def test_vec5(self):
message = Bytes(0x03)
d = 0xc4eab05d357007c632f3dbb48489924d552b08fe0c353a0d4a1f00acda2c463afbea67c5e8d2877c5e3bc397a659949ef8021e954e0a12274e
expected_public_key = Bytes(0x43ba28f430cdff456ae531545f7ecd0ac834a55d9358c0372bfa0c6c6798c0866aea01eb00742802b8438ea4cb82169c235160627b4c3a9480)[::-1].int()
expected_sig = Bytes(0x26b8f91727bd62897af15e41eb43c377efb9c610d48f2335cb0bd0087810f4352541b143c4b981b7e18f62de8ccdf633fc1bf037ab7cd779805e0dbcc0aae1cbcee1afb2e027df36bc04dcecbf154336c19f0af7e0a6472905e799f1953d2a0ff3348ab21aa4adafd1d234441cf807c03a00)
self._run_448_test(message, d, expected_public_key, expected_sig)
def test_vec12(self):
key1 = Bytes(0xfffefdfcfbfaf9f8f7f6f5f4f3f2f1f0).zfill(16)
key2 = Bytes(0xbfbebdbcbbbab9b8b7b6b5b4b3b2b1b0).zfill(16)
plaintext = Bytes(0x000102030405060708090a0b0c0d0e0f1011).zfill(18)
tweak = 0x9a785634120000000000000000000000
expected_ciphertext = Bytes(0xd069444b7a7e0cab09e24447d24deb1fedbf)
self._run_test(key1, key2, plaintext, tweak, expected_ciphertext)
def test_vec14(self):
key1 = Bytes(0xfffefdfcfbfaf9f8f7f6f5f4f3f2f1f0).zfill(16)
key2 = Bytes(0xbfbebdbcbbbab9b8b7b6b5b4b3b2b1b0).zfill(16)
plaintext = Bytes(0x000102030405060708090a0b0c0d0e0f10111213).zfill(20)
tweak = 0x9a785634120000000000000000000000
expected_ciphertext = Bytes(0x9d84c813f719aa2c7be3f66171c7c5c2edbf9dac)
self._run_test(key1, key2, plaintext, tweak, expected_ciphertext)
def decode(buffer: bytes, **kwargs) -> object:
"""
Decodes a JWK JSON string into an RSA object.
Parameters:
buffer (bytes/str): JWK JSON string.
Returns:
RSA: RSA object.
"""
from samson.public_key.rsa import RSA
if issubclass(type(buffer), (bytes, bytearray)):
buffer = buffer.decode()
jwk = json.loads(buffer)
n = Bytes(url_b64_decode(jwk['n'].encode('utf-8'))).int()
e = Bytes(url_b64_decode(jwk['e'].encode('utf-8'))).int()
if 'p' in jwk:
p = Bytes(url_b64_decode(jwk['p'].encode('utf-8'))).int()
q = Bytes(url_b64_decode(jwk['q'].encode('utf-8'))).int()
else:
p = 2
q = 3
rsa = RSA(8, p=p, q=q, e=e)
rsa.n = n
rsa.bits = rsa.n.bit_length()
return rsa
def derive(self, password: bytes, salt: bytes) -> Bytes:
"""
Derives a key.
Parameters:
password (bytes): Bytes-like object to key the internal state.
salt (bytes): Salt to tweak the output.
Returns:
Bytes: Derived key.
