Пример #1
0
    def encode(self, message, emLen, label="", seed=None):
        """:Return: a Bytes object"""
        # Skipped: label input length checking. (L must be less than 2^61 octets for SHA1)
        # First, make sure the message isn't too long.    emLen
        hLen = self.hashFnOutputBytes
        if len(message) > (emLen - (2 * hLen) - 2):
            assert False, "message too long"

        if py3:
            lHash = self.hashFn(Bytes(label, "utf8"))
        else:
            lHash = self.hashFn(Bytes(label))

        # Let PS be a string of length (emLen - mLen - 2hLen - 2) containing only zero octets.
        # Compute DB = lHash || PS || 0x01 || M.
        PS = Bytes.fill(b"\x00", emLen - len(message) - (2 * hLen) - 2)
        DB = lHash + PS + b"\x01" + bytes(message)

        # Generate a random octet string seed of length hLen and compute
        # maskedDB = MGF1(seed, emLen - self.hashFnOutputBytes - 1)
        if seed is None:
            rand = SecureRandomFactory.getInstance()
            seed = rand.getRandomBytes(hLen)

        dbMask = MGF1(seed, len(DB), self.hashFn, hLen)

        maskedDB = DB ^ dbMask

        # Let seedMask = MGF(maskedDB, self.hashFnOutputBytes) and
        # maskedSeed = seedMask XOR seed
        seedMask = MGF1(maskedDB, len(seed), self.hashFn, hLen)
        maskedSeed = seedMask ^ seed
        if debug:
            print("Encoding")
            print("label    =>", label)
            print("lhash    =>", lHash)
            print("seed     =>", seed)
            print("db       =>", DB)
            print("db len   =>", len(DB))
            print("db mask  =>", dbMask)
            print("maskedDB =>", maskedDB)
            print("seedMask =>", seedMask)
            print("maskedSed=>", maskedSeed)

        return Bytes(b"\x00") + maskedSeed + maskedDB
Пример #2
0
    def encode(self, message, emLen, label="", seed=None):
        ''':Return: a Bytes object'''
        # Skipped: label input length checking. (L must be less than 2^61 octets for SHA1)
        # First, make sure the message isn't too long.    emLen
        hLen = self.hashFnOutputBytes
        if (len(message) > (emLen - (2 * hLen) - 2)):
            assert False, "message too long"

        if py3: lHash = self.hashFn(Bytes(label, 'utf8'))
        else: lHash = self.hashFn(Bytes(label))

        # Let PS be a string of length (emLen - mLen - 2hLen - 2) containing only zero octets.
        # Compute DB = lHash || PS || 0x01 || M.
        PS = Bytes.fill(b'\x00', emLen - len(message) - (2 * hLen) - 2)
        DB = lHash + PS + b'\x01' + bytes(message)

        # Generate a random octet string seed of length hLen and compute
        # maskedDB = MGF1(seed, emLen - self.hashFnOutputBytes - 1)
        if (seed is None):
            rand = SecureRandomFactory.getInstance()
            seed = rand.getRandomBytes(hLen)

        dbMask = MGF1(seed, len(DB), self.hashFn, hLen)

        maskedDB = DB ^ dbMask

        # Let seedMask = MGF(maskedDB, self.hashFnOutputBytes) and
        # maskedSeed = seedMask XOR seed
        seedMask = MGF1(maskedDB, len(seed), self.hashFn, hLen)
        maskedSeed = seedMask ^ seed
        if (debug):
            print("Encoding")
            print("label    =>", label)
            print("lhash    =>", lHash)
            print("seed     =>", seed)
            print("db       =>", DB)
            print("db len   =>", len(DB))
            print("db mask  =>", dbMask)
            print("maskedDB =>", maskedDB)
            print("seedMask =>", seedMask)
            print("maskedSed=>", maskedSeed)

