def decrypt(self, payload): """Decrypts the each encrypted item of the payload. Initialize decryption cipher for each item and and use cipher to decrypt payload items. :param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC :return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption" """ text = json.loads(payload) rece_HMAC = ubinascii.unhexlify(text["HMAC"]) rece_iv = ubinascii.unhexlify(text["e_iv"]) rece_nodeid = ubinascii.unhexlify(text["e_nodeid"]) rece_sensord = ubinascii.unhexlify(text["e_sd"]) #encrypt iv myaes = aes(self.ivkey, 2, self.staticiv) iv = myaes.decrypt(rece_iv) striv = iv.decode("utf-8") print(striv) #encrypt data myes = aes(self.datakey, 2, striv) node_id = myes.decrypt(rece_nodeid).decode("utf-8") byte_sensord = myes.decrypt(rece_sensord) sensord = byte_sensord.decode("utf-8") data = sensord.strip(chr(0)).split(' ') data_x = float(data[0]) data_y = float(data[1]) data_z = float(data[2]) data_temp = float(data[3]) print(data_x, data_y, data_z, data_temp) return True, node_id, data_x, data_y, data_z, data_temp
def decrypt(self, payload): """Decrypts the each encrypted item of the payload. Initialize decryption cipher for each item and and use cipher to decrypt payload items. :param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC :return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption" """ decrypted_payload = ujson.loads(payload) decrypted_iv = ubinascii.unhexlify(decrypted_payload['encrypted_iv']) decrypted_nodeid = ubinascii.unhexlify(decrypted_payload['encrypted_nodeid']) decrypted_data = ubinascii.unhexlify(decrypted_payload['encrypted_data']) decrypted_hmac = decrypted_payload['hmac'] decryption_cipher = aes(self.ivkey,2,self.staticiv) decrypt_iv= decryption_cipher.decrypt(decrypted_iv) decryption_data = aes(self.datakey,2,decrypt_iv) decrypt_data = decryption_data.decrypt(decrypted_data) sensor_data={} sensor_data['a_x']=float(decrypt_data[0:8]) sensor_data['a_y']=float(decrypt_data[8:16]) sensor_data['a_z']=float(decrypt_data[16:24]) sensor_data['temp']=float(decrypt_data[24:32]) return (0,sensor_data)
def decrypt(self, payload): """Decrypts the each encrypted item of the payload. Initialize decryption cipher for each item and and use cipher to decrypt payload items. :param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC :return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption" """ json_data = json.loads(payload) encrypted_nodeid = json_data["node_id"] encrypted_iv = json_data["encrypted_iv"] encrypted_data = json_data["data"] #print(bytes(encrypted_iv[2:-1]), 'utf8') #self.data_aes.decrypt(bytes(encrypted_nodeid), self.decrypted_nodeid) decrypter_iv = aes(self.ivkey, 2, self.staticiv) self.decrypted_iv = decrypter_iv.decrypt(decode_str(encrypted_iv)) decrypter_data = aes(self.datakey, 2, self.decrypted_iv) self.decrypted_nodeid = decrypter_data.decrypt( decode_str(encrypted_nodeid)) self.decrypted_data = decrypter_data.decrypt( decode_str(encrypted_data)) #sensor_data[0], sensor_data[1], sensor_data[2], sensor_data[3] = struct.unpack("ffff", self.decrypted_data) return "Successful Decryption"
