def runTest(self): key = b"0" * 16 data = b"\x00\x01\x02" def get_mv_ro(data): return memoryview(data) def get_mv_rw(data): return memoryview(bytearray(data)) for get_mv in (get_mv_ro, get_mv_rw): # Data and key can be a memoryview (during initialization) key_mv = get_mv(key) data_mv = get_mv(data) h1 = CMAC.new(key, data, ciphermod=AES) h2 = CMAC.new(key_mv, data_mv, ciphermod=AES) if not data_mv.readonly: key_mv[:1] = b'\xFF' data_mv[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest()) # Data can be a memoryview (during operation) data_mv = get_mv(data) h1 = CMAC.new(key, ciphermod=AES) h2 = CMAC.new(key, ciphermod=AES) h1.update(data) h2.update(data_mv) if not data_mv.readonly: data_mv[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest())
def runTest(self): key = b"0" * 16 data = b"\x00\x01\x02" # Data and key can be a bytearray (during initialization) key_ba = bytearray(key) data_ba = bytearray(data) h1 = CMAC.new(key, data, ciphermod=AES) h2 = CMAC.new(key_ba, data_ba, ciphermod=AES) key_ba[:1] = b'\xFF' data_ba[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest()) # Data can be a bytearray (during operation) key_ba = bytearray(key) data_ba = bytearray(data) h1 = CMAC.new(key, ciphermod=AES) h2 = CMAC.new(key, ciphermod=AES) h1.update(data) h2.update(data_ba) data_ba[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest())
def runTest(self): data_to_mac = get_tag_random("data_to_mac", 128) key = get_tag_random("key", 16) ref_mac = CMAC.new(key, msg=data_to_mac, ciphermod=AES).digest() # Break up in chunks of different length # The result must always be the same for chunk_length in 1, 2, 3, 7, 10, 13, 16, 40, 80, 128: chunks = [data_to_mac[i : i + chunk_length] for i in range(0, len(data_to_mac), chunk_length)] mac = CMAC.new(key, ciphermod=AES) for chunk in chunks: mac.update(chunk) self.assertEqual(ref_mac, mac.digest())
def _start_eax(self, factory, key, *args, **kwargs): self.nonce = _getParameter('nonce', 1, args, kwargs) if not self.nonce: raise TypeError("MODE_EAX requires a nonce") # Allowed transitions after initialization self._next = [self.update, self.encrypt, self.decrypt, self.digest, self.verify] self._mac_len = kwargs.get('mac_len', self.block_size) if not (self._mac_len and 4 <= self._mac_len <= self.block_size): raise ValueError("Parameter 'mac_len' must not be larger than %d" % self.block_size) self._omac = [ CMAC.new(key, bchr(0) * (self.block_size - 1) + bchr(i), ciphermod=factory) for i in xrange(0, 3) ] # Compute MAC of nonce self._omac[0].update(self.nonce) self._cipherMAC = self._omac[1] # MAC of the nonce is also the initial counter for CTR encryption counter_int = bytes_to_long(self._omac[0].digest()) counter_obj = Crypto.Util.Counter.new( self.block_size * 8, initial_value=counter_int, allow_wraparound=True) self._cipher = factory.new(key, MODE_CTR, counter=counter_obj)
def update(self, item): """Pass the next component of the vector. The maximum number of components you can pass is equal to the block length of the cipher (in bits) minus 1. :Parameters: item : byte string The next component of the vector. :Raise TypeError: when the limit on the number of components has been reached. :Raise ValueError: when the component is empty """ if not item: raise ValueError("A component cannot be empty") if self._n_updates==0: raise TypeError("Too many components passed to S2V") self._n_updates -= 1 mac = CMAC.new(self._key, msg=self._last_string, ciphermod=self._ciphermod, cipher_params=self._cipher_params) self._cache = strxor(self._double(self._cache), mac.digest()) self._last_string = item
def test_update_after_digest(self): msg = b"rrrrttt" key = b"4" * 16 # Normally, update() cannot be done after digest() h = CMAC.new(key, msg[:4], ciphermod=AES) dig1 = h.digest() self.assertRaises(TypeError, h.update, msg[4:]) dig2 = CMAC.new(key, msg, ciphermod=AES).digest() # With the proper flag, it is allowed h2 = CMAC.new(key, msg[:4], ciphermod=AES, update_after_digest=True) self.assertEquals(h2.digest(), dig1) # ... and the subsequent digest applies to the entire message # up to that point h2.update(msg[4:]) self.assertEquals(h2.digest(), dig2)
def test_internal_caching(self): """Verify that internal caching is implemented correctly""" data_to_mac = get_tag_random("data_to_mac", 128) key = get_tag_random("key", 16) ref_mac = CMAC.new(key, msg=data_to_mac, ciphermod=AES).digest() # Break up in chunks of different length # The result must always be the same for chunk_length in 1, 2, 3, 7, 10, 13, 16, 40, 80, 128: chunks = [data_to_mac[i:i+chunk_length] for i in range(0, len(data_to_mac), chunk_length)] mac = CMAC.new(key, ciphermod=AES) for chunk in chunks: mac.update(chunk) self.assertEqual(ref_mac, mac.digest())
def derive(self): """"Derive a secret from the vector of components. :Return: a byte string, as long as the block length of the cipher. """ if len(self._last_string) >= 16: final = self._last_string[:-16] + strxor(self._last_string[-16:], self._cache) else: padded = (self._last_string + bchr(128) + bchr(0) * 15)[:16] final = strxor(padded, self._double(self._cache)) mac = CMAC.new(self._key, msg=final, ciphermod=self._ciphermod) return mac.digest()
def test_create_mac(self, tv): self._id = "Wycheproof MAC creation Test #" + str(tv.id) try: tag = CMAC.new(tv.key, tv.msg, ciphermod=AES, mac_len=tv.tag_size).digest() except ValueError as e: if len(tv.key) not in (16, 24, 32) and "key length" in str(e): return raise e if tv.valid: self.assertEqual(tag, tv.tag) self.warn(tv)
