def cryptography_chacha20poly1305(keysize=32, data_size=1024): plaintext = get_random_bytes(data_size * 1024) aad = get_random_bytes(data_size * 1024) key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = get_random_bytes(12) _ = chacha.encrypt(nonce, plaintext, aad)
def _set_ciphers(self): """Generate out/inbound encryption keys and initialise respective ciphers.""" outgoing_key = hap_hkdf(self.shared_key, self.CIPHER_SALT, self.OUT_CIPHER_INFO) self.out_cipher = ChaCha20Poly1305(outgoing_key) incoming_key = hap_hkdf(self.shared_key, self.CIPHER_SALT, self.IN_CIPHER_INFO) self.in_cipher = ChaCha20Poly1305(incoming_key)
def __init__(self, out_key, in_key, nonce_length=8): """Initialize a new Chacha20Cipher.""" self._enc_out = ChaCha20Poly1305(out_key) self._enc_in = ChaCha20Poly1305(in_key) self._out_counter = 0 self._in_counter = 0 self._nonce_length = nonce_length
def insertMessage(img, msg, aad): alteredImg = img.copy() #Generate psuedo random order of pixels to modify based on length of msg order = random.sample(range(0, img.width * img.height), len(msg) * 2) pixels = list(img.getdata()) #Flatten RGBA arrays into a list binaryMsg = convertStringToBinary(msg) for i in range(0, len(order)): for j in range(0, 4): pixels[order[i]] = changeLSB(pixels[order[i]], binaryMsg[(i * 4):((i * 4) + 4)]) alteredImg.putdata(pixels) #Place modified pixels into another image print(img) pyplot.figure(1) pyplot.imshow(np.concatenate((img, alteredImg), axis=1)) pyplot.show() orderString = " ".join(map( str, order)) #Concatenate pixel coordinates into one whole string byteString = bytes(orderString, "ascii") #Must be byte array to encrpt key = ChaCha20Poly1305.generate_key() print("Here is your private key: ", key) chacha = ChaCha20Poly1305(key) nonce = os.urandom(12) ct = chacha.encrypt(nonce, byteString, bytes(aad, "ascii")) print("Using key to decrypt image associated with", aad, "\n") decryptString = chacha.decrypt(nonce, ct, bytes(aad, "ascii")) decodeString = decryptString.decode("ascii") decryptOrder = list(map(int, decodeString.split())) decryptMsg = "" alteredPixels = list(alteredImg.getdata()) for i in range(0, len(decryptOrder)): for j in range(0, 4): decryptMsg = decryptMsg + findLSB( alteredPixels[decryptOrder[i]][j]) if (i % 2 == 1): decryptMsg = decryptMsg + " " decryptMsg = decryptMsg.split() decryptMsg = "".join(list(map(lambda x: chr(int(x, 2)), decryptMsg))) print("Here is the decrypted message: ", decryptMsg)
def test_nonce_not_12_bytes(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) with pytest.raises(ValueError): chacha.encrypt(b"00", b"hello", b"") with pytest.raises(ValueError): chacha.decrypt(b"00", b"hello", b"")
def send(conf, receive_name, filename): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_host, server_port = get_address(conf, receive_name) print('connecting to {}:{}'.format(server_host, server_port)) sock.connect((server_host, server_port)) # Receive Public Key pk = b'' print("receiving public key...") while True: resp = sock.recv(4096) pk += resp if len(resp) < 4096: break pk = pk.decode() print("public key received is {}".format(pk)) if receive_name not in conf["publicKeys"]: print( "This peer has not a Public Key registered. Want to register this PK? (Y/n)" ) if input() == "n": print("Could not verify PK, ending connection...") sock.close() exit(1) else: print("Accepting PK received as {}'s Public Key".format( receive_name)) add_public_key(conf, receive_name, pk) else: if conf["publicKeys"][receive_name] != pk: print("public key mismatch. MITM!") exit(1) else: print("PK received matches with registered PK for {}".format( receive_name)) # Key is ok, send symmetric encryption key and then the file print( "Generating shared key for ChaCha20Poly1305 authenticated encryption..." ) key = ChaCha20Poly1305.generate_key() # 32 bytes encrypted_shared_key = get_encrypted_shared_key(key, pk) chacha20 = ChaCha20Poly1305(key) print("Generating encrypted shared key to receiver...") sock.sendall(encrypted_shared_key) i = 0 filesize = os.path.getsize(filename) print("sending total filesize ({} bytes) in 8 bytes and in plain text". format(filesize)) sock.sendall(filesize.to_bytes(8, byteorder="big")) print("Sending encrypted file to receiver") with open(filename, 'rb') as f: for chunk in iter(partial(f.read, CHUNK_SIZE), b''): encrypted = chacha20.encrypt(i.to_bytes(12, byteorder="big"), chunk, None) print("sending package of size {}...".format(len(encrypted))) i += 1 sock.sendall(encrypted) sock.close() print("done!")
