Skip to content

O
opcua-asyncio
Commit 99d1f362 authored by Alexander Korolkov's avatar Alexander Korolkov
Browse files
Options

Rename some functions in uacrypto and add comments

parent 4f41b4eb
Show whitespace changes
Inline Side-by-side
Showing with 10 additions and 8 deletions
opcua/security_policies.py
View file @ 99d1f362
...@@ -249,7 +249,7 @@ class SignerAesCbc(Signer): ...@@ -249,7 +249,7 @@ class SignerAesCbc(Signer):
return uacrypto.sha1_size() return uacrypto.sha1_size()
def signature(self, data): def signature(self, data):
return uacrypto.hash_hmac(self.key, data) return uacrypto.hmac_sha1(self.key, data)
class VerifierAesCbc(Verifier): class VerifierAesCbc(Verifier):
...@@ -261,7 +261,7 @@ class VerifierAesCbc(Verifier): ...@@ -261,7 +261,7 @@ class VerifierAesCbc(Verifier):
return uacrypto.sha1_size() return uacrypto.sha1_size()
def verify(self, data, signature): def verify(self, data, signature):
expected = uacrypto.hash_hmac(self.key, data) expected = uacrypto.hmac_sha1(self.key, data)
if signature != expected: if signature != expected:
raise uacrypto.InvalidSignature raise uacrypto.InvalidSignature
...@@ -403,6 +403,7 @@ class SecurityPolicyBasic256(SecurityPolicy): ...@@ -403,6 +403,7 @@ class SecurityPolicyBasic256(SecurityPolicy):
self.client_certificate = uacrypto.der_from_x509(client_cert) self.client_certificate = uacrypto.der_from_x509(client_cert)
def make_symmetric_key(self, nonce1, nonce2): def make_symmetric_key(self, nonce1, nonce2):
# specs part 6, 6.7.5
key_sizes = (self.signature_key_size, self.symmetric_key_size, 16) key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
(sigkey, key, init_vec) = uacrypto.p_sha1(nonce2, nonce1, key_sizes) (sigkey, key, init_vec) = uacrypto.p_sha1(nonce2, nonce1, key_sizes)
......
opcua/uacrypto.py
View file @ 99d1f362
...@@ -129,7 +129,7 @@ def cipher_decrypt(cipher, data): ...@@ -129,7 +129,7 @@ def cipher_decrypt(cipher, data):
return decryptor.update(data) + decryptor.finalize() return decryptor.update(data) + decryptor.finalize()
def hash_hmac(key, message): def hmac_sha1(key, message):
hasher = hmac.HMAC(key, hashes.SHA1(), backend=default_backend()) hasher = hmac.HMAC(key, hashes.SHA1(), backend=default_backend())
hasher.update(message) hasher.update(message)
return hasher.finalize() return hasher.finalize()
...@@ -139,9 +139,10 @@ def sha1_size(): ...@@ -139,9 +139,10 @@ def sha1_size():
return hashes.SHA1.digest_size return hashes.SHA1.digest_size
def p_sha1(key, body, sizes=()): def p_sha1(secret, seed, sizes=()):
""" """
Derive one or more keys from key and body. Derive one or more keys from secret and seed.
(See specs part 6, 6.7.5 and RFC 2246 - TLS v1.0)
Lengths of keys will match sizes argument Lengths of keys will match sizes argument
""" """
full_size = 0 full_size = 0
...@@ -149,10 +150,10 @@ def p_sha1(key, body, sizes=()): ...@@ -149,10 +150,10 @@ def p_sha1(key, body, sizes=()):
full_size += size full_size += size
result = b'' result = b''
accum = body accum = seed
while len(result) < full_size: while len(result) < full_size:
accum = hash_hmac(key, accum) accum = hmac_sha1(secret, accum)
result += hash_hmac(key, accum + body) result += hmac_sha1(secret, accum + seed)
parts = [] parts = []
for size in sizes: for size in sizes:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7