def cal_mic(key, typ='normal', **kwargs): if typ == 'normal': msg = '{MHDR}{FHDR}{FPort}{FRMPayload}'.format(**kwargs) msg_bytes = bytearray.fromhex(msg) msg_length = '{:0>2x}'.format(len(msg_bytes)) B0 = DeviceOp._B0(msg_length=msg_length, **kwargs) obj_msg = B0 + msg obj_msg = bytearray.fromhex(obj_msg) else: msg = '{MHDR}{AppEUI}{DevEUI}{DevNonce}'.format(**kwargs) obj_msg = bytearray.fromhex(msg) cobj = CMAC.new(key, ciphermod=AES) cobj.update(obj_msg) return cobj.hexdigest()[:8]
def _test_key(cmac, icb, data, auth_key): '''Try to authenticate ICB, file headers and file data with a key.''' # CMAC.new() only accepts bytes, not bytearray. auth_key = bytes(auth_key) # Create a CMAC / OMAC1 object. cobj = CMAC.new(auth_key, ciphermod=AES) # Calculate CMAC / OMAC1 over ICB, file headers and file data. cobj.update(icb) cobj.update(data) # Succeeded? return cmac == cobj.digest()
def getPHY_CMAC(key, hexpkt, direction=1): """ Compute MIC with AES CMAC In(1): String 128 bits key for CMAC In(2): hexstring of the packet In(3): Direction (1: network, 0: end device) Out: Hexdigest of computed MIC """ lowoff = -4 if direction == 0: lowoff = -6 # skip the CRC payload = hexpkt[3:lowoff] cobj = CMAC.new(key, ciphermod=AES) toret = cobj.update(payload).hexdigest() return toret[:8]
def CSEC_GenerateBootMAC(Key, BootMsg, BootSize): #96bits"0" + 32bits "bootsize" + BootMsg if BootSize % 4 != 0: return "Input length error !,Must be 4 bytes aligned !\n" Msg = "" #Little endian mode to big endian mode for i in range(0, len(BootMsg), 8): Msg = Msg + BootMsg[i + 6:i + 8] + BootMsg[i + 4:i + 6] + BootMsg[i + 2:i + 4] + BootMsg[i:i + 2] tmp = "0" * 24 + "{:0>8x}".format(BootSize * 8) + Msg KeyBin = binascii.unhexlify(Key) MsgBin = binascii.unhexlify(tmp) Cipher = CMAC.new(KeyBin, MsgBin, ciphermod=AES) return Cipher.hexdigest().upper()
def test_verify_mac(self, tv): self._id = "Wycheproof MAC verification Test #" + str(tv.id) try: mac = CMAC.new(tv.key, tv.msg, ciphermod=AES, mac_len=tv.tag_size) except ValueError as e: if len(tv.key) not in (16, 24, 32) and "key length" in str(e): return raise e try: mac.verify(tv.tag) except ValueError: assert not tv.valid else: assert tv.valid self.warn(tv)
def calculate_cmac(data_list, auth_key): '''Calculate CMAC / OMAC1 tag for data.''' # CMAC.new() only accepts bytes, not bytearray. auth_key = bytes(auth_key) # Create a CMAC / OMAC1 object. cobj = CMAC.new(auth_key, ciphermod=AES) for data in data_list: # OPTIMIZE: Avoid extra conversions between bytearrays and bytes. # CMAC object does not accept bytearrays, so convert to bytes. cobj.update(bytes(data)) # Calculate digest and return it as bytearray. return bytearray(cobj.digest())
def derive(self): """"Derive a secret from the vector of components. :Return: a byte string, as long as the block length of the cipher. """ if len(self._last_string)>=16: final = self._last_string[:-16] + strxor(self._last_string[-16:], self._cache) else: padded = (self._last_string + bchr(0x80)+ bchr(0)*15)[:16] final = strxor(padded, self._double(self._cache)) mac = CMAC.new(self._key, msg=final, ciphermod=self._ciphermod, cipher_params=self._cipher_params) return mac.digest()
def __init__(self, factory, key, nonce, mac_len, cipher_params): """EAX cipher mode""" self.block_size = factory.block_size """The block size of the underlying cipher, in bytes.""" self.nonce = nonce """The nonce originally used to create the object.""" self._mac_len = mac_len self._mac_tag = None # Cache for MAC tag # Allowed transitions after initialization self._next = [self.update, self.encrypt, self.decrypt, self.digest, self.verify] # MAC tag length if not (4 <= self._mac_len <= self.block_size): raise ValueError("Parameter 'mac_len' must not be larger than %d" % self.block_size) # Nonce cannot be empty and must be a byte string if len(nonce) == 0: raise ValueError("Nonce cannot be empty in EAX mode") if not byte_string(nonce): raise TypeError("Nonce must be a byte string") self._omac = [ CMAC.new(key, bchr(0) * (self.block_size - 1) + bchr(i), ciphermod=factory, cipher_params=cipher_params) for i in range(0, 3) ] # Compute MAC of nonce self._omac[0].update(nonce) self._signer = self._omac[1] # MAC of the nonce is also the initial counter for CTR encryption counter_int = bytes_to_long(self._omac[0].digest()) self._cipher = factory.new(key, factory.MODE_CTR, initial_value=counter_int, nonce=b(""), **cipher_params)
def _encrypt_packet(self, uid, iv, plain_text): enc_key = self.data[uid]["factory_key"][16:32] auth_key = self.data[uid]["factory_key"][0:16] self.logger.info(" - Encrypt DATA packet") # Increment counter self.counter += 1 self.logger.debug(" - IV: %s", "".join("{:02X}".format(x) + " " for x in iv)) self.logger.debug(" - Counter : %s", str(self.counter)) # Authenticate Header + Payload to_auth = ProvisioningMessageDATA(self.sm_id[1], self.sm_id[2], self.counter, plain_text).payload # Create a CMAC / OMAC1 object. cobj = CMAC.new(auth_key, ciphermod=AES) cobj.update(to_auth) # MIC is 5 first bytes mic = cobj.digest()[0:5] # Encrypt payload + mic # Generate Initial Counter Block (ICB). icb = iv ctr_bytes = self.counter + int.from_bytes( icb[-2:], byteorder="little", signed=False) ctr_bytes = ctr_bytes % 65536 icb = b"".join([icb[:-2], ctr_bytes.to_bytes(2, byteorder="little")]) self.logger.debug(" - ICB: %s", "".join("{:02X}".format(x) + " " for x in icb)) # Create an AES Counter (CTR) mode cipher using ICB. ctr = Counter.new( 128, little_endian=True, allow_wraparound=True, initial_value=int.from_bytes(icb, byteorder="little", signed=False), ) cipher = AES.new(enc_key, AES.MODE_CTR, counter=ctr) plain_text += mic plain_text = bytes(cipher.encrypt(plain_text)) return plain_text
