i = (i+1) + (length+1)
if length > 128:
run = six.int2byte(six.indexbytes(data,i+1))*(257-length)
#print 'length=%d, run=%s' % (257-length,run)
decoded+=run
i = (i+1) + 1
return decoded
def _set_mode_otp(self, mode_data):
resp = self.select(AID.OTP)
pgm_seq_old = six.indexbytes(resp, 3)
resp = self.send_apdu(0, OTP_INS.YK2_REQ, SLOT.DEVICE_CONFIG, 0,
mode_data)
pgm_seq_new = six.indexbytes(resp, 3)
if not _pgm_seq_ok(pgm_seq_old, pgm_seq_new):
raise ModeSwitchError()
def _make_rfind_mask(self, needle):
mask = self._bloom_add(0, six.indexbytes(needle, 0))
skip = len(needle) - 1
for i in xrange(len(needle) - 1, 0, -1):
mask = self._bloom_add(mask, six.indexbytes(needle, i))
if needle[i] == needle[0]:
skip = i - 1
return mask, skip
def _gen_creds():
resp = self.send_apdu(INS.LIST, 0, 0)
while resp:
length = six.indexbytes(resp, 1) - 1
oath_type = OATH_TYPE(MASK.TYPE & six.indexbytes(resp, 2))
key = resp[3:3 + length]
yield Credential(key, oath_type)
resp = resp[3 + length:]
def truncate(self, digest):
offset = six.indexbytes(digest, -1) & 0x0f
binary = (six.indexbytes(digest, (offset + 0)) & 0x7f) << 24
binary |= (six.indexbytes(digest, (offset + 1)) & 0xff) << 16
binary |= (six.indexbytes(digest, (offset + 2)) & 0xff) << 8
binary |= (six.indexbytes(digest, (offset + 3)) & 0xff)
return binary % (10 ** self.digits)
def bytes_eq(buf1, buf2):
if buf1 != buf2:
msg = 'EOF in either data'
for i in range(0, min(len(buf1), len(buf2))):
c1 = six.indexbytes(six.binary_type(buf1), i)
c2 = six.indexbytes(six.binary_type(buf2), i)
if c1 != c2:
msg = 'differs at chr %d, %d != %d' % (i, c1, c2)
break
assert buf1 == buf2, "%r != %r, %s" % (buf1, buf2, msg)
def HNxorg( hash_class, N, g ):
bin_N = long_to_bytes(N)
bin_g = long_to_bytes(g)
padding = len(bin_N) - len(bin_g) if _rfc5054_compat else 0
hN = hash_class( bin_N ).digest()
hg = hash_class( b''.join( [b'\0'*padding, bin_g] ) ).digest()
return six.b( ''.join( chr( six.indexbytes(hN, i) ^ six.indexbytes(hg, i) ) for i in range(0,len(hN)) ) )
def encode(value): """Encodes bytes to a base65536 string.""" stream = io.StringIO() length = len(value) for x in range(0, length, 2): b1 = indexbytes(value, x) b2 = indexbytes(value, x + 1) if x + 1 < length else -1 code_point = BLOCK_START[b2] + b1 stream.write(unichr(code_point)) return stream.getvalue()
def _make_find_mask(self, needle):
mlast = len(needle) - 1
mask = 0
skip = mlast - 1
for i in xrange(mlast):
mask = self._bloom_add(mask, six.indexbytes(needle, i))
if needle[i] == needle[mlast]:
skip = mlast - i - 1
mask = self._bloom_add(mask, six.indexbytes(needle, mlast))
return mask, skip
def decode_int(x, f):
f += 1
newf = x.find(b'e', f)
n = int(x[f:newf])
if six.indexbytes(x, f) == 45:
if six.indexbytes(x, f+1) == 48:
raise ValueError
elif six.indexbytes(x, f) == 48 and newf != f+1:
raise ValueError
return (n, newf+1)
def decrypt(self, ctxt, ttl=None, associated_data=''):
if not isinstance(ctxt, bytes):
raise TypeError("ctxt must be bytes.")
try:
data = base64.urlsafe_b64decode(ctxt)
except (TypeError, binascii.Error):
raise InvalidToken
if not data:
raise InvalidToken
# return: version || iv || ctx || tag
if six.indexbytes(data, 0) == 0x80:
# This is a Fernet1 (old version) ctx, handle accordingly
try:
msg = self._fernet1.decrypt(ctxt, ttl=ttl)
except Exception:
raise InvalidToken
return msg
elif six.indexbytes(data, 0) != 0x81:
raise InvalidToken
assert not debug or not ttl, "You are calling new fernet with ttl values."
