def __init__(self, params: Dict[int, Any]):
""" """
super().__init__(params)
self._cipher: AESGCM
# Validate alg.
if self._alg == 1: # A128GCM
if not self._key:
self._key = AESGCM.generate_key(bit_length=128)
if len(self._key) != 16:
raise ValueError("The length of A128GCM key should be 16 bytes.")
elif self._alg == 2: # A192GCM
if not self._key:
self._key = AESGCM.generate_key(bit_length=192)
if len(self._key) != 24:
raise ValueError("The length of A192GCM key should be 24 bytes.")
elif self._alg == 3: # A256GCM
if not self._key:
self._key = AESGCM.generate_key(bit_length=256)
if len(self._key) != 32:
raise ValueError("The length of A256GCM key should be 32 bytes.")
else:
raise ValueError(f"Unsupported or unknown alg(3) for AES GCM: {self._alg}.")
self._cipher = AESGCM(self._key)
return
def handle_echo(reader, writer):
global key
global conn_cnt
conn_cnt +=1
#gerar a key
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
aad = b'authenticated but unencrypted data'
#Enviar a chave para o cliente
writer.write(key)
yield from writer.drain()
srvwrk = ServerWorker(conn_cnt, aesgcm)
data = yield from reader.read(100)
while True:
if data[:1]==b'E': break
if not data: continue
addr = writer.get_extra_info('peername')
res = srvwrk.respond(data[1:], addr)
if not res: break
res = b'M'+res
writer.write(res)
yield from writer.drain()
data = yield from reader.read(100)
print("[%d]" % srvwrk.id)
writer.close()
def encrypter(fname):
tools.empty_folder('./encrypted/' + fname + '/files/' )
tools.empty_folder('./key/')
key_1 = Fernet.generate_key()
key_1_1 = Fernet.generate_key()
key_1_2 = Fernet.generate_key()
key_2 = ChaCha20Poly1305.generate_key()
key_3 = AESGCM.generate_key(bit_length=128)
key_4 = AESCCM.generate_key(bit_length=128)
nonce13 = os.urandom(13)
nonce12 = os.urandom(12)
files = sorted(tools.list_dir('files'))
for index in range(0,len(files)):
if index%4 == 0:
Algo1_extented(files[index],key_1_1,key_1_2, fname)
elif index%4 == 1:
Algo2(files[index],key_2,nonce12, fname)
elif index%4 == 2:
Algo3(files[index],key_3,nonce12, fname)
else:
Algo4(files[index],key_4,nonce13, fname)
secret_information = (key_1_1)+":::::"+(key_1_2)+":::::"+(key_2)+":::::"+(key_3)+":::::"+(key_4)+":::::"+(nonce12)+":::::"+(nonce13)
Algo1(secret_information,key_1, fname)
# Static path to the image file for Steganography
in_f = "./static/png.png"
#out_f = './encrypted/' + fname + '/key/' + fname + '.png'
out_f = './key/' + fname + '.png'
in_img = cv2.imread(in_f)
steg = Steganography(in_img)
res = steg.encode_binary(key_1)
cv2.imwrite(out_f, res)
tools.empty_folder('files')
def generateAESkey(self):
self.rtspSocket.send(b'Connection Request')
while True:
cert_data = self.rtspSocket.recv(1024)
if cert_data:
cert = x509.load_pem_x509_certificate(
cert_data, backend=default_backend())
sig = cert.signature
cert_bytes = cert.tbs_certificate_bytes
self.ca_pk.verify(sig, cert_bytes, padding.PKCS1v15(),
cert.signature_hash_algorithm)
self.aes_key = AESGCM.generate_key(bit_length=128)
self.aesgcm = AESGCM(self.aes_key)
enc_key = self.ca_pk.encrypt(
self.aes_key,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
self.rtspSocket.send(enc_key)
while True:
conf = self.rtspSocket.recv(1024)
if conf:
if conf.decode() == "Connection Established":
self.state = self.ESTABLISHED
break
break
print("Key Exchange Completed")
def generate_symmetric_key():
"""
Generate a new symmetric key and save it path specified by user in config YAML passed to `set_config()`
Parameters
----------
num_bytes : int
Number of bytes for key
"""
num_bytes = _LIB.cipher_key_size()
if _CONF.get("general_config") is None:
raise MC2ClientConfigError("Configuration not set")
symmetric_key_path = EnvYAML(
_CONF["general_config"])["user"]["symmetric_key"]
if os.path.exists(symmetric_key_path):
logger.warning(
"Skipping symmetric key generation - key already exists at {}".