def chacha20algo_encrypt(text): data = bytes(text,'utf-8') aad = bytes("Research",'utf-8') key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = os.urandom(12) ct = chacha.encrypt(nonce, data, aad) plain_text = chacha.decrypt(nonce, ct, aad) return True
def test_params_not_bytes_encrypt(self, nonce, data, associated_data, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) with pytest.raises(TypeError): chacha.encrypt(nonce, data, associated_data) with pytest.raises(TypeError): chacha.decrypt(nonce, data, associated_data)
def test_data_too_large(self): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = b"0" * 12 with pytest.raises(OverflowError): chacha.encrypt(nonce, FakeData(), b"") with pytest.raises(OverflowError): chacha.encrypt(nonce, b"", FakeData())
def test_associated_data_none_equal_to_empty_bytestring(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = os.urandom(12) ct1 = chacha.encrypt(nonce, b"some_data", None) ct2 = chacha.encrypt(nonce, b"some_data", b"") assert ct1 == ct2 pt1 = chacha.decrypt(nonce, ct1, None) pt2 = chacha.decrypt(nonce, ct2, b"") assert pt1 == pt2
def setup_keys(shared_key): output_key = ChaCha20Poly1305( HKDF(hashes.SHA512(), 32, b"MediaRemote-Salt", b"MediaRemote-Write-Encryption-Key", default_backend()).derive(shared_key)) input_key = ChaCha20Poly1305( HKDF(hashes.SHA512(), 32, b"MediaRemote-Salt", b"MediaRemote-Read-Encryption-Key", default_backend()).derive(shared_key)) return output_key, input_key
def encrypt(self): data = bytes(self.message,encoding="UTF-8") aad = b"authenticated but unencrypted data" key=ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce=os.urandom(12) ct = chacha.encrypt(nonce, data, aad) #print(ct) new_str=str(ct).split('\\x') #print(new_str) print("".join(new_str)) return ct
def __init__(self, params: Dict[int, Any]): super().__init__(params) # Validate alg. if self._alg != 24: # ChaCha20/Poly1305 raise ValueError(f"Unsupported or unknown alg(3) for ChaCha20: {self._alg}.") if not self._key: self._key = ChaCha20Poly1305.generate_key() if len(self._key) != 32: raise ValueError("The length of ChaCha20/Poly1305 key should be 32 bytes.") self._cipher = ChaCha20Poly1305(self._key) return
def test_buffer_protocol(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) pt = b"encrypt me" ad = b"additional" nonce = os.urandom(12) ct = chacha.encrypt(nonce, pt, ad) computed_pt = chacha.decrypt(nonce, ct, ad) assert computed_pt == pt chacha2 = ChaCha20Poly1305(bytearray(key)) ct2 = chacha2.encrypt(bytearray(nonce), pt, ad) assert ct2 == ct computed_pt2 = chacha2.decrypt(bytearray(nonce), ct2, ad) assert computed_pt2 == pt
def parser(msg): print(msg) greeting = msg.startswith("GARAGEMAGIC") if not greeting: return "BADMAGIC" try: b64decoded = base64.urlsafe_b64decode(msg[11:]) except: return "BADDECODE" nonce = b64decoded[0:12] aad = b64decoded[12:24] ciphertext = b64decoded[24:] chacha = ChaCha20Poly1305(read_private_key()) try: decmsg = chacha.decrypt(nonce, ciphertext, aad) except: return "BADCRYPTO" if not decmsg.startswith(b"OPEN"): return "BADCMD" cmdtime = int(aad) print(cmdtime) if abs(cmdtime - time.time()) > 5: return "BADTIME" #need to take an action here toggle_garage_door() return "OK"
