def _parse_messages(self): """ Parses for messages in the buffer *buf*. It is assumed that the buffer contains the start character for a message, but that it may contain only part of the rest of the message. Returns an array of messages, and the buffer remainder that didn't contain any full messages.""" msgs = [] end_idx = 0 buf = self._buf while buf: frame_type = six.indexbytes(buf, 0) if frame_type == 0: # Normal message. end_idx = buf.find(b"\xFF") if end_idx == -1: # pragma NO COVER break msgs.append(buf[1:end_idx].decode('utf-8', 'replace')) buf = buf[end_idx + 1:] elif frame_type == 255: # Closing handshake. assert six.indexbytes(buf, 1) == 0, "Unexpected closing handshake: %r" % buf self.websocket_closed = True break else: raise ValueError("Don't understand how to parse this type of message: %r" % buf) self._buf = buf return msgs
def process_IAC(self, sock, cmd, option): """ Read in and parse IAC commands as passed by telnetlib. SB/SE commands are stored in sbdataq, and passed in w/ a command of SE. """ if cmd == DO: if option == TM: # timing mark - send WILL into outgoing stream os.write(self.remote, IAC + WILL + TM) else: pass elif cmd == IP: # interrupt process os.write(self.local, IPRESP) elif cmd == SB: pass elif cmd == SE: option = self.sbdataq[0] if option == NAWS[0]: # negotiate window size. cols = six.indexbytes(self.sbdataq, 1) rows = six.indexbytes(self.sbdataq, 2) s = struct.pack('HHHH', rows, cols, 0, 0) fcntl.ioctl(self.local, termios.TIOCSWINSZ, s) elif cmd == DONT: pass else: pass
def calculate(self, cred, timestamp=None): # The 4.2.0-4.2.6 firmwares have a known issue with credentials that # require touch: If this action is performed within 2 seconds of a # command resulting in a long response (over 54 bytes), # the command will hang. A workaround is to send an invalid command # (resulting in a short reply) prior to the "calculate" command. if self._426device and cred.touch: self._driver.send_apdu(0, 0, 0, 0, '', check=SW.INVALID_INSTRUCTION) if timestamp is None: timestamp = int(time.time()) if cred.oath_type == OATH_TYPE.TOTP: valid_from = timestamp - (timestamp % cred.period) valid_to = valid_from + cred.period challenge = time_challenge(timestamp, period=cred.period) else: valid_from = timestamp valid_to = float('Inf') challenge = b'' data = Tlv(TAG.NAME, cred.key) + Tlv(TAG.CHALLENGE, challenge) resp = self.send_apdu(INS.CALCULATE, 0, 0, data) resp = parse_tlvs(resp)[0].value # Manual dynamic truncation is required # for Steam entries, so let's do it for all. digits = six.indexbytes(resp, 0) resp = resp[1:] offset = six.indexbytes(resp, -1) & 0xF code_data = resp[offset:offset + 4] code_data = parse_truncated(code_data) code_value = format_code(code_data, digits, steam=cred.is_steam) return Code(code_value, valid_from, valid_to)
def __new__(cls, *args): if len(args) == 1: data = args[0] if isinstance(data, int): # Called with tag only, blank value tag = data value = b'' else: # Called with binary TLV data tag = six.indexbytes(data, 0) ln = six.indexbytes(data, 1) offs = 2 if ln > 0x80: n_bytes = ln - 0x80 ln = bytes2int(data[offs:offs + n_bytes]) offs = offs + n_bytes value = data[offs:offs+ln] elif len(args) == 2: # Called with tag and value. (tag, value) = args else: raise TypeError('{}() takes at most 2 arguments ({} given)'.format( cls, len(args))) data = bytearray([tag]) length = len(value) if length < 0x80: data.append(length) elif length < 0xff: data.extend([0x81, length]) else: data.extend([0x82, length >> 8, length & 0xff]) data += value return super(Tlv, cls).__new__(cls, bytes(data))