# First, verify the tag
basic_parts = (
b"\x81" + bytes(associated_data) + data[1:-32]
)
try:
self.SHA256hmac(self._signing_key, basic_parts, sig=data[-32:])
except InvalidSignature:
raise InvalidToken
# Now decrypt the text
# version (1-byte) || iv (16-byte) || ctx || tag (32-byte)
iv = data[1:17]
ciphertext = data[17:-32]
decryptor = Cipher(
algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend
).decryptor()
plaintext_padded = decryptor.update(ciphertext)
try:
plaintext_padded += decryptor.finalize()
except ValueError:
raise InvalidToken
unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
unpadded = unpadder.update(plaintext_padded)
try:
unpadded += unpadder.finalize()
except ValueError:
raise InvalidToken
return unpadded
def unpad(data):
# At the moment, this is only used for unpadding private keys on disk. This
# really ought to be made constant time (possibly by upstreaming this logic
# into pyca/cryptography).
padding_length = six.indexbytes(data, -1)
if padding_length > 16:
raise SSHException("Invalid key")
for i in range(1, padding_length + 1):
if six.indexbytes(data, -i) != (padding_length - i + 1):
raise SSHException("Invalid key")
return data[:-padding_length]
def decode_bigint(self, n, buf, offset):
sign = six.indexbytes(buf, offset)
offset += 1
b = 1
val = 0
for i in range(n):
val += six.indexbytes(buf, offset) * b
b <<= 8
offset += 1
if sign != 0:
val = -val
return val, offset
def HNxorg( hash_class, N, g ):
bN = ctypes.create_string_buffer( BN_num_bytes(N) )
bg = ctypes.create_string_buffer( BN_num_bytes(g) )
BN_bn2bin(N, bN)
BN_bn2bin(g, bg)
padding = len(bN) - len(bg) if _rfc5054_compat else 0
hN = hash_class( bN.raw ).digest()
hg = hash_class( b''.join([ b'\0'*padding, bg.raw ]) ).digest()
return six.b( ''.join( chr( six.indexbytes(hN, i) ^ six.indexbytes(hg, i) ) for i in range(0,len(hN)) ) )
def decode(cls, data, connection=None, payload_auto_decode=True):
if len(data) < 4:
raise NotEnoughData("Not enough data to decode header")
if six.indexbytes(data, 3) == 0x00 and six.indexbytes(data, 4) == 0x02:
obj = SSLv2Record(
connection=connection
)
elif six.indexbytes(data, 1) == 0x03:
obj = SSLv3Record(
connection=connection
)
data = obj.dissect(data)
return (obj, data)
def decode_string(x, f):
colon = x.find(b':', f)
n = int(x[f:colon])
if six.indexbytes(x, f) == 48 and colon != f+1:
raise ValueError
colon += 1
return (x[colon:colon+n], colon+n)
def get_inline_data(self, pos, target=b'EI'):
self.seek(pos)
i = 0
data = b''
while i <= len(target):
self.fillbuf()
if i:
c = six.indexbytes(self.buf,self.charpos)
c=six.int2byte(c)
data += c
self.charpos += 1
if len(target) <= i and c.isspace():
i += 1
elif i < len(target) and c == target[i]:
i += 1
else:
i = 0
else:
try:
j = self.buf.index(target[0], self.charpos)
#print 'found', (0, self.buf[j:j+10])
data += self.buf[self.charpos:j+1]
self.charpos = j+1
i = 1
except ValueError:
data += self.buf[self.charpos:]
self.charpos = len(self.buf)
data = data[:-(len(target)+1)] # strip the last part
data = re.sub(br'(\x0d\x0a|[\x0d\x0a])$', b'', data)
return (pos, data)
def _check_incoming_pdu(self):
# There is something to read
try:
raw_pdu = self.dul_socket.recv(1)
except socket.error:
self.event.append('Evt17')
self.dul_socket.close()
self.dul_socket = None
return
if raw_pdu == b'':
# Remote port has been closed
self.event.append('Evt17')
self.dul_socket.close()
self.dul_socket = None
return
else:
res = _recv_n(self.dul_socket, 1)
raw_pdu += res
length = _recv_n(self.dul_socket, 4)
raw_pdu += length
length = struct.unpack('>L', length)
tmp = _recv_n(self.dul_socket, length[0])
raw_pdu += tmp
# Determine the type of PDU coming on remote port and set the event
# accordingly
try:
pdu_type, event = PDU_TYPES[six.indexbytes(raw_pdu, 0)]
self.primitive = pdu_type.decode(raw_pdu)
self.event.append(event)
except KeyError:
self.event.append('Evt19')
def parse_dbus_header(header):
"""Parse a D-BUS header. Return the message size."""
