def encrypt_oracle(data):
    """
    随机选择 CBC 模式或者 ECB 模式进行加密, 返回加密所使用的模式以及加密后的结果
    :param data: 待加密明文, "plaintext"
    :return: 模式以及加密结果, ("CBC", b"cipher_text")
    """
    size = 16
    key = generate_random_bytes(size)
    encrypt_mode = random.choice([AES.MODE_CBC, AES.MODE_ECB])  # 随机选择一种加密模式
    mode_dict = {AES.MODE_CBC: "CBC", AES.MODE_ECB: "ECB"}

    data = codecs.encode(data, "ascii")  # 将 str 转成 bytes
    # 对数据进行随机化处理
    data = generate_random_bytes(random.randint(5, 10)) + data + generate_random_bytes(random.randint(5, 10))
    data = pad(data, size)  # 填充操作

    if encrypt_mode == AES.MODE_CBC:
        iv = generate_random_bytes(size)
        encrypt_tool = AES.new(key, AES.MODE_CBC, IV=iv)
    elif encrypt_mode == AES.MODE_ECB:
        encrypt_tool = AES.new(key, AES.MODE_ECB)
    else:
        raise RuntimeError("Encrypt_mode is wrong!")

    after_encrypt_data = encrypt_tool.encrypt(data)

    return mode_dict[encrypt_mode], after_encrypt_data
Example #2
0
    def test3(self):

        for keylen, taglen, result in self.tv3:

            key = bchr(0) * (keylen // 8 - 1) + bchr(taglen)
            C = b("")

            for i in range(128):
                S = bchr(0) * i

                N = long_to_bytes(3 * i + 1, 12)
                cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
                cipher.update(S)
                C += cipher.encrypt(S) + cipher.encrypt() + cipher.digest()

                N = long_to_bytes(3 * i + 2, 12)
                cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
                C += cipher.encrypt(S) + cipher.encrypt() + cipher.digest()

                N = long_to_bytes(3 * i + 3, 12)
                cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
                cipher.update(S)
                C += cipher.encrypt() + cipher.digest()

            N = long_to_bytes(385, 12)
            cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
            cipher.update(C)
            result2 = cipher.encrypt() + cipher.digest()
            self.assertEqual(unhexlify(b(result)), result2)
def WriteZipFile(filename):
    """
    保存所有kvdb数据,压缩成zip然后aes cbc加密
    """
    FileBuffer = io.BytesIO()
    datalist = FindKVDBKeys()
    if datalist:
        zfile = zipfile.ZipFile(FileBuffer,mode='w')
        for data in datalist:
            # bytedata = (data + "tttttttt").encode(encoding="utf-8")
            bytedata = kv.get(str(data))
            if bytedata:
                # print(bytedata)
                zfile.writestr(str(data),bytedata)
        zfile.close() 
        key = config.keyDataBackUp
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(key, AES.MODE_ECB)
        CryptIV = cipher.encrypt(iv)
        cipher = AES.new(key, AES.MODE_CBC, iv)
        bytebuffer = FileBuffer.getvalue()
        lendata = 16 - len(bytebuffer)%16
        bytebuffer = bytebuffer + chr(lendata)*lendata
        #print(bytebuffer)
        CryptData = CryptIV + cipher.encrypt(bytebuffer)
        bucket = Bucket('backup')
        # print(FileBuffer.getvalue())
        bucket.put_object(filename,CryptData)
        FileBuffer.close()
def ReadZipFile(filename):

    """
    从storage中读取数据,还原到kvdb中
    参数 filename 要还原数据的文件名
    """
    bucket = Bucket('backup')
    # print(filename)
    CryptData = bucket.get_object_contents(filename)
    # print(CryptData)
    # -FileBuffer.close()
    key = config.keyDataBackUp
    cipher = AES.new(key, AES.MODE_ECB)
    iv = cipher.decrypt(CryptData[:16])
    # print(str(iv))
    cipher = AES.new(key, AES.MODE_CBC, iv)
    bytebuffer = cipher.decrypt(CryptData[16:])
    lendata = ord(bytebuffer[-1])
    FileBuffer = io.BytesIO(bytebuffer[:-lendata])
    zfile = zipfile.ZipFile(FileBuffer,mode='r')
    namelist = zfile.namelist()
    for name in namelist:
        bytedata = zfile.read(name)
        kv.set(name,bytedata.decode("utf-8"))
        
    return u"数据已还原"
Example #5
0
def chunk_read(response, outfname, intitlekey, first_iv, chunk_size=0x200000, report_hook=None):
    fh = open(outfname,'wb')
    total_size = int(response.getheader('Content-Length'))
    total_size = int(total_size)
    bytes_so_far = 0
    data = []
    first_chunk_read = 0

    while 1:
        if report_hook:
            report_hook(bytes_so_far, chunk_size, total_size)

        chunk = response.read(chunk_size)
        bytes_so_far += len(chunk)

        if not chunk:
             break

        # IV of first chunk should be the Content ID + 28 0s like with the entire file, but each subsequent chunk should be the last 16 bytes of the previous still ciphered chunk
        if first_chunk_read == 0:
            decryptor = AES.new(intitlekey, AES.MODE_CBC, unhexlify(first_iv))
            first_chunk_read = 1
        else:
            decryptor = AES.new(intitlekey, AES.MODE_CBC, prev_chunk[(0x200000 - 16):0x200000])

        dec_chunk = decryptor.decrypt(chunk)
        prev_chunk = chunk

        fh.write(dec_chunk)

    fh.close()
Example #6
0
	def export_data(self, entrystore, password):
		"Exports data from an entrystore"

		# check and pad password
		if password is None:
			raise base.PasswordError

		password = util.pad_right(password[:32], 32, "\0")

		# generate XML
		data = RevelationXML.export_data(self, entrystore)

		# compress data, and right-pad with the repeated ascii
		# value of the pad length
		data = zlib.compress(data)

		padlen = 16 - (len(data) % 16)
		if padlen == 0:
			padlen = 16

		data += chr(padlen) * padlen

		# generate an initial vector for the CBC encryption
		iv = util.random_string(16)

		# encrypt data
		AES.block_size = 16
		AES.key_size = 32

		data = AES.new(password, AES.MODE_CBC, iv).encrypt(data)

		# encrypt the iv, and prepend it to the data with a header
		data = self.__generate_header() + AES.new(password).encrypt(iv) + data

		return data
Example #7
0
 def test_unknown_parameters(self):
     self.assertRaises(TypeError, AES.new, self.key_128, AES.MODE_CTR,
                       7, counter=self.ctr_128)
     self.assertRaises(TypeError, AES.new, self.key_128, AES.MODE_CTR,
                       counter=self.ctr_128, unknown=7)
     # But some are only known by the base cipher (e.g. use_aesni consumed by the AES module)
     AES.new(self.key_128, AES.MODE_CTR, counter=self.ctr_128, use_aesni=False)
Example #8
0
    def test_bytearray(self):
        data = b"1" * 16
        iv = b"\x00" * 6 + b"\xFF\xFF"