def connection_made(self, transport): plaintext = self.message.encode() nonce = os.urandom(12) ciphertext = ChaCha20Poly1305(self._client_write_key).encrypt( nonce, plaintext, b"") transport.write(nonce + ciphertext) print("Encrypted data sent: {!r}".format(self.message))
def encrypter(fname): tools.empty_folder('./encrypted/' + fname + '/files/' ) tools.empty_folder('./key/') key_1 = Fernet.generate_key() key_1_1 = Fernet.generate_key() key_1_2 = Fernet.generate_key() key_2 = ChaCha20Poly1305.generate_key() key_3 = AESGCM.generate_key(bit_length=128) key_4 = AESCCM.generate_key(bit_length=128) nonce13 = os.urandom(13) nonce12 = os.urandom(12) files = sorted(tools.list_dir('files')) for index in range(0,len(files)): if index%4 == 0: Algo1_extented(files[index],key_1_1,key_1_2, fname) elif index%4 == 1: Algo2(files[index],key_2,nonce12, fname) elif index%4 == 2: Algo3(files[index],key_3,nonce12, fname) else: Algo4(files[index],key_4,nonce13, fname) secret_information = (key_1_1)+":::::"+(key_1_2)+":::::"+(key_2)+":::::"+(key_3)+":::::"+(key_4)+":::::"+(nonce12)+":::::"+(nonce13) Algo1(secret_information,key_1, fname) # Static path to the image file for Steganography in_f = "./static/png.png" #out_f = './encrypted/' + fname + '/key/' + fname + '.png' out_f = './key/' + fname + '.png' in_img = cv2.imread(in_f) steg = Steganography(in_img) res = steg.encode_binary(key_1) cv2.imwrite(out_f, res) tools.empty_folder('files')
def gen( version_id=version_id, client_key=client_key, encryption_secret=encryption_secret, app_id=1, version=1): # first, generate the encryption key salt = hashlib.sha256(uuid.UUID(client_key).bytes).digest() key = pbkdf2.PBKDF2( encryption_secret, salt, digestmodule=hashlib.sha256, iterations=100000, ).read(32) # create a nonce nonce = secrets.token_bytes(12) assert len(b"\x01") == 1 # create the AAD aad = b''.join([ bytes([app_id]), uuid.UUID(version_id).bytes, ]) # encrypt using AEAD chacha = ChaCha20Poly1305(key) ciphertext = chacha.encrypt(nonce, b"SUCCESS", aad) # create the envelope envelope = b''.join([ bytes([version]), nonce, ciphertext, ]) return envelope
def encrypt_blob(self, blob: bytes) -> bytes: ''' Encrypts `blob` with ChaCha20Poly1305. Returns a bytes value (the "message") in the following form: {base64'd nonce}${base64'd salt}${base64'd blob} Expects `self.key` to be a 32-byte value. ''' if not self.key: raise ValueError('Key must be set') if len(self.key) != 32: raise ValueError('Key must be 32 bytes in length') nonce = os.urandom(12) algo = ChaCha20Poly1305(self.key) enc_blob = algo.encrypt(nonce, blob, None) return b'$'.join([ base64.b64encode(nonce), base64.b64encode(self.salt), base64.b64encode(enc_blob), ])
def encrypt(message, secret): """ Encrypts a given message data using ``CHACHA20POLY1305``. ``SHA256(secret)`` is used as ``key``, and ``0 (12-byte)`` as ``iv``. Args: message (:obj:`str`): a message to be encrypted. Should be the hex-encoded commitment_tx. secret (:obj:`str`): a value to used to derive the encryption key. Should be the dispute txid. Returns: :obj:`str`: The encrypted data (hex-encoded). Raises: :obj:`InvalidParameter`: if either the ``key`` and/or ``data`` are not properly formatted. """ Cryptographer.check_data_key_format(message, secret) # sk is the H(txid) (32-byte) and nonce is set to 0 (12-byte) sk = sha256(unhexlify(secret)).digest() nonce = bytearray(12) # Encrypt the data cipher = ChaCha20Poly1305(sk) encrypted_blob = cipher.encrypt(nonce=nonce, data=unhexlify(message), associated_data=None) encrypted_blob = hexlify(encrypted_blob).decode("utf8") return encrypted_blob
