def encode(self, message, emLen, label="", seed=None):
""":Return: a Bytes object"""
# Skipped: label input length checking. (L must be less than 2^61 octets for SHA1)
# First, make sure the message isn't too long. emLen
hLen = self.hashFnOutputBytes
if len(message) > (emLen - (2 * hLen) - 2):
assert False, "message too long"
if py3:
lHash = self.hashFn(Bytes(label, "utf8"))
else:
lHash = self.hashFn(Bytes(label))
# Let PS be a string of length (emLen - mLen - 2hLen - 2) containing only zero octets.
# Compute DB = lHash || PS || 0x01 || M.
PS = Bytes.fill(b"\x00", emLen - len(message) - (2 * hLen) - 2)
DB = lHash + PS + b"\x01" + bytes(message)
# Generate a random octet string seed of length hLen and compute
# maskedDB = MGF1(seed, emLen - self.hashFnOutputBytes - 1)
if seed is None:
rand = SecureRandomFactory.getInstance()
seed = rand.getRandomBytes(hLen)
dbMask = MGF1(seed, len(DB), self.hashFn, hLen)
maskedDB = DB ^ dbMask
# Let seedMask = MGF(maskedDB, self.hashFnOutputBytes) and
# maskedSeed = seedMask XOR seed
seedMask = MGF1(maskedDB, len(seed), self.hashFn, hLen)
maskedSeed = seedMask ^ seed
if debug:
print("Encoding")
print("label =>", label)
print("lhash =>", lHash)
print("seed =>", seed)
print("db =>", DB)
print("db len =>", len(DB))
print("db mask =>", dbMask)
print("maskedDB =>", maskedDB)
print("seedMask =>", seedMask)
print("maskedSed=>", maskedSeed)
return Bytes(b"\x00") + maskedSeed + maskedDB
def encode(self, message, emLen, label="", seed=None):
''':Return: a Bytes object'''
# Skipped: label input length checking. (L must be less than 2^61 octets for SHA1)
# First, make sure the message isn't too long. emLen
hLen = self.hashFnOutputBytes
if (len(message) > (emLen - (2 * hLen) - 2)):
assert False, "message too long"
if py3: lHash = self.hashFn(Bytes(label, 'utf8'))
else: lHash = self.hashFn(Bytes(label))
# Let PS be a string of length (emLen - mLen - 2hLen - 2) containing only zero octets.
# Compute DB = lHash || PS || 0x01 || M.
PS = Bytes.fill(b'\x00', emLen - len(message) - (2 * hLen) - 2)
DB = lHash + PS + b'\x01' + bytes(message)
# Generate a random octet string seed of length hLen and compute
# maskedDB = MGF1(seed, emLen - self.hashFnOutputBytes - 1)
if (seed is None):
rand = SecureRandomFactory.getInstance()
seed = rand.getRandomBytes(hLen)
dbMask = MGF1(seed, len(DB), self.hashFn, hLen)
maskedDB = DB ^ dbMask
# Let seedMask = MGF(maskedDB, self.hashFnOutputBytes) and
# maskedSeed = seedMask XOR seed
seedMask = MGF1(maskedDB, len(seed), self.hashFn, hLen)
maskedSeed = seedMask ^ seed
if (debug):
print("Encoding")
print("label =>", label)
print("lhash =>", lHash)
print("seed =>", seed)
print("db =>", DB)
print("db len =>", len(DB))
print("db mask =>", dbMask)
print("maskedDB =>", maskedDB)
print("seedMask =>", seedMask)
print("maskedSed=>", maskedSeed)
return Bytes(b'\x00') + maskedSeed + maskedDB
def encode(self, message, n, s0):
#n = m + s0 + s1
m = int(n / 4) #usually 256 bits
if (len(message) > (m / 8)):
assert False, "message too long"
if (len(message) != m):
message_ext = bytes(message) + Bytes.fill(b'\x80', 1)
if (len(message_ext) != m):
message_ext = bytes(message_ext) + Bytes.fill(
b'\x00', ((m / 8) - 2) - len(message))
message_ext = bytes(message_ext) + Bytes.fill(b'\x80', 1)
s1 = n - m - s0
t = Bytes.fill(b'\x00', s0 / 8)
rand = SecureRandomFactory.getInstance()
r = rand.getRandomBytes(int(s1 / 8))
v = Bytes(bytes(message_ext) + t)
x = v ^ self.hashFn(r)
y = x + r
if (debug):
print("Encoding")
print("m =>", m)
print("s0 =>", s0)
print("s1 =>", s1)
print("t =>", t, len(t))
print("r =>", r, len(r))
print("v =>", v, len(v))
print("x =>", x)
print("y =>", y, len(y))
return y
def encode(self, message, n, s0):
# n = m + s0 + s1
m = int(n / 4) # usually 256 bits
if len(message) > (m / 8):
assert False, "message too long"
if len(message) != m:
message_ext = bytes(message) + Bytes.fill(b"\x80", 1)
if len(message_ext) != m:
message_ext = bytes(message_ext) + Bytes.fill(b"\x00", ((m / 8) - 2) - len(message))
message_ext = bytes(message_ext) + Bytes.fill(b"\x80", 1)
s1 = n - m - s0
t = Bytes.fill(b"\x00", s0 / 8)
rand = SecureRandomFactory.getInstance()
r = rand.getRandomBytes(int(s1 / 8))
v = Bytes(bytes(message_ext) + t)
x = v ^ self.hashFn(r)
y = x + r
if debug:
print("Encoding")
print("m =>", m)
print("s0 =>", s0)
print("s1 =>", s1)
print("t =>", t, len(t))
print("r =>", r, len(r))
print("v =>", v, len(v))
print("x =>", x)
print("y =>", y, len(y))
return y
def encode(self, M, emBits=None, salt=None):
"""Encodes a message with PSS padding
emLen will be set to the minimum allowed length if not explicitly set
"""