        return Bytes(b'\x00') + maskedSeed + maskedDB
Пример #3
0
    def encode(self, message, n, s0):
        #n = m + s0 + s1
        m = int(n / 4)  #usually 256 bits

        if (len(message) > (m / 8)):
            assert False, "message too long"

        if (len(message) != m):
            message_ext = bytes(message) + Bytes.fill(b'\x80', 1)
            if (len(message_ext) != m):
                message_ext = bytes(message_ext) + Bytes.fill(
                    b'\x00', ((m / 8) - 2) - len(message))
            message_ext = bytes(message_ext) + Bytes.fill(b'\x80', 1)

        s1 = n - m - s0
        t = Bytes.fill(b'\x00', s0 / 8)

        rand = SecureRandomFactory.getInstance()
        r = rand.getRandomBytes(int(s1 / 8))

        v = Bytes(bytes(message_ext) + t)

        x = v ^ self.hashFn(r)

        y = x + r

        if (debug):
            print("Encoding")
            print("m        =>", m)
            print("s0       =>", s0)
            print("s1       =>", s1)
            print("t        =>", t, len(t))
            print("r        =>", r, len(r))
            print("v        =>", v, len(v))
            print("x        =>", x)
            print("y        =>", y, len(y))

        return y
Пример #4
0
    def encode(self, message, n, s0):
        # n = m + s0 + s1
        m = int(n / 4)  # usually 256 bits

        if len(message) > (m / 8):
            assert False, "message too long"

        if len(message) != m:
            message_ext = bytes(message) + Bytes.fill(b"\x80", 1)
            if len(message_ext) != m:
                message_ext = bytes(message_ext) + Bytes.fill(b"\x00", ((m / 8) - 2) - len(message))
            message_ext = bytes(message_ext) + Bytes.fill(b"\x80", 1)

        s1 = n - m - s0
        t = Bytes.fill(b"\x00", s0 / 8)

        rand = SecureRandomFactory.getInstance()
        r = rand.getRandomBytes(int(s1 / 8))

        v = Bytes(bytes(message_ext) + t)

        x = v ^ self.hashFn(r)

        y = x + r

        if debug:
            print("Encoding")
            print("m        =>", m)
            print("s0       =>", s0)
            print("s1       =>", s1)
            print("t        =>", t, len(t))
            print("r        =>", r, len(r))
            print("v        =>", v, len(v))
            print("x        =>", x)
            print("y        =>", y, len(y))

        return y
Пример #5
0
    def encode(self, M, emBits=None, salt=None):
        """Encodes a message with PSS padding
        emLen will be set to the minimum allowed length if not explicitly set
        """
        # assert len(M) < (2^61 -1), Message too long

        # Let H' = Hash (M'), an octet string of length hLen.
        # Max length of output message
        if emBits is None:
            emBits = 8 * self.hLen + 8 * self.sLen + 9
            # Round to the next byte
            emBits = int(math.ceil(emBits / 8.0)) * 8
        assert emBits >= 8 * self.hLen + 8 * self.sLen + 9, "Not enough emBits"

        # Make sure the the message is long enough to be valid
        emLen = int(math.ceil(emBits / 8.0))
        assert emLen >= self.hLen + self.sLen + 2, "emLen too small"

        if salt is None:
            if self.sLen > 0:
                salt = SecureRandomFactory.getInstance().getRandomBytes(self.sLen)
            else:
                salt = b""
        assert len(salt) == self.sLen, "Salt wrong size"

        # Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt;
        eightzerobytes = Bytes.fill(b"\x00", 8)
        mHash = self.hashFn(M)
        Mprime = eightzerobytes + mHash + salt

        # Let H = Hash (M'), an octet string of length hLen.
        H = self.hashFn(Mprime)

        # Generate an octet string PS consisting of emLen - sLen - hLen - 2 zero octets.
        # The length of PS may be 0.
        pslen = emLen - self.sLen - self.hLen - 2
        ps = Bytes.fill(b"\x00", pslen)