        # Encrypt
        cipher1 = AES.new(self.key_128, AES.MODE_CTR,
                          nonce=self.nonce_64,
                          initial_value=iv)
        ref1 = cipher1.encrypt(data)

        cipher2 = AES.new(self.key_128, AES.MODE_CTR,
                          nonce=bytearray(self.nonce_64),
                          initial_value=bytearray(iv))
        ref2 = cipher2.encrypt(bytearray(data))

        self.assertEqual(ref1, ref2)
        self.assertEqual(cipher1.nonce, cipher2.nonce)

        # Decrypt
        cipher3 = AES.new(self.key_128, AES.MODE_CTR,
                          nonce=self.nonce_64,
                          initial_value=iv)
        ref3 = cipher3.decrypt(data)

        cipher4 = AES.new(self.key_128, AES.MODE_CTR,
                          nonce=bytearray(self.nonce_64),
                          initial_value=bytearray(iv))
        ref4 = cipher4.decrypt(bytearray(data))

        self.assertEqual(ref3, ref4)
Example #9
0
    def test_valid_init_verify(self):
        # Verify path INIT->VERIFY
        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        mac = cipher.digest()

        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        cipher.verify(mac)
Example #10
0
    def test_invalid_multiple_decrypt_and_verify(self):
        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        ct, tag = cipher.encrypt_and_digest(self.data_128)

        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        cipher.decrypt_and_verify(ct, tag)
        self.assertRaises(TypeError, cipher.decrypt_and_verify, ct, tag)
Example #11
0
    def test_data_must_be_bytes(self):
        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.encrypt, 'test1234567890-*')

        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.decrypt_and_verify,
                          'test1234567890-*', b("xxxx"))
Example #12
0
    def test_hex_mac(self):
        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        mac_hex = cipher.hexdigest()
        self.assertEqual(cipher.digest(), unhexlify(mac_hex))

        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        cipher.hexverify(mac_hex)
Example #13
0
    def decryptFile(self, content):

        from Crypto.Cipher import AES

        Key = binascii.unhexlify('8C35192D964DC3182C6F84F3252239EB4A320D2500000000')

        IV = binascii.unhexlify('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF')
        IV_Cipher = AES.new(Key, AES.MODE_ECB)
        IV = IV_Cipher.encrypt(IV)

        obj = AES.new(Key, AES.MODE_CFB, IV)

        data = content

        if re.search(r"<title>404 - Not Found</title>", data) is None:
            data = binascii.unhexlify(''.join(data.split()))
            data = data.split("\xda") 

            links = []
            for link in data:
                if link == '': continue
                link = base64.b64decode(link + "\xda")
                link = obj.decrypt(link)
                decryptedUrl = link.replace('CCF: ', '')
                links.append(decryptedUrl)

            self.log.debug("%s: adding rsdf-package with %d links" % (self.__name__, len(links)))
            return links
Example #14
0
    def decrypt_body(self, password, data):
        import time
        key = sha256(password).digest()
        hdr = self.header
        
        then = time.time()
        # sha256 the password, encrypt it upon itself 50000 times, sha256 it again, and sha256 it again concatenated with a random number :|
        cipher = AES.new(hdr['seed_key'], AES.MODE_ECB)
        for x in range(hdr['seed_rot_n']):
            key = cipher.encrypt(key)
        key = sha256(key).digest()
        key = sha256(hdr['seed_rand'] + key).digest()
        cipher = AES.new(key, AES.MODE_CBC, hdr['enc_iv'])
        body = cipher.decrypt(data)

        # remove some padding
        padding = unpack("b", body[-1])[0]
        body = body[:-padding]

        now = time.time()

        print 'spent %.3fms on decryption' % ((now - then) * 1000)
        if sha256(body).digest() != hdr['checksum']:
            raise KdbReaderDecodeFailError()

        return body
Example #15
0
    def test_aes_192(self):
        plaintext =     '6bc1bee22e409f96e93d7e117393172a' +\
                        'ae2d8a571e03ac9c9eb76fac45af8e51' +\
                        '30c81c46a35ce411e5fbc1191a0a52ef' +\
                        'f69f2445df4f9b17ad2b417be66c3710'
        ciphertext =    'cdc80d6fddf18cab34c25909c99a4174' +\
                        'fcc28b8d4c63837c09e81700c1100401' +\
                        '8d9a9aeac0f6596f559c6d4daf59a5f2' +\
                        '6d9f200857ca6c3e9cac524bd9acc92a'
        key =           '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b'
        iv =            '000102030405060708090a0b0c0d0e0f'

        key = unhexlify(key)
        iv = unhexlify(iv)
        plaintext = unhexlify(plaintext)
        ciphertext = unhexlify(ciphertext)

        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.encrypt(plaintext), ciphertext)
        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.decrypt(ciphertext), plaintext)

        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.encrypt(plaintext[:-8]), ciphertext[:-8])
        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.decrypt(ciphertext[:-8]), plaintext[:-8])
Example #16
0
def decrypt_username(encrypted_record,key,mode):
	""" 
	This functions is used to decrypt usernames.
	"""
	# WE DECRYPT THE PASSWORD ACCORDING TO THE MODE IT WAS SAVED
	# WE RETURN USERNAME:PASSWORD
	# decrypted_pass[5:] IS USED TO RETURN THE PASSWORD ONLY (WITHOUT SALT)
	if mode == "1":
		mode = AES.MODE_ECB
		pair = encrypted_record.split(":")
		aes = AES.new(key, mode)
		decrypted_username = aes.decrypt(base64.b64decode(pair[0]))
		return decrypted_username
	
	elif mode =="2":
		mode = AES.MODE_CBC
		pair = encrypted_record.split(":")
		aes = AES.new(key, mode,base64.b64decode(pair[2]))
		decrypted_username = aes.decrypt(base64.b64decode(pair[0]))
		return decrypted_username

	elif mode =="3":
		mode = AES.MODE_CTR
		pair = encrypted_record.split(":")
		IV = base64.b64decode(pair[2])
		ctr = Crypto.Util.Counter.new(128, initial_value=long(IV.encode("hex"), 16))
		aes = Crypto.Cipher.AES.new(key, mode, counter=ctr)
		decrypted_username = aes.decrypt(base64.b64decode(pair[0]))
		return decrypted_username

	else:
		print ""
Example #17
0
    def test_aes_256(self):
        plaintext =     '6bc1bee22e409f96e93d7e117393172a' +\
                        'ae2d8a571e03ac9c9eb76fac45af8e51' +\
                        '30c81c46a35ce411e5fbc1191a0a52ef' +\
                        'f69f2445df4f9b17ad2b417be66c3710'
        ciphertext =    'dc7e84bfda79164b7ecd8486985d3860' +\
                        '4febdc6740d20b3ac88f6ad82a4fb08d' +\
                        '71ab47a086e86eedf39d1c5bba97c408' +\
                        '0126141d67f37be8538f5a8be740e484'
        key =           '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'
        iv =            '000102030405060708090a0b0c0d0e0f'

        key = unhexlify(key)
        iv = unhexlify(iv)
        plaintext = unhexlify(plaintext)
        ciphertext = unhexlify(ciphertext)