# assert len(M) < (2^61 -1), Message too long
# Let H' = Hash (M'), an octet string of length hLen.
# Max length of output message
if emBits is None:
emBits = 8 * self.hLen + 8 * self.sLen + 9
# Round to the next byte
emBits = int(math.ceil(emBits / 8.0)) * 8
assert emBits >= 8 * self.hLen + 8 * self.sLen + 9, "Not enough emBits"
# Make sure the the message is long enough to be valid
emLen = int(math.ceil(emBits / 8.0))
assert emLen >= self.hLen + self.sLen + 2, "emLen too small"
if salt is None:
if self.sLen > 0:
salt = SecureRandomFactory.getInstance().getRandomBytes(self.sLen)
else:
salt = b""
assert len(salt) == self.sLen, "Salt wrong size"
# Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt;
eightzerobytes = Bytes.fill(b"\x00", 8)
mHash = self.hashFn(M)
Mprime = eightzerobytes + mHash + salt
# Let H = Hash (M'), an octet string of length hLen.
H = self.hashFn(Mprime)
# Generate an octet string PS consisting of emLen - sLen - hLen - 2 zero octets.
# The length of PS may be 0.
pslen = emLen - self.sLen - self.hLen - 2
ps = Bytes.fill(b"\x00", pslen)
# Let DB = PS || 0x01 || salt; DB is an octet string of length emLen - hLen - 1.
DB = ps + Bytes(b"\x01") + salt
# Let dbMask = MGF (H, emLen - hLen - 1).
masklen = emLen - self.hLen - 1
dbMask = MGF1(H, masklen, self.hashFn, self.hLen)
# Let maskedDB = DB ^ dbMask.
maskedDB = DB ^ dbMask
# Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to zero
numzeros = 8 * emLen - emBits
bitmask = int("0" * numzeros + "1" * (8 - numzeros), 2)
ba = bytearray(maskedDB)
ba[0] &= bitmask
maskedDB = Bytes(ba)
EM = maskedDB + H + Bytes(b"\xbc")
if debug:
print("PSS Encoding:")
print("M =>", M)
print("mHash =>", mHash)
print("salt =>", salt)
print("M' =>", Mprime)
print("H =>", H)
print("DB =>", DB)
print("dbmask=>", dbMask)
print("masked=>", maskedDB)
print("EM =>", EM)
return EM
def encode(self, M, emBits=None, salt=None):
'''Encodes a message with PSS padding
emLen will be set to the minimum allowed length if not explicitly set
'''
# assert len(M) < (2^61 -1), Message too long
#Let H' = Hash (M'), an octet string of length hLen.
#Max length of output message
if emBits is None:
emBits = 8 * self.hLen + 8 * self.sLen + 9
#Round to the next byte
emBits = int(math.ceil(emBits / 8.0)) * 8
assert emBits >= 8 * self.hLen + 8 * self.sLen + 9, "Not enough emBits"
#Make sure the the message is long enough to be valid
emLen = int(math.ceil(emBits / 8.0))
assert emLen >= self.hLen + self.sLen + 2, "emLen too small"
if salt is None:
if self.sLen > 0:
salt = SecureRandomFactory.getInstance().getRandomBytes(
self.sLen)
else:
salt = b''
assert len(salt) == self.sLen, "Salt wrong size"
#Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt;
eightzerobytes = Bytes.fill(b'\x00', 8)
mHash = self.hashFn(M)
Mprime = eightzerobytes + mHash + salt
#Let H = Hash (M'), an octet string of length hLen.
H = self.hashFn(Mprime)
#Generate an octet string PS consisting of emLen - sLen - hLen - 2 zero octets.
#The length of PS may be 0.
pslen = emLen - self.sLen - self.hLen - 2
ps = Bytes.fill(b'\x00', pslen)
#Let DB = PS || 0x01 || salt; DB is an octet string of length emLen - hLen - 1.
DB = ps + Bytes(b'\x01') + salt
#Let dbMask = MGF (H, emLen - hLen - 1).
masklen = emLen - self.hLen - 1
dbMask = MGF1(H, masklen, self.hashFn, self.hLen)
#Let maskedDB = DB ^ dbMask.
maskedDB = DB ^ dbMask
#Set the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB to zero
numzeros = 8 * emLen - emBits
bitmask = int('0' * numzeros + '1' * (8 - numzeros), 2)
ba = bytearray(maskedDB)
ba[0] &= bitmask
maskedDB = Bytes(ba)
EM = maskedDB + H + Bytes(b'\xbc')
if debug:
print("PSS Encoding:")
print("M =>", M)
print("mHash =>", mHash)
print("salt =>", salt)
print("M' =>", Mprime)
print("H =>", H)
print("DB =>", DB)
print("dbmask=>", dbMask)
print("masked=>", maskedDB)
print("EM =>", EM)
return EM