def decrypt(self, payload): """Decrypts the each encrypted item of the payload. Initialize decryption cipher for each item and and use cipher to decrypt payload items. :param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC :return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption" """ #### decrypt iv iv = aes(self.ivkey, 2, self.staticiv) #print(self.iv) self.iv = iv.decrypt(bytes(self.iv)) print("hello", self.iv) #### decrypt sensor_data data = aes(self.datakey, 2, self.iv) self.enData = data.decrypt(bytes(payload)) #print("enData",self.enData) while (self.counterData != 0): self.counterData -= 1 self.enData = self.enData[:-1] #print("enData without zero",self.enData) ####decrypt nodeid self.nodeid = data.decrypt(self.nodeid) #print("nodeid",self.nodeid) return self.enData
def __init__(self, mode=2, key_enc=None, iv_enc=None, key_dec=None, iv_dec=None, load_keys=False, buffer_size=2048): self.sess_keyfile_dev = 'session.key' self.sess_keyfile_host = 'session{}.key'.format( hexlify(unique_id()).decode()) self.mode = mode self.block_len = 0 self.key_e = key_enc self.iv_e = iv_enc self.msg_hex = b'' self.buff = bytearray(buffer_size) self.buff_size = buffer_size self.err_buff = io.StringIO(100) self.buff_out = io.StringIO(500) self.gbls = globals() self.wrepl = None self.buff_crepl = None self.message_out = '' self.data_bytes = bytearray(20) self.rec_msg = '' self.resp_msg = '' if key_dec is None: self.key_d = key_enc self.iv_d = iv_enc else: self.key_d = key_dec self.iv_d = iv_dec if load_keys: try: with open(self.sess_keyfile_dev, 'r') as sess_config: sess_keys_dev = json.load(sess_config) self.key_e = sess_keys_dev['SKEY'] self.iv_e = sess_keys_dev['IV'] with open(self.sess_keyfile_host, 'r') as sess_config: sess_keys_host = json.load(sess_config) self.key_d = sess_keys_host['SKEY'] self.iv_d = sess_keys_host['IV'] except Exception as e: print('No session keys found in the device') pass self.enc = ucryptolib.aes(self.key_e, self.mode, self.iv_e) self.dec = ucryptolib.aes(self.key_d, self.mode, self.iv_d)
def encrypt(self, sensor_data): """Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data :param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature """ myAES = aes(self.ivkey, 2, self.staticiv) # using (staticiv, ivkey) for iv print(self.iv) print(bytes(self.iv, 'utf-8')) self.encrypted_iv = myAES.encrypt(bytes(self.iv, 'utf-8')) print(self.encrypted_iv) myAES = aes(self.datakey, 2, self.iv) #(iv, datakey) for nodeid and sensor_data self.encrypted_nodeid = myAES.encrypt(bytes(self.nodeid, 'utf-8')) self.encrypted_sensor_data = self.blockEncrypterAES(myAES, sensor_data)
def encrypt_payload(self, key, direction, data): k = int(math.ceil(len(data) / 16.0)) a = [] for i in range(k): a += [0x01] a += [0x00, 0x00, 0x00, 0x00] a += [direction] a += self.mac_payload.get_fhdr().get_devaddr() a += self.mac_payload.get_fhdr().get_fcnt() a += [0x00] # fcnt 32bit a += [0x00] # fcnt 32bit a += [0x00] a += [i+1] cipher = ucryptolib.aes(bytearray(key), MODE_ECB) s = cipher.encrypt(bytes(a)) padded_payload = [] for i in range(k): idx = (i + 1) * 16 padded_payload += (data[idx - 16:idx] + ([0x00] * 16))[:16] payload = [] for i in range(len(data)): payload += [s[i] ^ padded_payload[i]] return list(map(int, payload))
def decode(data, pwd): if pwd == None: return data pwd = (pwd + hex(data[0])[2:]).zfill(16) decryptor = aes(pwd.encode(), 1) data = decryptor.decrypt(data[1:]) return data[2:2 + int.from_bytes(data[:2], 'little')]