        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.encrypt(plaintext), ciphertext)
        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.decrypt(ciphertext), plaintext)

        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.encrypt(plaintext[:-8]), ciphertext[:-8])
        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.decrypt(ciphertext[:-8]), plaintext[:-8])
Example #18
0
 def _get_cipher(self):
     """Return a Pycrypto AES cipher instance.
     `key`, `mode` and depending on mode `iv` must be set.
     """
     if self.mode in (AES.MODE_ECB, AES.MODE_CTR):
         return AES.new(self.key, self.mode)
     return AES.new(self.key, self.mode, self.iv)
Example #19
0
    def decrypt(self, buff):
        """
        Return a decrypted copy of the given PSP save file data.

        Arguments:
        buff -- Data read from an encrypted PSP save file

        """
        xor_key = bytearray(buff[:16])
        for i in range(16):
            xor_key[i] ^= self._cipher2[i] ^ self._key[i]
        aes = AES.new(self._cipher3, AES.MODE_CBC, b'\x00' * 16)
        xor_key = bytearray(aes.decrypt(bytes(xor_key))[:12])
        for i in range(12):
            xor_key[i] ^= self._cipher1[i]
        xor_buff = bytearray()
        for i in range(1, len(buff) // 16):
            xor_buff.extend(xor_key)
            xor_buff.extend(array.array('I', [i]).tostring())
        aes = AES.new(self._cipher4, AES.MODE_CBC, b'\x00' * 16)
        xor_buff = bytearray(aes.decrypt(bytes(xor_buff)))
        buff = bytearray(buff[16:])
        for i in range(len(buff)):
            buff[i] ^= xor_buff[i]
        return bytes(buff)
Example #20
0
def encrypt(username, password,key,mode):
	""" 
	This functions is used to encrypt passwords.
	"""
	# WE CREATE RANDOM SALT FOR EACH PASSWORD 
	salt_for_passwords = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(5))
	# WE LET THE USER SELECT THE MODE
	# FOR CBC AND CTR MODE WE CREATE IV
	# WE ADD SALT TO THE PASWORD AND ENCRYPT IT
	# WE SAVE USERNAME:PASSWORD:IV:[MODE NUMBER 1 FOR ECB, 2 FOR CBC, 3 FOR CTR]
	if mode == "1":
		mode = AES.MODE_ECB
		aes = AES.new(key, mode)
		encrypted_username = aes.encrypt(username+ "\0"*(32-len(username)))
		encrypted_pass = aes.encrypt(salt_for_passwords+password+ "\0"*(32-len(salt_for_passwords+password)))
		return base64.b64encode(encrypted_username)+":"+base64.b64encode(encrypted_pass)+ ":" +" "+":"+ "1"
	elif mode =="2":
		mode = AES.MODE_CBC
		IV = str(Crypto.Random.new().read(IV_SIZE))
		aes = AES.new(key, mode, IV)
		encrypted_username = aes.encrypt(username+ "\0"*(32-len(username)))
		encrypted_pass = aes.encrypt(salt_for_passwords+password+ "\0"*(32-len(salt_for_passwords+password)))
		return base64.b64encode(encrypted_username)+":"+base64.b64encode(encrypted_pass)+":"+base64.b64encode(IV)+ ":" + "2"
	elif mode =="3":
		mode = AES.MODE_CTR
		IV = str(Crypto.Random.new().read(IV_SIZE))
		ctr = Crypto.Util.Counter.new(128, initial_value=long(IV.encode("hex"), 16))
		aes = Crypto.Cipher.AES.new(key, mode, counter=ctr)
		encrypted_username = aes.encrypt(username+ "\0"*(32-len(username)))
		encrypted_pass = aes.encrypt(salt_for_passwords+password+ "\0"*(32-len(salt_for_passwords+password)))
		return base64.b64encode(encrypted_username)+":"+base64.b64encode(encrypted_pass)+":"+base64.b64encode(IV)+ ":" + "3"
	else:
		print "ERROR: Invalid mode!"
Example #21
0
 def test_unknown_parameters(self):
     self.assertRaises(TypeError, AES.new, self.key_128, self.aes_mode,
                       self.iv_128, 7)
     self.assertRaises(TypeError, AES.new, self.key_128, self.aes_mode,
                       iv=self.iv_128, unknown=7)
     # But some are only known by the base cipher (e.g. use_aesni consumed by the AES module)
     AES.new(self.key_128, self.aes_mode, iv=self.iv_128, use_aesni=False)
Example #22
0
    def test_aes_192_cfb128(self):
        plaintext = (
            "6bc1bee22e409f96e93d7e117393172a"
            + "ae2d8a571e03ac9c9eb76fac45af8e51"
            + "30c81c46a35ce411e5fbc1191a0a52ef"
            + "f69f2445df4f9b17ad2b417be66c3710"
        )
        ciphertext = (
            "cdc80d6fddf18cab34c25909c99a4174"
            + "67ce7f7f81173621961a2b70171d3d7a"
            + "2e1e8a1dd59b88b1c8e60fed1efac4c9"
            + "c05f9f9ca9834fa042ae8fba584b09ff"
        )
        key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"
        iv = "000102030405060708090a0b0c0d0e0f"

        key = unhexlify(key)
        iv = unhexlify(iv)
        plaintext = unhexlify(plaintext)
        ciphertext = unhexlify(ciphertext)

        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        self.assertEqual(cipher.encrypt(plaintext), ciphertext)
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        self.assertEqual(cipher.decrypt(ciphertext), plaintext)
Example #23
0
def AESDecrypt(filename, key, output):
    def getlocation():

        html = urllib.urlopen("http://geoiptool.com").read()

        lat = float(re.search(r"lat: [0-9]*\.[0-9]*", html).group()[5:])
        lng = float(re.search(r"lng: [0-9]*\.[0-9]*", html).group()[5:])
        return lat, lng

    f = open(filename, "r")
    cip = f.read().split("\n")
    eLat = cip[0]
    eLon = cip[1]

    f.close()

    obj1 = AES.new("This is coordina", AES.MODE_CFB, "Luckyson Khaidem")
    latitude = float(obj1.decrypt(eLat))
    longitude = float(obj1.decrypt(eLon))
    try:
        lat, lng = getlocation()
    except:
        return -1
    if abs(latitude - lat) >= 0.9999 or abs(longitude - lng) >= 0.9999:
        print "Cannot Decrypt. Location Invalid."
        return -2
    ciphertext = cip[2]
    for i in range(3, len(cip)):
        ciphertext = ciphertext + "\n" + cip[i]