"""
hash_len = len(self.hash_fn(b'', b''))
num_blocks = ceil(self.desired_len / hash_len)
output = Bytes(b'')
for i in range(1, num_blocks + 1):
xor_sum = Bytes(b'').zfill(hash_len)
last = salt + Bytes(i).zfill(4)
for _ in range(self.num_iters):
last = self.hash_fn(password, last)
xor_sum ^= last
output += xor_sum
return output[:self.desired_len]
def test_sha512t_vec0(self):
trunc = 256
message = Bytes(b'')
expected_hash = Bytes(
0x8FFB6D6180E4C53275F10D62B34789329C69846F2A9E9C6D2DA75B0232EA9466)
self._run_512t_test(trunc, message, expected_hash)
def test_sha512t_vec2(self):
trunc = 224
message = Bytes(b'')
expected_hash = Bytes(
0x55BF51615D6950490250EA6DB46065EE086EAD06CF8A1DD969C56F41)
self._run_512t_test(trunc, message, expected_hash)
def test_vec11(self):
message = Bytes(0x6ddf802e1aae4986935f7f981ba3f0351d6273c0a0c22c9c0e8339168e675412a3debfaf435ed651558007db4384b650fcc07e3b586a27a4f7a00ac8a6fec2cd86ae4bf1570c41e6a40c931db27b2faa15a8cedd52cff7362c4e6e23daec0fbc3a79b6806e316efcc7b68119bf46bc76a26067a53f296dafdbdc11c77f7777e972660cf4b6a9b369a6665f02e0cc9b6edfad136b4fabe723d2813db3136cfde9b6d044322fee2947952e031b73ab5c603349b307bdc27bc6cb8b8bbd7bd323219b8033a581b59eadebb09b3c4f3d2277d4f0343624acc817804728b25ab797172b4c5c21a22f9c7839d64300232eb66e53f31c723fa37fe387c7d3e50bdf9813a30e5bb12cf4cd930c40cfb4e1fc622592a49588794494d56d24ea4b40c89fc0596cc9ebb961c8cb10adde976a5d602b1c3f85b9b9a001ed3c6a4d3b1437f52096cd1956d042a597d561a596ecd3d1735a8d570ea0ec27225a2c4aaff26306d1526c1af3ca6d9cf5a2c98f47e1c46db9a33234cfd4d81f2c98538a09ebe76998d0d8fd25997c7d255c6d66ece6fa56f11144950f027795e653008f4bd7ca2dee85d8e90f3dc315130ce2a00375a318c7c3d97be2c8ce5b6db41a6254ff264fa6155baee3b0773c0f497c573f19bb4f4240281f0b1f4f7be857a4e59d416c06b4c50fa09e1810ddc6b1467baeac5a3668d11b6ecaa901440016f389f80acc4db977025e7f5924388c7e340a732e554440e76570f8dd71b7d640b3450d1fd5f0410a18f9a3494f707c717b79b4bf75c98400b096b21653b5d217cf3565c9597456f70703497a078763829bc01bb1cbc8fa04eadc9a6e3f6699587a9e75c94e5bab0036e0b2e711392cff0047d0d6b05bd2a588bc109718954259f1d86678a579a3120f19cfb2963f177aeb70f2d4844826262e51b80271272068ef5b3856fa8535aa2a88b2d41f2a0e2fda7624c2850272ac4a2f561f8f2f7a318bfd5caf9696149e4ac824ad3460538fdc25421beec2cc6818162d06bbed0c40a387192349db67a118bada6cd5ab0140ee273204f628aad1c135f770279a651e24d8c14d75a6059d76b96a6fd857def5e0b354b27ab937a5815d16b5fae407ff18222c6d1ed263be68c95f32d908bd895cd76207ae726487567f9a67dad79abec316f683b17f2d02bf07e0ac8b5bc6162cf94697b3c27cd1fea49b27f23ba2901871962506520c392da8b6ad0d99f7013fbc06c2c17a569500c8a7696481c1cd33e9b14e40b82e79a5f5db82571ba97bae3ad3e0479515bb0e2b0f3bfcd1fd33034efc6245eddd7ee2086ddae2600d8ca73e214e8c2b0bdb2b047c6a464a562ed77b73d2d841c4b34973551257713b753632efba348169abc90a68f42611a40126d7cb21b58695568186f7e569d2ff0f9e745d0487dd2eb997cafc5abf9dd102e62ff66cba87)
d = 0x872d093780f5d3730df7c212664b37b8a0f24f56810daa8382cd4fa3f77634ec44dc54f1c2ed9bea86fafb7632d8be199ea165f5ad55dd9ce8