def __init__(self, factory, key, nonce, mac_len, cipher_params): """EAX cipher mode""" self.block_size = factory.block_size """The block size of the underlying cipher, in bytes.""" self.nonce = nonce """The nonce originally used to create the object.""" self._mac_len = mac_len self._mac_tag = None # Cache for MAC tag # Allowed transitions after initialization self._next = [ self.update, self.encrypt, self.decrypt, self.digest, self.verify ] # MAC tag length if not (4 <= self._mac_len <= self.block_size): raise ValueError("Parameter 'mac_len' must not be larger than %d" % self.block_size) # Nonce cannot be empty and must be a byte string if len(nonce) == 0: raise ValueError("Nonce cannot be empty in EAX mode") if not byte_string(nonce): raise TypeError("Nonce must be a byte string") self._omac = [ CMAC.new(key, bchr(0) * (self.block_size - 1) + bchr(i), ciphermod=factory, cipher_params=cipher_params) for i in xrange(0, 3) ] # Compute MAC of nonce self._omac[0].update(nonce) self._signer = self._omac[1] # MAC of the nonce is also the initial counter for CTR encryption counter_int = bytes_to_long(self._omac[0].digest()) self._cipher = factory.new(key, factory.MODE_CTR, initial_value=counter_int, nonce=b(""), **cipher_params)
def sign_encrypt_code(code, sig_key, enc_key, iv, desired_mac): # Pad with 0x20 of zeroes. code += '\x00' * 0x20 code_len = len(code) code_len += 0xFFF code_len &= ~0xFFF code += '\x00' * (code_len - len(code)) # Add empty trustzone, warmboot segments. code += '\x00' * (0x1FE0 - 0x10) pk11_hdr = 'PK11' + pk('<IIIIIII', 0x1000, 0, 0, code_len - 0x20, 0, 0x1000, 0) pk11 = pk11_hdr + code enc_pk11 = AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pk11) enc_pk11 = pk('<IIII', len(pk11) + 0x10, 0, 0, 0) + iv + enc_pk11 enc_pk11 += get_last_block_for_desired_mac(sig_key, enc_pk11, desired_mac) enc_pk11 += CMAC.new(sig_key, enc_pk11, AES).digest() return enc_pk11
def _start_eax(self, factory, key, *args, **kwargs): self.nonce = _getParameter('nonce', 1, args, kwargs) if not self.nonce: raise TypeError('MODE_EAX requires a nonce') self._next = [self.update, self.encrypt, self.decrypt, self.digest, self.verify] self._mac_len = kwargs.get('mac_len', self.block_size) if not (self._mac_len and 4 <= self._mac_len <= self.block_size): raise ValueError("Parameter 'mac_len' must not be larger than %d" % self.block_size) self._omac = [ CMAC.new(key, bchr(0) * (self.block_size - 1) + bchr(i), ciphermod=factory) for i in xrange(0, 3) ] self._omac[0].update(self.nonce) self._cipherMAC = self._omac[1] counter_int = bytes_to_long(self._omac[0].digest()) counter_obj = Crypto.Util.Counter.new(self.block_size * 8, initial_value=counter_int, allow_wraparound=True) self._cipher = factory.new(key, MODE_CTR, counter=counter_obj)
def derive(self): """"Derive a secret from the vector of components. :Return: a byte string, as long as the block length of the cipher. """ if len(self._last_string) >= 16: # xorend final = self._last_string[:-16] + strxor(self._last_string[-16:], self._cache) else: # zero-pad & xor padded = (self._last_string + b'\x80' + b'\x00' * 15)[:16] final = strxor(padded, self._double(self._cache)) mac = CMAC.new(self._key, msg=final, ciphermod=self._ciphermod, cipher_params=self._cipher_params) return mac.digest()
def sign_encrypt_code(code, sig_key, enc_key, iv, desired_mac, version): # Pad with 0x20 of zeroes. code = code + bytearray(0x20) code_len = len(code) code_len += 0xFFF code_len &= ~0xFFF code = code + bytearray(code_len - len(code)) # Insert version code = code[:8] + pk('<I', version) + code[12:] # Add empty trustzone, warmboot segments. code = code + bytearray(0x1FE0 - 0x10) pk11_hdr = b'PK11' + pk('<IIIIIII', 0x1000, 0, 0, code_len - 0x20, 0, 0x1000, 0) pk11 = pk11_hdr + code enc_pk11 = AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pk11) enc_pk11 = pk('<IIII', len(pk11) + 0x10, 0, 0, 0) + iv + enc_pk11 enc_pk11 = enc_pk11 + get_last_block_for_desired_mac(sig_key, enc_pk11, desired_mac) enc_pk11 = enc_pk11 + CMAC.new(sig_key, enc_pk11, AES).digest() return enc_pk11
def getContentKey(self, license_request_data: bytes, license_response_data: bytes): licenseMessage = license_protocol_pb2.License() requestMessage = license_protocol_pb2.SignedMessage() responseMessage = license_protocol_pb2.SignedMessage() requestMessage.ParseFromString(license_request_data) responseMessage.ParseFromString(license_response_data) oaep_key = RSA.importKey(self.private_key) cipher = PKCS1_OAEP.new(oaep_key) cmac_key = cipher.decrypt(responseMessage.session_key) _cipher = CMAC.new(cmac_key, ciphermod=AES) _auth_key = b'\x01ENCRYPTION\x00' + requestMessage.msg + b"\x00\x00\x00\x80" enc_cmac_key = _cipher.update(_auth_key).digest() licenseMessage.ParseFromString(responseMessage.msg) for key in licenseMessage.key: cryptos = AES.new(enc_cmac_key, AES.MODE_CBC, iv=key.iv[0:16]) dkey = cryptos.decrypt(key.key[0:16]) print("KID:", binascii.b2a_hex(key.id), "KEY:", binascii.b2a_hex(dkey))
def encrypt_btl(data: bytes, *args, **kwargs) -> bytes: assert (isinstance(data, bytes)) assert (len(data) == 0x1bfd0) stream: io.BytesIO = io.BytesIO(data) decrypted: bytes = stream.read(0x1bfd0) seed: bytes = get_random_bytes(0x10) context: tuple = struct.unpack_from('<IIII', seed) random: Random = Random(*context) key: bytes = crypto.create_key(random, keytables.btl, 0x10) aes: _mode_cbc.CbcMode = AES.new(key, AES.MODE_CBC, get_random_bytes(0x10)) encrypted: bytes = aes.encrypt(decrypted) key: bytes = crypto.create_key(random, keytables.btl, 0x10) mac: CMAC.CMAC = CMAC.new(key, ciphermod=AES) mac.update(decrypted) return encrypted + aes.iv + seed + mac.digest()