def encrypt(self, sensor_data): """Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data using (staticiv, ivkey) for iv and (iv, datakey) for nodeid and sensor_data :param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature """ encode = aes(self.ivkey,2,self.staticiv) self.encrypted_iv = encode.encrypt(self.iv) encode = aes(self.datakey,2,self.iv) self.encrypted_nodeid = encode.encrypt(self.nodeid) ax = sensor_data["ax"] ay = sensor_data["ay"] az = sensor_data["az"] temp = sensor_data["temp"] sensorData = b'{0:08.4f}{1:08.4f}{2:08.4f}{3:08.4f}'.format(ax, ay, az, temp) encode = aes(self.datakey, 2, self.iv) self.encrypted_data = encode.encrypt(sensorData)
def entropy_encrypt(entropy_plain): # 2 - MODE_CBC crypto = aes(Key.key, 2, Key.iv) # encrypted data should be mod 16 (blocksize) pad_len = 16-((len(entropy_plain)+1) % 16) data = bytes([len(entropy_plain)])+entropy_plain+bytes(pad_len) return crypto.encrypt(data);
def encode(self, K, M): const_Bsize = 16 const_Zero = b'\x00' * 16 AES_128 = ucryptolib.aes(bytearray(K), MODE_ECB) K1, K2 = self.gen_subkey(K) n = int(len(M) / const_Bsize) if n == 0: n = 1 flag = False else: if (len(M) % const_Bsize) == 0: flag = True else: n += 1 flag = False M_n = M[(n - 1) * const_Bsize:] if flag is True: M_last = self.xor_128(M_n, K1) else: M_last = self.xor_128(self.pad(M_n), K2) X = const_Zero for i in range(n - 1): M_i = M[(i) * const_Bsize:][:16] Y = self.xor_128(X, M_i) X = AES_128.encrypt(Y) Y = self.xor_128(M_last, X) T = AES_128.encrypt(Y) return T
def encode(text): key = generate_key() cipher = aes(key, 1) pad = 16 - len(text) % 16 text = text + " " * pad encrypted = cipher.encrypt(text) return encrypted
def encrypt(self, sensor_data): """Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data using (staticiv, ivkey) for iv and (iv, datakey) for nodeid and sensor_data :param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature """ # set encryption parameters encryption1 = aes(self.ivkey, 2, self.staticiv) encryption2 = aes(self.datakey, 2, self.iv) # encrypt data self.encrypted_data = encryption2.encrypt(sensor_data) self.encrypted_iv = encryption1.encrypt(self.iv) self.encrypted_nodeid = encryption2.encrypt(self.nodeid) self.iv = bytes(random.getrandbits(8) for _ in range(16)) # changes every time
def encrypt_payload(self, key, direction, mhdr): a = [] a += self.to_clear_raw() a += self.compute_mic(key, direction, mhdr) cipher = ucryptolib.aes(bytearray(key), MODE_ECB) return list(map(int, cipher.decrypt(bytes(a))))
async def write(self, sid, data): cipher = ucryptolib.aes(GW_PASSWD, MODE_CBC, GW_IV) key = ubinascii.hexlify(cipher.encrypt(self.tokens[sid])).decode() data["key"] = key cmd = {"cmd": "write", "model": "gateway", "sid": sid, "data": data} await self.send_msg(cmd) return await self.wait_resp("write_ack")
def decrypt_hex(self, msg): self.msg_hex = unhexlify(msg) self.buff[:] = bytearray(self.buff_size) self.dec = ucryptolib.aes(self.key_d, self.mode, self.iv_d) self.dec.decrypt(self.msg_hex, self.buff) gc.collect() return self.buff.decode().split('\x00')[0]
def __init__(self, connect_retry=10): ap = WLAN(AP_IF) ap.active(1) sta = WLAN(STA_IF) sta.active(1) self.s = socket.socket() self.s.bind(("0.0.0.0", 80)) self.s.listen(1) self.ssid, self.password = "", "" self.connect_retry = connect_retry self.lock_status = 0 try: wificonfig = open("wificonfig", "r") self.ssid, self.password = config.read().split("\n")[:2] wificonfig.close() except Exception: pass if not self.ssid: print("config does not exist, initializing config") self.first_time_raw() else: print("found existing config, connecting to wifi") success = self.connect_to_wifi() self.s.settimeout(2) self.IV = bytes() self.key = bytes() with open("aes", "rb") as f: self.IV = f.read(16) self.key = f.read() self.IV = b'[S\x83\x11v\x9cY;\xbcH\xe3\t\xd6\xf9\xbf\x9f' self.key = b'b\xe7\x02$D\x18\x0c\xd8I5:\x1d%\xeft\xdb' self.cipher = ucryptolib.aes(key, 2, IV) self.last_sender_addr = "0.0.0.0" with open("lastsender", "r") as f: self.last_sender_addr = f.read() topic = "mcer4294967296/data" broker = "mqtt.eclipse.org" print("connecting to MQTT") mqtt = MQTTClient("umqtt_client", broker) mqtt.connect() print("connected to MQTT") mqtt.subscribe(topic) mqtt.set_callback(self.on_receive_mqtt) self.override = False self.at_home = False self.dist_thresh = 0.5 # kilometer self.timestamp_left = time.time() self.time_thresh = 60 # seconds self.poll_interval = 5 # seconds self.key_update_thresh = 86400 # a day self.last_key_update = time.time()
def entropy_decrypt(entropy_encrypted): # 2 - MODE_CBC crypto = aes(Key.key, 2, Key.iv) data = crypto.decrypt(entropy_encrypted) l = data[0] if l > 32: raise RuntimeError("Failed to decrypt entropy - data is corrupted") return data[1:l+1]
def __init__(self, key, mode, IV): if mode not in __MODES: raise ValueError("unknown mode '{}'".format(mode)) if IV: if len(IV) != 16: raise ValueError('only 16-byte IVs are supported') self._encryptor = ucryptolib.aes(key, mode, IV) self._decryptor = ucryptolib.aes(key, mode, IV) else: if mode != MODE_ECB: raise ValueError('{} mode requires an IV'.format( __MODES[mode])) self._encryptor = ucryptolib.aes(key, mode) self._decryptor = ucryptolib.aes(key, mode) self.block_size = len(key) self._mode = mode self._filebuf = bytearray(self.block_size) self._filebuf_mv = memoryview(self._filebuf)
def dec_key_handle(data, application_parameter): global ks_u2f if len(data) != KEY_HANDLE_LENGTH: return b'' if data[-32:] != hmac_sha256(ks_u2f.KEY_5C, ks_u2f.KEY_36, data[:-32] + application_parameter): return b'' dec = aes(ks_u2f.AES_KEY, MODE_CBC, ks_u2f.AES_IV) return dec.decrypt(data[:32])
def derive_appskey(self, key, devnonce): a = [0x02] a += self.get_appnonce() a += self.get_netid() a += devnonce a += [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00] cipher = ucryptolib.aes(bytearray(key), MODE_ECB) return list(map(int, cipher.encrypt(bytes(a))))
def encode(data, pwd): if pwd == None: return data q = os.urandom(1) pwd = (pwd + hex(q[0])[2:]).zfill(16) data = len(data).to_bytes(2, 'little') + data data = data + bytes(16 - len(data) % 16) encryptor = aes(pwd.encode(), 1) out = q + encryptor.encrypt(data) return out
def encrypt(key,data): # ended up not hasing the key, just pad it, make sure it's 16 bytes cryptor = aes(pad_mod_16(key),2,iv) # append chunk delimiter string before base64 encoding ciphertext = cryptor.encrypt(pad_mod_16(str.encode(data))) # encode to base 64 for sending ciphertext_b64 = ubinascii.b2a_base64(ciphertext) return ciphertext_b64+delimiter
def __decrypt_img(self, json_payload): # decrypt key and IV using our RSA private key, then decrypt the image using AES dec_key = a2b_base64( rsa_decrypt(a2b_base64(json_payload['k']), self.private_key)) dec_iv = a2b_base64( rsa_decrypt(a2b_base64(json_payload['i']), self.private_key)) decryptor = aes(dec_key, 2, dec_iv) dec = decryptor.decrypt(a2b_base64(json_payload['d'])) # server uses DEFLATE to keep sizes down return inflate(dec)