expected_public_key = Bytes(0xa81b2e8a70a5ac94ffdbcc9badfc3feb0801f258578bb114ad44ece1ec0e799da08effb81c5d685c0c56f64eecaef8cdf11cc38737838cf400)[::-1].int()
expected_sig = Bytes(0xe301345a41a39a4d72fff8df69c98075a0cc082b802fc9b2b6bc503f926b65bddf7f4c8f1cb49f6396afc8a70abe6d8aef0db478d4c6b2970076c6a0484fe76d76b3a97625d79f1ce240e7c576750d295528286f719b413de9ada3e8eb78ed573603ce30d8bb761785dc30dbc320869e1a00).zfill(114)
self._run_448_test(message, d, expected_public_key, expected_sig)
def test_vec0(self):
key = Bytes(0x2B7E151628AED2A6ABF7158809CF4F3C)
iv = Bytes(0x000102030405060708090A0B0C0D0E0F).zfill(16)
plaintext = Bytes(0x6BC1BEE22E409F96E93D7E117393172A)
expected_ciphertext = Bytes(0x7649ABAC8119B246CEE98E9B12E9197D)
self._run_test(key, iv, plaintext, expected_ciphertext)
def test_vec9(self):
message = Bytes(0xbd0f6a3747cd561bdddf4640a332461a4a30a12a434cd0bf40d766d9c6d458e5512204a30c17d1f50b5079631f64eb3112182da3005835461113718d1a5ef944)
d = 0xd65df341ad13e008567688baedda8e9dcdc17dc024974ea5b4227b6530e339bff21f99e68ca6968f3cca6dfe0fb9f4fab4fa135d5542ea3f01
expected_public_key = Bytes(0xdf9705f58edbab802c7f8363cfe5560ab1c6132c20a9f1dd163483a26f8ac53a39d6808bf4a1dfbd261b099bb03b3fb50906cb28bd8a081f00)[::-1].int()
expected_sig = Bytes(0x554bc2480860b49eab8532d2a533b7d578ef473eeb58c98bb2d0e1ce488a98b18dfde9b9b90775e67f47d4a1c3482058efc9f40d2ca033a0801b63d45b3b722ef552bad3b4ccb667da350192b61c508cf7b6b5adadc2c8d9a446ef003fb05cba5f30e88e36ec2703b349ca229c2670833900).zfill(114)
self._run_448_test(message, d, expected_public_key, expected_sig)
def test_vec10(self):
message = Bytes(0x15777532b0bdd0d1389f636c5f6b9ba734c90af572877e2d272dd078aa1e567cfa80e12928bb542330e8409f3174504107ecd5efac61ae7504dabe2a602ede89e5cca6257a7c77e27a702b3ae39fc769fc54f2395ae6a1178cab4738e543072fc1c177fe71e92e25bf03e4ecb72f47b64d0465aaea4c7fad372536c8ba516a6039c3c2a39f0e4d832be432dfa9a706a6e5c7e19f397964ca4258002f7c0541b590316dbc5622b6b2a6fe7a4abffd96105eca76ea7b98816af0748c10df048ce012d901015a51f189f3888145c03650aa23ce894c3bd889e030d565071c59f409a9981b51878fd6fc110624dcbcde0bf7a69ccce38fabdf86f3bef6044819de11)
d = 0x2ec5fe3c17045abdb136a5e6a913e32ab75ae68b53d2fc149b77e504132d37569b7e766ba74a19bd6162343a21c8590aa9cebca9014c636df5
expected_public_key = Bytes(0x79756f014dcfe2079f5dd9e718be4171e2ef2486a08f25186f6bff43a9936b9bfe12402b08ae65798a3d81e22e9ec80e7690862ef3d4ed3a00)[::-1].int()
expected_sig = Bytes(0xc650ddbb0601c19ca11439e1640dd931f43c518ea5bea70d3dcde5f4191fe53f00cf966546b72bcc7d58be2b9badef28743954e3a44a23f880e8d4f1cfce2d7a61452d26da05896f0a50da66a239a8a188b6d825b3305ad77b73fbac0836ecc60987fd08527c1a8e80d5823e65cafe2a3d00).zfill(114)
self._run_448_test(message, d, expected_public_key, expected_sig)
def test_vec8(self):
message = Bytes(0x64a65f3cdedcdd66811e2915e7)
d = 0x7ef4e84544236752fbb56b8f31a23a10e42814f5f55ca037cdcc11c64c9a3b2949c1bb60700314611732a6c2fea98eebc0266a11a93970100e