def verify_start(config: Config, context: dict, ios_device_public_key: bytes) -> List[dict]: """pair_verify M1 and M2""" curve25519 = X25519PrivateKey.generate() accessory_curve25519_public_key: bytes = curve25519.public_key().public_bytes() shared_secret: bytes = curve25519.exchange(X25519PublicKey.from_public_bytes(ios_device_public_key)) accessory_info: bytes = accessory_curve25519_public_key + config.device_id.encode() + ios_device_public_key signing_key = ed25519.SigningKey(config.accessory_ltsk) accessory_signature = signing_key.sign(accessory_info) sub_tlv = tlv_parser.encode([{ TlvCode.identifier: config.device_id, TlvCode.signature: accessory_signature, }]) hkdf = HKDF(algorithm=SHA512(), length=32, salt=SALT_VERIFY, info=INFO_VERIFY, backend=default_backend()) session_key = hkdf.derive(shared_secret) chacha = ChaCha20Poly1305(session_key) encrypted_data = chacha.encrypt(NONCE_VERIFY_M2, sub_tlv, None) context['session_key'] = session_key context['shared_secret'] = shared_secret context['accessory_curve25519_public_key'] = accessory_curve25519_public_key context['ios_device_curve25519_public_key'] = ios_device_public_key return [{ TlvCode.state: TlvState.m2, TlvCode.public_key: accessory_curve25519_public_key, TlvCode.encrypted_data: encrypted_data, }]
def encode_private_key(key, passphrase, comment): if not passphrase: # None and empty print(f'WARNING: The private key is not encrypted', file=sys.stderr) return (MAGIC_WORD + encode_string(None) + # kdf = none (no kdfoptions) encode_string(None) + # cipher = none encode_string(bytes(key)) + # clear key material (encode_string(comment) if comment is not None else b'')) # optional comment # We have a passphrase: we encrypt the private key # Ideally, scrypt is chosen over bcrypt or pbkdf2_hmac_sha256 # But in case there is no support for it, we pick bcrypt kdfname = b'scrypt' if scrypt_supported else b'bcrypt' saltsize, rounds = get_kdf(kdfname) salt = os.urandom(saltsize) derived_key = derive_key(kdfname, passphrase, salt, rounds) # dklen = 32 nonce = os.urandom(12) key_bytes = bytes(key) # Uses RawEncoder encrypted_key = ChaCha20Poly1305(derived_key).encrypt(nonce, key_bytes, None) # No add LOG.debug('Derived Key: %s', derived_key.hex().upper()) LOG.debug(' Nonce: %s', nonce.hex().upper()) return (MAGIC_WORD + encode_string(kdfname) + # kdf encode_string(rounds.to_bytes(4,'big') + salt) + # kdf options encode_string(b'chacha20_poly1305') + # cipher encode_string(nonce + encrypted_key) + # encrypted key material (encode_string(comment) if comment is not None else b'')) # optional comment
def chacha20poly1305_encrypt_data(data: bytes, secret: bytes, key: bytes = None, nonce: bytes = None): """ Encrypt data using secret, key and nonce. key and nonce can be None, in that case they will be generated and can be obtained in return. :param data: :param secret: :param key: :param nonce: :return: tulip of (encrypted_data, key, nonce) """ if key is None: key = ChaCha20Poly1305.generate_key() if nonce is None: nonce = os.urandom(12) chacha = ChaCha20Poly1305(key) return chacha.encrypt(nonce, data, secret), key, nonce
