class TestTripleDESModeCFB(object):
test_KAT = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "3DES", "CFB"),
[
"TCFB64invperm.rsp",
"TCFB64permop.rsp",
"TCFB64subtab.rsp",
"TCFB64varkey.rsp",
"TCFB64vartext.rsp",
],
lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
test_MMT = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "3DES", "CFB"),
[
"TCFB64MMT1.rsp",
"TCFB64MMT2.rsp",
"TCFB64MMT3.rsp",
],
lambda key1, key2, key3, **kwargs: algorithms.TripleDES(
binascii.unhexlify(key1 + key2 + key3)
),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
def _lock_secret_key(packet, new_pass, fast):
if packet.s2k_id != 0:
raise ValueError('Cannot lock an already locked key')
new_packet = MutableSecretKeyPacket.copy(packet)
s2k_offset = new_packet.get_s2k_offset()
assert (packet.s2k_id == new_packet.data[s2k_offset])
s2k_id = 254
secret_data = new_packet.data[s2k_offset + 1:-2]
secret_data += hashlib.sha1(secret_data).digest()
enc_pass = new_pass.encode('utf-8')
s2k_salt = get_random_bytes(8)
assert (len(s2k_salt) == 8)
s2k_type = 3 # Salted and Iterated
s2k_hash = 2 # SHA1
s2k_calg = 7 # AES-128
s2k_iter = 1 if fast else 249
aes128_iv = get_random_bytes(16)
encryptor = Cipher(
algorithms.AES(s2k(enc_pass, s2k_hash, s2k_calg, s2k_salt, s2k_iter)),
modes.CFB(aes128_iv), default_backend()).encryptor()
encrypted_data = bytearray(
encryptor.update(bytes(secret_data)) + encryptor.finalize())
new_packet.set_secret_key_data(
s2k_id, (bytearray([s2k_calg, s2k_type, s2k_hash]) + s2k_salt +
bytearray([s2k_iter]) + aes128_iv + encrypted_data))
return new_packet
def encrypt(self, data):
key = os.urandom(32)
iv = os.urandom(16)
cipher = Cipher(algorithms.AES(key), modes.CFB(iv))
encryptor = cipher.encryptor()
encrypted = encryptor.update(data) + encryptor.finalize()
return encrypted, key, iv
def encrypt(cipher, key, data):
iv = len(key) * b"\x00"
ci = cipher(key)
ciph = Cipher(ci, modes.CFB(iv), backend=default_backend())
encr = ciph.encryptor()
encdata = encr.update(data) + encr.finalize()
return encdata
def process(self, msg=b"", sharedKey=b""):
# Número da mensagem.
self.msg_cnt += 1
print('Input your message.')
textInput = input().encode()
# Derivação da Shared Key para 32 bytes ou seja 256 bits (mais seguro).
derivedKey = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=b'\x8f\x84\x82\xb0\xfc\x19\xe4!\xd6\xf3"\xce\x87o\xe4}',
info=b'handshake data',
backend=default_backend()).derive(sharedKey)
# Encriptar a mensagem para mandar ao Servidor.
cipher = Cipher(algorithms.AES(derivedKey),
modes.CFB(iv),
backend=default_backend())
encryptor = cipher.encryptor()
encryptMessage = encryptor.update(textInput) + encryptor.finalize()
return encryptMessage if len(encryptMessage) > 0 else None
def triple_DES():
block_size = 16 #fixed block size of 16 bytes
#padding
pad = lambda s: s + (block_size - len(s) % block_size) * chr(
block_size - len(s) % block_size)
unpad = lambda s: s[:-ord(s[len(s) - 1:])] #unpad after decryption
plain_text = str(input("Enter the plaintext to be encrypted: \n"))
plain_text = pad((plain_text)) #padding the text
#bytes conversion as input to encryption process must be binary data
plain_text2 = bytes(plain_text, 'utf-8')
backend = default_backend(
) #backend interfaces support symmetric encryption
key = os.urandom(24) #24 bytes key
iv = os.urandom(
8) #TDES vector initializtion length=8 used along with secret key
#utilizing Cipher Feedback(CFB)
cipher = Cipher(algorithms.TripleDES(key), modes.CFB(iv), backend=backend)
encryptor = cipher.encryptor()
ct = encryptor.update(plain_text2) + encryptor.finalize()
decryptor = cipher.decryptor()
decrypt = decryptor.update(ct) + decryptor.finalize()
decrypt = unpad(decrypt) #unpad the text after decryption
print("Key: \n" + str(key)) #drived key
print("Text after Encryption: \n" + str(ct)) #encrypted text
print("Text after Decryption \n" + str(decrypt)) #decrypted text
print("Do you want to proceed with encryption?")