expected_public_key = Bytes(0xb3da079b0aa493a5772029f0467baebee5a8112d9d3a22532361da294f7bb3815c5dc59e176b4d9f381ca0938e13c6c07b174be65dfa578e80)[::-1].int()
expected_sig = Bytes(0x6a12066f55331b6c22acd5d5bfc5d71228fbda80ae8dec26bdd306743c5027cb4890810c162c027468675ecf645a83176c0d7323a2ccde2d80efe5a1268e8aca1d6fbc194d3f77c44986eb4ab4177919ad8bec33eb47bbb5fc6e28196fd1caf56b4e7e0ba5519234d047155ac727a1053100).zfill(114)
self._run_448_test(message, d, expected_public_key, expected_sig)
def test_vec7(self):
message = Bytes(0x64a65f3cdedcdd66811e2915)
d = 0x258cdd4ada32ed9c9ff54e63756ae582fb8fab2ac721f2c8e676a72768513d939f63dddb55609133f29adf86ec9929dccb52c1c5fd2ff7e21b
expected_public_key = Bytes(0x3ba16da0c6f2cc1f30187740756f5e798d6bc5fc015d7c63cc9510ee3fd44adc24d8e968b6e46e6f94d19b945361726bd75e149ef09817f580)[::-1].int()
expected_sig = Bytes(0x7eeeab7c4e50fb799b418ee5e3197ff6bf15d43a14c34389b59dd1a7b1b85b4ae90438aca634bea45e3a2695f1270f07fdcdf7c62b8efeaf00b45c2c96ba457eb1a8bf075a3db28e5c24f6b923ed4ad747c3c9e03c7079efb87cb110d3a99861e72003cbae6d6b8b827e4e6c143064ff3c00).zfill(114)
self._run_448_test(message, d, expected_public_key, expected_sig)
def test_vec6(self):
message = Bytes(0x0c3e544074ec63b0265e0c)
d = 0xcd23d24f714274e744343237b93290f511f6425f98e64459ff203e8985083ffdf60500553abc0e05cd02184bdb89c4ccd67e187951267eb328
expected_public_key = Bytes(0xdcea9e78f35a1bf3499a831b10b86c90aac01cd84b67a0109b55a36e9328b1e365fce161d71ce7131a543ea4cb5f7e9f1d8b00696447001400)[::-1].int()
expected_sig = Bytes(0x1f0a8888ce25e8d458a21130879b840a9089d999aaba039eaf3e3afa090a09d389dba82c4ff2ae8ac5cdfb7c55e94d5d961a29fe0109941e00b8dbdeea6d3b051068df7254c0cdc129cbe62db2dc957dbb47b51fd3f213fb8698f064774250a5028961c9bf8ffd973fe5d5c206492b140e00).zfill(114)
self._run_448_test(message, d, expected_public_key, expected_sig)
def decrypt(self, ciphertext: bytes) -> Bytes:
"""
Decrypts `ciphertext`.
Parameters:
ciphertext (bytes): Bytes-like object to be decrypted.
Returns:
Bytes: Resulting plaintext.
"""
ciphertext = Bytes.wrap(ciphertext).zfill(self.block_size // 4)
A = ciphertext[:self.block_size // 8].int()
B = ciphertext[self.block_size // 8:].int()
for i in range(self.num_rounds, 0, -1):
B = right_rotate((B - self.S[2 * i + 1]) % self.mod,
A % self.block_size,
bits=self.block_size) ^ A
A = right_rotate((A - self.S[2 * i]) % self.mod,
B % self.block_size,
bits=self.block_size) ^ B
A = (A - self.S[0]) % self.mod
B = (B - self.S[1]) % self.mod
return Bytes(
(Bytes(A, 'little').zfill(self.block_size // 8) +
Bytes(B, 'little').zfill(self.block_size // 8)).int()).zfill(
self.block_size // 4)
def test_vec1(self):
key = Bytes(0x2B7E151628AED2A6ABF7158809CF4F3C)
iv = Bytes(0x7649ABAC8119B246CEE98E9B12E9197D).zfill(16)
plaintext = Bytes(0xAE2D8A571E03AC9C9EB76FAC45AF8E51)
expected_ciphertext = Bytes(0x5086CB9B507219EE95DB113A917678B2)
self._run_test(key, iv, plaintext, expected_ciphertext)
def encrypt(self, plaintext: bytes) -> Bytes:
"""
Encrypts `plaintext`.
