def encode(self, message, emLen, label="", seed=None): ''':Return: a Bytes object''' # Skipped: label input length checking. (L must be less than 2^61 octets for SHA1) # First, make sure the message isn't too long. emLen hLen = self.hashFnOutputBytes if (len(message) > (emLen - (2 * hLen) - 2)): assert False, "message too long" if py3: lHash = self.hashFn(Bytes(label, 'utf8')) else: lHash = self.hashFn(Bytes(label)) # Let PS be a string of length (emLen - mLen - 2hLen - 2) containing only zero octets. # Compute DB = lHash || PS || 0x01 || M. PS = Bytes.fill(b'\x00', emLen - len(message) - (2 * hLen) - 2) DB = lHash + PS + b'\x01' + bytes(message) # Generate a random octet string seed of length hLen and compute # maskedDB = MGF1(seed, emLen - self.hashFnOutputBytes - 1) if (seed is None): rand = SecureRandomFactory.getInstance() seed = rand.getRandomBytes(hLen) dbMask = MGF1(seed, len(DB), self.hashFn, hLen) maskedDB = DB ^ dbMask # Let seedMask = MGF(maskedDB, self.hashFnOutputBytes) and # maskedSeed = seedMask XOR seed seedMask = MGF1(maskedDB, len(seed), self.hashFn, hLen) maskedSeed = seedMask ^ seed if(debug): print("Encoding") print("label =>", label) print("lhash =>", lHash) print("seed =>", seed) print("db =>", DB) print("db len =>", len(DB)) print("db mask =>", dbMask) print("maskedDB =>", maskedDB) print("seedMask =>", seedMask) print("maskedSed=>", maskedSeed) return Bytes(b'\x00') + maskedSeed + maskedDB
def encode(self, message, emLen, label="", seed=None): ''':Return: a Bytes object''' # Skipped: label input length checking. (L must be less than 2^61 octets for SHA1) # First, make sure the message isn't too long. emLen hLen = self.hashFnOutputBytes if (len(message) > (emLen - (2 * hLen) - 2)): assert False, "message too long" if py3: lHash = self.hashFn(Bytes(label, 'utf8')) else: lHash = self.hashFn(Bytes(label)) # Let PS be a string of length (emLen - mLen - 2hLen - 2) containing only zero octets. # Compute DB = lHash || PS || 0x01 || M. PS = Bytes.fill(b'\x00', emLen - len(message) - (2 * hLen) - 2) DB = lHash + PS + b'\x01' + bytes(message) # Generate a random octet string seed of length hLen and compute # maskedDB = MGF1(seed, emLen - self.hashFnOutputBytes - 1) if (seed is None): rand = SecureRandomFactory.getInstance() seed = rand.getRandomBytes(hLen) dbMask = MGF1(seed, len(DB), self.hashFn, hLen) maskedDB = DB ^ dbMask # Let seedMask = MGF(maskedDB, self.hashFnOutputBytes) and # maskedSeed = seedMask XOR seed seedMask = MGF1(maskedDB, len(seed), self.hashFn, hLen) maskedSeed = seedMask ^ seed if (debug): print("Encoding") print("label =>", label) print("lhash =>", lHash) print("seed =>", seed) print("db =>", DB) print("db len =>", len(DB)) print("db mask =>", dbMask) print("maskedDB =>", maskedDB) print("seedMask =>", seedMask) print("maskedSed=>", maskedSeed) return Bytes(b'\x00') + maskedSeed + maskedDB
def encode(self, message, n, s0): #n = m + s0 + s1 m = int(n/4) #usually 256 bits if(len(message) > (m/8)): assert False, "message too long" if(len(message) != m): message_ext = bytes(message) + Bytes.fill(b'\x80', 1) if(len(message_ext) != m): message_ext = bytes(message_ext) + Bytes.fill(b'\x00', ((m/8)-2)-len(message)) message_ext = bytes(message_ext) + Bytes.fill(b'\x80', 1) s1 = n - m - s0 t = Bytes.fill(b'\x00', s0/8) rand = SecureRandomFactory.getInstance() r = rand.getRandomBytes(int(s1/8)) v = Bytes(bytes(message_ext) + t) x = v ^ self.hashFn(r) y = x + r if(debug): print("Encoding") print("m =>", m) print("s0 =>", s0) print("s1 =>", s1) print("t =>", t, len(t)) print("r =>", r, len(r)) print("v =>", v, len(v)) print("x =>", x) print("y =>", y, len(y)) return y
