+# Authors:
+# Trevor Perrin
+# Dave Baggett (Arcode Corporation) - MD5 support for MAC_SSL
+#
+# See the LICENSE file for legal information regarding use of this file.
+
"""Miscellaneous helper functions."""
-from utils.compat import *
-from utils.cryptomath import *
+from .utils.compat import *
+from .utils.cryptomath import *
import hmac
-# The sha module is deprecated in Python 2.6
-try:
- import sha
-except ImportError:
- from hashlib import sha1 as sha
-
-# The md5 module is deprecated in Python 2.6
-try:
- import md5
-except ImportError:
- from hashlib import md5
-
#1024, 1536, 2048, 3072, 4096, 6144, and 8192 bit groups]
goodGroupParameters = [(2,0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3),\
(2,0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB),\
(5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF),\
(5,0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF)]
-def P_hash(hashModule, secret, seed, length):
- bytes = createByteArrayZeros(length)
- secret = bytesToString(secret)
- seed = bytesToString(seed)
+def P_hash(macFunc, secret, seed, length):
+ bytes = bytearray(length)
A = seed
index = 0
while 1:
- A = hmac.HMAC(secret, A, hashModule).digest()
- output = hmac.HMAC(secret, A+seed, hashModule).digest()
+ A = macFunc(secret, A)
+ output = macFunc(secret, A + seed)
for c in output:
if index >= length:
return bytes
- bytes[index] = ord(c)
+ bytes[index] = c
index += 1
return bytes
def PRF(secret, label, seed, length):
#Split the secret into left and right halves
+ # which may share a byte if len is odd
S1 = secret[ : int(math.ceil(len(secret)/2.0))]
S2 = secret[ int(math.floor(len(secret)/2.0)) : ]
#Run the left half through P_MD5 and the right half through P_SHA1
- p_md5 = P_hash(md5, S1, concatArrays(stringToBytes(label), seed), length)
- p_sha1 = P_hash(sha, S2, concatArrays(stringToBytes(label), seed), length)
+ p_md5 = P_hash(HMAC_MD5, S1, label + seed, length)
+ p_sha1 = P_hash(HMAC_SHA1, S2, label + seed, length)
#XOR the output values and return the result
for x in range(length):
def PRF_SSL(secret, seed, length):
- secretStr = bytesToString(secret)
- seedStr = bytesToString(seed)
- bytes = createByteArrayZeros(length)
+ bytes = bytearray(length)
index = 0
for x in range(26):
- A = chr(ord('A')+x) * (x+1) # 'A', 'BB', 'CCC', etc..
- input = secretStr + sha.sha(A + secretStr + seedStr).digest()
- output = md5.md5(input).digest()
+ A = bytearray([ord('A')+x] * (x+1)) # 'A', 'BB', 'CCC', etc..
+ input = secret + SHA1(A + secret + seed)
+ output = MD5(input)
for c in output:
if index >= length:
return bytes
- bytes[index] = ord(c)
+ bytes[index] = c
index += 1
return bytes
+def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
+ if version == (3,0):
+ masterSecret = PRF_SSL(premasterSecret,
+ clientRandom + serverRandom, 48)
+ elif version in ((3,1), (3,2)):
+ masterSecret = PRF(premasterSecret, b"master secret",
+ clientRandom + serverRandom, 48)
+ else:
+ raise AssertionError()
+ return masterSecret
+
+
def makeX(salt, username, password):
if len(username)>=256:
raise ValueError("username too long")
if len(salt)>=256:
raise ValueError("salt too long")
- return stringToNumber(sha.sha(salt + sha.sha(username + ":" + password)\
- .digest()).digest())
+ innerHashResult = SHA1(username + bytearray(b":") + password)
+ outerHashResult = SHA1(salt + innerHashResult)
+ return bytesToNumber(outerHashResult)
#This function is used by VerifierDB.makeVerifier
def makeVerifier(username, password, bits):
bitsIndex = {1024:0, 1536:1, 2048:2, 3072:3, 4096:4, 6144:5, 8192:6}[bits]
g,N = goodGroupParameters[bitsIndex]
- salt = bytesToString(getRandomBytes(16))
+ salt = getRandomBytes(16)
x = makeX(salt, username, password)
verifier = powMod(g, x, N)
return N, g, salt, verifier
def PAD(n, x):
- nLength = len(numberToString(n))
- s = numberToString(x)
- if len(s) < nLength:
- s = ("\0" * (nLength-len(s))) + s
- return s
+ nLength = len(numberToByteArray(n))
+ b = numberToByteArray(x)
+ if len(b) < nLength:
+ b = (b"\0" * (nLength-len(b))) + b
+ return b
def makeU(N, A, B):
- return stringToNumber(sha.sha(PAD(N, A) + PAD(N, B)).digest())
+ return bytesToNumber(SHA1(PAD(N, A) + PAD(N, B)))
def makeK(N, g):
- return stringToNumber(sha.sha(numberToString(N) + PAD(N, g)).digest())
-
+ return bytesToNumber(SHA1(numberToByteArray(N) + PAD(N, g)))
-"""
-MAC_SSL
-Modified from Python HMAC by Trevor
-"""
+def createHMAC(k, digestmod=hashlib.sha1):
+ return hmac.HMAC(k, digestmod=digestmod)
-class MAC_SSL:
- """MAC_SSL class.