format(symmetric_key_path))
return
key = AESGCM.generate_key(bit_length=num_bytes * 8)
with open(symmetric_key_path, "wb") as symm_key:
symm_key.write(key)
logger.info("Generated symmetric key and outputted to {}".format(
symmetric_key_path))
def getRecordedTransactionIds():
keyExchange.completeExchange("Polling", "Audit")
# Get shared key
file = open("PollingToAuditSharedKey.txt", 'r')
sharedKey = file.read()
masterKey = getPollingMasterKey()
polledVotersDictionary = getPolledVotersDictionary(masterKey)
transactionIds = ",".join(polledVotersDictionary.values())
if transactionIds:
pass
else:
transactionIds = "No votes"
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
messageToSendBytes = aesgcm.encrypt(nonce, transactionIds.encode(), None)
ctr = Counter.new(128)
cipher = AES.new(sharedKey, AES.MODE_CTR, counter=ctr)
keyToSend = cipher.encrypt(key)
nonceToSend = cipher.encrypt(nonce)
return (messageToSendBytes, nonceToSend, keyToSend)
def isRegisteredVoter(voterId):
keyExchange.completeExchange("Polling", "Registration")
# Get shared key
file = open("PollingToRegistrationSharedKey.txt", 'r')
sharedKey = file.read()
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
voterIdBytes = aesgcm.encrypt(nonce, voterId.encode(), None)
ctr = Counter.new(128)
cipher = AES.new(sharedKey, AES.MODE_CTR, counter=ctr)
keyToSend = cipher.encrypt(key)
nonceToSend = cipher.encrypt(nonce)
response = registration.checkVoterStatus(voterIdBytes, nonceToSend,
keyToSend)
receivedMessageCtr = Counter.new(128)
receivedMessageCipher = AES.new(sharedKey,
AES.MODE_CTR,
counter=receivedMessageCtr)
decryptedKey = receivedMessageCipher.decrypt(response[2])
decryptedNonce = receivedMessageCipher.decrypt(response[1])
aesgcm = AESGCM(decryptedKey)
statusBytes = aesgcm.decrypt(decryptedNonce, response[0], None)
status = eval(statusBytes.decode("utf-8"))
return status
def transmitVote(vote, transactionId):
keyExchange.completeExchange("Polling", "Audit")
# Get shared key
file = open("PollingToAuditSharedKey.txt", 'r')
sharedKey = file.read()
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
messageToSendBytes = aesgcm.encrypt(
nonce, "{0},{1}".format(transactionId, vote).encode(), None)
ctr = Counter.new(128)
cipher = AES.new(sharedKey, AES.MODE_CTR, counter=ctr)
keyToSend = cipher.encrypt(key)
nonceToSend = cipher.encrypt(nonce)
response = audit.transmitVote(messageToSendBytes, nonceToSend, keyToSend)
responseCtr = Counter.new(128)
receivedMessageCtr = Counter.new(128)
receivedMessageCipher = AES.new(sharedKey,
AES.MODE_CTR,
counter=receivedMessageCtr)
decryptedKey = receivedMessageCipher.decrypt(response[2])
decryptedNonce = receivedMessageCipher.decrypt(response[1])
aesgcm = AESGCM(decryptedKey)
statusBytes = aesgcm.decrypt(decryptedNonce, response[0], None)
status = eval(statusBytes.decode("utf-8"))
return status
def tcp_echo_client(loop=None):
if loop is None:
loop = asyncio.get_event_loop()
reader, writer = yield from asyncio.open_connection('127.0.0.1', 8888,
loop=loop)
key = AESGCM.generate_key(bit_length=128)
iid = yield from reader.read(256)
#Receber os parametros
p = yield from reader.read(3000)
g = yield from reader.read(3000)
criaAssinatura(iid.decode())