def encrypt_hex_bytes(self, msg): self.buff[:] = bytearray(self.buff_size) self.enc = ucryptolib.aes(self.key_e, self.mode, self.iv_e) self.data_bytes = msg self.block_len = len(self.data_bytes + b'\x00' * ((16 - (len(self.data_bytes) % 16)) % 16)) self.enc.encrypt( self.data_bytes + b'\x00' * ((16 - (len(self.data_bytes) % 16)) % 16), self.buff) gc.collect() return hexlify(bytes(self.buff[:self.block_len]))
def encrypt(plain: bytes, key: bytes) -> bytes: """Encrypt data with bit padding (0x80...)""" iv = rng.get_random_bytes(IV_SIZE) crypto = aes(key, AES_CBC, iv) # encrypted data should be mod 16 (blocksize) # add padding plain += b'\x80' if len(plain) % AES_BLOCK != 0: # fill with zeroes plain += b"\x00" * (AES_BLOCK - (len(plain) % AES_BLOCK)) return iv + crypto.encrypt(plain)
def make_secure_packet(self, h): """Encrypts and returns plaintext appended with a 32B nonce (also returned) AES 256 CBC is used (as opposed to EBC which would not be secure in this implementation) """ nonce = urandom(32) plaintext = h + nonce e = aes(self.__key, 2, self.__iv) print("AES encrypter created") return e.encrypt(plaintext), nonce
def encrypt(self, mode, message): """ Encrypt message """ if self.__key is not None and mode != self.CRYPTO_MODE_NONE: if mode == self.CRYPTO_MODE_AES: cipher = aes(self.__key, self.UCRYPTOLIB_MODE_CBC, self.__iv) if(len(message) % 16 > 0): message += (b' ' * (16 - len(message) % 16)) return Tag.CRYPTO.ENCRYPTED + mode + cipher.encrypt(message) return Tag.CRYPTO.ENCRYPTED + self.CRYPTO_MODE_NONE + message
def encrypt(self, sensor_data): """Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data using (staticiv, ivkey) for iv and (iv, datakey) for nodeid and sensor_data :param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature """ data = aes(self.datakey, 2, self.iv) while (len(sensor_data) % 16 != 0): self.counterData += 1 sensor_data += "0" self.enData = data.encrypt(sensor_data) ##print("enData",self.enData) self.nodeid = self.nodeid + b'0000' self.nodeid = data.encrypt(bytes(self.nodeid)) #print('nodeid',self.nodeid) iv = aes(self.ivkey, 2, self.staticiv) #print(self.iv) ####'utf-8' is transfer to byte string self.iv = iv.encrypt(bytes(self.iv, 'utf-8'))
def test(vector): "Run the test block by block and compare to expected results" key = VECTORS[vector]["key"] mode = VECTORS[vector]["mode"] initial = VECTORS[vector]["initial"] blocks = VECTORS[vector]["blocks"] # Encrypt direction eng = ucryptolib.aes(key, mode, initial) for block in blocks: ciphertext = eng.encrypt(block[0]) assert ciphertext == block[1] # Get a new object for decrypting. # (Each aes object can be used for either encrypting or decrypting, # but not both.) eng = ucryptolib.aes(key, mode, initial) for block in blocks: plaintext = eng.decrypt(block[1]) assert plaintext == block[0] print("Pass")
def _new(k, ctr_initial): return aes(k, 6, ctr_initial)
# Inplace operations (input and output buffer is the same) try: from ucryptolib import aes except ImportError: print("SKIP") raise SystemExit crypto = aes(b"1234" * 4, 1) buf = bytearray(bytes(range(32))) crypto.encrypt(buf, buf) print(buf) crypto = aes(b"1234" * 4, 1) crypto.decrypt(buf, buf) print(buf)
try: from Crypto.Cipher import AES aes = AES.new except ImportError: try: from ucryptolib import aes except ImportError: print("SKIP") raise SystemExit crypto = aes(b"1234" * 4, 2, b"5678" * 4) enc = crypto.encrypt(bytes(range(32))) print(enc) crypto = aes(b"1234" * 4, 2, b"5678" * 4) print(crypto.decrypt(enc))