def update(self, item): """Pass the next component of the vector. The maximum number of components you can pass is equal to the block length of the cipher (in bits) minus 1. :Parameters: item : byte string The next component of the vector. :Raise TypeError: when the limit on the number of components has been reached. :Raise ValueError: when the component is empty """ if not item: raise ValueError('A component cannot be empty') if self._n_updates == 0: raise TypeError('Too many components passed to S2V') self._n_updates -= 1 mac = CMAC.new(self._key, msg=self._last_string, ciphermod=self._ciphermod) self._cache = strxor(self._double(self._cache), mac.digest()) self._last_string = item
def update(self, item): """Pass the next component of the vector. The maximum number of components you can pass is equal to the block length of the cipher (in bits) minus 1. :Parameters: item : byte string The next component of the vector. :Raise TypeError: when the limit on the number of components has been reached. """ if self._n_updates == 0: raise TypeError("Too many components passed to S2V") self._n_updates -= 1 mac = CMAC.new(self._key, msg=self._last_string, ciphermod=self._ciphermod, cipher_params=self._cipher_params) self._cache = strxor(self._double(self._cache), mac.digest()) self._last_string = _copy_bytes(None, None, item)
def EtM(ptxt, key1, key2, nonce): counter = 0 temp2 = 0 NonceCount = nonce ^ counter ctxt = 0 E = SimonCipher(key1, key_size=256, block_size=128) mac = CMAC.new(key=key2.encode(), ciphermod=AES) #Mac block block = breakup(ptxt, 16) for i in range(len(block)): NonceCount = nonce ^ counter counter = counter + 1 temp = E.encrypt(NonceCount) for a in block[ i]: #shift temp2 by 1 byte each time and or it with a new byte temp2 = (temp2 << 8) | ord(a) ctxt = (ctxt << 128) | (temp ^ temp2) # accumulate onto the ctxt temp2 = 0 T = mac.update(str(ctxt).encode()).hexdigest() print("CTXT: ") print(hex(ctxt)) print("T: ") print(T)
def cal_mic(key, typ='normal', **kwargs): if typ == 'normal': # pdb.set_trace() msg = '{MHDR}{FHDR}{FPort}{FRMPayload}'.format(**kwargs) print(msg) print(len(msg)) msg_bytes = bytearray.fromhex(msg) msg_length = '{:0>2x}'.format(len(msg_bytes) % 0xFF) B0 = DeviceOp._B0(msg_length=msg_length, **kwargs) obj_msg = B0 + msg print(obj_msg) print(len(obj_msg)) obj_msg = bytearray.fromhex(obj_msg) elif typ == 'join': msg = '{MHDR}{AppEUI}{DevEUI}{DevNonce}'.format(**kwargs) obj_msg = bytearray.fromhex(msg) else: msg = '{MHDR}{AppNonce}{NetID}{DevAddr}\ {DLSettings}{RxDelay}{CFList}'.format(**kwargs) obj_msg = bytearray.fromhex(msg) cobj = CMAC.new(key, ciphermod=AES) cobj.update(obj_msg) return cobj.hexdigest()[:8]
def decrypt_bcd(data: bytes, *args, **kwargs) -> bytes: assert (isinstance(data, bytes)) assert (len(data) == 0x5c000) stream: io.BytesIO = io.BytesIO(data) header: io.BytesIO = io.BytesIO(stream.read(0x10)) encrypted: bytes = stream.read(0x5bfc0) footer: io.BytesIO = io.BytesIO(stream.read(0x30)) header.seek(header.tell() + 0x4) filetype: int = struct.unpack('<H', header.read(0x2))[0] header.seek(header.tell() + 0x2) crc32: int = struct.unpack('<I', header.read(0x4))[0] magic: str = header.read(0x4).decode('utf-8') assert (filetype == 0x10 and magic == 'SCDL') iv: bytes = footer.read(0x10) seed: bytes = footer.read(0x10) cmac: bytes = footer.read(0x10) context: tuple = struct.unpack_from('<IIII', footer.getvalue(), 0x10) random: Random = Random(*context) key: bytes = crypto.create_key(random, keytables.bcd, 0x10) aes: _mode_cbc.CbcMode = AES.new(key, AES.MODE_CBC, iv) decrypted: bytes = aes.decrypt(encrypted) assert (zlib.crc32(decrypted) == crc32) key: bytes = crypto.create_key(random, keytables.bcd, 0x10) mac: CMAC.CMAC = CMAC.new(key, ciphermod=AES) mac.update(decrypted) mac.verify(cmac) return decrypted
def _common(self, raw: bytes): return CMAC.new(self._secret, msg=raw, ciphermod=self._mod)
def main(argc, argv): with open(sys.argv[1], 'rb') as f: data = f.read() data1 = data[0x2A0:0x2B0] data2 = data[0x2B0:0x2C0] data3 = data[0x2C0:0x2D0] data4 = data[0x2D0:0x2E0] data5 = data[0x2E0:0x300] data6 = data[0x300:0x320] data7 = data[0x320:0x340] data8 = data[0x340:0x360] eid1 = data[0x10:0x290] hash = data[0x290:0x2A0] cmac1= CMAC.new(uhx(EID1KEYS[0]), ciphermod=AES) cmac1.update(eid1) print(hx(hash)) print(cmac1.hexdigest()) sexy = aes_decrypt_cbc(uhx(EID1KEYS[0]), uhx(ZEROS128[0]), eid1) keyseed = sexy[:0x10] pck1 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), keyseed) pck2 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck1) pck3 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck2) pck4 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck3) pck5 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck4) pck6 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck5) pck7 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck6) pck8 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck7) pck9 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck8) pck10 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck9) pck11 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck10) pck12 = aes_encrypt_cbc(uhx(INITKEYS[0]), uhx(ZEROS128[0]), pck11) data1_stage1 = aes_decrypt_ecb(pck1,data1) data2_stage1 = aes_decrypt_ecb(pck2,data2) data3_stage1 = aes_decrypt_ecb(pck3,data3) data4_stage1 = aes_decrypt_ecb(pck4,data4) hash1 = data5[0x10:] body1 = data5[:0x10] cmac1= CMAC.new(pck1, ciphermod=AES) cmac1.update(body1) print(hx(hash1)) print(cmac1.hexdigest()) hash2 = data6[0x10:] body2 = data6[:0x10] cmac1= CMAC.new(pck1, ciphermod=AES) cmac1.update(body2) print(hx(hash2)) print(cmac1.hexdigest()) hash3 = data7[0x10:] body3 = data7[:0x10] cmac1= CMAC.new(pck1, ciphermod=AES) cmac1.update(body3) print(hx(hash3)) print(cmac1.hexdigest()) hash4 = data8[0x10:] body4 = data8[:0x10] cmac1= CMAC.new(pck1, ciphermod=AES) cmac1.update(body4) print(hx(hash4)) print(cmac1.hexdigest()) data5_stage1 = aes_decrypt_ecb(pck1,body1) data6_stage1 = aes_decrypt_ecb(pck1,body2) data7_stage1 = aes_decrypt_ecb(pck1,body3) data8_stage1 = aes_decrypt_ecb(pck1,body4) with open(sys.argv[1] + '.eid1.dec.bin', 'wb') as g: g.write(sexy) with open(sys.argv[1] + '.init.dec.bin', 'wb') as g: g.write(data1_stage1+data2_stage1+data3_stage1+data4_stage1+data5_stage1+data6_stage1+data7_stage1+data8_stage1)
cipher = DES.new(key, DES.MODE_ECB) mess = [] for i in range(len(list_mess)): tmp = cipher.encrypt(convert_number(i)) tmp = xor(tmp, list_mess[i]) mess.append(tmp) result = "" for i in range(len(mess)): result += mess[i].decode('utf-8') return result key = "the key!" mode = 0 secret = b'eightkey' cobj = CMAC.new(secret, ciphermod=DES) mac = "" other_mac = "" # Do 10 requests, waiting each time for a response for request in range(3): print("Sending request : ", request) socket.send(b"send next~") if (request == 0): mode = socket.recv() print(mode) mode = mode.decode('utf-8') elif (request == 1): mac = socket.recv() else: encrypted_message = socket.recv() cobj.update(encrypted_message)
def verify(s, buf): content, mac = buf[:-0x10], buf[-0x10:] CMAC.new(s.cmac_key, ciphermod=AES, msg=content).verify(mac) return content
def calcmic_app(self, mhdr, fhdr, fport, frmpld, direction, fcnt=0): """ Calculate the MIC field for uplink and downlink application data Args: mhdr, fhdr, fport, frmpld: Necessary fields to compute direction: int object, 0 for uplink and 1 for downlink fcnt: Necessary only for downlink data Returns: A 4-byte length bytes object of MIC field Downlink MIC B0: ------------------------------------------------------------------------------ | 0x49 | ConfFCnt | 0x0000 | dir | DevAddr | AF(NF)CntDown | 0x00 | len(msg) | ------------------------------------------------------------------------------ Downlink key: SNwkSIntKey Uplink MIC B0: ---------------------------------------------------------------- | 0x49 | 0x00000000 | dir | DevAddr | FCntUp | 0x00 | len(msg) | ---------------------------------------------------------------- B0 key: FNwkSIntKey B1: ---------------------------------------------------------------------------- | 0x49 | ConfFCnt | TxDr | TxCh | dir | DevAddr | FCntUp | 0x00 | len(msg) | ---------------------------------------------------------------------------- B1 key: SNwkSIntKey """ msg = b''.join([ mhdr, fhdr, fport.to_bytes(1, 'big'), frmpld, ]) msglen = len(msg) B_f = '<cHBBB4sIBB' if direction == 0: fcnt = self.fcntup key = self.fnwksintkey else: key = self.snwksintkey conffcnt = fcnt if (self.ack and direction == 1) else 0 B0_elements = [ b'\x49', conffcnt, 0, 0, direction, self.devaddr[::-1], fcnt, 0, msglen ] B0 = struct.pack( B_f, *B0_elements, ) fmsg = B0 + msg fcmacobj = CMAC.new(key, ciphermod=AES) fcmac = fcmacobj.update(fmsg) if direction == 0: B1_elements = B0_elements[:] conffcnt = fcnt if self.ack else 0 B1_elements[1:4] = [conffcnt, self.txdr, self.txch] B1 = struct.pack( B_f, *B1_elements, ) smsg = B1 + msg #print('msg: \nB0: {} \nB1: {}'.format(fmsg.hex(), smsg.hex())) scmacobj = CMAC.new(self.snwksintkey, ciphermod=AES) scmac = scmacobj.update(smsg) return scmac.digest()[:MIC_LEN // 2] + fcmac.digest()[:MIC_LEN // 2] else: return fcmac.digest()[:MIC_LEN]
def calcmic_join(self, key, macpld, optneg=0): """ Calculate the MIC field for join-related data (join request, accept and rejoin) Args: key: Key used to CMAC macpld: MACPayload of join related messages optneg: Flag of LoRaWAN version (and the type of accept message) Returns: A 4-byte length bytes object of MIC field Join request MIC fields: -------------------------------------- | MHDR | JoinEUI | DevEUI | DevNonce | -------------------------------------- |1 byte| 8 bytes |8 bytes | 2 bytes | -------------------------------------- Key: NwkKey Rejoin 0 & 2 MIC fields: -------------------------------------------------- | MHDR | Rejoin Type | NetID | DevEUI | RJcount0 | -------------------------------------------------- |1 byte| 1 byte |3 bytes|8 bytes | 2 bytes | -------------------------------------------------- Key: SNwkSIntKey Rejoin 1 MIC fields: ---------------------------------------------------- | MHDR | Rejoin Type | JoinEUI | DevEUI | RJcount1 | ---------------------------------------------------- |1 byte| 1 byte | 8 bytes |8 bytes | 2 bytes | ---------------------------------------------------- Key: JSIntKey Join accept MIC fields (OptNeg = 0, LoRaWAN 1.0): ---------------------------------------------------------------------- | MHDR | JoinNonce | NetID | DevAddr | DLSettings | RxDelay | CFList | ---------------------------------------------------------------------- |1 byte| 3 bytes |3 bytes| 4 bytes | 1 byte | 1 byte | 0 ~ 15 | ---------------------------------------------------------------------- Key: NwkKey The MACPayload can be directly used of upper