if six.indexbytes(header, 0) == ord('l'):
endian = '<'
elif six.indexbytes(header, 0) == ord('B'):
endian = '>'
else:
raise ValueError('illegal endianness')
if not 1 <= six.indexbytes(header, 1) <= 4:
raise ValueError('illegel message type')
if struct.unpack(endian + 'I', header[8:12])[0] == 0:
raise ValueError('illegal serial number')
harrlen = struct.unpack(endian + 'I', header[12:16])[0]
padlen = (8 - harrlen) % 8
bodylen = struct.unpack(endian + 'I', header[4:8])[0]
return 16 + harrlen + padlen + bodylen
def pkcs5_unpad(string):
"""PKCS#5 unpad the given string"""
# preserve empty strings
if not string:
return string
amount_of_padding = six.indexbytes(string, -1)
return string[:-amount_of_padding]
def init_command_buffer(self, command):
self.command_buffer = create_string_buffer(command, len(command))
for i in range(SC_PASSTHRU_CDB_LEN):
self.scsi_cdb[i] = 0
for i in range(min(SC_PASSTHRU_CDB_LEN, len(command))):
self.scsi_cdb[i] = six.indexbytes(command, i) # ord(command[i])
self.command_length = len(command)
def _string_successor(str_val):
"""Increment and truncate a byte string.
Determines shortest string that sorts after the given string when
compared using regular string comparison semantics.
Modeled after implementation in ``gcloud-golang``.
Increments the last byte that is smaller than ``0xFF``, and
drops everything after it. If the string only contains ``0xFF`` bytes,
``''`` is returned.
:type str_val: str
:param str_val: String to increment.
:rtype: str
:returns: The next string in lexical order after ``str_val``.
"""
str_val = _to_bytes(str_val, encoding='latin-1')
if str_val == b'':
return str_val
index = len(str_val) - 1
while index >= 0:
if six.indexbytes(str_val, index) != 0xff:
break
index -= 1
if index == -1:
return b''
return str_val[:index] + _next_char(str_val, index)
def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend):
curve_name, rest = _read_next_string(decoded_data)
data, rest = _read_next_string(rest)
if expected_key_type != b"ecdsa-sha2-" + curve_name:
raise ValueError(
'Key header and key body contain different key type values.'
)
if rest:
raise ValueError('Key body contains extra bytes.')
if curve_name == b"nistp256":
curve = ec.SECP256R1()
elif curve_name == b"nistp384":
curve = ec.SECP384R1()
elif curve_name == b"nistp521":
curve = ec.SECP521R1()
if six.indexbytes(data, 0) != 4:
raise NotImplementedError(
"Compressed elliptic curve points are not supported"
)