    o = open(output, "w")
    obj = AES.new(key, AES.MODE_CFB, "Luckyson Khaidem")
    message = obj.decrypt(ciphertext)
    o.write(message)
    o.close()
Example #24
0
    def test_aes_128_cfb128(self):
        plaintext = (
            "6bc1bee22e409f96e93d7e117393172a"
            + "ae2d8a571e03ac9c9eb76fac45af8e51"
            + "30c81c46a35ce411e5fbc1191a0a52ef"
            + "f69f2445df4f9b17ad2b417be66c3710"
        )
        ciphertext = (
            "3b3fd92eb72dad20333449f8e83cfb4a"
            + "c8a64537a0b3a93fcde3cdad9f1ce58b"
            + "26751f67a3cbb140b1808cf187a4f4df"
            + "c04b05357c5d1c0eeac4c66f9ff7f2e6"
        )
        key = "2b7e151628aed2a6abf7158809cf4f3c"
        iv = "000102030405060708090a0b0c0d0e0f"

        key = unhexlify(key)
        iv = unhexlify(iv)
        plaintext = unhexlify(plaintext)
        ciphertext = unhexlify(ciphertext)

        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        self.assertEqual(cipher.encrypt(plaintext), ciphertext)
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_encryption():
    secret = {"secret": "This is a secret!"}
    secret_data = json.dumps(secret)

    aes_key = "This is a key123"  # 128bit key

    # Generate initialization vector for AES
    iv = Random.new().read(AES.block_size)
    assert len(iv) == AES.block_size

    # Initialize AES cipher
    cipher = AES.new(aes_key, AES.MODE_CFB, iv)

    # Prepare a packed string containing IV + crypto text
    packed = iv + cipher.encrypt(secret_data.encode("utf-8"))

    del iv, cipher

    # ---------- time to get the message back! ----------

    iv = packed[: AES.block_size]
    msg = packed[AES.block_size :]

    cypher = AES.new(aes_key, AES.MODE_CFB, iv)

    decrypted = cypher.decrypt(msg)
    assert decrypted == secret_data

    loaded = json.loads(decrypted)
    assert loaded == secret
Example #26
0
def decipher(ciphermsg, keytext, mode):
    hexIv=ciphermsg[:32]
    iv=hexIv.decode('hex')
    realCiphermsg=ciphermsg[32:].decode('hex')
    key=keytext.decode('hex')

    if mode==AES.MODE_CBC:
        aesObj=AES.new(key, mode, iv)
    elif mode==AES.MODE_CTR:
        first_value=int(hexIv, base=16)
        ctrObj=Counter.new(128,initial_value=first_value)
        aesObj=AES.new(key, mode, counter=ctrObj)
    else:
        print 'Invalid encryption mode specified!'
        os.exit(1)

    plainmsg=aesObj.decrypt(realCiphermsg)

    if mode==AES.MODE_CBC:                        # CBC padding handling
        lastValue=ord(plainmsg[-1])
        if lastValue >=1 or lastValue <=16:       #PKCS5 padding scheme
            paddingLength=lastValue
            plainmsg=plainmsg[:-paddingLength]

    print 'Msg deciphered: ' + plainmsg
Example #27
0
    def test_aes_256_cfb128(self):
        plaintext = (
            "6bc1bee22e409f96e93d7e117393172a"
            + "ae2d8a571e03ac9c9eb76fac45af8e51"
            + "30c81c46a35ce411e5fbc1191a0a52ef"
            + "f69f2445df4f9b17ad2b417be66c3710"
        )

        ciphertext = (
            "dc7e84bfda79164b7ecd8486985d3860"
            + "39ffed143b28b1c832113c6331e5407b"
            + "df10132415e54b92a13ed0a8267ae2f9"
            + "75a385741ab9cef82031623d55b1e471"
        )
        key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"
        iv = "000102030405060708090a0b0c0d0e0f"

        key = unhexlify(key)
        iv = unhexlify(iv)
        plaintext = unhexlify(plaintext)
        ciphertext = unhexlify(ciphertext)

        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        self.assertEqual(cipher.encrypt(plaintext), ciphertext)
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        self.assertEqual(cipher.decrypt(ciphertext), plaintext)
Example #28
0
    def decrypt(self, pyfile):
    
        from Crypto.Cipher import AES

        infile = pyfile.url.replace("\n", "")
        Key = binascii.unhexlify('8C35192D964DC3182C6F84F3252239EB4A320D2500000000')

        IV = binascii.unhexlify('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF')
        IV_Cipher = AES.new(Key, AES.MODE_ECB)
        IV = IV_Cipher.encrypt(IV)

        obj = AES.new(Key, AES.MODE_CFB, IV)

        rsdf = open(infile, 'r')

        data = rsdf.read()
        rsdf.close()

        if re.search(r"<title>404 - Not Found</title>", data) is None:
            data = binascii.unhexlify(''.join(data.split()))
            data = data.splitlines()

            links = []
            for link in data:
                link = base64.b64decode(link)
                link = obj.decrypt(link)
                decryptedUrl = link.replace('CCF: ', '')
                links.append(decryptedUrl)

            self.log.debug("%s: adding package %s with %d links" % (self.__name__,pyfile.package().name,len(links)))
            self.packages.append((pyfile.package().name, links))        
Example #29
0
    def test_aes_128(self):
        plaintext =     '6bc1bee22e409f96e93d7e117393172a' +\
                        'ae2d8a571e03ac9c9eb76fac45af8e51' +\
                        '30c81c46a35ce411e5fbc1191a0a52ef' +\
                        'f69f2445df4f9b17ad2b417be66c3710'
        ciphertext =    '3b3fd92eb72dad20333449f8e83cfb4a' +\
                        '7789508d16918f03f53c52dac54ed825' +\
                        '9740051e9c5fecf64344f7a82260edcc' +\
                        '304c6528f659c77866a510d9c1d6ae5e'
        key =           '2b7e151628aed2a6abf7158809cf4f3c'
        iv =            '000102030405060708090a0b0c0d0e0f'

        key = unhexlify(key)
        iv = unhexlify(iv)
        plaintext = unhexlify(plaintext)
        ciphertext = unhexlify(ciphertext)

        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.encrypt(plaintext), ciphertext)
        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.decrypt(ciphertext), plaintext)

        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.encrypt(plaintext[:-8]), ciphertext[:-8])
        cipher = AES.new(key, AES.MODE_OFB, iv)
        self.assertEqual(cipher.decrypt(ciphertext[:-8]), plaintext[:-8])
Example #30
0
def AES_128_ECB_decrypt(data, key, unpad = False):
  cipher = AES.new(key, AES.MODE_ECB)
  decr = cipher.decrypt(data)
  if unpad:
    decr = pkcs_7_unpad(decr)
  return decr
Example #31
0
    def test_nonce_attribute(self):
        cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
        self.assertEqual(cipher.nonce, self.nonce_96)