def encode(self, M, emBits=None, salt=None): '''Encodes a message with PSS padding emLen will be set to the minimum allowed length if not explicitly set ''' # assert len(M) < (2^61 -1), Message too long #Let H' = Hash (M'), an octet string of length hLen. #Max length of output message if emBits is None: emBits = 8 * self.hLen + 8 * self.sLen + 9 #Round to the next byte emBits = int(math.ceil(emBits / 8.0)) * 8 assert emBits >= 8 * self.hLen + 8 * self.sLen + 9, "Not enough emBits" #Make sure the the message is long enough to be valid emLen = int(math.ceil(emBits / 8.0)) assert emLen >= self.hLen + self.sLen + 2, "emLen too small" if salt is None: if self.sLen > 0: salt = SecureRandomFactory.getInstance().getRandomBytes( self.sLen) else: salt = b'' assert len(salt) == self.sLen, "Salt wrong size" #Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt; eightzerobytes = Bytes.fill(b'\x00', 8) mHash = self.hashFn(M) Mprime = eightzerobytes + mHash + salt #Let H = Hash (M'), an octet string of length hLen. H = self.hashFn(Mprime) #Generate an octet string PS consisting of emLen - sLen - hLen - 2 zero octets. #The length of PS may be 0. pslen = emLen - self.sLen - self.hLen - 2 ps = Bytes.fill(b'\x00', pslen) #Let DB = PS || 0x01 || salt; DB is an octet string of length emLen - hLen - 1. DB = ps + Bytes(b'\x01') + salt #Let dbMask = MGF (H, emLen - hLen - 1). masklen = emLen - self.hLen - 1 dbMask = MGF1(H, masklen, self.hashFn, self.hLen) #Let maskedDB = DB ^ dbMask. maskedDB = DB ^ dbMask #Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to zero numzeros = 8 * emLen - emBits bitmask = int('0' * numzeros + '1' * (8 - numzeros), 2) ba = bytearray(maskedDB) ba[0] &= bitmask maskedDB = Bytes(ba) EM = maskedDB + H + Bytes(b'\xbc') if debug: print("PSS Encoding:") print("M =>", M) print("mHash =>", mHash) print("salt =>", salt) print("M' =>", Mprime) print("H =>", H) print("DB =>", DB) print("dbmask=>", dbMask) print("masked=>", maskedDB) print("EM =>", EM) return EM
def encode(self, M, emBits=None, salt=None): '''Encodes a message with PSS padding emLen will be set to the minimum allowed length if not explicitly set ''' # assert len(M) < (2^61 -1), Message too long #Let H' = Hash (M'), an octet string of length hLen. #Max length of output message if emBits is None: emBits = 8*self.hLen + 8 * self.sLen + 9 #Round to the next byte emBits = int(math.ceil(emBits / 8.0)) * 8 assert emBits >= 8*self.hLen + 8 * self.sLen + 9, "Not enough emBits" #Make sure the the message is long enough to be valid emLen = int(math.ceil(emBits / 8.0)) assert emLen >= self.hLen + self.sLen + 2, "emLen too small" if salt is None: if self.sLen > 0: salt = SecureRandomFactory.getInstance().getRandomBytes(self.sLen) else: salt = b'' assert len(salt) == self.sLen, "Salt wrong size" #Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt; eightzerobytes = Bytes.fill(b'\x00', 8) mHash = self.hashFn(M) Mprime = eightzerobytes + mHash + salt #Let H = Hash (M'), an octet string of length hLen. H = self.hashFn(Mprime) #Generate an octet string PS consisting of emLen - sLen - hLen - 2 zero octets. #The length of PS may be 0. pslen = emLen - self.sLen - self.hLen - 2 ps = Bytes.fill(b'\x00', pslen) #Let DB = PS || 0x01 || salt; DB is an octet string of length emLen - hLen - 1. DB = ps + Bytes(b'\x01') + salt #Let dbMask = MGF (H, emLen - hLen - 1). masklen = emLen - self.hLen - 1 dbMask = MGF1(H, masklen, self.hashFn, self.hLen) #Let maskedDB = DB ^ dbMask. maskedDB = DB ^ dbMask #Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to zero numzeros = 8 * emLen - emBits bitmask = int('0'*numzeros + '1'*(8-numzeros), 2) ba = bytearray(maskedDB) ba[0] &= bitmask maskedDB = Bytes(ba) EM = maskedDB + H + Bytes(b'\xbc') if debug: print("PSS Encoding:") print("M =>", M) print("mHash =>", mHash) print("salt =>", salt) print("M' =>", Mprime) print("H =>", H) print("DB =>", DB) print("dbmask=>", dbMask) print("masked=>", maskedDB) print("EM =>", EM) return EM