def test_gcm_tag_decrypt_finalize_tag_length(self, backend): decryptor = base.Cipher( algorithms.AES(b"0" * 16), modes.GCM(b"0" * 12), backend=backend ).decryptor() with pytest.raises(ValueError): decryptor.finalize_with_tag(b"tagtooshort")
def test_buffer_protocol(self, backend): data = bytearray(b"helloworld") enc = base.Cipher( algorithms.AES(bytearray(b"\x00" * 16)), modes.GCM(bytearray(b"\x00" * 12)), backend, ).encryptor() enc.authenticate_additional_data(bytearray(b"foo")) ct = enc.update(data) + enc.finalize() dec = base.Cipher( algorithms.AES(bytearray(b"\x00" * 16)), modes.GCM(bytearray(b"\x00" * 12), enc.tag), backend, ).decryptor() dec.authenticate_additional_data(bytearray(b"foo")) pt = dec.update(ct) + dec.finalize() assert pt == data
def test_gcm_tag_decrypt_mode(self, backend): key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d") aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193") encryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv), backend=backend).encryptor() encryptor.authenticate_additional_data(aad) encryptor.finalize() tag = encryptor.tag decryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv, tag), backend=backend).decryptor() decryptor.authenticate_additional_data(aad) decryptor.finalize()
def test_gcm_aad_increments(self, backend): encryptor = base.Cipher(algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend).encryptor() encryptor.authenticate_additional_data(b"0" * 8) assert encryptor._aad_bytes_processed == 8 encryptor.authenticate_additional_data(b"0" * 18) assert encryptor._aad_bytes_processed == 26
def test_gcm_tag_decrypt_finalize(self, backend): key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d") aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193") encryptor = base.Cipher( algorithms.AES(key), modes.GCM(iv), backend=backend ).encryptor() encryptor.authenticate_additional_data(aad) encryptor.finalize() tag = encryptor.tag if ( backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL ): with pytest.raises(NotImplementedError): decryptor = base.Cipher( algorithms.AES(key), modes.GCM(iv), backend=backend ).decryptor() decryptor = base.Cipher( algorithms.AES(key), modes.GCM(iv, tag=encryptor.tag), backend=backend ).decryptor() else: decryptor = base.Cipher( algorithms.AES(key), modes.GCM(iv), backend=backend ).decryptor() decryptor.authenticate_additional_data(aad) if ( backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL ): with pytest.raises(NotImplementedError): decryptor.finalize_with_tag(tag) decryptor.finalize() else: decryptor.finalize_with_tag(tag)
def test_buffer_protocol_alternate_modes(mode, backend): data = bytearray(b"sixteen_byte_msg") cipher = base.Cipher(algorithms.AES(bytearray(b"\x00" * 32)), mode, backend) enc = cipher.encryptor() ct = enc.update(data) + enc.finalize() dec = cipher.decryptor() pt = dec.update(ct) + dec.finalize() assert pt == data
def test_gcm_ciphertext_limit(self, backend): encryptor = base.Cipher(algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend).encryptor() encryptor._bytes_processed = modes.GCM._MAX_ENCRYPTED_BYTES - 16 encryptor.update(b"0" * 16) assert (encryptor._bytes_processed == modes.GCM._MAX_ENCRYPTED_BYTES) with pytest.raises(ValueError): encryptor.update(b"0")
def test_gcm_aad_limit(self, backend): encryptor = base.Cipher(algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend).encryptor() encryptor._aad_bytes_processed = modes.GCM._MAX_AAD_BYTES - 16 encryptor.authenticate_additional_data(b"0" * 16) assert encryptor._aad_bytes_processed == modes.GCM._MAX_AAD_BYTES with pytest.raises(ValueError): encryptor.authenticate_additional_data(b"0")
def encrypt(mode, key, iv, plaintext): cipher = base.Cipher( algorithms.IDEA(binascii.unhexlify(key)), mode(binascii.unhexlify(iv)), ) encryptor = cipher.encryptor() ct = encryptor.update(binascii.unhexlify(plaintext)) ct += encryptor.finalize() return binascii.hexlify(ct)
def test_gcm_ciphertext_increments(self, backend): encryptor = base.Cipher(algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend).encryptor() encryptor.update(b"0" * 8) assert encryptor._bytes_processed == 8 encryptor.update(b"0" * 7) assert encryptor._bytes_processed == 15 encryptor.update(b"0" * 18) assert encryptor._bytes_processed == 33