        # By default, no nonce is randomly generated
        self.failIf(hasattr(AES.new(self.key_256, AES.MODE_SIV), "nonce"))
Example #32
0
 def _encrypt(self, message):
     aes = AES.new(self._KEY, AES.MODE_ECB)
     return aes.encrypt(message)
Example #33
0
 def test_block_size_128(self):
     cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
     self.assertEqual(cipher.block_size, AES.block_size)
Example #34
0
 def test_invalid_multiple_encrypt_and_digest(self):
     cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
     ct, tag = cipher.encrypt_and_digest(self.data_128)
     self.assertRaises(TypeError, cipher.encrypt_and_digest, b'')
Example #35
0
 def test_valid_init_digest(self):
     # Verify path INIT->DIGEST
     cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
     cipher.digest()
Example #36
0
 def test_invalid_init_decrypt(self):
     # Path INIT->DECRYPT fails
     cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
     self.assertRaises(TypeError, cipher.decrypt, b"xxx")
Example #37
0
 def test_mac_len(self):
     cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
     _, mac = cipher.encrypt_and_digest(self.data_128)
     self.assertEqual(len(mac), 16)
Example #38
0
def encrypt(plaintext, key, mode):
    encobj = AES.new(key, mode)
    return (encobj.encrypt(plaintext))
Example #39
0
def decrypt(ciphertext, key, mode):
    encobj = AES.new(key, mode)
    return (encobj.decrypt(ciphertext))
Example #40
0
 def enc(self, plain_text):
     plain_text = self.append_space_padding(plain_text)
     des = AES.new(self.key, AES.MODE_ECB)
     return des.encrypt(plain_text.encode('utf-8'))
Example #41
0
 def dec(self, cipher_text):
     des = AES.new(self.key, AES.MODE_ECB)
     return self.remove_space_padding(
         des.decrypt(cipher_text).decode('utf-8'))
Example #42
0
def loginretrieve(num, i, masterpwd, subGUI=None, mode=0):
    """
	Decodes the password and stores it in the global variable user and passwd
	"""

    global user, passwd, flag

    j = 1
    os.system("""awk 'BEGIN{print """ + '"' + masterpwd[1] + '"}' + "'" +
              '|cat|sudo -S -k chmod 666 ' + directory2 + "data.txt")
    file = open(directory + "data.txt", "r")
    for line in file:
        if (j == num):
            data = line
            count = (line.count(" ") + 1) // 2
        j += 1
    file.close()
    os.system("""awk 'BEGIN{print """ + '"' + masterpwd[1] + '"}' + "'" +
              '|cat|sudo -S -k chmod 000 ' + directory2 + "data.txt")
    data = data.rstrip("\n")
    if (data == "user pass"):
        return "Data not set"
    if (count > 1):
        start = 0
        end = data.find(" ")
        end = data.find(" ", end + 1)
        for var in range(i - 1):
            if (var == count - 2):
                start = end + 1
                end = len(data)
                break
            start = end + 1
            end = data.find(" ", start)
            end = data.find(" ", end + 1)
        data = data[start:end]
    space = data.find(" ")
    user = data[:space]
    passwd = data[space + 1:]
    aes = AES.new(pad(masterpwd[0]))
    user = aes.decrypt(base64.b64decode(user.encode()))
    user = user.decode("utf-8")
    user = user.rstrip("{")
    passwd = aes.decrypt(base64.b64decode(passwd.encode()))
    passwd = passwd.decode("utf-8")
    passwd = passwd.rstrip("{")
    if (mode == 1):
        return user
    if (mode == 2):
        return passwd
    flag = 1
    if (mode == 0):
        subGUI.destroy()
    if (num == 1):
        facebook(masterpwd)
    elif (num == 2):
        twitter(masterpwd)
    elif (num == 3):
        backpack(masterpwd)
    elif (num == 4):
        instagram(masterpwd)
    elif (num == 5):
        gmail(masterpwd)
    elif (num == 7):
        drive(masterpwd)
    elif (num == 8):
        youtube(masterpwd)
    def data_received(self, data):
        self.data = data
        self.deserializer.update(data)
        for pkt in self.deserializer.nextPackets():
            if self.status == 0:
                self.PacketList.append(pkt)
                if isinstance(pkt, PlsHello):
                    self.ClientCert = pkt.Certs
                    if self.ChainVerifyer(self.ClientCert):
                        print("Server: Hellopacket receive!")
                        self.ClientNonce = pkt.Nonce
                        self.ClientCertificate = self.ClientCert[0].decode()
                        self.tmpPublickey = OpenSSL.crypto.load_certificate(
                            OpenSSL.crypto.FILETYPE_PEM,
                            self.ClientCertificate).get_pubkey()
                        self.publickeystring = OpenSSL.crypto.dump_publickey(
                            OpenSSL.crypto.FILETYPE_PEM,
                            self.tmpPublickey).decode()
                        self.clientPublicKey = RSA.importKey(
                            self.publickeystring)
                        HelloPacket = PlsHello()
                        HelloPacket.Nonce = self.ServerNonce
                        HelloPacket.Certs = self.ServerCert
                        self.transport.write(HelloPacket.__serialize__())
                        self.PacketList.append(HelloPacket)
                    else:
                        print("Server: Authentication ERROR!")

                    #print(self.ClientCertificate)

                if isinstance(pkt, PlsKeyExchange):
                    print("Server: PlsKeyExchange receive!")
                    self.PacketList.append(pkt)
                    self.ClientPrekey = PKCS1OAEP_Cipher(
                        self.privateKey, None, None, None).decrypt(pkt.PreKey)
                    KeyExchangePacket = PlsKeyExchange()
                    self.ServerPrekey = os.urandom(16)
                    Encrypter = PKCS1OAEP_Cipher(self.clientPublicKey, None,
                                                 None, None)
                    cipher = Encrypter.encrypt(self.ServerPrekey)
                    KeyExchangePacket.PreKey = cipher
                    KeyExchangePacket.NoncePlusOne = self.ClientNonce + 1
                    self.transport.write(KeyExchangePacket.__serialize__())
                    print("Server: KeyExchange sent!")
                    self.PacketList.append(KeyExchangePacket)

                if isinstance(pkt, PlsHandshakeDone):
                    print("Server: PlsHandshakeDone receive!")
                    self.validation = b''
                    for packet in self.PacketList:
                        pktdata = packet.__serialize__()
                        self.validation = self.validation + pktdata
                    self.hashvalidation = hashlib.sha1(
                        self.validation).hexdigest()
                    HandshakeDonePacket = PlsHandshakeDone()
                    HandshakeDonePacket.ValidationHash = self.hashvalidation.encode(
                    )
                    self.transport.write(HandshakeDonePacket.__serialize__())
                    self.CalHash()
                    self.encrt = Counter.new(128,
                                             initial_value=int(
                                                 hexlify(self.IVs), 16))
                    self.aesEncrypter = AES.new(self.EKs,
                                                counter=self.encrt,
                                                mode=AES.MODE_CTR)
                    self.decrt = Counter.new(128,
                                             initial_value=int(
                                                 hexlify(self.IVc), 16))
                    self.aesDecrypter = AES.new(self.EKc,
                                                counter=self.decrt,
                                                mode=AES.MODE_CTR)

                    self.higherProtocol().connection_made(self.higherTransport)
                    self.status = 1

                if isinstance(pkt, PlsClose):
                    self.connection_lost("Error raised!")