messages. Join accept MIC fields (OptNeg = 1, LoRaWAN 1.1): ------------------------------------------------------------- | JoinReqType | JoinEUI | DevNonce | MHDR | JoinNonce | NetID ... ------------------------------------------------------------- | 1 byte | 8 bytes | 2 bytes |1 byte| 2 bytes | Same above ------------------------------------------------------------- Key: JSIntKey """ #joinreq_fields = ['mhdr', 'joineui', 'deveui', 'devnonce'] #rejoin0_fields = rejoin2_fields = ['mhdr', 'joinreqtyp', 'homenetid', 'deveui', 'rjcount0'] #rejoin1_fields = ['mhdr', 'joinreqtyp', 'joineui', 'deveui', 'rjcount1'] #joinacpt0_fields = ['mhdr', 'joinnonce', 'homenetid', 'devaddr', 'dlsettings', 'rxdelay', 'cflist'] #joinacpt1_fields = ['joinreqtyp', 'joineui', 'devnonce', *joinacpt0_fields] #joinacpt_basic_f = 's3s3s4sss{}s' #mic_f = { # 'joinreq': self.joinmic_fields('<s8s8s2s', joinreq_fields), # 'rejoin0': self.joinmic_fields('>ss3s8sH', rejoin0_fields), # 'rejoin1': self.joinmic_fields('>ss8s8sH', rejoin1_fields), # 'rejoin2': self.joinmic_fields('>ss3s8sH', rejoin2_fields), # 'joinacpt0': self.joinmic_fields('>' + joinacpt_basic_f, joinacpt0_fields), # 'joinacpt1': self.joinmic_fields('<s8s2s' + joinacpt_basic_f, joinacpt1_fields), #} #joinmic_field = mic_f[typ] #def form_fields(name): # try: # return getattr(self, name) # except AttributeError: # return mhdr #f = joinmic_field.struct_f #if typ.startswith('joinacpt'): # f = f.format(len(self.cflist)) #print(list(map(form_fields, joinmic_field.field_name))) #msg = struct.pack( # f, # *map(form_fields, joinmic_field.field_name) #) if optneg: acptopt_f = '<s8s2s' macpld = struct.pack( acptopt_f, self.joinreqtyp, self.joineui[::-1], self.devnonce[::-1], ) + macpld cobj = CMAC.new(key, ciphermod=AES) cobj.update(macpld) return cobj.digest()[:MIC_LEN]
def __init__(self, key): self.cmac = CMAC.new(key, ciphermod=AES)
def run(self): curve = registry.get_curve('secp256r1') data = self._socket.recv(4) if int.from_bytes(bytes(data), byteorder='little', signed=False) != 0: print("ERROR") #TODO data = self._socket.recv(ctypes.sizeof(sgx_ra_msg1_t)) msg1 = sgx_ra_msg1_t.from_buffer_copy(data) remote_public_x_buffer = bytes(msg1.g_a)[:PUBLIC_KEY_X_SIZE] remote_public_y_buffer = bytes(msg1.g_a)[PUBLIC_KEY_X_SIZE:] private_key_point = randbelow(curve.field.n) public_key_point = private_key_point * curve.g remote_public_key_x = int.from_bytes(remote_public_x_buffer, byteorder='little', signed=False) remote_public_key_y = int.from_bytes(remote_public_y_buffer, byteorder='little', signed=False) def compute_shared_secret(private_key_point, remote_public_key_x, remote_public_key_y): """ Calc Diffiehellman key and compute secret """ remote_public_key_point = ec2.Point(curve, remote_public_key_x, remote_public_key_y) shared_point = private_key_point * remote_public_key_point shared_secret = shared_point.x.to_bytes(PUBLIC_KEY_X_SIZE, byteorder="little") return shared_secret shared_secret = compute_shared_secret(private_key_point, remote_public_key_x, remote_public_key_y) kdk = CMAC.new(bytes([0] * 16), ciphermod=AES) kdk.update(shared_secret) smk = CMAC.new(kdk.digest(), ciphermod=AES) smk.update(b'\x01SMK\x00\x80\x00') public_key_x_buffer = public_key_point.x.to_bytes(PUBLIC_KEY_X_SIZE, byteorder="little") public_key_y_buffer = public_key_point.y.to_bytes(PUBLIC_KEY_Y_SIZE, byteorder="little") private_key = ec.derive_private_key(private_value=1111, curve=ec.SECP256R1(), backend=default_backend()) signature_algorithm = ec.ECDSA(hashes.SHA256()) data = public_key_x_buffer + public_key_y_buffer + bytes(msg1.g_a) signature = private_key.sign(data, signature_algorithm) r, s = decode_dss_signature(signature) r = r.to_bytes(32, byteorder="little") s = s.to_bytes(32, byteorder="little") msg = public_key_x_buffer + public_key_y_buffer + spid + (1).to_bytes( 2, byteorder='little') + (1).to_bytes(2, byteorder='little') + r + s mac = CMAC.new(smk.digest(), ciphermod=AES) mac.update(msg) msg = msg + mac.digest() + (0).to_bytes(4, byteorder='little') self._socket.send(msg) data = self._socket.recv(4096) quote_size = int(len(data) - 336) #size of msg3 msg3 = sgx_ra_msg3_t_factory(quote_size).from_buffer_copy(data) if bytes(msg1.g_a) != bytes(msg3.g_a): pass #TODO error """mac = CMAC.new(smk.digest(), ciphermod=AES) mac.update(bytes(msg3.g_a)) print(mac.digest()) #TODO print(bytes(msg3.mac)) #TODO""" quote = sgx_quote_t_factory(len(bytes(msg3.quote))).from_buffer_copy( bytes(msg3.quote)) b64quote = b64encode(bytes(msg3.quote)).decode('utf8') mk = CMAC.new(kdk.digest(), ciphermod=AES) mk.update(b'\x01MK\x00\x80\x00') sk = CMAC.new(kdk.digest(), ciphermod=AES) sk.update(b'\x01SK\x00\x80\x00') #shared secret for com shared_secret = sk.digest() def request_ias(quote): """ Request the Intel Attestation Service to verify to quote """ data = {'isvEnclaveQuote': quote} print(data) cert = (self._cert, self._key) headers = {'Content-Type': 'application/json'} r = requests.post(IAS_QUOTE_URL, cert=cert, json=data, headers=headers) if r.status_code != 200: self._socket.close() return False, None return (True, json.loads(r.text)) if not self._sim: status, attestation_result = request_ias(b64quote) if not status: self._socket.close() return if attestation_result['isvEnclaveQuoteStatus'] != 'OK': print("Warning. isvEnclaveQuoteStatus is not ok.") if attestation_result[ 'isvEnclaveQuoteStatus'] != 'GROUP_OUT_OF_DATE': #only for lazy deploy self._socket.close() return def is_valid_mrenclave(report_body): """ Verify mrenclave to ensure that