pike.digest

Source Code for Module pike.digest

1 # 2 # Copyright (c) 2013, EMC Corporation 3 # All rights reserved. 4 # 5 # Redistribution and use in source and binary forms, with or without 6 # modification, are permitted provided that the following conditions are met: 7 # 8 # 1. Redistributions of source code must retain the above copyright notice, 9 # this list of conditions and the following disclaimer. 10 # 2. Redistributions in binary form must reproduce the above copyright notice, 11 # this list of conditions and the following disclaimer in the documentation 12 # and/or other materials provided with the distribution. 13 # 14 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 # POSSIBILITY OF SUCH DAMAGE. 25 # 26 # Module Name: 27 # 28 # digest.py 29 # 30 # Abstract: 31 # 32 # Message digest and key derivation (for SMB2/3) 33 # 34 # Authors: Brian Koropoff (brian.koropoff@emc.com) 35 # 36 37 import Cryptodome.Hash.HMAC as HMAC 38 import Cryptodome.Hash.SHA256 as SHA256 39 import Cryptodome.Hash.SHA512 as SHA512 40 import Cryptodome.Cipher.AES as AES 41 import array 42 import core 43

44 -def sha256_hmac(key,message):

45 return array.array('B', 46 HMAC.new( 47 key.tostring(), 48 message.tostring(), 49 SHA256).digest())

50

51 -def aes128_cmac(key,message):

52 aes = AES.new(key.tostring(), mode=AES.MODE_ECB) 53 54 def shiftleft(data): 55 cin = 0 56 cout = 0 57 for i in reversed(xrange(0,len(data))): 58 cout = (data[i] & 0x80) >> 7 59 data[i] = ((data[i] << 1) | cin) & 0xFF 60 cin = cout 61 62 return cout

63 64 def xor(data1, data2): 65 for i in xrange(0, len(data1)): 66 data1[i] ^= data2[i] 67 68 def subkeys(key): 69 zero = array.array('B', [0]*16) 70 rb = array.array('B', [0]*15 + [0x87]) 71 72 key1 = array.array('B', aes.encrypt(zero.tostring())) 73 74 if shiftleft(key1): 75 xor(key1, rb) 76 77 key2 = array.array('B', key1) 78 79 if shiftleft(key2): 80 xor(key2, rb) 81 82 return (key1, key2) 83 84 message = array.array('B', message) 85 mac = array.array('B', [0]*16) 86 scratch = array.array('B', [0]*16) 87 n = (len(message) + 16 - 1) / 16 88 rem = len(message) % 16 89 last_complete = n != 0 and rem == 0 90 i = 0 91 92 if (n == 0): 93 n = 1 94 95 subkey1, subkey2 = subkeys(array.array('B',key)) 96 97 for i in xrange(0, n - 1): 98 xor(mac, message[i*16:i*16+16]) 99 mac = array.array('B',aes.encrypt(mac.tostring())) 100 101 if last_complete: 102 scratch[0:16] = message[-16:] 103 xor(scratch, subkey1) 104 else: 105 scratch[0:rem] = message[-rem:] 106 scratch[rem] = 0x80 107 xor(scratch, subkey2) 108 109 xor(mac, scratch) 110 mac = array.array('B',aes.encrypt(mac.tostring())) 111 112 return mac 113

114 -def smb3_sha512(message):

115 return array.array('B', 116 SHA512.new(message.tostring()).digest())

117

118 -def derive_key(key, label, context):

119 message = array.array('B') 120 cur = core.Cursor(message, 0) 121 122 cur.encode_uint32be(1) 123 cur.encode_bytes(label) 124 cur.encode_uint8be(0) 125 cur.encode_uint8be(0) 126 cur.encode_bytes(context) 127 cur.encode_uint32be(len(key)*8) 128 129 return sha256_hmac(key, message)

130