def _multi_char_find(self, needle, start, stop, mask, skip): i = start - 1 w = (stop - start) - len(needle) while i + 1 <= start + w: i += 1 if self._data[i + len(needle) - 1] == six.indexbytes(needle, -1): for j in xrange(len(needle) - 1): if self._data[i + j] != six.indexbytes(needle, j): break else: return i if ( i + len(needle) < len(self) and not self._bloom(mask, self._data[i + len(needle)]) ): i += len(needle) else: i += skip else: if ( i + len(needle) < len(self) and not self._bloom(mask, self._data[i + len(needle)]) ): i += len(needle) return -1
def rldecode(data): """ RunLength decoder (Adobe version) implementation based on PDF Reference version 1.4 section 3.3.4: The RunLengthDecode filter decodes data that has been encoded in a simple byte-oriented format based on run length. The encoded data is a sequence of runs, where each run consists of a length byte followed by 1 to 128 bytes of data. If the length byte is in the range 0 to 127, the following length + 1 (1 to 128) bytes are copied literally during decompression. If length is in the range 129 to 255, the following single byte is to be copied 257 - length (2 to 128) times during decompression. A length value of 128 denotes EOD. """ decoded = b'' i = 0 while i < len(data): #print 'data[%d]=:%d:' % (i,ord(data[i])) length = six.indexbytes(data,i) if length == 128: break if length >= 0 and length < 128: for j in range(i+1,(i+1)+(length+1)): decoded+=six.int2byte(six.indexbytes(data,j)) #print 'length=%d, run=%s' % (length+1,run) i = (i+1) + (length+1) if length > 128: run = six.int2byte(six.indexbytes(data,i+1))*(257-length) #print 'length=%d, run=%s' % (257-length,run) decoded+=run i = (i+1) + 1 return decoded
def _set_mode_otp(self, mode_data): resp = self.select(AID.OTP) pgm_seq_old = six.indexbytes(resp, 3) resp = self.send_apdu(0, OTP_INS.YK2_REQ, SLOT.DEVICE_CONFIG, 0, mode_data) pgm_seq_new = six.indexbytes(resp, 3) if not _pgm_seq_ok(pgm_seq_old, pgm_seq_new): raise ModeSwitchError()
def _make_rfind_mask(self, needle): mask = self._bloom_add(0, six.indexbytes(needle, 0)) skip = len(needle) - 1 for i in xrange(len(needle) - 1, 0, -1): mask = self._bloom_add(mask, six.indexbytes(needle, i)) if needle[i] == needle[0]: skip = i - 1 return mask, skip
def _gen_creds(): resp = self.send_apdu(INS.LIST, 0, 0) while resp: length = six.indexbytes(resp, 1) - 1 oath_type = OATH_TYPE(MASK.TYPE & six.indexbytes(resp, 2)) key = resp[3:3 + length] yield Credential(key, oath_type) resp = resp[3 + length:]
def truncate(self, digest): offset = six.indexbytes(digest, -1) & 0x0f binary = (six.indexbytes(digest, (offset + 0)) & 0x7f) << 24 binary |= (six.indexbytes(digest, (offset + 1)) & 0xff) << 16 binary |= (six.indexbytes(digest, (offset + 2)) & 0xff) << 8 binary |= (six.indexbytes(digest, (offset + 3)) & 0xff) return binary % (10 ** self.digits)
def bytes_eq(buf1, buf2): if buf1 != buf2: msg = 'EOF in either data' for i in range(0, min(len(buf1), len(buf2))): c1 = six.indexbytes(six.binary_type(buf1), i) c2 = six.indexbytes(six.binary_type(buf2), i) if c1 != c2: msg = 'differs at chr %d, %d != %d' % (i, c1, c2) break assert buf1 == buf2, "%r != %r, %s" % (buf1, buf2, msg)
def HNxorg( hash_class, N, g ): bin_N = long_to_bytes(N) bin_g = long_to_bytes(g) padding = len(bin_N) - len(bin_g) if _rfc5054_compat else 0 hN = hash_class( bin_N ).digest() hg = hash_class( b''.join( [b'\0'*padding, bin_g] ) ).digest() return six.b( ''.join( chr( six.indexbytes(hN, i) ^ six.indexbytes(hg, i) ) for i in range(0,len(hN)) ) )
def encode(value): """Encodes bytes to a base65536 string.""" stream = io.StringIO() length = len(value) for x in range(0, length, 2): b1 = indexbytes(value, x) b2 = indexbytes(value, x + 1) if x + 1 < length else -1 code_point = BLOCK_START[b2] + b1 stream.write(unichr(code_point)) return stream.getvalue()