Parameters:
plaintext (bytes): Bytes-like object to be encrypted.
Returns:
Bytes: Resulting ciphertext.
"""
plaintext = Bytes.wrap(plaintext).zfill(self.block_size // 4)
A = plaintext[self.block_size // 8:].int()
B = plaintext[:self.block_size // 8].int()
A = (A + self.S[0]) % self.mod
B = (B + self.S[1]) % self.mod
for i in range(1, self.num_rounds + 1):
A = (left_rotate(A ^ B, B % self.block_size, bits=self.block_size)
+ self.S[2 * i]) % self.mod
B = (left_rotate(B ^ A, A % self.block_size, bits=self.block_size)
+ self.S[2 * i + 1]) % self.mod
return (Bytes(A, 'little').zfill(self.block_size // 8) +
Bytes(B, 'little').zfill(self.block_size // 8))
def test_vec2(self):
key = Bytes(0x2B7E151628AED2A6ABF7158809CF4F3C)
iv = Bytes(0x5086CB9B507219EE95DB113A917678B2).zfill(16)
plaintext = Bytes(0x30C81C46A35CE411E5FBC1191A0A52EF)
expected_ciphertext = Bytes(0x73BED6B8E3C1743B7116E69E22229516)
self._run_test(key, iv, plaintext, expected_ciphertext)
def test_sha512t_vec1(self):
trunc = 256
message = Bytes(b'sampletext')
expected_hash = Bytes(
0xCFD6F9C0EFDA3800700F19875BE2346E49B702A5C2D17261FDB24BBF27DDE4E6)
self._run_512t_test(trunc, message, expected_hash)
def test_vec3(self):
key = Bytes(0x2B7E151628AED2A6ABF7158809CF4F3C)
iv = Bytes(0x73BED6B8E3C1743B7116E69E22229516).zfill(16)
plaintext = Bytes(0xF69F2445DF4F9B17AD2B417BE66C3710)
expected_ciphertext = Bytes(0x3FF1CAA1681FAC09120ECA307586E1A7)
self._run_test(key, iv, plaintext, expected_ciphertext)
def test_sha512t_vec3(self):
trunc = 224
message = Bytes(b'sampletext')
expected_hash = Bytes(
0xAD8489322055D0F24980D6D192D77B41BBE286DE82DFEC06BFC1DC11)
self._run_512t_test(trunc, message, expected_hash)
def test_vec4(self):
key = Bytes(0x8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B)
iv = Bytes(0x000102030405060708090A0B0C0D0E0F).zfill(16)
plaintext = Bytes(0x6BC1BEE22E409F96E93D7E117393172A)
expected_ciphertext = Bytes(0x4F021DB243BC633D7178183A9FA071E8)
self._run_test(key, iv, plaintext, expected_ciphertext)
def encrypt(self, plaintext: bytes, pad: bool=False) -> Bytes:
"""
Encrypts `plaintext`.
Parameters:
plaintext (bytes): Bytes-like object to be encrypted.
pad (bool): Whether or not to use RFC5649 padding.
Returns:
Bytes: Resulting ciphertext.