pn = dh.DHParameterNumbers(int(p.decode()), int(g.decode()))
parameters = pn.parameters(default_backend())
private_key = parameters.generate_private_key()
public_key = private_key.public_key()
public_bytes = public_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
writer.write(public_bytes)
yield from writer.drain()
#Receber a public key dele
public_key2 = yield from reader.read(3000)
partner_pk = load_pem_public_key(public_key2, default_backend())
shared_key = private_key.exchange(partner_pk)
assinatura = assinar(public_bytes, public_key2)
writer.write(assinatura)
assinatura_partner = yield from reader.read(3000)
if(len(assinatura_partner)!=0):
res = verificar(assinatura_partner,public_bytes, public_key2)
if res == 0:
writer.write(b"")
yield from writer.drain()
data = b'S'
#Gerar a chave
aesgcm = AESGCM(shared_key[:32])
client = Client("Cliente 1", aesgcm)
msg = client.initmsg()
while len(data)>0:
if msg:
msg = b'M' + msg
writer.write(msg)
if msg[:1] == b'E': break
data = yield from reader.read(100)
if len(data)>0 :
msg = client.respond(data[1:])
else:
break
else:
break
writer.write(b'E')
print('Socket closed!')
writer.close()
def encrypter():
tools.empty_folder('key')
tools.empty_folder('encrypted')
key_1 = Fernet.generate_key()
key_1_1 = Fernet.generate_key()
key_1_2 = Fernet.generate_key()
key_2 = ChaCha20Poly1305.generate_key()
key_3 = AESGCM.generate_key(bit_length=128)
key_4 = AESCCM.generate_key(bit_length=128)
nonce13 = os.urandom(13)
nonce12 = os.urandom(12)
files = sorted(tools.list_dir('files'))
for index in range(0, len(files)):
if index % 4 == 0:
Algo1_extented(files[index], key_1_1, key_1_2)
elif index % 4 == 1:
Algo2(files[index], key_2, nonce12)
elif index % 4 == 2:
Algo3(files[index], key_3, nonce12)
else:
Algo4(files[index], key_4, nonce13)
secret_information = (key_1_1) + ":::::" + (key_1_2) + ":::::" + (
key_2) + ":::::" + (key_3) + ":::::" + (key_4) + ":::::" + (
nonce12) + ":::::" + (nonce13)
Algo1(secret_information, key_1)
public_key = open("./key/Taale_Ki_Chabhi.pem", "wb")
public_key.write(key_1)
public_key.close()
tools.empty_folder('files')
def tcp_echo_client(loop=None):
if loop is None:
loop = asyncio.get_event_loop()
#gerar a key
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
reader, writer = yield from asyncio.open_connection('127.0.0.1', 8888,
loop=loop)
data = b'S'
#transição da chave
key = yield from reader.read(128)
aesgcm = AESGCM(key)
client = Client("Cliente 1", aesgcm)
msg = client.initmsg()
while len(data)>0:
if msg:
msg = b'M' + msg
writer.write(msg)
if msg[:1] == b'E': break
data = yield from reader.read(100)
if len(data)>0 :
msg = client.respond(data[1:])
else:
break
else:
break
writer.write(b'E')
print('Socket closed!')
writer.close()
def AES_GCM(data, aad):
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
ct = aesgcm.encrypt(nonce, data, aad)
pt = aesgcm.decrypt(nonce, ct, aad)
return ct, pt
def _data_encrypt(self, data: bytes) -> Tuple[bytes, bytes, bytes]:
"""Asymmetrically encrypt a piece of data, returning a tuple containing
the encrypted data as a bytes object, the plaintext (!) encryption key
as a bytes object, and the nonce used to encrypt as a bytes object.