def _make_find_mask(self, needle): mlast = len(needle) - 1 mask = 0 skip = mlast - 1 for i in xrange(mlast): mask = self._bloom_add(mask, six.indexbytes(needle, i)) if needle[i] == needle[mlast]: skip = mlast - i - 1 mask = self._bloom_add(mask, six.indexbytes(needle, mlast)) return mask, skip
def decode_int(x, f): f += 1 newf = x.find(b'e', f) n = int(x[f:newf]) if six.indexbytes(x, f) == 45: if six.indexbytes(x, f+1) == 48: raise ValueError elif six.indexbytes(x, f) == 48 and newf != f+1: raise ValueError return (n, newf+1)
def decrypt(self, ctxt, ttl=None, associated_data=''): if not isinstance(ctxt, bytes): raise TypeError("ctxt must be bytes.") try: data = base64.urlsafe_b64decode(ctxt) except (TypeError, binascii.Error): raise InvalidToken if not data: raise InvalidToken # return: version || iv || ctx || tag if six.indexbytes(data, 0) == 0x80: # This is a Fernet1 (old version) ctx, handle accordingly try: msg = self._fernet1.decrypt(ctxt, ttl=ttl) except Exception: raise InvalidToken return msg elif six.indexbytes(data, 0) != 0x81: raise InvalidToken assert not debug or not ttl, "You are calling new fernet with ttl values." # First, verify the tag basic_parts = ( b"\x81" + bytes(associated_data) + data[1:-32] ) try: self.SHA256hmac(self._signing_key, basic_parts, sig=data[-32:]) except InvalidSignature: raise InvalidToken # Now decrypt the text # version (1-byte) || iv (16-byte) || ctx || tag (32-byte) iv = data[1:17] ciphertext = data[17:-32] decryptor = Cipher( algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend ).decryptor() plaintext_padded = decryptor.update(ciphertext) try: plaintext_padded += decryptor.finalize() except ValueError: raise InvalidToken unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder() unpadded = unpadder.update(plaintext_padded) try: unpadded += unpadder.finalize() except ValueError: raise InvalidToken return unpadded
def unpad(data): # At the moment, this is only used for unpadding private keys on disk. This # really ought to be made constant time (possibly by upstreaming this logic # into pyca/cryptography). padding_length = six.indexbytes(data, -1) if padding_length > 16: raise SSHException("Invalid key") for i in range(1, padding_length + 1): if six.indexbytes(data, -i) != (padding_length - i + 1): raise SSHException("Invalid key") return data[:-padding_length]
def decode_bigint(self, n, buf, offset): sign = six.indexbytes(buf, offset) offset += 1 b = 1 val = 0 for i in range(n): val += six.indexbytes(buf, offset) * b b <<= 8 offset += 1 if sign != 0: val = -val return val, offset
def HNxorg( hash_class, N, g ): bN = ctypes.create_string_buffer( BN_num_bytes(N) ) bg = ctypes.create_string_buffer( BN_num_bytes(g) ) BN_bn2bin(N, bN) BN_bn2bin(g, bg) padding = len(bN) - len(bg) if _rfc5054_compat else 0 hN = hash_class( bN.raw ).digest() hg = hash_class( b''.join([ b'\0'*padding, bg.raw ]) ).digest() return six.b( ''.join( chr( six.indexbytes(hN, i) ^ six.indexbytes(hg, i) ) for i in range(0,len(hN)) ) )
def decode(cls, data, connection=None, payload_auto_decode=True): if len(data) < 4: raise NotEnoughData("Not enough data to decode header") if six.indexbytes(data, 3) == 0x00 and six.indexbytes(data, 4) == 0x02: obj = SSLv2Record( connection=connection ) elif six.indexbytes(data, 1) == 0x03: obj = SSLv3Record( connection=connection ) data = obj.dissect(data) return (obj, data)
def decode_string(x, f): colon = x.find(b':', f) n = int(x[f:colon]) if six.indexbytes(x, f) == 48 and colon != f+1: raise ValueError colon += 1 return (x[colon:colon+n], colon+n)
