module OpenSSL::PKCS1
Public Class Methods
add_oaep_mgf1(str, len, label = '', md = nil, mgf1md = nil)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 25 def add_oaep_mgf1(str, len, label = '', md = nil, mgf1md = nil) md ||= OpenSSL::Digest::SHA1 mgf1md ||= md mdlen = md.new.digest_length z_len = len - str.bytesize - 2 * mdlen - 2 raise OpenSSL::PKey::RSAError, 'key size too small' if len < 2 * mdlen + 1 raise OpenSSL::PKey::RSAError, 'data too large for key size' if z_len.negative? l_hash = md.digest(label) db = l_hash + ([0] * z_len + [1]).pack('C*') + [str].pack('a*') seed = OpenSSL::Random.random_bytes(mdlen) masked_db = mgf1_xor(db, seed, mgf1md) masked_seed = mgf1_xor(seed, masked_db, mgf1md) [0, masked_seed, masked_db].pack('Ca*a*') end
check_oaep_mgf1(str, label = '', md = nil, mgf1md = nil)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 46 def check_oaep_mgf1(str, label = '', md = nil, mgf1md = nil) md ||= OpenSSL::Digest::SHA1 mgf1md ||= md mdlen = md.new.digest_length em = str.bytes raise OpenSSL::PKey::RSAError if em.size < 2 * mdlen + 2 # Keep constant calculation even if the text is invaid in order to avoid attacks. good = secure_byte_is_zero(em[0]) masked_seed = em[1...1 + mdlen].pack('C*') masked_db = em[1 + mdlen...em.size].pack('C*') seed = mgf1_xor(masked_seed, masked_db, mgf1md) db = mgf1_xor(masked_db, seed, mgf1md) db_bytes = db.bytes l_hash = md.digest(label) good &= secure_hash_eq(l_hash.bytes, db_bytes[0...mdlen]) one_index = 0 found_one_byte = 0 (mdlen...db_bytes.size).each do |i| equals1 = secure_byte_eq(db_bytes[i], 1) equals0 = secure_byte_is_zero(db_bytes[i]) one_index = secure_select(~found_one_byte & equals1, i, one_index) found_one_byte |= equals1 good &= (found_one_byte | equals0) end good &= found_one_byte raise OpenSSL::PKey::RSAError if good.zero? db_bytes[one_index + 1...db_bytes.size].pack('C*') end
mgf1_xor(out, seed, md)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 85 def mgf1_xor(out, seed, md) counter = 0 out_bytes = out.bytes mask_bytes = [] while mask_bytes.size < out_bytes.size mask_bytes += md.digest([seed, counter].pack('a*N')).bytes counter += 1 end out_bytes.size.times do |i| out_bytes[i] ^= mask_bytes[i] end out_bytes.pack('C*') end
secure_byte_eq(v1, v2)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 106 def secure_byte_eq(v1, v2) secure_byte_is_zero(v1 ^ v2) end
secure_byte_is_zero(v)
click to toggle source
Constant time comparistion utilities.
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 102 def secure_byte_is_zero(v) v - 1 >> 8 end
secure_hash_eq(vs1, vs2)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 114 def secure_hash_eq(vs1, vs2) # Assumes the given hash values have the same size. # This check is not constant time, but should not depends on the texts. return 0 unless vs1.size == vs2.size res = secure_byte_is_zero(0) (0...vs1.size).each do |i| res &= secure_byte_eq(vs1[i], vs2[i]) end res end
secure_select(mask, eq, ne)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 110 def secure_select(mask, eq, ne) (mask & eq) | (~mask & ne) end
Private Instance Methods
add_oaep_mgf1(str, len, label = '', md = nil, mgf1md = nil)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 25 def add_oaep_mgf1(str, len, label = '', md = nil, mgf1md = nil) md ||= OpenSSL::Digest::SHA1 mgf1md ||= md mdlen = md.new.digest_length z_len = len - str.bytesize - 2 * mdlen - 2 raise OpenSSL::PKey::RSAError, 'key size too small' if len < 2 * mdlen + 1 raise OpenSSL::PKey::RSAError, 'data too large for key size' if z_len.negative? l_hash = md.digest(label) db = l_hash + ([0] * z_len + [1]).pack('C*') + [str].pack('a*') seed = OpenSSL::Random.random_bytes(mdlen) masked_db = mgf1_xor(db, seed, mgf1md) masked_seed = mgf1_xor(seed, masked_db, mgf1md) [0, masked_seed, masked_db].pack('Ca*a*') end
check_oaep_mgf1(str, label = '', md = nil, mgf1md = nil)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 46 def check_oaep_mgf1(str, label = '', md = nil, mgf1md = nil) md ||= OpenSSL::Digest::SHA1 mgf1md ||= md mdlen = md.new.digest_length em = str.bytes raise OpenSSL::PKey::RSAError if em.size < 2 * mdlen + 2 # Keep constant calculation even if the text is invaid in order to avoid attacks. good = secure_byte_is_zero(em[0]) masked_seed = em[1...1 + mdlen].pack('C*') masked_db = em[1 + mdlen...em.size].pack('C*') seed = mgf1_xor(masked_seed, masked_db, mgf1md) db = mgf1_xor(masked_db, seed, mgf1md) db_bytes = db.bytes l_hash = md.digest(label) good &= secure_hash_eq(l_hash.bytes, db_bytes[0...mdlen]) one_index = 0 found_one_byte = 0 (mdlen...db_bytes.size).each do |i| equals1 = secure_byte_eq(db_bytes[i], 1) equals0 = secure_byte_is_zero(db_bytes[i]) one_index = secure_select(~found_one_byte & equals1, i, one_index) found_one_byte |= equals1 good &= (found_one_byte | equals0) end good &= found_one_byte raise OpenSSL::PKey::RSAError if good.zero? db_bytes[one_index + 1...db_bytes.size].pack('C*') end
mgf1_xor(out, seed, md)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 85 def mgf1_xor(out, seed, md) counter = 0 out_bytes = out.bytes mask_bytes = [] while mask_bytes.size < out_bytes.size mask_bytes += md.digest([seed, counter].pack('a*N')).bytes counter += 1 end out_bytes.size.times do |i| out_bytes[i] ^= mask_bytes[i] end out_bytes.pack('C*') end
secure_byte_eq(v1, v2)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 106 def secure_byte_eq(v1, v2) secure_byte_is_zero(v1 ^ v2) end
secure_byte_is_zero(v)
click to toggle source
Constant time comparistion utilities.
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 102 def secure_byte_is_zero(v) v - 1 >> 8 end
secure_hash_eq(vs1, vs2)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 114 def secure_hash_eq(vs1, vs2) # Assumes the given hash values have the same size. # This check is not constant time, but should not depends on the texts. return 0 unless vs1.size == vs2.size res = secure_byte_is_zero(0) (0...vs1.size).each do |i| res &= secure_byte_eq(vs1[i], vs2[i]) end res end
secure_select(mask, eq, ne)
click to toggle source
# File lib/mcapi/encryption/utils/openssl_rsa_oaep.rb, line 110 def secure_select(mask, eq, ne) (mask & eq) | (~mask & ne) end