Uses a 256-bit AES cipher in Galois Counter Mode, as recommended by
Google for generating data encryption keys:
https://cloud.google.com/kms/docs/envelope-encryption#data_encryption_keys
Uses a 96-bit nonce length, as recommended by NIST for AES in GCM:
https://csrc.nist.gov/publications/detail/sp/800-38d/final
Args:
data: The data to encrypt.
Returns:
Tuple:
bytes: Encrypted data
bytes: Plaintext (!) data encryption key -- encrypt with your
key encryption key ASAP and do NOT store in plaintext!!
bytes: 96-bit nonce value used with data encryption key when
encrypting data. Under NO circumstances to be reused for
encryption with the same key.
"""
key = AESGCM.generate_key(bit_length=256)
aesgcm = AESGCM(key)
nonce = os.urandom(12) # 12 bytes == 96 bits
encrypted = aesgcm.encrypt(nonce, data, associated_data=None)
return encrypted, key, nonce
def aesgcm_mode_encryption(bitlength, filename, key):
fd = open(filename, "r")
data = fd.read()
data = data.encode()
fd.close()
if not key:
print("****Generating key with key length:" + str(bitlength))
key = AESGCM.generate_key(bit_length=bitlength)
else:
fd = shelve.open(key)
key = fd["key"]
key = key[0]
key1 = AESGCM(key)
nonce = os.urandom(12)
print("***Encrypting your data***")
ct = key1.encrypt(nonce, data, None)
ls = [key, nonce]
print("***Saving your data to file:" + filename + "_encrypted.db***")
new_name = filename + "_encrypted"
db = shelve.open(new_name)
db["data"] = ct
db.close()
print("***saving you key and nonces to file:" + filename + "_keys.db")
key_file = filename + "_keys"
db = shelve.open(key_file)
db["key"] = ls
db.close()
def __init__(self, in_key=None):
self._backend = default_backend()
self._block_size_bytes = int(ciphers.algorithms.AES.block_size / 8)
if in_key is None:
self._key = AESGCM.generate_key(bit_length=128)
else:
self._key = in_key
self._aesgcm = AESGCM(self._key)
def test_params_not_bytes(self, nonce, data, associated_data, backend):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
with pytest.raises(TypeError):
aesgcm.encrypt(nonce, data, associated_data)
with pytest.raises(TypeError):
aesgcm.decrypt(nonce, data, associated_data)
def aesgcm_encrypt_message_and_sign(message, private_key):
signature = sign_message(message, private_key)
data = message + "*-*-*-*-*-*" + signature
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
ct = aesgcm.encrypt(nonce, data, None)
return (ct, key, nonce)
def test_params_not_bytes(self, nonce, data, associated_data, backend):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
with pytest.raises(TypeError):
aesgcm.encrypt(nonce, data, associated_data)
with pytest.raises(TypeError):
aesgcm.decrypt(nonce, data, associated_data)
def generate_key(cls, bit_length=256):
"""Generates an encryption key, then coverts it into a hex string.
:param int bit_length: must be 128, 192, or 256.
:return str: the generated key.