user_input = input("Enter your choice as 'Yes' or 'No': ")
if user_input == "Yes":
symencryption()
elif user_input == "No":
exit()
def decrypt(key, iv, byte_data):
cipher = Cipher(algorithms.AES(key),
modes.CFB(iv),
backend=default_backend())
decryptor = cipher.decryptor()
return decryptor.update(byte_data) + decryptor.finalize()
def _decrypt(cipher: Type[AES], key: bytes, data: bytes) -> bytes:
iv = len(key) * b"\x00"
ci = cipher(key)
ciph = Cipher(ci, modes.CFB(iv), backend=default_backend())
decr = ciph.decryptor()
plaintextdata = decr.update(data) + decr.finalize()
return plaintextdata
def get_cipher(key, method, op, iv):
if method == 'bypass':
return bypass()
if method in ('salsa20', 'chacha20', 'chacha20-ietf'):
return Salsa20Crypto(method, key, iv, op)
elif method == 'rc4-md5':
md5 = hashlib.md5()
md5.update(key)
md5.update(iv)
key = md5.digest()
method = 'rc4'
cipher = None
if method.startswith('rc4'):
pass
elif method.endswith('ctr'):
mode = modes.CTR(iv)
elif method.endswith('ofb'):
mode = modes.OFB(iv)
elif method.endswith('cfb'):
mode = modes.CFB(iv)
else:
raise ValueError('operation mode "%s" not supported!' % method.upper())
if method.startswith('rc4'):
cipher = Cipher(algorithms.ARC4(key), None, default_backend())
elif method.startswith('aes'):
cipher = Cipher(algorithms.AES(key), mode, default_backend())
elif method.startswith('camellia'):
cipher = Cipher(algorithms.Camellia(key), mode, default_backend())
else:
raise ValueError('crypto algorithm "%s" not supported!' %
method.upper())
return cipher.encryptor() if op else cipher.decryptor()
def test_cfb(self, backend):
with pytest.raises(ValueError):
Cipher(
algorithms.AES(b"\x00" * 16),
modes.CFB(b"abc"),
backend,
)
def _encrypt(cipher: Type[AES], key: bytes, data: bytes) -> bytes:
iv = len(key) * b"\x00"
ci = cipher(key)
ciph = Cipher(ci, modes.CFB(iv), backend=default_backend())
encr = ciph.encryptor()
encdata = encr.update(data) + encr.finalize()
return encdata
def _o2proxy_encrypted_session(
secret: bytes, user: Optional[str], email: str, expires: datetime, token: str
) -> bytes:
"""
Take in the data for an encrypting an oauth2_proxy session and
return the encrypted session and handle.
:param user: username, if any
:param email: email, if any
:param expires: expiration of the token
:param token: The encoded JWT.
:return: encrypted session bytes
"""
email = email or ""
session_obj = dict(
IDToken=_o2proxy_encrypt_field(token).decode(),
Email=_o2proxy_encrypt_field(email).decode(),
User=_o2proxy_encrypt_field(email).decode(),
CreatedAt=datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"),
ExpiresOn=expires.strftime("%Y-%m-%dT%H:%M:%SZ"),
)
session_payload_str = json.dumps(session_obj)
backend = default_backend()
cipher = Cipher(algorithms.AES(secret), modes.CFB(secret), backend=backend)
encryptor = cipher.encryptor()
cipher_text = encryptor.update(session_payload_str.encode()) + encryptor.finalize()
return cipher_text
def create_cipher(mode_selection, key, iv):
if mode_selection == "1":
cipher = Cipher(
algorithm=algorithms.AES(key),
mode=modes.CBC(iv),
backend=backend)
elif mode_selection == "2":
cipher = Cipher(
algorithm=algorithms.AES(key),
mode=modes.ECB(),
backend=backend)
elif mode_selection == "3":
cipher = Cipher(
algorithm=algorithms.AES(key),
mode=modes.CTR(iv),
backend=backend)
elif mode_selection == "4":
cipher = Cipher(
algorithm=algorithms.AES(key),
mode=modes.OFB(iv),
backend=backend)
elif mode_selection == "5":
cipher = Cipher(
algorithm=algorithms.AES(key),
mode=modes.CFB(iv),
backend=backend)
return cipher
def decode_with_ssh_key(key_path: str, encoded_string: str) -> str:
""" decrypts a plain string using some data from key file
:param key_path: path to key file
:param encoded_string: text that has to be decrypted
:return: decrypted text
"""
key, iv = get_key_and_iv(key_path)
encrypted_bytes = base64.b64decode(encoded_string)
try:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
backend = default_backend()
cipher = Cipher(algorithms.AES(key), modes.CFB(iv), backend=backend)
decryptor = cipher.decryptor()
decrypted_bytes = decryptor.update(
encrypted_bytes) + decryptor.finalize()
except ModuleNotFoundError:
import Crypto.PublicKey.RSA # used for generating ssh key
import Crypto.Cipher.AES
cipher = Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CFB, iv)