"""
iv = self.iv
length = len(plaintext)
plaintext = Bytes.wrap(plaintext)
if pad:
r = ((length) + 7) // 8
plaintext = plaintext + ((r * 8) - length) * b'\x00'
iv = self.iv + Bytes(length).zfill(4)
A = iv
R = plaintext.chunk(8)
n = len(R)
# RFC5649 specific
if n == 1:
return self.cipher.encrypt(iv + plaintext)
for j in range(6):
for i in range(n):
ct = self.cipher.encrypt(A + R[i])
A, R[i] = ct[:8], ct[8:]
A ^= Bytes(n * j + i + 1).zfill(len(A))
return A + b''.join(R)
def test_vec5(self):
key = Bytes(0x8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B)
iv = Bytes(0x4F021DB243BC633D7178183A9FA071E8).zfill(16)
plaintext = Bytes(0xAE2D8A571E03AC9C9EB76FAC45AF8E51)
expected_ciphertext = Bytes(0xB4D9ADA9AD7DEDF4E5E738763F69145A)
self._run_test(key, iv, plaintext, expected_ciphertext)
def test_vec11(self):
key1 = Bytes(0xfffefdfcfbfaf9f8f7f6f5f4f3f2f1f0).zfill(16)
key2 = Bytes(0xbfbebdbcbbbab9b8b7b6b5b4b3b2b1b0).zfill(16)
plaintext = Bytes(0x000102030405060708090a0b0c0d0e0f10).zfill(17)
tweak = 0x9a785634120000000000000000000000
expected_ciphertext = Bytes(0x6c1625db4671522d3d7599601de7ca09ed)
self._run_test(key1, key2, plaintext, tweak, expected_ciphertext)
def test_vec6(self):
key = Bytes(0x8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B)
iv = Bytes(0xB4D9ADA9AD7DEDF4E5E738763F69145A).zfill(16)
plaintext = Bytes(0x30C81C46A35CE411E5FBC1191A0A52EF)
expected_ciphertext = Bytes(0x571B242012FB7AE07FA9BAAC3DF102E0)
self._run_test(key, iv, plaintext, expected_ciphertext)
def test_vec13(self):
key1 = Bytes(0xfffefdfcfbfaf9f8f7f6f5f4f3f2f1f0).zfill(16)
key2 = Bytes(0xbfbebdbcbbbab9b8b7b6b5b4b3b2b1b0).zfill(16)
plaintext = Bytes(0x000102030405060708090a0b0c0d0e0f101112).zfill(19)
tweak = 0x9a785634120000000000000000000000
expected_ciphertext = Bytes(0xe5df1351c0544ba1350b3363cd8ef4beedbf9d)
self._run_test(key1, key2, plaintext, tweak, expected_ciphertext)
def test_vec7(self):
key = Bytes(0x8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B)
iv = Bytes(0x571B242012FB7AE07FA9BAAC3DF102E0).zfill(16)
plaintext = Bytes(0xF69F2445DF4F9B17AD2B417BE66C3710)
expected_ciphertext = Bytes(0x08B0E27988598881D920A9E64F5615CD)
self._run_test(key, iv, plaintext, expected_ciphertext)
def decode(buffer: bytes):
from samson.public_key.ecdsa import ECDSA
cert, _left_over = decoder.decode(buffer,
asn1Spec=rfc2459.Certificate())
pub_info = cert['tbsCertificate']['subjectPublicKeyInfo']
curve_params, _ = decoder.decode(
Bytes(pub_info['algorithm']['parameters']))
p = int(curve_params[1][1])
b = Bytes(curve_params[2][1]).int()
q = int(curve_params[4])
gx, gy = ECDSA.decode_point(Bytes(curve_params[3]))
curve = WeierstrassCurve(a=-3,
b=b,
ring=ZZ / ZZ(p),
cardinality=q,
base_tuple=(gx, gy))
x, y = ECDSA.decode_point(Bytes(int(pub_info['subjectPublicKey'])))
ecdsa = ECDSA(curve.G, None, d=1)
ecdsa.Q = curve(x, y)
return ecdsa
def test_vec4(self):
message = Bytes(b'')
d = 0x6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b
expected_public_key = Bytes(0x5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180)[::-1].int()
expected_sig = Bytes(0x533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980ff0d2028d4b18a9df63e006c5d1c2d345b925d8dc00b4104852db99ac5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e652600)
self._run_448_test(message, d, expected_public_key, expected_sig)