"""
key = AESGCM.generate_key(bit_length)
return key.hex().upper()
def __encryptMessage(self, other_jid, plaintext):
messages = {other_jid: {}, self.__my_jid: {}}
aes_gcm_key = AESGCM.generate_key(bit_length=128)
aes_gcm_iv = os.urandom(16)
aes_gcm = AESGCM(aes_gcm_key)
ciphertext = aes_gcm.encrypt(aes_gcm_iv, plaintext, None)
aes_gcm_tag = ciphertext[-16:]
ciphertext = ciphertext[:-16]
other_devices = list(self.__bundles[other_jid].keys())
my_devices = list(self.__bundles[self.__my_jid].keys())
my_devices.remove(self.__my_device_id)
def encryptAll(devices, jid):
for device in devices:
try:
dr = self.__sessions[jid][device]
pre_key = False
except KeyError:
session_init_data = self.initSessionActive(
self.__bundles[jid][device])
dr = session_init_data["dr"]
session_init_data = session_init_data["to_other"]
pre_key = True
self.__sessions[jid] = self.__sessions.get(jid, {})
self.__sessions[jid][device] = dr
message = dr.encryptMessage(aes_gcm_key + aes_gcm_tag)
message_data = wireformat.message_header.toWire(
message["ciphertext"], message["header"], message["ad"],
message["authentication_key"])
if pre_key:
message_data = wireformat.pre_key_message_header.toWire(
session_init_data, message_data)
messages[jid][device] = {
"message": message_data,
"pre_key": pre_key
}
encryptAll(other_devices, other_jid)
encryptAll(my_devices, self.__my_jid)
return {
"iv": aes_gcm_iv,
"messages": messages,
"payload": ciphertext,
"cipher": aes_gcm
}
def __init__(self, bit_length=0, key=None):
Encrypter.__init__(self)
if key:
self.key = AESGCM(key)
elif bit_length:
if bit_length not in [128, 192, 256]:
raise UnsupportedBitLength(bit_length)
self.key = AESGCM.generate_key(bit_length=bit_length)
def transport_write(self,data):
print("transport_write")
#self.key_iv()
key = AESGCM.generate_key(bit_length=128)
encData = AESGCM(self.enc).encrypt(self.iv,data,None)
self.iv = self.increIv(self.iv)
dataPacket = DataPacket(data=encData)
self.transport.write(dataPacket.__serialize__())
print("crap encrypted and sent data")
def AES_GCM_ecnrypt(text):
data = bytes(text,'utf-8')
aad = bytes("Research",'utf-8')
key = AESGCM.generate_key(bit_length=128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
ct = aesgcm.encrypt(nonce, data, aad)
aesgcm.decrypt(nonce, ct, aad)
return True
def test_associated_data_none_equal_to_empty_bytestring(self, backend):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
ct1 = aesgcm.encrypt(nonce, b"some_data", None)
ct2 = aesgcm.encrypt(nonce, b"some_data", b"")
assert ct1 == ct2
pt1 = aesgcm.decrypt(nonce, ct1, None)
pt2 = aesgcm.decrypt(nonce, ct2, b"")
assert pt1 == pt2
def test_data_too_large(self):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
nonce = b"0" * 12
with pytest.raises(OverflowError):
aesgcm.encrypt(nonce, FakeData(), b"")
with pytest.raises(OverflowError):
aesgcm.encrypt(nonce, b"", FakeData())
def test_associated_data_none_equal_to_empty_bytestring(self, backend):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
ct1 = aesgcm.encrypt(nonce, b"some_data", None)
ct2 = aesgcm.encrypt(nonce, b"some_data", b"")
assert ct1 == ct2
pt1 = aesgcm.decrypt(nonce, ct1, None)
pt2 = aesgcm.decrypt(nonce, ct2, b"")
assert pt1 == pt2
def test_invalid_nonce_length(self, length, backend):
if backend._fips_enabled:
# Red Hat disables non-96-bit IV support as part of its FIPS
# patches.
pytest.skip("Non-96-bit IVs unsupported in FIPS mode.")