# key_size is in bits, and sometimes it's not evenly divisible by 8, so we
# add 7 to round up the number of bytes.
if len(data) != 1 + 2 * ((curve.key_size + 7) // 8):
raise ValueError("Malformed key bytes")
x = _int_from_bytes(data[1:1 + (curve.key_size + 7) // 8], byteorder='big')
y = _int_from_bytes(data[1 + (curve.key_size + 7) // 8:], byteorder='big')
return ec.EllipticCurvePublicNumbers(x, y, curve).public_key(backend)
def scramble(s, key=default_password_key, scramble_prefix=default_scramble_prefix, block_chaining=False):
if key is None:
key=default_password_key
to_scramble = s
#get our encoder ring (called cpKey in the C code)
encoder_ring = get_encoder_ring(key)
encoder_ring_index = 0
#for block chaining
chain = 0
scrambled_string = ''
for c in to_scramble:
if c in wheel:
#the index of the target character in wheel
wheel_index = (wheel.index(c) + six.indexbytes(encoder_ring, encoder_ring_index % 61) + chain) % len(wheel)
scrambled_string += wheel[wheel_index]
if block_chaining:
chain = ord(scrambled_string[-1]) & 0xff
else:
scrambled_string += c
encoder_ring_index += 1
return scramble_prefix + scrambled_string
def comm(self, command):
""" Implements low-level details of the s-protocol """
check = str(self.crc(command))
check = check[2:].zfill(2)
final_com = 'FFFFFFFF' + command + check
bin_comm = ''
for i in range(0, len(final_com) // 2):
bin_comm += chr(int(final_com[i * 2:i * 2 + 2], 16))
bin_comm += chr(0)
bytes_for_serial = b(bin_comm)
error = 1
while (error > 0) and (error < 10):
self.ser.write(bytes_for_serial)
time.sleep(0.2)
s = self.ser.read(self.ser.inWaiting())
st = ''
for i in range(0, len(s)):
#char = hex(ord(s[i]))[2:].zfill(2)
#char = hex(s[i])[2:].zfill(2)
char = hex(indexbytes(s, i))[2:].zfill(2)
if not char.upper() == 'FF':
st = st + char
try:
# delimiter = st[0:2]
# address = st[2:12]
command = st[12:14]
byte_count = int(st[14:16], 16)
response = st[16:16 + 2 * byte_count]
error = 0
except ValueError:
error = error + 1
response = 'Error'
return response
def __init__(self, key):
s = [i for i in range(256)] #because Py3 range is not indexable
j = 0
klen = len(key)
for i in range(256):
j = (j + s[i] + six.indexbytes(key, i % klen)) % 256
(s[i], s[j]) = (s[j], s[i])
self.s = s
(self.i, self.j) = (0, 0)
return
def fixparity(deskey):
from six import indexbytes, b
temp = b''
for i in range(len(deskey)):
t = (bin(indexbytes(deskey, i))[2:]).rjust(8, '0')
if t[:7].count('1') % 2 == 0:
temp += b(chr(int(t[:7] + '1', 2)))
else:
temp += b(chr(int(t[:7] + '0', 2)))
return temp
def __init__(self, data=None):
if not data:
logger.debug('Config data empty/missing')
self._tags = {}
return
c_len, data = six.indexbytes(data, 0), data[1:]
data = data[:c_len]
self._tags = Tlv.parse_dict(data)
def __init__(self, data=None):
if not data:
logger.debug('Config data empty/missing')
self._tags = {}
return
c_len, data = six.indexbytes(data, 0), data[1:]
data = data[:c_len]
self._tags = dict((x.tag, x.value) for x in parse_tlvs(data))
def __init__(self, data=0):
self.type = 0x0
self.flags = 0x0
self.length = 0x0
if data == 0:
self._trailer = b''
else:
try:
self.type = indexbytes(data, 0)
if self.type == NETBIOS_SESSION_MESSAGE:
self.length = indexbytes(data, 1) << 16 | (unpack(
'!H', data[2:4])[0])
else:
self.flags = data[1]
self.length = unpack('!H', data[2:4])[0]
self._trailer = data[4:]
except:
raise NetBIOSError('Wrong packet format ')
def decode_104(self, buf, offset):
"""SMALL_TUPLE_EXT"""
arity = six.indexbytes(buf, offset)
offset += 1
items = []
for i in range(arity):
val, offset = self.decode_part(buf, offset)
items.append(val)
return tuple(items), offset
def _dynamic_truncate(self, counter):
ctx = hmac.HMAC(self._key, self._algorithm, self._backend)
ctx.update(struct.pack(">Q", counter))
hmac_value = ctx.finalize()
offset_bits = six.indexbytes(hmac_value, len(hmac_value) - 1) & 0b1111
offset = int(offset_bits)
p = hmac_value[offset:offset + 4]
return struct.unpack(">I", p)[0] & 0x7fffffff
def parse_binary_value(self, data, display, length, format):
from . import event
estruct = display.event_classes.get(
byte2int(data) & 0x7f, event.AnyEvent)
if type(estruct) == dict:
# this etype refers to a set of sub-events with individual subcodes
estruct = estruct[indexbytes(data, 1)]
return estruct(display=display, binarydata=data[:32]), data[32:]
def from_encoded_point(cls, curve, data):
utils._check_bytes("data", data)
if not isinstance(curve, EllipticCurve):
raise TypeError("curve must be an EllipticCurve instance")
if six.indexbytes(data, 0) not in [0x02, 0x03, 0x04]:
raise ValueError("Unsupported elliptic curve point type")
from cryptography.hazmat.backends.openssl.backend import backend
return backend.load_elliptic_curve_public_bytes(curve, data)
def _read_long64(self):
"""Read a signed 64 bit integer."""