def get_inline_data(self, pos, target=b'EI'): self.seek(pos) i = 0 data = b'' while i <= len(target): self.fillbuf() if i: c = six.indexbytes(self.buf,self.charpos) c=six.int2byte(c) data += c self.charpos += 1 if len(target) <= i and c.isspace(): i += 1 elif i < len(target) and c == target[i]: i += 1 else: i = 0 else: try: j = self.buf.index(target[0], self.charpos) #print 'found', (0, self.buf[j:j+10]) data += self.buf[self.charpos:j+1] self.charpos = j+1 i = 1 except ValueError: data += self.buf[self.charpos:] self.charpos = len(self.buf) data = data[:-(len(target)+1)] # strip the last part data = re.sub(br'(\x0d\x0a|[\x0d\x0a])$', b'', data) return (pos, data)
def _check_incoming_pdu(self): # There is something to read try: raw_pdu = self.dul_socket.recv(1) except socket.error: self.event.append('Evt17') self.dul_socket.close() self.dul_socket = None return if raw_pdu == b'': # Remote port has been closed self.event.append('Evt17') self.dul_socket.close() self.dul_socket = None return else: res = _recv_n(self.dul_socket, 1) raw_pdu += res length = _recv_n(self.dul_socket, 4) raw_pdu += length length = struct.unpack('>L', length) tmp = _recv_n(self.dul_socket, length[0]) raw_pdu += tmp # Determine the type of PDU coming on remote port and set the event # accordingly try: pdu_type, event = PDU_TYPES[six.indexbytes(raw_pdu, 0)] self.primitive = pdu_type.decode(raw_pdu) self.event.append(event) except KeyError: self.event.append('Evt19')
def parse_dbus_header(header): """Parse a D-BUS header. Return the message size.""" if six.indexbytes(header, 0) == ord('l'): endian = '<' elif six.indexbytes(header, 0) == ord('B'): endian = '>' else: raise ValueError('illegal endianness') if not 1 <= six.indexbytes(header, 1) <= 4: raise ValueError('illegel message type') if struct.unpack(endian + 'I', header[8:12])[0] == 0: raise ValueError('illegal serial number') harrlen = struct.unpack(endian + 'I', header[12:16])[0] padlen = (8 - harrlen) % 8 bodylen = struct.unpack(endian + 'I', header[4:8])[0] return 16 + harrlen + padlen + bodylen
def pkcs5_unpad(string): """PKCS#5 unpad the given string""" # preserve empty strings if not string: return string amount_of_padding = six.indexbytes(string, -1) return string[:-amount_of_padding]
def init_command_buffer(self, command): self.command_buffer = create_string_buffer(command, len(command)) for i in range(SC_PASSTHRU_CDB_LEN): self.scsi_cdb[i] = 0 for i in range(min(SC_PASSTHRU_CDB_LEN, len(command))): self.scsi_cdb[i] = six.indexbytes(command, i) # ord(command[i]) self.command_length = len(command)
def _string_successor(str_val): """Increment and truncate a byte string. Determines shortest string that sorts after the given string when compared using regular string comparison semantics. Modeled after implementation in ``gcloud-golang``. Increments the last byte that is smaller than ``0xFF``, and drops everything after it. If the string only contains ``0xFF`` bytes, ``''`` is returned. :type str_val: str :param str_val: String to increment. :rtype: str :returns: The next string in lexical order after ``str_val``. """ str_val = _to_bytes(str_val, encoding='latin-1') if str_val == b'': return str_val index = len(str_val) - 1 while index >= 0: if six.indexbytes(str_val, index) != 0xff: break index -= 1 if index == -1: return b'' return str_val[:index] + _next_char(str_val, index)
def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend): curve_name, rest = _read_next_string(decoded_data) data, rest = _read_next_string(rest) if expected_key_type != b"ecdsa-sha2-" + curve_name: raise ValueError( 'Key header and key body contain different key type values.' ) if rest: raise ValueError('Key body contains extra bytes.') if curve_name == b"nistp256": curve = ec.SECP256R1() elif curve_name == b"nistp384": curve = ec.SECP384R1() elif curve_name == b"nistp521": curve = ec.SECP521R1() if six.indexbytes(data, 0) != 4: raise NotImplementedError( "Compressed elliptic curve points are not supported" ) # key_size is in bits, and sometimes it's not evenly divisible by 8, so we # add 7 to round up the number of bytes. if len(data) != 1 + 2 * ((curve.key_size + 7) // 8): raise ValueError("Malformed key bytes") x = _int_from_bytes(data[1:1 + (curve.key_size + 7) // 8], byteorder='big') y = _int_from_bytes(data[1 + (curve.key_size + 7) // 8:], byteorder='big') return ec.EllipticCurvePublicNumbers(x, y, curve).public_key(backend)