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
with pytest.raises(ValueError):
aesgcm.encrypt(b"\x00" * length, b"hi", None)
def test_data_too_large(self):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
nonce = b"0" * 12
with pytest.raises(OverflowError):
aesgcm.encrypt(nonce, FakeData(), b"")
with pytest.raises(OverflowError):
aesgcm.encrypt(nonce, b"", FakeData())
def __init__(self, bit_length=0, key=None):
Encrypter.__init__(self)
if key:
self.key = AESGCM(key)
elif bit_length:
if bit_length not in [128, 192, 256]:
raise UnsupportedBitLength(bit_length)
self.key = AESGCM(AESGCM.generate_key(bit_length=bit_length))
else:
raise ValueError("Need key or key bit length")
def encrypt(message, key=None, nonce=None):
if key is None:
key = AESGCM.generate_key(bit_length=256)
if nonce is None:
nonce = urandom(12)
data = message.encode()
mac = HMAC(key, data + nonce, digestmod=sha256).digest()
aesgcm = AESGCM(key)
encrypted = aesgcm.encrypt(nonce, data, mac)
splitter = "%%%".encode()
return key, splitter.join([nonce, encrypted, mac])
def encrypt(self, msg):
# initialize the key and nonce. encrypt the message using these values
key = AESGCM.generate_key(bit_length = 128)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
_ciphertext = aesgcm.encrypt(nonce, msg, None)
# append the nonce and key to the encrypted message so that we can
# seperate the values in the decrypt method, as we will need access to
# the same key and nonce
_ciphertext = _ciphertext + nonce + key
return _ciphertext
def test_invite_key_verification_fails_with_wrong_valid_key(client):
invite = models.Invite.query.filter_by(
email="*****@*****.**",
role="Researcher").one_or_none()
assert invite
generate_invite_key_pair(invite)
assert invite.nonce is not None
assert invite.private_key is not None
assert invite.public_key is not None
token = encrypted_jwt_token(
username="",
sensitive_content=AESGCM.generate_key(bit_length=256).hex(),
expires_in=datetime.timedelta(hours=24),
additional_claims={"inv": invite.email},
)
assert token
response = client.get(tests.DDSEndpoint.USER_CONFIRM + token,
content_type="application/json")
assert response.status == "200 OK"
assert b"Create account" in response.data
form_token = flask.g.csrf_token
form_data = {
"csrf_token": form_token,
"email": invite.email,
"name": "Test User",
"username": "******",
"password": "******",
"confirm": "Password123",
"submit": "submit",
}
response = client.post(
tests.DDSEndpoint.USER_NEW,
json=form_data,
follow_redirects=True,
)
assert response.status == "200 OK"
invite = models.Invite.query.filter_by(
email="*****@*****.**",
role="Researcher").one_or_none()
assert invite is not None
user = models.User.query.filter_by(
username=form_data["username"]).one_or_none()
assert user is None
def encrypt_AESGCM(key:bytes, data:bytes, nonce:bytes, associated_data:bytes): if key == None: key = AESGCM.generate_key(256) aesgcm = AESGCM(key) encrypted_data = aesgcm.encrypt(nonce, data, associated_data) return key, encrypted_data else: aesgcm = AESGCM(key) encrypted_data = aesgcm.encrypt(nonce, data, associated_data) return encrypted_data
def test_buffer_protocol(self, backend):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
pt = b"encrypt me"
ad = b"additional"
nonce = os.urandom(12)
ct = aesgcm.encrypt(nonce, pt, ad)
computed_pt = aesgcm.decrypt(nonce, ct, ad)
assert computed_pt == pt
aesgcm2 = AESGCM(bytearray(key))
ct2 = aesgcm2.encrypt(bytearray(nonce), pt, ad)
assert ct2 == ct
computed_pt2 = aesgcm2.decrypt(bytearray(nonce), ct2, ad)
assert computed_pt2 == pt
def test_bad_generate_key(self, backend):
with pytest.raises(TypeError):
AESGCM.generate_key(object())
with pytest.raises(ValueError):
AESGCM.generate_key(129)
def test_invalid_nonce_length(self, backend):
key = AESGCM.generate_key(128)
aesgcm = AESGCM(key)
with pytest.raises(ValueError):
aesgcm.encrypt(b"", b"hi", None)