+def createMAC_SSL(k, digestmod=None):
+ mac = MAC_SSL()
+ mac.create(k, digestmod=digestmod)
+ return mac
- This supports the API for Cryptographic Hash Functions (PEP 247).
- """
- def __init__(self, key, msg = None, digestmod = None):
- """Create a new MAC_SSL object.
+class MAC_SSL(object):
+ def create(self, k, digestmod=None):
+ self.digestmod = digestmod or hashlib.sha1
+ # Repeat pad bytes 48 times for MD5; 40 times for other hash functions.
+ self.digest_size = 16 if (self.digestmod is hashlib.md5) else 20
+ repeat = 40 if self.digest_size == 20 else 48
+ opad = b"\x5C" * repeat
+ ipad = b"\x36" * repeat
- key: key for the keyed hash object.
- msg: Initial input for the hash, if provided.
- digestmod: A module supporting PEP 247. Defaults to the md5 module.
- """
- if digestmod is None:
- import md5
- digestmod = md5
+ self.ohash = self.digestmod(k + opad)
+ self.ihash = self.digestmod(k + ipad)
- if key == None: #TREVNEW - for faster copying
- return #TREVNEW
-
- self.digestmod = digestmod
- self.outer = digestmod.new()
- self.inner = digestmod.new()
- self.digest_size = digestmod.digest_size
-
- ipad = "\x36" * 40
- opad = "\x5C" * 40
-
- self.inner.update(key)
- self.inner.update(ipad)
- self.outer.update(key)
- self.outer.update(opad)
- if msg is not None:
- self.update(msg)
-
-
- def update(self, msg):
- """Update this hashing object with the string msg.
- """
- self.inner.update(msg)
+ def update(self, m):
+ self.ihash.update(m)
def copy(self):
- """Return a separate copy of this hashing object.
-
- An update to this copy won't affect the original object.
- """
- other = MAC_SSL(None) #TREVNEW - for faster copying
- other.digest_size = self.digest_size #TREVNEW
- other.digestmod = self.digestmod
- other.inner = self.inner.copy()
- other.outer = self.outer.copy()
- return other
+ new = MAC_SSL()
+ new.ihash = self.ihash.copy()
+ new.ohash = self.ohash.copy()
+ new.digestmod = self.digestmod
+ new.digest_size = self.digest_size
+ return new
def digest(self):
- """Return the hash value of this hashing object.
-
- This returns a string containing 8-bit data. The object is
- not altered in any way by this function; you can continue
- updating the object after calling this function.
- """
- h = self.outer.copy()
- h.update(self.inner.digest())
- return h.digest()
-
- def hexdigest(self):
- """Like digest(), but returns a string of hexadecimal digits instead.
- """
- return "".join([hex(ord(x))[2:].zfill(2)
- for x in tuple(self.digest())])
+ ohash2 = self.ohash.copy()
+ ohash2.update(self.ihash.digest())
+ return bytearray(ohash2.digest())
projects / platform / framework / web / crosswalk.git / blobdiff