def scramble(s, key=default_password_key, scramble_prefix=default_scramble_prefix, block_chaining=False): if key is None: key=default_password_key to_scramble = s #get our encoder ring (called cpKey in the C code) encoder_ring = get_encoder_ring(key) encoder_ring_index = 0 #for block chaining chain = 0 scrambled_string = '' for c in to_scramble: if c in wheel: #the index of the target character in wheel wheel_index = (wheel.index(c) + six.indexbytes(encoder_ring, encoder_ring_index % 61) + chain) % len(wheel) scrambled_string += wheel[wheel_index] if block_chaining: chain = ord(scrambled_string[-1]) & 0xff else: scrambled_string += c encoder_ring_index += 1 return scramble_prefix + scrambled_string
def comm(self, command): """ Implements low-level details of the s-protocol """ check = str(self.crc(command)) check = check[2:].zfill(2) final_com = 'FFFFFFFF' + command + check bin_comm = '' for i in range(0, len(final_com) // 2): bin_comm += chr(int(final_com[i * 2:i * 2 + 2], 16)) bin_comm += chr(0) bytes_for_serial = b(bin_comm) error = 1 while (error > 0) and (error < 10): self.ser.write(bytes_for_serial) time.sleep(0.2) s = self.ser.read(self.ser.inWaiting()) st = '' for i in range(0, len(s)): #char = hex(ord(s[i]))[2:].zfill(2) #char = hex(s[i])[2:].zfill(2) char = hex(indexbytes(s, i))[2:].zfill(2) if not char.upper() == 'FF': st = st + char try: # delimiter = st[0:2] # address = st[2:12] command = st[12:14] byte_count = int(st[14:16], 16) response = st[16:16 + 2 * byte_count] error = 0 except ValueError: error = error + 1 response = 'Error' return response
def __init__(self, key): s = [i for i in range(256)] #because Py3 range is not indexable j = 0 klen = len(key) for i in range(256): j = (j + s[i] + six.indexbytes(key, i % klen)) % 256 (s[i], s[j]) = (s[j], s[i]) self.s = s (self.i, self.j) = (0, 0) return
def fixparity(deskey): from six import indexbytes, b temp = b'' for i in range(len(deskey)): t = (bin(indexbytes(deskey, i))[2:]).rjust(8, '0') if t[:7].count('1') % 2 == 0: temp += b(chr(int(t[:7] + '1', 2))) else: temp += b(chr(int(t[:7] + '0', 2))) return temp
def __init__(self, data=None): if not data: logger.debug('Config data empty/missing') self._tags = {} return c_len, data = six.indexbytes(data, 0), data[1:] data = data[:c_len] self._tags = Tlv.parse_dict(data)
def __init__(self, data=None): if not data: logger.debug('Config data empty/missing') self._tags = {} return c_len, data = six.indexbytes(data, 0), data[1:] data = data[:c_len] self._tags = dict((x.tag, x.value) for x in parse_tlvs(data))
def __init__(self, data=0): self.type = 0x0 self.flags = 0x0 self.length = 0x0 if data == 0: self._trailer = b'' else: try: self.type = indexbytes(data, 0) if self.type == NETBIOS_SESSION_MESSAGE: self.length = indexbytes(data, 1) << 16 | (unpack( '!H', data[2:4])[0]) else: self.flags = data[1] self.length = unpack('!H', data[2:4])[0] self._trailer = data[4:] except: raise NetBIOSError('Wrong packet format ')
def decode_104(self, buf, offset): """SMALL_TUPLE_EXT""" arity = six.indexbytes(buf, offset) offset += 1 items = [] for i in range(arity): val, offset = self.decode_part(buf, offset) items.append(val) return tuple(items), offset
def _dynamic_truncate(self, counter): ctx = hmac.HMAC(self._key, self._algorithm, self._backend) ctx.update(struct.pack(">Q", counter)) hmac_value = ctx.finalize() offset_bits = six.indexbytes(hmac_value, len(hmac_value) - 1) & 0b1111 offset = int(offset_bits) p = hmac_value[offset:offset + 4] return struct.unpack(">I", p)[0] & 0x7fffffff