s = self._read(8)
b = lambda i: six.indexbytes(s, i)
x = (b(0) | b(1)<<8 | b(2)<<16 | b(3)<<24 |
b(4)<<32 | b(5)<<40 | b(6)<<48 | b(7)<<56)
if b(7) & 0x80 and x > 0:
# sign extension
x = -((1<<64) - x)
return x
def normalize_uri_path_component(path_component):
"""
normalize_uri_path_component(path_component) -> str
Normalize the path component according to RFC 3986. This performs the
following operations:
* Alpha, digit, and the symbols '-', '.', '_', and '~' (unreserved
characters) are left alone.
* Characters outside this range are percent-encoded.
* Percent-encoded values are upper-cased ('%2a' becomes '%2A')
* Percent-encoded values in the unreserved space (%41-%5A, %61-%7A,
%30-%39, %2D, %2E, %5F, %7E) are converted to normal characters.
If a percent encoding is incomplete, the percent is encoded as %25.
A ValueError exception is thrown if a percent encoding includes non-hex
characters (e.g. %3z).
"""
result = BytesIO()
i = 0
path_component = path_component.encode("utf-8")
while i < len(path_component):
c = indexbytes(path_component, i)
if c in _rfc3986_unreserved:
result.write(int2byte(c))
i += 1
elif c == _ascii_percent: # percent, '%', 0x25, 37
if i + 2 >= len(path_component):
result.write(b"%25")
i += 1
continue
try:
value = int(path_component[i + 1:i + 3], 16)
except ValueError:
raise ValueError("Invalid %% encoding at position %d" % i)
if value in _rfc3986_unreserved:
result.write(int2byte(value))
else:
result.write(b"%%%02X" % value)
i += 3
elif c == _ascii_plus:
# Plus-encoded space. Convert this to %20.
result.write(b"%20")
i += 1
else:
result.write(b"%%%02X" % c)
i += 1
result = result.getvalue()
if not isinstance(result, string_types):
result = str(result, "utf-8")
return result
def __init__(self, _):
super(RegistrationData, self).__init__()
if six.indexbytes(self, 0) != 0x05:
raise ValueError("Reserved byte != 0x05")
self.public_key = self[1:66]
kh_len = six.indexbytes(self, 66)
self.key_handle = self[67:67 + kh_len]
cert_offs = 67 + kh_len
cert_len = six.indexbytes(self, cert_offs + 1)
if cert_len > 0x80:
n_bytes = cert_len - 0x80
cert_len = (
bytes2int(self[cert_offs + 2:cert_offs + 2 + n_bytes]) +
n_bytes)
cert_len += 2
self.certificate = self[cert_offs:cert_offs + cert_len]
self.signature = self[cert_offs + cert_len:]
def from_bytes(cls, v, start=0):
if not isinstance(v, bytes):
raise TypeError("Cannot parse versionstamp from non-byte string")
elif len(v) - start < cls.LENGTH:
raise ValueError("Versionstamp byte string is too short (only " + str(len(v) - start) + " bytes to read from")
else:
tr_version = v[start:start + cls._TR_VERSION_LEN]
if tr_version == cls._UNSET_TR_VERSION:
tr_version = None
user_version = six.indexbytes(v, start + cls._TR_VERSION_LEN) * (1 << 8) + six.indexbytes(v, start + cls._TR_VERSION_LEN + 1)
return Versionstamp(tr_version, user_version)
def _unpad_resp(resp, cmd):
if len(resp) < 3:
raise YubiHsmInvalidResponseError('Wrong length')
rcmd, length = struct.unpack('!BH', resp[:3])
if len(resp) < length + 3:
raise YubiHsmInvalidResponseError('Wrong length')
if rcmd == COMMAND.ERROR:
raise YubiHsmDeviceError(six.indexbytes(resp, 3))
elif rcmd != cmd | 0x80:
raise YubiHsmInvalidResponseError('Wrong command in response')
return resp[3:length + 3]
def _mask_hybi(self, s):
