aboutsummaryrefslogtreecommitdiff
path: root/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
diff options
context:
space:
mode:
Diffstat (limited to 'frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py')
-rw-r--r--frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py44
1 files changed, 18 insertions, 26 deletions
diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
index 7525c5d..08f9efe 100644
--- a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
+++ b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
@@ -23,11 +23,13 @@
from Cryptodome.Signature.pss import MGF1
import Cryptodome.Hash.SHA1
-from Cryptodome.Util.py3compat import bord, _copy_bytes
+from Cryptodome.Util.py3compat import _copy_bytes
import Cryptodome.Util.number
-from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
-from Cryptodome.Util.strxor import strxor
+from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
+from Cryptodome.Util.strxor import strxor
from Cryptodome import Random
+from ._pkcs1_oaep_decode import oaep_decode
+
class PKCS1OAEP_Cipher:
"""Cipher object for PKCS#1 v1.5 OAEP.
@@ -68,7 +70,7 @@ class PKCS1OAEP_Cipher:
if mgfunc:
self._mgf = mgfunc
else:
- self._mgf = lambda x,y: MGF1(x,y,self._hashObj)
+ self._mgf = lambda x, y: MGF1(x, y, self._hashObj)
self._label = _copy_bytes(None, None, label)
self._randfunc = randfunc
@@ -105,7 +107,7 @@ class PKCS1OAEP_Cipher:
# See 7.1.1 in RFC3447
modBits = Cryptodome.Util.number.size(self._key.n)
- k = ceil_div(modBits, 8) # Convert from bits to bytes
+ k = ceil_div(modBits, 8) # Convert from bits to bytes
hLen = self._hashObj.digest_size
mLen = len(message)
@@ -159,22 +161,18 @@ class PKCS1OAEP_Cipher:
# See 7.1.2 in RFC3447
modBits = Cryptodome.Util.number.size(self._key.n)
- k = ceil_div(modBits,8) # Convert from bits to bytes
+ k = ceil_div(modBits, 8) # Convert from bits to bytes
hLen = self._hashObj.digest_size
# Step 1b and 1c
- if len(ciphertext) != k or k<hLen+2:
+ if len(ciphertext) != k or k < hLen+2:
raise ValueError("Ciphertext with incorrect length.")
# Step 2a (O2SIP)
ct_int = bytes_to_long(ciphertext)
- # Step 2b (RSADP)
- m_int = self._key._decrypt(ct_int)
- # Complete step 2c (I2OSP)
- em = long_to_bytes(m_int, k)
+ # Step 2b (RSADP) and step 2c (I2OSP)
+ em = self._key._decrypt_to_bytes(ct_int)
# Step 3a
lHash = self._hashObj.new(self._label).digest()
- # Step 3b
- y = em[0]
# y must be 0, but we MUST NOT check it here in order not to
# allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143)
maskedSeed = em[1:hLen+1]
@@ -187,22 +185,17 @@ class PKCS1OAEP_Cipher:
dbMask = self._mgf(seed, k-hLen-1)
# Step 3f
db = strxor(maskedDB, dbMask)
- # Step 3g
- one_pos = hLen + db[hLen:].find(b'\x01')
- lHash1 = db[:hLen]
- invalid = bord(y) | int(one_pos < hLen)
- hash_compare = strxor(lHash1, lHash)
- for x in hash_compare:
- invalid |= bord(x)
- for x in db[hLen:one_pos]:
- invalid |= bord(x)
- if invalid != 0:
+ # Step 3b + 3g
+ res = oaep_decode(em, lHash, db)
+ if res <= 0:
raise ValueError("Incorrect decryption.")
# Step 4
- return db[one_pos + 1:]
+ return db[res:]
+
def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
- """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption.
+ """Return a cipher object :class:`PKCS1OAEP_Cipher`
+ that can be used to perform PKCS#1 OAEP encryption or decryption.
:param key:
The key object to use to encrypt or decrypt the message.
@@ -236,4 +229,3 @@ def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
if randfunc is None:
randfunc = Random.get_random_bytes
return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc)
-