the right runtime is loaded in enclave """ raw = b64decode(report_body)[ 112:112 + 32] #mrenclave starts at 112 (size 32) m = sha256() m.update(raw) mrenclave_hash = m.hexdigest() result = db_client["faasm"]["config"].find_one( {'mrenclave': mrenclave_hash}) if not result: return True #TODO WARNING only for test return True if not self._sim: if not is_valid_mrenclave( attestation_result['isvEnclaveQuoteBody']): self._socket.close() return payload = sgx_wamr_msg_pkey_mkey_t_factory(0, 0, MASTER_SECRET) cipher, nonce, mac = encrypt_aes_gcm_128(payload, shared_secret) res = sgx_wamr_msg_t_factory(0, mac, nonce, len(cipher), cipher) self._socket.send(res) print("Attestation was successful.") while True: data = self._socket.recv(ctypes.sizeof(sgx_wamr_msg_t)) if len(data) == 0: break msg = sgx_wamr_msg_t.from_buffer_copy(data) nonce = b64encode(bytes(msg.nonce)) if db_client["faasm"]["nonces"].find_one({"value": nonce}): res_payload = build_error_buffer('Replay protection.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) else: encrypted_payload_data = self._socket.recv(msg.payload_len) payload_data = decrypt_aes_gcm_128(encrypted_payload_data, bytes(msg.nonce), bytes(msg.mac), shared_secret) db_client["faasm"]["nonces"].insert_one({"value": nonce}) if payload_data[0] < 2: #call payload = sgx_wamr_msg_hash_sid_t.from_buffer_copy( payload_data) session_id = bytes(payload.session_id).decode() function_hash_digest = hexlify( bytes(payload.opcode_enc_hash)).decode('ascii') nonce = b64encode(bytes(payload.nonce)) if db_client["faasm"]["nonces"].find_one({"value": nonce}): res_payload = build_error_buffer( bytes(msg.nonce), 'Replay protection.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) else: db_client["faasm"]["nonces"].insert_one( {"value": nonce}) result = db_client["faasm"]["session"].find_one({ "sid": session_id, "hash": function_hash_digest }) if result: payload_key = result['key'].encode() res_payload = sgx_wamr_payload_key_factory( bytes(msg.nonce), 0, 0, payload_key) cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory( msg.msg_id, mac, nonce, len(cipher), cipher) else: res_payload = build_error_buffer( bytes(msg.nonce), 'Function and sid doesnt match.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory( msg.msg_id, mac, nonce, len(cipher), cipher) elif payload_data[0] < 3: #load payload = sgx_wamr_msg_hash_fct_t_factory( msg.payload_len).from_buffer_copy(payload_data) function_name = bytes(payload.fct_name).decode() function_hash_digest = hexlify( bytes(payload.opcode_enc_hash)).decode('ascii') result = db_client["faasm"]["function"].find_one({ "name": function_name, "hash": function_hash_digest }) if result: op_key = result['key'].encode() policy = result['ccp'].encode() res_payload = sgx_wamr_okey_policy_t_factory( bytes(msg.nonce), 0, 0, op_key, policy) cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) else: res_payload = build_error_buffer( bytes(msg.nonce), 'Hash and function doesnt match.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) elif payload_data[0] < 6: #state write payload = sgx_wamr_msg_state_write_t_factory( msg.payload_len).from_buffer_copy(payload_data) buffer_nonce_digest = hexlify(bytes( payload.buffer_nonce)).decode('ascii') namespace, key = bytes( payload.data[:payload.name_length]).decode().split(':') total_execution_stack = bytes( payload.data[payload.name_length:]).decode() state_secret = get_random_bytes(AES_KEY_SIZE) filter = {'namespace': namespace, 'key': key} update = { '$set': { 'secret': hexlify(state_secret).decode('ascii'), 'buffer_nonce': buffer_nonce_digest, 'stack': total_execution_stack } } state_pendings[namespace + ':' + key] = { 'filter': filter, 'update': update } res_payload = sgx_wamr_payload_key_factory( bytes(msg.nonce), 0, 2, state_secret) cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) elif payload_data[0] < 8: #state read payload = sgx_wamr_msg_state_read_t_factory( msg.payload_len).from_buffer_copy(payload_data) namespace, key = bytes(payload.key).decode().split(':') result = db_client["faasm"]["state"].find_one({ "namespace": namespace, "key": key }) if result: buffer_nonce = unhexlify(result['buffer_nonce']) state_secret = unhexlify(result["secret"]) stack = result['stack'].encode() res_payload = sgx_wamr_state_read_res_factory( bytes(msg.nonce), 0, 2, state_secret, buffer_nonce, stack) cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) else: res_payload = build_error_buffer( bytes(msg.nonce), 'State is not registered.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) elif payload_data[0] < 10: #request check payload = sgx_wamr_msg_nonce_offer_t.from_buffer_copy( payload_data) nonce = b64encode(bytes(payload.nonce)) if db_client["faasm"]["nonces"].find_one({"value": nonce}): res_payload = build_error_buffer( bytes(msg.nonce), 'Replay protection.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) else: db_client["faasm"]["nonces"].insert_one( {"value": nonce}) res_payload = sgx_wamr_ack_t_factory( bytes(msg.nonce), 0, 0) cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) elif payload_data[0] < 12: #state write reply payload = sgx_wamr_msg_state_read_t_factory( msg.payload_len).from_buffer_copy(payload_data) namespace, key = bytes(payload.key).decode().split(':') if namespace + ':' + key not in state_pendings: res_payload = build_error_buffer( bytes(msg.nonce), 'State is not registered.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) else: tmp = state_pendings[namespace + ':' + key] result = db_client["faasm"]["state"].update_one( tmp['filter'], tmp['update'], upsert=True) if result: del state_pendings[namespace + ':' + key] res_payload = sgx_wamr_ack_t_factory( bytes(msg.nonce), 0, 0) cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory( msg.msg_id, mac, nonce, len(cipher), cipher) else: res_payload = build_error_buffer( bytes(msg.nonce), 'DB Error.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory( msg.msg_id, mac, nonce, len(cipher), cipher) else: print("Error, received unknown message!") res_payload = build_error_buffer( bytes(msg.nonce), 'Error, received unknown message!.\0') cipher, nonce, mac = encrypt_aes_gcm_128( res_payload, shared_secret) res = sgx_wamr_msg_t_factory(msg.msg_id, mac, nonce, len(cipher), cipher) self._socket.send(res) self._socket.close()