# TODO(tyoshino): os.urandom does open/read/close for every call. If
# performance matters, change this to some library call that generates
# cryptographically secure pseudo random number sequence.
masking_nonce = os.urandom(4)
result = [masking_nonce]
count = 0
for c in iterbytes(s):
result.append(util.pack_byte(c ^ indexbytes(masking_nonce, count)))
count = (count + 1) % len(masking_nonce)
return b''.join(result)
def validateSOCKS4aHost(host):
try:
host = socket.inet_pton(socket.AF_INET, six.ensure_text(host))
except socket.error:
return
# PY3KPORT: Py2-3 compatible port using six
if six.ensure_binary(
host[:3]) == b'\0\0\0' and six.indexbytes(host, 3) != 0:
raise ValueError('SOCKS4a reserves addresses 0.0.0.1-0.0.0.255')
def decode_uvarint(data, index):
item = 128
num = 0
left = 0
while item & 128:
item = indexbytes(data, index)
index += 1
value = (item & 127) << left
num += value
left += 7
return num, index
def parser(cls, buf):
(auth_type, auth_len) = cls.parser_hdr(buf)
assert auth_type == cls.auth_type
auth_key_id = six.indexbytes(buf, cls._PACK_HDR_STR_LEN)
password = buf[cls._PACK_HDR_STR_LEN + cls._PACK_STR_LEN:auth_len]
msg = cls(auth_key_id, password, auth_len)
return msg, None, None
def _read_long(self):
"""Read a signed 32 bit word."""
s = self._read(4)
b = lambda i: six.indexbytes(s, i)
x = b(0) | b(1) << 8 | b(2) << 16 | b(3) << 24
if b(3) & 0x80 and x > 0:
# sign extension
x = -((1 << 32) - x)
return int(x)
else:
return x
def _decode_1bit(cls, header, data):
output = []
row_bytes = header.width // 8
for row in range(header.height):
row_values = []
for column in range(header.width):
pixel = (indexbytes(data, row * row_bytes + column // 8) >>
(column % 8)) & 1
row_values.extend([pixel * 255] * 3)
output.append(bytearray(row_values))
return output
def _recvfrag(self):
header = self.sock.recv(4)
if len(header) < 4:
raise exception.CohoException(
_('Invalid response header from RPC server'))
x = (six.indexbytes(header, 0) << 24 |
six.indexbytes(header, 1) << 16 |
six.indexbytes(header, 2) << 8 |
six.indexbytes(header, 3))
last = ((x & 0x80000000) != 0)
n = int(x & 0x7fffffff)
frag = six.b('')
while n > 0:
buf = self.sock.recv(n)
if not buf:
raise exception.CohoException(
_('RPC server response is incomplete'))
n = n - len(buf)
frag = frag + buf
return last, frag
def __init__(self, backend, identity, password):
self.backend = backend
context = os.urandom(8)
key_enc, key_mac = utils.password_to_key(password)
rcmd, data = self.backend.send_cmd(
COMMAND.CREATE_SES, struct.pack('!H', identity) + context)
if rcmd == COMMAND.ERROR:
raise YubiHsmError(six.indexbytes(data, 0))
if rcmd != COMMAND.CREATE_SES | 0x80:
raise ValueError('Invalid response')
self._sid = six.indexbytes(data, 0)
context += data[1:1 + 8]
card_crypto = data[9:9 + 8]
self._key_enc = utils.derive(key_enc, KEY_ENC, context)
self._key_mac = utils.derive(key_mac, KEY_MAC, context)
self._key_rmac = utils.derive(key_mac, KEY_RMAC, context)
gen_card_crypto = utils.derive(self._key_mac,
CARD_CRYPTOGRAM,
context,
L=0x40)
if gen_card_crypto != card_crypto:
raise ValueError('Mismatch')
msg = struct.pack('!BHB', COMMAND.AUTH_SES, 1 + 8 + 8, self.sid)
msg += utils.derive(self._key_mac,
HOST_CRYPTOGRAM,
context,
L=0x40)
self._mac_chain = b'\x00' * 16
self._ctr = 1
msg += self._mac(self._key_mac, msg)
rcmd, data = utils.unpad(self.backend._transceive(msg))
if rcmd == COMMAND.ERROR:
raise YubiHsmError(six.indexbytes(data, 0))
if rcmd != COMMAND.AUTH_SES | 0x80:
raise ValueError('Invalid response')
def pcb_procname_size(self):
# 6.95 database upgraded to v7.0b
# we have a single byte that describes how long the procname is.
if self.procname_size:
size = six.indexbytes(self.procname_size, 0x0)
self['procname'].vsSetLength(size)
# pre-7.0
elif self.tag == 'IDA':
self['procname'].vsSetLength(8)
# 7.0+
else:
self['procname'].vsSetLength(16)
def test_unsubscribe():
"""
An unsubscribe of two topics is successfully built.
