Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/scapy/layers/tls/crypto/pkcs1.py: 20%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

119 statements  

1# SPDX-License-Identifier: GPL-2.0-only 

2# This file is part of Scapy 

3# See https://scapy.net/ for more information 

4# Copyright (C) 2008 Arnaud Ebalard <arno@natisbad.org> 

5# 2015, 2016, 2017 Maxence Tury <maxence.tury@ssi.gouv.fr> 

6 

7""" 

8PKCS #1 methods as defined in RFC 3447. 

9 

10We cannot rely solely on the cryptography library, because the openssl package 

11used by the cryptography library may not implement the md5-sha1 hash, as with 

12Ubuntu or OSX. This is why we reluctantly keep some legacy crypto here. 

13""" 

14 

15from scapy.compat import bytes_encode, hex_bytes, bytes_hex 

16 

17from scapy.config import conf, crypto_validator 

18from scapy.error import warning 

19from scapy.layers.tls.crypto.hash import _get_hash 

20if conf.crypto_valid: 

21 from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm 

22 from cryptography.hazmat.backends import default_backend 

23 from cryptography.hazmat.primitives import hashes 

24 from cryptography.hazmat.primitives.asymmetric import padding 

25 

26 

27##################################################################### 

28# Some helpers 

29##################################################################### 

30 

31def pkcs_os2ip(s): 

32 """ 

33 OS2IP conversion function from RFC 3447. 

34 

35 :param s: octet string to be converted 

36 :return: n, the corresponding nonnegative integer 

37 """ 

38 return int(bytes_hex(s), 16) 

39 

40 

41def pkcs_i2osp(n, sLen): 

42 """ 

43 I2OSP conversion function from RFC 3447. 

44 The length parameter allows the function to perform the padding needed. 

45 Note that the user is responsible for providing a sufficient xLen. 

46 

47 :param n: nonnegative integer to be converted 

48 :param sLen: intended length of the resulting octet string 

49 :return: corresponding octet string 

50 """ 

51 # if n >= 256**sLen: 

52 # raise Exception("Integer too large for provided sLen %d" % sLen) 

53 fmt = "%%0%dx" % (2 * sLen) 

54 return hex_bytes(fmt % n) 

55 

56 

57def pkcs_ilen(n): 

58 """ 

59 This is a log base 256 which determines the minimum octet string 

60 length for unequivocal representation of integer n by pkcs_i2osp. 

61 """ 

62 i = 0 

63 while n > 0: 

64 n >>= 8 

65 i += 1 

66 return i 

67 

68 

69@crypto_validator 

70def _legacy_pkcs1_v1_5_encode_md5_sha1(M, emLen): 

71 """ 

72 Legacy method for PKCS1 v1.5 encoding with MD5-SHA1 hash. 

73 """ 

74 M = bytes_encode(M) 

75 md5_hash = hashes.Hash(_get_hash("md5"), backend=default_backend()) 

76 md5_hash.update(M) 

77 sha1_hash = hashes.Hash(_get_hash("sha1"), backend=default_backend()) 

78 sha1_hash.update(M) 

79 H = md5_hash.finalize() + sha1_hash.finalize() 

80 if emLen < 36 + 11: 

81 warning("pkcs_emsa_pkcs1_v1_5_encode: " 

82 "intended encoded message length too short") 

83 return None 

84 PS = b'\xff' * (emLen - 36 - 3) 

85 return b'\x00' + b'\x01' + PS + b'\x00' + H 

86 

87 

88##################################################################### 

89# Hash and padding helpers 

90##################################################################### 

91 

92if conf.crypto_valid: 

93 def _get_padding(padStr, mgf=padding.MGF1, h=hashes.SHA256, label=None): 

94 if padStr == "pkcs": 

95 return padding.PKCS1v15() 

96 elif padStr == "pss": 

97 # Can't find where this is written, but we have to use the digest 

98 # size instead of the automatic padding.PSS.MAX_LENGTH. 