        # Let DB = PS || 0x01 || salt; DB is an octet string of length emLen - hLen - 1.
        DB = ps + Bytes(b"\x01") + salt

        # Let dbMask = MGF (H, emLen - hLen - 1).
        masklen = emLen - self.hLen - 1
        dbMask = MGF1(H, masklen, self.hashFn, self.hLen)
        # Let maskedDB = DB ^ dbMask.
        maskedDB = DB ^ dbMask

        # Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to zero
        numzeros = 8 * emLen - emBits
        bitmask = int("0" * numzeros + "1" * (8 - numzeros), 2)
        ba = bytearray(maskedDB)
        ba[0] &= bitmask
        maskedDB = Bytes(ba)

        EM = maskedDB + H + Bytes(b"\xbc")

        if debug:
            print("PSS Encoding:")
            print("M     =>", M)
            print("mHash =>", mHash)
            print("salt  =>", salt)
            print("M'    =>", Mprime)
            print("H     =>", H)
            print("DB    =>", DB)
            print("dbmask=>", dbMask)
            print("masked=>", maskedDB)
            print("EM    =>", EM)
        return EM
Пример #6
0
    def encode(self, M, emBits=None, salt=None):
        '''Encodes a message with PSS padding
        emLen will be set to the minimum allowed length if not explicitly set
        '''
        # assert len(M) < (2^61 -1), Message too long

        #Let H' = Hash (M'), an octet string of length hLen.
        #Max length of output message
        if emBits is None:
            emBits = 8 * self.hLen + 8 * self.sLen + 9
            #Round to the next byte
            emBits = int(math.ceil(emBits / 8.0)) * 8
        assert emBits >= 8 * self.hLen + 8 * self.sLen + 9, "Not enough emBits"

        #Make sure the the message is long enough to be valid
        emLen = int(math.ceil(emBits / 8.0))
        assert emLen >= self.hLen + self.sLen + 2, "emLen too small"

        if salt is None:
            if self.sLen > 0:
                salt = SecureRandomFactory.getInstance().getRandomBytes(
                    self.sLen)
            else:
                salt = b''
        assert len(salt) == self.sLen, "Salt wrong size"

        #Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt;
        eightzerobytes = Bytes.fill(b'\x00', 8)
        mHash = self.hashFn(M)
        Mprime = eightzerobytes + mHash + salt

        #Let H = Hash (M'), an octet string of length hLen.
        H = self.hashFn(Mprime)

        #Generate an octet string PS consisting of emLen - sLen - hLen - 2 zero octets.
        #The length of PS may be 0.
        pslen = emLen - self.sLen - self.hLen - 2
        ps = Bytes.fill(b'\x00', pslen)

        #Let DB = PS || 0x01 || salt; DB is an octet string of length emLen - hLen - 1.
        DB = ps + Bytes(b'\x01') + salt

        #Let dbMask = MGF (H, emLen - hLen - 1).
        masklen = emLen - self.hLen - 1
        dbMask = MGF1(H, masklen, self.hashFn, self.hLen)
        #Let maskedDB = DB ^ dbMask.
        maskedDB = DB ^ dbMask

        #Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to zero
        numzeros = 8 * emLen - emBits
        bitmask = int('0' * numzeros + '1' * (8 - numzeros), 2)
        ba = bytearray(maskedDB)
        ba[0] &= bitmask
        maskedDB = Bytes(ba)

        EM = maskedDB + H + Bytes(b'\xbc')

        if debug:
            print("PSS Encoding:")
            print("M     =>", M)
            print("mHash =>", mHash)
            print("salt  =>", salt)
            print("M'    =>", Mprime)
            print("H     =>", H)
            print("DB    =>", DB)
            print("dbmask=>", dbMask)
            print("masked=>", maskedDB)
            print("EM    =>", EM)
        return EM