def parse_binary_value(self, data, display, length, format): from . import event estruct = display.event_classes.get( byte2int(data) & 0x7f, event.AnyEvent) if type(estruct) == dict: # this etype refers to a set of sub-events with individual subcodes estruct = estruct[indexbytes(data, 1)] return estruct(display=display, binarydata=data[:32]), data[32:]
def from_encoded_point(cls, curve, data): utils._check_bytes("data", data) if not isinstance(curve, EllipticCurve): raise TypeError("curve must be an EllipticCurve instance") if six.indexbytes(data, 0) not in [0x02, 0x03, 0x04]: raise ValueError("Unsupported elliptic curve point type") from cryptography.hazmat.backends.openssl.backend import backend return backend.load_elliptic_curve_public_bytes(curve, data)
def _read_long64(self): """Read a signed 64 bit integer.""" s = self._read(8) b = lambda i: six.indexbytes(s, i) x = (b(0) | b(1)<<8 | b(2)<<16 | b(3)<<24 | b(4)<<32 | b(5)<<40 | b(6)<<48 | b(7)<<56) if b(7) & 0x80 and x > 0: # sign extension x = -((1<<64) - x) return x
def normalize_uri_path_component(path_component): """ normalize_uri_path_component(path_component) -> str Normalize the path component according to RFC 3986. This performs the following operations: * Alpha, digit, and the symbols '-', '.', '_', and '~' (unreserved characters) are left alone. * Characters outside this range are percent-encoded. * Percent-encoded values are upper-cased ('%2a' becomes '%2A') * Percent-encoded values in the unreserved space (%41-%5A, %61-%7A, %30-%39, %2D, %2E, %5F, %7E) are converted to normal characters. If a percent encoding is incomplete, the percent is encoded as %25. A ValueError exception is thrown if a percent encoding includes non-hex characters (e.g. %3z). """ result = BytesIO() i = 0 path_component = path_component.encode("utf-8") while i < len(path_component): c = indexbytes(path_component, i) if c in _rfc3986_unreserved: result.write(int2byte(c)) i += 1 elif c == _ascii_percent: # percent, '%', 0x25, 37 if i + 2 >= len(path_component): result.write(b"%25") i += 1 continue try: value = int(path_component[i + 1:i + 3], 16) except ValueError: raise ValueError("Invalid %% encoding at position %d" % i) if value in _rfc3986_unreserved: result.write(int2byte(value)) else: result.write(b"%%%02X" % value) i += 3 elif c == _ascii_plus: # Plus-encoded space. Convert this to %20. result.write(b"%20") i += 1 else: result.write(b"%%%02X" % c) i += 1 result = result.getvalue() if not isinstance(result, string_types): result = str(result, "utf-8") return result
def __init__(self, _): super(RegistrationData, self).__init__() if six.indexbytes(self, 0) != 0x05: raise ValueError("Reserved byte != 0x05") self.public_key = self[1:66] kh_len = six.indexbytes(self, 66) self.key_handle = self[67:67 + kh_len] cert_offs = 67 + kh_len cert_len = six.indexbytes(self, cert_offs + 1) if cert_len > 0x80: n_bytes = cert_len - 0x80 cert_len = ( bytes2int(self[cert_offs + 2:cert_offs + 2 + n_bytes]) + n_bytes) cert_len += 2 self.certificate = self[cert_offs:cert_offs + cert_len] self.signature = self[cert_offs + cert_len:]
def from_bytes(cls, v, start=0): if not isinstance(v, bytes): raise TypeError("Cannot parse versionstamp from non-byte string") elif len(v) - start < cls.LENGTH: raise ValueError("Versionstamp byte string is too short (only " + str(len(v) - start) + " bytes to read from") else: tr_version = v[start:start + cls._TR_VERSION_LEN] if tr_version == cls._UNSET_TR_VERSION: tr_version = None user_version = six.indexbytes(v, start + cls._TR_VERSION_LEN) * (1 << 8) + six.indexbytes(v, start + cls._TR_VERSION_LEN + 1) return Versionstamp(tr_version, user_version)