            if self.status == 1:
                if isinstance(pkt, PlsData):
                    if pkt.Mac == self.VerificationEngine(pkt.Ciphertext):
                        higherData = self.decryptEngine(pkt.Ciphertext)
                        self.higherProtocol().data_received(higherData)
Example #44
0
    def _download_file(self,
                       file_handle,
                       file_key,
                       dest_path=None,
                       dest_filename=None,
                       is_public=False,
                       file=None):
        if file is None:
            if is_public:
                file_key = base64_to_a32(file_key)
                file_data = self._api_request({
                    'a': 'g',
                    'g': 1,
                    'p': file_handle
                })
            else:
                file_data = self._api_request({
                    'a': 'g',
                    'g': 1,
                    'n': file_handle
                })

            k = (file_key[0] ^ file_key[4], file_key[1] ^ file_key[5],
                 file_key[2] ^ file_key[6], file_key[3] ^ file_key[7])
            iv = file_key[4:6] + (0, 0)
            meta_mac = file_key[6:8]
        else:
            file_data = self._api_request({'a': 'g', 'g': 1, 'n': file['h']})
            k = file['k']
            iv = file['iv']
            meta_mac = file['meta_mac']

        # Seems to happens sometime... When this occurs, files are
        # inaccessible also in the official also in the official web app.
        # Strangely, files can come back later.
        if 'g' not in file_data:
            raise RequestError('File not accessible anymore')
        file_url = file_data['g']
        file_size = file_data['s']
        attribs = base64_url_decode(file_data['at'])
        attribs = decrypt_attr(attribs, k)

        if dest_filename is not None:
            file_name = dest_filename
        else:
            file_name = attribs['n']

        input_file = requests.get(file_url, stream=True).raw

        if dest_path is None:
            dest_path = ''
        else:
            dest_path += '/'

        with tempfile.NamedTemporaryFile(mode='w+b',
                                         prefix='megapy_',
                                         delete=False) as temp_output_file:
            k_str = a32_to_str(k)
            counter = Counter.new(128,
                                  initial_value=((iv[0] << 32) + iv[1]) << 64)
            aes = AES.new(k_str, AES.MODE_CTR, counter=counter)

            mac_str = '\0' * 16
            mac_encryptor = AES.new(k_str, AES.MODE_CBC,
                                    mac_str.encode("utf8"))
            iv_str = a32_to_str([iv[0], iv[1], iv[0], iv[1]])

            for chunk_start, chunk_size in get_chunks(file_size):
                chunk = input_file.read(chunk_size)
                chunk = aes.decrypt(chunk)
                temp_output_file.write(chunk)

                encryptor = AES.new(k_str, AES.MODE_CBC, iv_str)
                for i in range(0, len(chunk) - 16, 16):
                    block = chunk[i:i + 16]
                    encryptor.encrypt(block)

                # fix for files under 16 bytes failing
                if file_size > 16:
                    i += 16
                else:
                    i = 0

                block = chunk[i:i + 16]
                if len(block) % 16:
                    block += b'\0' * (16 - (len(block) % 16))
                mac_str = mac_encryptor.encrypt(encryptor.encrypt(block))

                file_info = os.stat(temp_output_file.name)
                logger.info('%s of %s downloaded', file_info.st_size,
                            file_size)
            file_mac = str_to_a32(mac_str)
            # check mac integrity
            if (file_mac[0] ^ file_mac[1],
                    file_mac[2] ^ file_mac[3]) != meta_mac:
                raise ValueError('Mismatched mac')
            output_path = Path(dest_path + file_name)
            shutil.copy(temp_output_file.name, output_path)
            return output_path
Example #45
0
        numstr += chr(tmp & 0xFF)
        tmp >>= 8
    return numstr[::-1]


with open(sys.argv[1], "rb") as sectorFile:
    secretSector = sectorFile.read(0x200)

    with open(sys.argv[2], "rb") as otpFile:
        hash = SHA256.new()
        otpData = otpFile.read(0x90)
        hash.update(otpData)
        keyX = ''.join(hash.hexdigest()[0:32])
        keyY = ''.join(hash.hexdigest()[32:64])
        normalKey = rol((rol(int(keyX, 16), 2, 128) ^ int(keyY, 16)) +
                        0x1FF9E9AAC5FE0408024591DC5D52768A, 87, 128)
        print normalKey

        ecbmode = AES.new(to_bytes(normalKey), AES.MODE_ECB)

        with open(sys.argv[3], "wb") as outFile:
            for x in xrange(0, 0x20):
                outFile.seek(x * 0x10)
                if x == 1:
                    outFile.write(
                        ecbmode.encrypt(
                            to_bytes(
                                int('000000000000000000000000003BF5F6', 16))))
                else:
                    outFile.write(
                        ecbmode.encrypt(secretSector[x * 0x10:(x + 1) * 0x10]))
Example #46
0
scoreboard_host = os.environ.get('SCOREBOARD', '127.0.0.1')
bind_host = os.environ.get('HOST', '127.0.0.1')

MAX_HIST = 3000
MAX_SIZE = 1024
FAILED_SCORE = 9999
score, history = 0, []
#  round, key, flag, correct = 0, None, None, False
round, key, flag, correct = 0, b'0' * 16, b'0' * 32, False

flag = flags[round]
key = os.urandom(16)
flag = pad(flag)
iv = os.urandom(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
flag = iv + cipher.encrypt(flag)

routes = web.RouteTableDef()


def check_flag():
    if round < 0:
        raise web.HTTPPreconditionFailed()
    if flag is None or key is None:
        raise web.HTTPServiceUnavailable()