def data_received(self, data): nonce, ciphertext = data[:12], data[12:] plaintext = ChaCha20Poly1305(self._server_read_key).decrypt( nonce, ciphertext, b"" ) message = plaintext.decode() print("Decrypted message from client: {!r}".format(message)) print("Echo back message: {!r}".format(message)) reply_nonce = os.urandom(12) ciphertext = ChaCha20Poly1305(self._server_write_key).encrypt( reply_nonce, plaintext, b"" ) self.transport.write(reply_nonce + ciphertext) print("Close the client socket") self.transport.close()
def chacha_poly_encrypt( key: bytes, iv: bytes, data: bytes, additional_data: bytes = None ) -> (bytes, bytes): chacha = ChaCha20Poly1305(key) chacha_output = chacha.encrypt(iv, bytes(data), additional_data) # cipher text and 128b authentication tag return chacha_output[: len(data)], chacha_output[len(data) :]
async def decrypt_stream(self, reader: StreamReader) -> StreamReader: data_length = await reader.read(ENCRYPTED_DATA_LENGTH) if not data_length: raise SecurityError('Connection closed') data_length_int = int.from_bytes(data_length, byteorder='little') + AUTH_TAG_LENGTH encrypted_data = await reader.read(data_length_int) chacha = ChaCha20Poly1305(self.context['decrypt_key']) nonce = b'\x00\x00\x00\x00' + self.encrypted_request_count.to_bytes( 8, byteorder='little') try: decrypted_data = chacha.decrypt(nonce, encrypted_data, data_length) except InvalidTag: decrypted_data = None if not decrypted_data: raise SecurityError('Unable to decrypt encrypted data') self.encrypted_request_count += 1 decrypted_reader = StreamReader() decrypted_reader.feed_data(decrypted_data) return decrypted_reader
def decrypt_password(self, password): """ Encrypt password and hash with SHA265 :param password: password return encryted password """ hashhex = password[-64:] enc = password[0:-64] try: dehex = bytes.fromhex(enc) msg_nonce = dehex[:12] ciphertext = dehex[12:] cipher = ChaCha20Poly1305(secret) password = cipher.decrypt(msg_nonce, ciphertext, None) except InvalidTag: print_error("Wrong encryption key") sys.exit(1) hash_object = hashes.Hash(hashes.SHA256(), backend=default_backend()) hash_object.update(password) dhash = hash_object.finalize() hashhex_check = dhash.hex() if hashhex == hashhex_check: return password.decode('utf-8') else: print_error("Password SHA265 value after decrypt is wrong") return None
def _pairing_three(self, tlv_objects): """Expand the SRP session key to obtain a new key. Use it to verify and decrypt the recieved data. Continue to step four. @param tlv_objects: The TLV data received from the client. @type tlv_object: dict """ logger.debug("Pairing [3/5]") encrypted_data = tlv_objects[HAP_TLV_TAGS.ENCRYPTED_DATA] session_key = self.accessory_handler.srp_verifier.get_session_key() hkdf_enc_key = hap_hkdf(long_to_bytes(session_key), self.PAIRING_3_SALT, self.PAIRING_3_INFO) cipher = ChaCha20Poly1305(hkdf_enc_key) decrypted_data = cipher.decrypt(self.PAIRING_3_NONCE, bytes(encrypted_data), b"") assert decrypted_data is not None dec_tlv_objects = tlv.decode(bytes(decrypted_data)) client_username = dec_tlv_objects[HAP_TLV_TAGS.USERNAME] client_ltpk = dec_tlv_objects[HAP_TLV_TAGS.PUBLIC_KEY] client_proof = dec_tlv_objects[HAP_TLV_TAGS.PROOF] self._pairing_four(client_username, client_ltpk, client_proof, hkdf_enc_key)