def aes_cmac(self, key: bytes, text: bytes): cobj = CMAC.new(key=key, ciphermod=AES) cobj.update(text) return cobj.digest()
def main(argc, argv): with open(sys.argv[1], 'rb') as f: data = f.read() snvs = data[0x560:0x2560] #0x2560 eid1 = data[0x10:0x290] hash = data[0x290:0x2A0] cmac1 = CMAC.new(uhx(EID1KEYS[0]), ciphermod=AES) cmac1.update(eid1) print(hx(hash)) print(cmac1.hexdigest()) sexy = aes_decrypt_cbc(uhx(EID1KEYS[0]), uhx(ZEROS128[0]), eid1) keyseed = sexy[0x150:0x160] keygen = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keyseed) keygen2 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen) keygen3 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen2) keygen4 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen3) keygen5 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen4) keygen6 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen5) keygen7 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen6) keygen8 = aes_encrypt_cbc(uhx(EID1KEYS[2]), uhx(ZEROS128[0]), keygen7) f.close() snvs_dec = snvs xor1 = [chr(ord(a) ^ ord(b)) for (a, b) in zip(snvs_dec, uhx(XOR))] with open(sys.argv[1] + '.snvs.dec.bin', 'wb') as m: m.write("".join(xor1)) with open(sys.argv[1] + '.snvs.enc.bin', 'wb') as g: for x in range(0, 0x400, 0x10): enc = aes_encrypt_cbc(keygen, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0x400, 0x800, 0x10): enc = aes_encrypt_cbc(keygen2, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0x800, 0xC00, 0x10): enc = aes_encrypt_cbc(keygen3, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0xC00, 0x1000, 0x10): enc = aes_encrypt_cbc(keygen4, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0x1000, 0x1400, 0x10): enc = aes_encrypt_cbc(keygen5, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0x1400, 0x1800, 0x10): enc = aes_encrypt_cbc(keygen6, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0x1800, 0x1C00, 0x10): enc = aes_encrypt_cbc(keygen7, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) for x in range(0x1C00, 0x2000, 0x10): enc = aes_encrypt_cbc(keygen8, uhx(ZEROS128[0]), "".join(xor1)[x:0x10 + x]) g.write(enc) with open(sys.argv[1] + '.eid1.dec.bin', 'wb') as g: g.write(sexy)
class EaxMode(object): """*EAX* mode. This is an Authenticated Encryption with Associated Data (`AEAD`_) mode. It provides both confidentiality and authenticity. The header of the message may be left in the clear, if needed, and it will still be subject to authentication. The decryption step tells the receiver if the message comes from a source that really knowns the secret key. Additionally, decryption detects if any part of the message - including the header - has been modified or corrupted. This mode requires a *nonce*. This mode is only available for ciphers that operate on 64 or 128 bits blocks. There are no official standards defining EAX. The implementation is based on `a proposal`__ that was presented to NIST. .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html .. __: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf """ def __init__(self, factory, **kwargs): """Create a new block cipher, configured in EAX mode. :Parameters: factory : module A symmetric cipher module from `Crypto.Cipher` (like `Crypto.Cipher.AES`). :Keywords: key : byte string The secret key to use in the symmetric cipher. nonce : byte string A mandatory value that must never be reused for any other encryption. There are no restrictions on its length, but it is recommended to use at least 16 bytes. The nonce shall never repeat for two different messages encrypted with the same key, but it does not need to be random. mac_len : integer Length of the MAC, in bytes. It must be no larger than the cipher block bytes (which is the default). """ self.block_size = factory.block_size try: key = kwargs.pop("key") nonce = kwargs.pop("nonce") except KeyError, e: raise TypeError("Missing parameter: " + str(e)) self._mac_len = kwargs.pop("mac_len", self.block_size) self._mac_tag = None # Cache for MAC tag # Allowed transitions after initialization self._next = [ self.update, self.encrypt, self.decrypt, self.digest, self.verify ] # MAC tag length if not (4 <= self._mac_len <= self.block_size): raise ValueError("Parameter 'mac_len' must not be larger than %d" % self.block_size) self._omac = [ CMAC.new(key, bchr(0) * (self.block_size - 1) + bchr(i), ciphermod=factory, cipher_params=kwargs) for i in xrange(0, 3) ] # Compute MAC of nonce self._omac[0].update(nonce) self._signer = self._omac[1] # MAC of the nonce is also the initial counter for CTR encryption counter_int = bytes_to_long(self._omac[0].digest()) counter_obj = Counter.new(self.block_size * 8, initial_value=counter_int) self._cipher = factory.new(key, factory.MODE_CTR, counter=counter_obj, **kwargs)