101 lines
3.5 KiB
Python
101 lines
3.5 KiB
Python
|
# Copyright 2011 Sybren A. Stüvel <sybren@stuvel.eu>
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
# you may not use this file except in compliance with the License.
|
||
|
# You may obtain a copy of the License at
|
||
|
#
|
||
|
# https://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
# See the License for the specific language governing permissions and
|
||
|
# limitations under the License.
|
||
|
|
||
|
"""Functions for PKCS#1 version 2 encryption and signing
|
||
|
|
||
|
This module implements certain functionality from PKCS#1 version 2. Main
|
||
|
documentation is RFC 2437: https://tools.ietf.org/html/rfc2437
|
||
|
"""
|
||
|
|
||
|
from rsa import (
|
||
|
common,
|
||
|
pkcs1,
|
||
|
transform,
|
||
|
)
|
||
|
|
||
|
|
||
|
def mgf1(seed: bytes, length: int, hasher: str = "SHA-1") -> bytes:
|
||
|
"""
|
||
|
MGF1 is a Mask Generation Function based on a hash function.
|
||
|
|
||
|
A mask generation function takes an octet string of variable length and a
|
||
|
desired output length as input, and outputs an octet string of the desired
|
||
|
length. The plaintext-awareness of RSAES-OAEP relies on the random nature of
|
||
|
the output of the mask generation function, which in turn relies on the
|
||
|
random nature of the underlying hash.
|
||
|
|
||
|
:param bytes seed: seed from which mask is generated, an octet string
|
||
|
:param int length: intended length in octets of the mask, at most 2^32(hLen)
|
||
|
:param str hasher: hash function (hLen denotes the length in octets of the hash
|
||
|
function output)
|
||
|
|
||
|
:return: mask, an octet string of length `length`
|
||
|
:rtype: bytes
|
||
|
|
||
|
:raise OverflowError: when `length` is too large for the specified `hasher`
|
||
|
:raise ValueError: when specified `hasher` is invalid
|
||
|
"""
|
||
|
|
||
|
try:
|
||
|
hash_length = pkcs1.HASH_METHODS[hasher]().digest_size
|
||
|
except KeyError as ex:
|
||
|
raise ValueError(
|
||
|
"Invalid `hasher` specified. Please select one of: {hash_list}".format(
|
||
|
hash_list=", ".join(sorted(pkcs1.HASH_METHODS.keys()))
|
||
|
)
|
||
|
) from ex
|
||
|
|
||
|
# If l > 2^32(hLen), output "mask too long" and stop.
|
||
|
if length > (2 ** 32 * hash_length):
|
||
|
raise OverflowError(
|
||
|
"Desired length should be at most 2**32 times the hasher's output "
|
||
|
"length ({hash_length} for {hasher} function)".format(
|
||
|
hash_length=hash_length,
|
||
|
hasher=hasher,
|
||
|
)
|
||
|
)
|
||
|
|
||
|
# Looping `counter` from 0 to ceil(l / hLen)-1, build `output` based on the
|
||
|
# hashes formed by (`seed` + C), being `C` an octet string of length 4
|
||
|
# generated by converting `counter` with the primitive I2OSP
|
||
|
output = b"".join(
|
||
|
pkcs1.compute_hash(
|
||
|
seed + transform.int2bytes(counter, fill_size=4),
|
||
|
method_name=hasher,
|
||
|
)
|
||
|
for counter in range(common.ceil_div(length, hash_length) + 1)
|
||
|
)
|
||
|
|
||
|
# Output the leading `length` octets of `output` as the octet string mask.
|
||
|
return output[:length]
|
||
|
|
||
|
|
||
|
__all__ = [
|
||
|
"mgf1",
|
||
|
]
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
print("Running doctests 1000x or until failure")
|
||
|
import doctest
|
||
|
|
||
|
for count in range(1000):
|
||
|
(failures, tests) = doctest.testmod()
|
||
|
if failures:
|
||
|
break
|
||
|
|
||
|
if count % 100 == 0 and count:
|
||
|
print("%i times" % count)
|
||
|
|
||
|
print("Doctests done")
|