99 return padding.PSS(mgf=mgf(h), salt_length=h.digest_size) 

100 elif padStr == "oaep": 

101 return padding.OAEP(mgf=mgf(h), algorithm=h, label=label) 

102 else: 

103 warning("Key.encrypt(): Unknown padding type (%s)", padStr) 

104 return None 

105 

106 

107##################################################################### 

108# Asymmetric Cryptography wrappers 

109##################################################################### 

110 

111# Make sure that default values are consistent across the whole TLS module, 

112# lest they be explicitly set to None between cert.py and pkcs1.py. 

113 

114class _EncryptAndVerifyRSA(object): 

115 

116 @crypto_validator 

117 def encrypt(self, m, t="pkcs", h="sha256", mgf=None, L=None): 

118 mgf = mgf or padding.MGF1 

119 h = _get_hash(h) 

120 pad = _get_padding(t, mgf, h, L) 

121 return self.pubkey.encrypt(m, pad) 

122 

123 @crypto_validator 

124 def verify(self, M, S, t="pkcs", h="sha256", mgf=None, L=None): 

125 M = bytes_encode(M) 

126 mgf = mgf or padding.MGF1 

127 h = _get_hash(h) 

128 pad = _get_padding(t, mgf, h, L) 

129 try: 

130 try: 

131 self.pubkey.verify(S, M, pad, h) 

132 except UnsupportedAlgorithm: 

133 if t != "pkcs" and h != "md5-sha1": 

134 raise UnsupportedAlgorithm("RSA verification with %s" % h) 

135 self._legacy_verify_md5_sha1(M, S) 

136 return True 

137 except InvalidSignature: 

138 return False 

139 

140 def _legacy_verify_md5_sha1(self, M, S): 

141 k = self._modulusLen // 8 

142 if len(S) != k: 

143 warning("invalid signature (len(S) != k)") 

144 return False 

145 s = pkcs_os2ip(S) 

146 n = self._modulus 

147 if s > n - 1: 

148 warning("Key._rsaep() expects a long between 0 and n-1") 

149 return None 

150 m = pow(s, self._pubExp, n) 

151 EM = pkcs_i2osp(m, k) 

152 EMPrime = _legacy_pkcs1_v1_5_encode_md5_sha1(M, k) 

153 if EMPrime is None: 

154 warning("Key._rsassa_pkcs1_v1_5_verify(): unable to encode.") 

155 return False 

156 return EM == EMPrime 

157 

158 

159class _DecryptAndSignRSA(object): 

160 

161 @crypto_validator 

162 def decrypt(self, C, t="pkcs", h="sha256", mgf=None, L=None): 

163 mgf = mgf or padding.MGF1 

164 h = _get_hash(h) 

165 pad = _get_padding(t, mgf, h, L) 

166 return self.key.decrypt(C, pad) 

167 

168 @crypto_validator 

169 def sign(self, M, t="pkcs", h="sha256", mgf=None, L=None): 

170 M = bytes_encode(M) 

171 mgf = mgf or padding.MGF1 

172 h = _get_hash(h) 

173 pad = _get_padding(t, mgf, h, L) 

174 try: 

175 return self.key.sign(M, pad, h) 

176 except UnsupportedAlgorithm: 

177 if t != "pkcs" and h != "md5-sha1": 

178 raise UnsupportedAlgorithm("RSA signature with %s" % h) 

179 return self._legacy_sign_md5_sha1(M) 

180 

181 def _legacy_sign_md5_sha1(self, M): 

182 M = bytes_encode(M) 

183 k = self._modulusLen // 8 

184 EM = _legacy_pkcs1_v1_5_encode_md5_sha1(M, k) 

185 if EM is None: 

186 warning("Key._rsassa_pkcs1_v1_5_sign(): unable to encode") 

187 return None 

188 m = pkcs_os2ip(EM) 

189 n = self._modulus 

190 if m > n - 1: 

191 warning("Key._rsaep() expects a long between 0 and n-1") 

192 return None 

193 privExp = self.key.private_numbers().d 

194 s = pow(m, privExp, n) 

195 return pkcs_i2osp(s, k)