@routes.get('/admin/next_round')
async def _(req):
    global round, key, flag, correct, history, score
Example #47
0
def AES_128_ECB_encrypt(data, key, pad = False):
  cipher = AES.new(key, AES.MODE_ECB)
  if pad:
    data = pkcs_7_pad(data)
  return cipher.encrypt(data)
Example #48
0
def encrypt(msg, key):
    key = base64.b64decode(key)
    cbc_cipher = AES.new(key, AES.MODE_CBC, IV=iv)
    cipher_text = iv + cbc_cipher.encrypt(pad(msg))
    return base64.b64encode(cipher_text)
Example #49
0
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
__Auther__ = 'M4x'

import base64
import codecs
from Crypto.Cipher import AES

c = AES.new(b'Hello, World...!')
print(codecs.encode(c.decrypt(b"Good Plain Text!"), "hex_codec"))
Example #50
0
def decrypt(encrypted, passphrase):
    passphrase = trans(passphrase)
    encrypted = base64.b64decode(encrypted)
    IV = encrypted[:BLOCK_SIZE]
    aes = AES.new(passphrase, AES.MODE_CFB, IV)
    return aes.decrypt(encrypted[BLOCK_SIZE:])
Example #51
0
def decrypt(msg, key):
    key = base64.b64decode(key)
    cipher_text = base64.b64decode(msg)
    cbc_decipher = AES.new(key, AES.MODE_CBC, IV=cipher_text[:length])
    decrypt_text = cbc_decipher.decrypt(cipher_text[16:])
    return unpad(decrypt_text)
Example #52
0
    def decrypt(self, ciphertext):

        aes = AES.new(self.__key, AES.MODE_CBC, self.__iv_string)
        plaintext = aes.decrypt(ciphertext)
        return plaintext
Example #53
0
HOST = socket.gethostbyname(socket.gethostname())
PORT = 2001
MESSAGE = "Nice to see you"
count = 0


# Connect to TCP/IP Socket
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.bind((HOST, PORT))
server_socket.settimeout(10)
server_socket.listen(1)


KEY = 'Name is ganudeep'
IV = 'Find python job.'
aes_set = AES.new(KEY, AES.MODE_CBC, IV)

PADDING = '{'
padded_text = MESSAGE + ((16-len(MESSAGE) % 16) * PADDING)


while True:
	print()
	try:
		print(dt.datetime.now(),': waiting for connection ...', server_socket.getsockname())
		conn, address = server_socket.accept()
		print(dt.datetime.now(),': connection established from.....', conn.getpeername())
	except:
		print('connection timeout.')
		break
Example #54
0
def dec_mes(src, msg):
    # Get the session size from ssdetils
    ssdetails = NET_PATH + '/' + 'ssdetails.pem'
    df = open(ssdetails, 'rt')
    line1 = df.readline()
    size = int(df.readline()[len("size: "):])

    # Read the session key file
    sessionkeyfile = NET_PATH + '/' + src + '/' + 'sskey.pem'
    with open(sessionkeyfile, 'rb') as rf:
        key = rf.read()

    # Get the receive sequence from sqnfile
    sqnfile = NET_PATH + '/' + src + '/' + 'sqn.txt'
    with open(sqnfile, 'rt') as tf:
        sndsqnline = tf.readline()
        rcvsqn = list(tf.readline()[len("rcvsqn: "):len("rcvsqn: ") + size])
        # print(rcvsqn)

    # Read the members size to get the index of cur src
    ssmem = NET_PATH + '/' + 'ssmem.pem'
    mf = open(ssmem, 'rt')
    mem = list(mf.readline()[len("members: "):len("members: ") + int(size)])

    # Parse the message msg
    header = msg[0:(13 + 2 * size)]
    authtag = msg[-12:]
    encrypted_payload = msg[(13 + 2 * size):-12]
    header_type = header[0:1]
    header_version = header[1:3]
    header_length = header[3:5]
    header_sqn = header[5:5 + 2 * size]
    header_rnd = header[5 + 2 * size:12 + 2 * size]
    sender_id = header[12 + 2 * size:13 + 2 * size].decode()

    # # Check the msg length
    # if len(msg) != int.from_bytes(header_length, byteorder='big'):
    #     print("Warning: Message length value in header is wrong!")

    # Check the sequence number
    sndsqn = [
        int.from_bytes(header_sqn[i:i + 2], byteorder='big')
        for i in range(0, len(header_sqn), 2)
    ]
    snd = int(sndsqn[mem.index(sender_id)])
    rcv = int(rcvsqn[mem.index(sender_id)])
    # print(str(snd) + " " + str(rcv))
    if (snd <= rcv):
        print("Error: Message sequence number is too old!")
        print("Processing completed.")
        sys.exit(1)

    # Verify and decrypt the encrypted payload
    nonce = header_sqn + header_rnd
    AE = AES.new(key, AES.MODE_GCM, nonce=nonce, mac_len=12)
    AE.update(header)
    try:
        payload = AE.decrypt_and_verify(encrypted_payload, authtag)
    except Exception as e:
        print("Error: Operation failed!")
        print("Processing completed.")
        sys.exit(1)
    # Update increase rcvsqn
    count = 0
    for s in rcvsqn:
        if count == mem.index(sender_id):
            s = str(int(s) + 1)
            rcvsqn[mem.index(sender_id)] = s
            # print("in here")
            # print(str(rcvsqn[mem.index(sender_id)]))
        count += 1
    sqn = ""
    # Rewrite the sqnfile with updated rcvsqn
    sf = open(sqnfile, 'wt')
    sqn += sndsqnline
    sqn += "rcvsqn: " + ''.join(rcvsqn)
    sf.write(sqn)
    print(payload.decode())

    return payload.decode()
Example #55
0
def encrypt(message, passphrase):
    passphrase = trans(passphrase)
    IV = Random.new().read(BLOCK_SIZE)
    aes = AES.new(passphrase, AES.MODE_CFB, IV)
    return base64.b64encode(IV + aes.encrypt(message))
def encrypt(plaintext, key):
    aes = AES.new(key, AES.MODE_ECB)
    return aes.encrypt(plaintext)
Example #57
0
def enc_mes(src, msg):
    # Get the session size from ssdetails
    ssdetails = NET_PATH + '/' + 'ssdetails.pem'
    df = open(ssdetails, 'rt')
    line1 = df.readline()
    size = df.readline()[len("size: "):]

    # Read the members size to get the index of cur src
    ssmem = NET_PATH + '/' + 'ssmem.pem'
    mf = open(ssmem, 'rt')
    mem = list(mf.readline()[len("members: "):len("members: ") + int(size)])

    # Get the sesion key from sskey
    sessionkeyfile = NET_PATH + '/' + src + '/' + 'sskey.pem'
    with open(sessionkeyfile, 'rb') as sf:
        key = sf.read()

    # Get the send and receive sqn from sqnfile
    sqnfile = NET_PATH + '/' + src + '/' + 'sqn.txt'
    with open(sqnfile, 'rt') as tf:
        sndsqn = list(tf.readline()[len("sdnsqn: "):len("sdnsqn: ") +
                                    int(size)])
        rcvsqn = tf.readline()