def test_buffer_protocol_alternate_modes(mode, backend): data = bytearray(b"sixteen_byte_msg") key = algorithms.AES(bytearray(os.urandom(32))) if not backend.cipher_supported(key, mode): pytest.skip("AES in {} mode not supported".format(mode.name)) cipher = base.Cipher(key, mode, backend) enc = cipher.encryptor() ct = enc.update(data) + enc.finalize() dec = cipher.decryptor() pt = dec.update(ct) + dec.finalize() assert pt == data
def decrypt(key, txt): mode = modes.ECB() cipher = base.Cipher( algorithms.SEED(key), mode, backend ) decryptor = cipher.decryptor() ct = decryptor.update(txt) ct += decryptor.finalize() return ct
def test_gcm_min_max_iv(self, size, backend): if backend._fips_enabled: # Red Hat disables non-96-bit IV support as part of its FIPS # patches. pytest.skip("Non-96-bit IVs unsupported in FIPS mode.") key = os.urandom(16) iv = b"\x00" * size payload = b"data" encryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv)).encryptor() ct = encryptor.update(payload) encryptor.finalize() tag = encryptor.tag decryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv)).decryptor() pt = decryptor.update(ct) decryptor.finalize_with_tag(tag) assert pt == payload
def test_xts_vectors(self, vector, backend): key = binascii.unhexlify(vector["key"]) tweak = binascii.unhexlify(vector["i"]) pt = binascii.unhexlify(vector["pt"]) ct = binascii.unhexlify(vector["ct"]) cipher = base.Cipher(algorithms.AES(key), modes.XTS(tweak), backend) enc = cipher.encryptor() computed_ct = enc.update(pt) + enc.finalize() assert computed_ct == ct dec = cipher.decryptor() computed_pt = dec.update(ct) + dec.finalize() assert computed_pt == pt
def test_gcm_ciphertext_limit(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend, ).encryptor() new_max = modes.GCM._MAX_ENCRYPTED_BYTES - 16 encryptor._bytes_processed = new_max # type: ignore[attr-defined] encryptor.update(b"0" * 16) max = modes.GCM._MAX_ENCRYPTED_BYTES assert encryptor._bytes_processed == max # type: ignore[attr-defined] with pytest.raises(ValueError): encryptor.update(b"0")
def test_gcm_tag_with_only_aad(self, backend): key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d") aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193") tag = binascii.unhexlify(b"0f247e7f9c2505de374006738018493b") cipher = base.Cipher(algorithms.AES(key), modes.GCM(iv), backend=backend) encryptor = cipher.encryptor() encryptor.authenticate_additional_data(aad) encryptor.finalize() assert encryptor.tag == tag
def test_gcm_ciphertext_with_no_aad(self, backend): key = binascii.unhexlify(b"e98b72a9881a84ca6b76e0f43e68647a") iv = binascii.unhexlify(b"8b23299fde174053f3d652ba") ct = binascii.unhexlify(b"5a3c1cf1985dbb8bed818036fdd5ab42") tag = binascii.unhexlify(b"23c7ab0f952b7091cd324835043b5eb5") pt = binascii.unhexlify(b"28286a321293253c3e0aa2704a278032") cipher = base.Cipher(algorithms.AES(key), modes.GCM(iv), backend=backend) encryptor = cipher.encryptor() computed_ct = encryptor.update(pt) + encryptor.finalize() assert computed_ct == ct assert encryptor.tag == tag
def test_gcm_tag_decrypt_none(self, backend): key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") iv = binascii.unhexlify(b"b1e1349120b6e832ef976f5d") aad = binascii.unhexlify(b"b6d729aab8e6416d7002b9faa794c410d8d2f193") encryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv), backend=backend).encryptor() encryptor.authenticate_additional_data(aad) encryptor.finalize() if backend.name == "openssl" and \ backend.openssl_version_number() < 0x10002000: with pytest.raises(NotImplementedError): decryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv), backend=backend).decryptor() else: decryptor = base.Cipher(algorithms.AES(key), modes.GCM(iv), backend=backend).decryptor() decryptor.authenticate_additional_data(aad) with pytest.raises(ValueError): decryptor.finalize()
def test_gcm_aad_limit(self, backend): encryptor = base.Cipher( algorithms.AES(b"\x00" * 16), modes.GCM(b"\x01" * 16), backend=backend, ).encryptor() new_max = modes.GCM._MAX_AAD_BYTES - 16 encryptor._aad_bytes_processed = new_max # type: ignore[attr-defined] encryptor.authenticate_additional_data(b"0" * 16) max = modes.GCM._MAX_AAD_BYTES assert (encryptor._aad_bytes_processed == max # type: ignore[attr-defined] ) with pytest.raises(ValueError): encryptor.authenticate_additional_data(b"0")