def encrypter(): tools.empty_folder('key') tools.empty_folder('encrypted') key_1 = Fernet.generate_key() key_1_1 = Fernet.generate_key() key_1_2 = Fernet.generate_key() key_2 = ChaCha20Poly1305.generate_key() key_3 = AESGCM.generate_key(bit_length=128) key_4 = AESCCM.generate_key(bit_length=128) nonce13 = os.urandom(13) nonce12 = os.urandom(12) files = sorted(tools.list_dir('files')) for index in range(0, len(files)): if index % 4 == 0: Algo1_extented(files[index], key_1_1, key_1_2) elif index % 4 == 1: Algo2(files[index], key_2, nonce12) elif index % 4 == 2: Algo3(files[index], key_3, nonce12) else: Algo4(files[index], key_4, nonce13) secret_information = (key_1_1) + ":::::" + (key_1_2) + ":::::" + ( key_2) + ":::::" + (key_3) + ":::::" + (key_4) + ":::::" + ( nonce12) + ":::::" + (nonce13) Algo1(secret_information, key_1) public_key = open("./key/Taale_Ki_Chabhi.pem", "wb") public_key.write(key_1) public_key.close() tools.empty_folder('files')
def _change_key(self, new_key: bytes) -> NoReturn: """Change the encryption _key of the socket and create a new encoder. :param new_key: The new _key to use for encryption. """ self._key = new_key self.encoder = ChaCha20Poly1305(self._key)
def test_nonce_not_12_bytes(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) with pytest.raises(ValueError): chacha.encrypt(b"00", b"hello", b"") with pytest.raises(ValueError): chacha.decrypt(b"00", b"hello", b"")
def test_params_not_bytes_encrypt(self, nonce, data, associated_data, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) with pytest.raises(TypeError): chacha.encrypt(nonce, data, associated_data) with pytest.raises(TypeError): chacha.decrypt(nonce, data, associated_data)
def test_associated_data_none_equal_to_empty_bytestring(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = os.urandom(12) ct1 = chacha.encrypt(nonce, b"some_data", None) ct2 = chacha.encrypt(nonce, b"some_data", b"") assert ct1 == ct2 pt1 = chacha.decrypt(nonce, ct1, None) pt2 = chacha.decrypt(nonce, ct2, b"") assert pt1 == pt2
def test_data_too_large(self): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) nonce = b"0" * 12 with pytest.raises(OverflowError): chacha.encrypt(nonce, FakeData(), b"") with pytest.raises(OverflowError): chacha.encrypt(nonce, b"", FakeData())
def test_buffer_protocol(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) pt = b"encrypt me" ad = b"additional" nonce = os.urandom(12) ct = chacha.encrypt(nonce, pt, ad) computed_pt = chacha.decrypt(nonce, ct, ad) assert computed_pt == pt chacha2 = ChaCha20Poly1305(bytearray(key)) ct2 = chacha2.encrypt(bytearray(nonce), pt, ad) assert ct2 == ct computed_pt2 = chacha2.decrypt(bytearray(nonce), ct2, ad) assert computed_pt2 == pt
def test_decrypt_data_too_short(self, backend): key = ChaCha20Poly1305.generate_key() chacha = ChaCha20Poly1305(key) with pytest.raises(InvalidTag): chacha.decrypt(b"0" * 12, b"0", None)
def test_chacha20poly1305_unsupported_on_older_openssl(backend): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): ChaCha20Poly1305(ChaCha20Poly1305.generate_key())
def test_generate_key(self): key = ChaCha20Poly1305.generate_key() assert len(key) == 32