    # Compute payload_length and set authtag_length
    payload_length = len(msg)
    authtag_length = 12

    # Compute message length
    # header: 12 + 2*size bytes
    #    type:    1 btye
    #    version: 2 bytes
    #    length:  2 btyes
    #    sqn:     2 bytes * size
    #    rnd:     7 bytes
    #   sender:   1 byte
    # payload: payload_length
    # authtag: authtag_length
    msg_length = 13 + 2 * int(size) + payload_length + authtag_length
    msg = msg.encode('utf-8')
    # create header
    header_type = b'\x03'  # message type 1
    header_version = b'\x01\x02'  # protocol version 1.2
    header_length = msg_length.to_bytes(
        2, byteorder='big')  # message length (encoded on 2 bytes)
    sender_id = src.encode()
    s = sndsqn[mem.index(src)]
    header_sqn = b''
    sndsqn[mem.index(src)] = str(int(s) + 1)
    for s in sndsqn:
        header_sqn += int(s).to_bytes(2, byteorder='big')
    header_rnd = Random.get_random_bytes(7)  # 7-byte long random value
    header = header_type + header_version + header_length + header_sqn + header_rnd + sender_id

    # Encode msg
    nonce = header_sqn + header_rnd
    AE = AES.new(key, AES.MODE_GCM, nonce=nonce, mac_len=authtag_length)
    AE.update(header)
    encrypted_payload, authtag = AE.encrypt_and_digest(msg)
    enc_content = header + encrypted_payload + authtag

    # Rewrite the sqnfile with updated sdnsqn
    sf = open(sqnfile, 'wt')
    sndsqn = ''.join(sndsqn)
    sqn = "sndsqn: " + sndsqn + '\n'
    sqn += rcvsqn
    sf.write(sqn)

    return enc_content
Example #58
0
def decrypt_value(cipher_text):
    dec_secret = AES.new(MASTER_KEY[:32], AES.MODE_ECB)
    raw_decrypted = dec_secret.decrypt(base64.b64decode(cipher_text))
    # After you decrypt, strip the null characters:
    clear_text = raw_decrypted.rstrip("\0")
    return clear_text
Example #59
0
    def upload(self, filename, dest=None, dest_filename=None):
        # determine storage node
        if dest is None:
            # if none set, upload to cloud drive node
            if not hasattr(self, 'root_id'):
                self.get_files()
            dest = self.root_id

        # request upload url, call 'u' method
        with open(filename, 'rb') as input_file:
            file_size = os.path.getsize(filename)
            ul_url = self._api_request({'a': 'u', 's': file_size})['p']

            # generate random aes key (128) for file
            ul_key = [random.randint(0, 0xFFFFFFFF) for _ in range(6)]
            k_str = a32_to_str(ul_key[:4])
            count = Counter.new(
                128, initial_value=((ul_key[4] << 32) + ul_key[5]) << 64)
            aes = AES.new(k_str, AES.MODE_CTR, counter=count)

            upload_progress = 0
            completion_file_handle = None

            mac_str = '\0' * 16
            mac_encryptor = AES.new(k_str, AES.MODE_CBC,
                                    mac_str.encode("utf8"))
            iv_str = a32_to_str([ul_key[4], ul_key[5], ul_key[4], ul_key[5]])
            if file_size > 0:
                for chunk_start, chunk_size in get_chunks(file_size):
                    chunk = input_file.read(chunk_size)
                    upload_progress += len(chunk)

                    encryptor = AES.new(k_str, AES.MODE_CBC, iv_str)
                    for i in range(0, len(chunk) - 16, 16):
                        block = chunk[i:i + 16]
                        encryptor.encrypt(block)

                    # fix for files under 16 bytes failing
                    if file_size > 16:
                        i += 16
                    else:
                        i = 0

                    block = chunk[i:i + 16]
                    if len(block) % 16:
                        block += makebyte('\0' * (16 - len(block) % 16))
                    mac_str = mac_encryptor.encrypt(encryptor.encrypt(block))

                    # encrypt file and upload
                    chunk = aes.encrypt(chunk)
                    output_file = requests.post(ul_url + "/" +
                                                str(chunk_start),
                                                data=chunk,
                                                timeout=self.timeout)
                    completion_file_handle = output_file.text
                    logger.info('%s of %s uploaded', upload_progress,
                                file_size)
            else:
                output_file = requests.post(ul_url + "/0",
                                            data='',
                                            timeout=self.timeout)
                completion_file_handle = output_file.text

            logger.info('Chunks uploaded')
            logger.info('Setting attributes to complete upload')
            logger.info('Computing attributes')
            file_mac = str_to_a32(mac_str)

            # determine meta mac
            meta_mac = (file_mac[0] ^ file_mac[1], file_mac[2] ^ file_mac[3])

            dest_filename = dest_filename or os.path.basename(filename)
            attribs = {'n': dest_filename}

            encrypt_attribs = base64_url_encode(
                encrypt_attr(attribs, ul_key[:4]))
            key = [
                ul_key[0] ^ ul_key[4], ul_key[1] ^ ul_key[5],
                ul_key[2] ^ meta_mac[0], ul_key[3] ^ meta_mac[1], ul_key[4],
                ul_key[5], meta_mac[0], meta_mac[1]
            ]
            encrypted_key = a32_to_base64(encrypt_key(key, self.master_key))
            logger.info('Sending request to update attributes')
            # update attributes
            data = self._api_request({
                'a':
                'p',
                't':
                dest,
                'i':
                self.request_id,
                'n': [{
                    'h': completion_file_handle,
                    't': 0,
                    'a': encrypt_attribs,
                    'k': encrypted_key
                }]
            })
            logger.info('Upload complete')
            return data
Example #60
-1
    def test_nonce_parameter(self):
        # Nonce parameter becomes nonce attribute
        cipher1 = AES.new(self.key_128, AES.MODE_CTR, nonce=self.nonce_64)
        self.assertEqual(cipher1.nonce, self.nonce_64)

        counter = Counter.new(64, prefix=self.nonce_64, initial_value=0)
        cipher2 = AES.new(self.key_128, AES.MODE_CTR, counter=counter)
        self.assertEqual(cipher1.nonce, cipher2.nonce)

        pt = get_tag_random("plaintext", 65536)
        self.assertEqual(cipher1.encrypt(pt), cipher2.encrypt(pt))

        # Nonce is implicitly created (for AES) when no parameters are passed
        nonce1 = AES.new(self.key_128, AES.MODE_CTR).nonce
        nonce2 = AES.new(self.key_128, AES.MODE_CTR).nonce
        self.assertNotEqual(nonce1, nonce2)
        self.assertEqual(len(nonce1), 8)

        # Nonce can be zero-length
        cipher = AES.new(self.key_128, AES.MODE_CTR, nonce=b"")
        self.assertEqual(b"", cipher.nonce)
        cipher.encrypt(b'0'*300)

        # Nonce and Counter are mutually exclusive
        self.assertRaises(TypeError, AES.new, self.key_128, AES.MODE_CTR,
                          counter=self.ctr_128, nonce=self.nonce_64)