def _unpad_resp(resp, cmd): if len(resp) < 3: raise YubiHsmInvalidResponseError('Wrong length') rcmd, length = struct.unpack('!BH', resp[:3]) if len(resp) < length + 3: raise YubiHsmInvalidResponseError('Wrong length') if rcmd == COMMAND.ERROR: raise YubiHsmDeviceError(six.indexbytes(resp, 3)) elif rcmd != cmd | 0x80: raise YubiHsmInvalidResponseError('Wrong command in response') return resp[3:length + 3]
def _mask_hybi(self, s): # TODO(tyoshino): os.urandom does open/read/close for every call. If # performance matters, change this to some library call that generates # cryptographically secure pseudo random number sequence. masking_nonce = os.urandom(4) result = [masking_nonce] count = 0 for c in iterbytes(s): result.append(util.pack_byte(c ^ indexbytes(masking_nonce, count))) count = (count + 1) % len(masking_nonce) return b''.join(result)
def validateSOCKS4aHost(host): try: host = socket.inet_pton(socket.AF_INET, six.ensure_text(host)) except socket.error: return # PY3KPORT: Py2-3 compatible port using six if six.ensure_binary( host[:3]) == b'\0\0\0' and six.indexbytes(host, 3) != 0: raise ValueError('SOCKS4a reserves addresses 0.0.0.1-0.0.0.255')
def decode_uvarint(data, index): item = 128 num = 0 left = 0 while item & 128: item = indexbytes(data, index) index += 1 value = (item & 127) << left num += value left += 7 return num, index
def parser(cls, buf): (auth_type, auth_len) = cls.parser_hdr(buf) assert auth_type == cls.auth_type auth_key_id = six.indexbytes(buf, cls._PACK_HDR_STR_LEN) password = buf[cls._PACK_HDR_STR_LEN + cls._PACK_STR_LEN:auth_len] msg = cls(auth_key_id, password, auth_len) return msg, None, None
def _read_long(self): """Read a signed 32 bit word.""" s = self._read(4) b = lambda i: six.indexbytes(s, i) x = b(0) | b(1) << 8 | b(2) << 16 | b(3) << 24 if b(3) & 0x80 and x > 0: # sign extension x = -((1 << 32) - x) return int(x) else: return x
def _decode_1bit(cls, header, data): output = [] row_bytes = header.width // 8 for row in range(header.height): row_values = [] for column in range(header.width): pixel = (indexbytes(data, row * row_bytes + column // 8) >> (column % 8)) & 1 row_values.extend([pixel * 255] * 3) output.append(bytearray(row_values)) return output
def _recvfrag(self): header = self.sock.recv(4) if len(header) < 4: raise exception.CohoException( _('Invalid response header from RPC server')) x = (six.indexbytes(header, 0) << 24 | six.indexbytes(header, 1) << 16 | six.indexbytes(header, 2) << 8 | six.indexbytes(header, 3)) last = ((x & 0x80000000) != 0) n = int(x & 0x7fffffff) frag = six.b('') while n > 0: buf = self.sock.recv(n) if not buf: raise exception.CohoException( _('RPC server response is incomplete')) n = n - len(buf) frag = frag + buf return last, frag
def __init__(self, backend, identity, password): self.backend = backend context = os.urandom(8) key_enc, key_mac = utils.password_to_key(password) rcmd, data = self.backend.send_cmd( COMMAND.CREATE_SES, struct.pack('!H', identity) + context) if rcmd == COMMAND.ERROR: raise YubiHsmError(six.indexbytes(data, 0)) if rcmd != COMMAND.CREATE_SES | 0x80: raise ValueError('Invalid response') self._sid = six.indexbytes(data, 0) context += data[1:1 + 8] card_crypto = data[9:9 + 8] self._key_enc = utils.derive(key_enc, KEY_ENC, context) self._key_mac = utils.derive(key_mac, KEY_MAC, context) self._key_rmac = utils.derive(key_mac, KEY_RMAC, context) gen_card_crypto = utils.derive(self._key_mac, CARD_CRYPTOGRAM, context, L=0x40) if gen_card_crypto != card_crypto: raise ValueError('Mismatch') msg = struct.pack('!BHB', COMMAND.AUTH_SES, 1 + 8 + 8, self.sid) msg += utils.derive(self._key_mac, HOST_CRYPTOGRAM, context, L=0x40) self._mac_chain = b'\x00' * 16 self._ctr = 1 msg += self._mac(self._key_mac, msg) rcmd, data = utils.unpad(self.backend._transceive(msg)) if rcmd == COMMAND.ERROR: raise YubiHsmError(six.indexbytes(data, 0)) if rcmd != COMMAND.AUTH_SES | 0x80: raise ValueError('Invalid response')