"""
msg = mqttpacket.unsubscribe(257, [u'a/b', u'c/d'])
assert msg[:1] == b'\xa1'
assert six.indexbytes(msg, 1) == 12
assert msg[2:4] == b'\x01\x01'
assert msg[4:6] == b'\x00\x03'
assert msg[6:9] == u'a/b'.encode('utf-8')
assert msg[9:11] == b'\x00\x03'
assert msg[11:] == u'c/d'.encode('utf-8')
def encode_signature(r, s):
"""Encode an EC signature in serialized DER format as described in
https://tools.ietf.org/html/rfc2459 (section 7.2.2) and as detailed by
bip-0066
Args:
r, s
Returns:
bytes: The DER encoded signature
"""
r_bytes = int_to_bytes(r)
if indexbytes(r_bytes, 0) & 0x80:
r_bytes = b"\x00" + r_bytes
s_bytes = int_to_bytes(s)
if indexbytes(s_bytes, 0) & 0x80:
s_bytes = b"\x00" + s_bytes
r_s = INTEGER + pack('B', len(r_bytes)) + r_bytes + INTEGER + pack(
'B', len(s_bytes)) + s_bytes
return SEQUENCE + pack('B', len(r_s)) + r_s
def decode_114(self, buf, offset):
"""NEW_REFERENCE_EXT"""
id_len = struct.unpack(">H", buf[offset:offset + 2])[0]
node, offset = self.decode_part(buf, offset + 2)
if not isinstance(node, Atom):
raise EncodingError(
"Expected atom while parsing NEW_REFERENCE_EXT, found %r instead"
% node)
creation = six.indexbytes(buf, offset)
reference_id = struct.unpack(">%dL" % id_len,
buf[offset + 1:offset + 1 + 4 * id_len])
return Reference(node, reference_id, creation), offset + 1 + 4 * id_len
def __eq__(self, other):
if len(self) != len(other):
return False
if isinstance(other, BufferView):
return _lib.memcmp(self._data, other._data, len(self)) == 0
elif isinstance(other, bytes):
for i in xrange(len(self)):
if self[i] != six.indexbytes(other, i):
return False
return True
else:
return NotImplemented
def test_build_subscription_multiple():
"""
Multiple topic filters can be properly encoded.
This example is from the MQTT specification.
"""
specs = [
mqttpacket.SubscriptionSpec(u'a/b', 0x01),
mqttpacket.SubscriptionSpec(u'c/d', 0x02),
]
packet = mqttpacket.subscribe(10, specs)
assert isinstance(packet, bytes)
assert six.indexbytes(packet, 0) == 0x82
assert six.indexbytes(packet, 1) == 14
assert six.indexbytes(packet, 2) << 8 | six.indexbytes(packet, 3) == 10
assert six.indexbytes(packet, 4) << 8 | six.indexbytes(packet, 5) == 3
assert packet[6:9].decode('utf-8') == u'a/b'
assert six.indexbytes(packet, 9) == 0x01
assert six.indexbytes(packet, 10) << 8 | six.indexbytes(packet, 11) == 3
assert packet[12:15].decode('utf-8') == u'c/d'
assert six.indexbytes(packet, 15) == 0x02
def _parse_capabilities(self, data):
if not data:
return
c_len, data = six.indexbytes(data, 0), data[1:]
data = data[:c_len]
for tlv in parse_tlvs(data):
if YK4_CAPA_TAG == tlv.tag:
self.capabilities = int(b2a_hex(tlv.value), 16)
elif YK4_SERIAL_TAG == tlv.tag:
self._serial = int(b2a_hex(tlv.value), 16)
elif YK4_ENABLED_TAG == tlv.tag:
self.enabled = int(b2a_hex(tlv.value), 16)
def load_int(ai, data):
if ai < 24:
return ai, data
elif ai == 24:
return six.indexbytes(data, 0), data[1:]
elif ai == 25:
return struct.unpack_from(">H", data)[0], data[2:]
elif ai == 26:
return struct.unpack_from(">I", data)[0], data[4:]
elif ai == 27:
return struct.unpack_from(">Q", data)[0], data[8:]
raise ValueError("Invalid additional information")