def decrypt(key, associated_data, iv, ciphertext, tag): # Construct a Cipher object, with the key, iv, and additionally the # GCM tag used for authenticating the message. decryptor = base.Cipher( algorithms.AES(key), modes.GCM(iv, tag), backend=default_backend() ).decryptor() # We put associated_data back in or the tag will fail to verify # when we finalize the decryptor. decryptor.authenticate_additional_data(associated_data) # Decryption gets us the authenticated plaintext. # If the tag does not match an InvalidTag exception will be raised. return decryptor.update(ciphertext) + decryptor.finalize()
def encrypt(key, plaintext, associated_data): # Generate a random 96-bit IV. iv = os.urandom(12) # Construct an AES-GCM Cipher object with the given key and a # randomly generated IV. encryptor = base.Cipher( algorithms.AES(key), modes.GCM(iv), backend=default_backend() ).encryptor() # associated_data will be authenticated but not encrypted, # it must also be passed in on decryption. encryptor.authenticate_additional_data(associated_data) # Encrypt the plaintext and get the associated ciphertext. # GCM does not require padding. ciphertext = encryptor.update(plaintext) + encryptor.finalize() return iv, ciphertext, encryptor.tag
def auth_apdu(system_title, frame_counter, encryption_key, authentication_key, stoc): from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import algorithms, modes, Cipher from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives.ciphers import algorithms, base, modes aad = SECURITY_HEADER[0] + authentication_key + stoc cipher = base.Cipher(algorithms.AES(unhexlify(encryption_key)), modes.GCM(create_iv(frame_counter, system_title)), backend=default_backend()) encryptor = cipher.encryptor() encryptor.authenticate_additional_data(unhexlify(aad)) encryptor.finalize() data = encryptor.tag.hex() return data[:-8]
def test_xts_no_duplicate_keys_encryption(self, backend): key = bytes(range(16)) * 2 tweak = b"\x00" * 16 cipher = base.Cipher(algorithms.AES(key), modes.XTS(tweak)) with pytest.raises(ValueError, match="duplicated keys"): cipher.encryptor()
def btn_encrypt_decrypt_clicked(self): if self.ui.cmb_security_control_byte.currentText( ) == "30 - Encrypted and Authenticated": cipher_apdu = self.ui.txt_apdu.toPlainText().replace( "\n", "").replace(" ", "") # Remove newline and space string_chiper_apdu = check_input(cipher_apdu) if string_chiper_apdu == False: return # Exit btn_clicked function encryption_key = check_input(self.ui.txt_encryption_key.text()) if encryption_key == False: return # Create the AAD aad = check_input(security_control_byte[0] + self.ui.txt_authentication_key.text()) if aad == False: return # Create init vector init_vector = check_input( self.create_iv(self.ui.txt_frame_counter.text())) if init_vector == False: return # Encrypt or Decrypt aesgcm = AESGCM(encryption_key) apdu = aesgcm.encrypt(init_vector, string_chiper_apdu, aad) apdu_to_string = apdu.hex() # TAG start from index -32 and end at index -8 (it's long 12 bytes) self.ui.txt_result.setPlainText("APDU: " + apdu_to_string[:-32] + "\nTAG: " + apdu_to_string[-32:-8]) else: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import algorithms, modes, Cipher from cryptography.hazmat.backends.interfaces import CipherBackend from cryptography.hazmat.primitives.ciphers import algorithms, base, modes # Create the AAD aad = check_input(security_control_byte[1] + self.ui.txt_authentication_key.text()) if aad == False: return encryption_key = check_input(self.ui.txt_encryption_key.text()) if encryption_key == False: return # Create init vector init_vector = check_input( self.create_iv(self.ui.txt_frame_counter.text())) if init_vector == False: return cipher = base.Cipher(algorithms.AES(encryption_key), modes.GCM(init_vector), backend=default_backend()) encryptor = cipher.encryptor() encryptor.authenticate_additional_data(aad) encryptor.finalize() data = encryptor.tag.hex() self.ui.txt_result.setPlainText(data[:-8])