def pcb_procname_size(self): # 6.95 database upgraded to v7.0b # we have a single byte that describes how long the procname is. if self.procname_size: size = six.indexbytes(self.procname_size, 0x0) self['procname'].vsSetLength(size) # pre-7.0 elif self.tag == 'IDA': self['procname'].vsSetLength(8) # 7.0+ else: self['procname'].vsSetLength(16)
def test_unsubscribe(): """ An unsubscribe of two topics is successfully built. """ msg = mqttpacket.unsubscribe(257, [u'a/b', u'c/d']) assert msg[:1] == b'\xa1' assert six.indexbytes(msg, 1) == 12 assert msg[2:4] == b'\x01\x01' assert msg[4:6] == b'\x00\x03' assert msg[6:9] == u'a/b'.encode('utf-8') assert msg[9:11] == b'\x00\x03' assert msg[11:] == u'c/d'.encode('utf-8')
def encode_signature(r, s): """Encode an EC signature in serialized DER format as described in https://tools.ietf.org/html/rfc2459 (section 7.2.2) and as detailed by bip-0066 Args: r, s Returns: bytes: The DER encoded signature """ r_bytes = int_to_bytes(r) if indexbytes(r_bytes, 0) & 0x80: r_bytes = b"\x00" + r_bytes s_bytes = int_to_bytes(s) if indexbytes(s_bytes, 0) & 0x80: s_bytes = b"\x00" + s_bytes r_s = INTEGER + pack('B', len(r_bytes)) + r_bytes + INTEGER + pack( 'B', len(s_bytes)) + s_bytes return SEQUENCE + pack('B', len(r_s)) + r_s
def decode_114(self, buf, offset): """NEW_REFERENCE_EXT""" id_len = struct.unpack(">H", buf[offset:offset + 2])[0] node, offset = self.decode_part(buf, offset + 2) if not isinstance(node, Atom): raise EncodingError( "Expected atom while parsing NEW_REFERENCE_EXT, found %r instead" % node) creation = six.indexbytes(buf, offset) reference_id = struct.unpack(">%dL" % id_len, buf[offset + 1:offset + 1 + 4 * id_len]) return Reference(node, reference_id, creation), offset + 1 + 4 * id_len
def __eq__(self, other): if len(self) != len(other): return False if isinstance(other, BufferView): return _lib.memcmp(self._data, other._data, len(self)) == 0 elif isinstance(other, bytes): for i in xrange(len(self)): if self[i] != six.indexbytes(other, i): return False return True else: return NotImplemented
def test_build_subscription_multiple(): """ Multiple topic filters can be properly encoded. This example is from the MQTT specification. """ specs = [ mqttpacket.SubscriptionSpec(u'a/b', 0x01), mqttpacket.SubscriptionSpec(u'c/d', 0x02), ] packet = mqttpacket.subscribe(10, specs) assert isinstance(packet, bytes) assert six.indexbytes(packet, 0) == 0x82 assert six.indexbytes(packet, 1) == 14 assert six.indexbytes(packet, 2) << 8 | six.indexbytes(packet, 3) == 10 assert six.indexbytes(packet, 4) << 8 | six.indexbytes(packet, 5) == 3 assert packet[6:9].decode('utf-8') == u'a/b' assert six.indexbytes(packet, 9) == 0x01 assert six.indexbytes(packet, 10) << 8 | six.indexbytes(packet, 11) == 3 assert packet[12:15].decode('utf-8') == u'c/d' assert six.indexbytes(packet, 15) == 0x02
def _parse_capabilities(self, data): if not data: return c_len, data = six.indexbytes(data, 0), data[1:] data = data[:c_len] for tlv in parse_tlvs(data): if YK4_CAPA_TAG == tlv.tag: self.capabilities = int(b2a_hex(tlv.value), 16) elif YK4_SERIAL_TAG == tlv.tag: self._serial = int(b2a_hex(tlv.value), 16) elif YK4_ENABLED_TAG == tlv.tag: self.enabled = int(b2a_hex(tlv.value), 16)
def load_int(ai, data): if ai < 24: return ai, data elif ai == 24: return six.indexbytes(data, 0), data[1:] elif ai == 25: return struct.unpack_from(">H", data)[0], data[2:] elif ai == 26: return struct.unpack_from(">I", data)[0], data[4:] elif ai == 27: return struct.unpack_from(">Q", data)[0], data[8:] raise ValueError("Invalid additional information")