decrypted_bytes = cipher.decrypt(encrypted_bytes)
return decrypted_bytes.decode()
def client(port):
context = zmq.Context()
socket = context.socket(zmq.SUB)
socket.connect('tcp://127.0.0.1:{}'.format(port))
socket.setsockopt(zmq.SUBSCRIBE, b'\x00\x00\x00\x00')
running = True
def stopReading(signal, frame):
nonlocal running
running = False
signal.signal(signal.SIGINT, stopReading)
key = b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f'
backend = default_backend()
while running:
try:
topicID, iv, cipher = socket.recv_multipart(zmq.NOBLOCK)
except zmq.ZMQError:
time.sleep(0.1)
else:
aes = Cipher(algorithms.AES(key), modes.CFB(iv), backend=backend)
decryptor = aes.decryptor()
msg = decryptor.update(cipher) + decryptor.finalize()
planets = Planets.GetRootAsPlanets(msg, 0)
for i in range(planets.PlanetsLength()):
p = planets.Planets(i)
x, y, z = p.X(), p.Y(), p.Z()
print('Planet(x={:f}, y={:f}, z={:f})'.format(x, y, z))
print('')
socket.close()
def __init__(self,
algorithm=None,
cipher_mode=None,
initialization_vector=None,
**kwargs):
"""Initializes a decrypter.
Args:
algorithm (Optional[Cryptography.CipherAlgorithm]): cipher algorithm.
cipher_mode (Optional[str]): cipher mode.
initialization_vector (Optional[bytes]): initialization vector.
kwargs (dict): keyword arguments depending on the decrypter.
Raises:
ValueError: if the initialization_vector is required and not set.
"""
if (cipher_mode != definitions.ENCRYPTION_MODE_ECB
and not initialization_vector):
raise ValueError('Missing initialization vector.')
if cipher_mode == definitions.ENCRYPTION_MODE_CBC:
mode = modes.CBC(initialization_vector)
elif cipher_mode == definitions.ENCRYPTION_MODE_CFB:
mode = modes.CFB(initialization_vector)
elif cipher_mode == definitions.ENCRYPTION_MODE_ECB:
mode = modes.ECB()
elif cipher_mode == definitions.ENCRYPTION_MODE_OFB:
mode = modes.OFB(initialization_vector)
backend = backends.default_backend()
cipher = ciphers.Cipher(algorithm, mode=mode, backend=backend)
super(CryptographyBlockCipherDecrypter, self).__init__()
self._algorithm = algorithm
self._cipher_context = cipher.decryptor()
class TestIDEAModeCFB:
test_cfb = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "IDEA"),
["idea-cfb.txt"],
lambda key, **kwargs: algorithms.IDEA(binascii.unhexlify((key))),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
class TestBlowfishModeCFB:
test_cfb = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "Blowfish"),
["bf-cfb.txt"],
lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
class TestSEEDModeCFB(object):
test_CFB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "SEED"),
["seed-cfb.txt"],
lambda key, **kwargs: algorithms.SEED(binascii.unhexlify((key))),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv))
)
def get_aes_mode(mode, iv):
cipher_modes = {
'CFB': modes.CFB(iv),
'CTR': modes.CTR(iv)
}
assert mode in cipher_modes.keys()
return cipher_modes[mode]
class TestCAST5ModeCFB(object):
test_cfb = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "CAST5"),
["cast5-cfb.txt"],
lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
class TestSM4ModeCFB(object):
test_cfb = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "SM4"),
["draft-ribose-cfrg-sm4-10-cfb.txt"],
lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
class TestCamelliaModeCFB(object):
test_CFB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "Camellia"),
["camellia-cfb.txt"],
lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
)
def decrypt(self, data):
if self._first_package is True or self._transport_protocol == protocol.TRANSPORT_UDP:
self._first_package = False
self._iv, data = data[:self._iv_len], data[self._iv_len:]
self._decryptor = Cipher(algorithms.AES(self._key),
modes.CFB(self._iv),
backend=default_backend()).decryptor()
return self._decrypt_impl(data, self._key, self._iv)
def __init__(self, f_original: io.RawIOBase,
get_key_pair: typing.Callable[[str], KeyPair]):
"""
initializer, NOTE: this starts reading the stream of f_original
to extract header information if present!!
:param f_original: the wrapped FLO
:param get_key_pair: a function, called for each key_subject from the header until one does
not throw a KeyError.
"""
super().__init__()
# setting wrapped stream to read from
self._f_original = f_original
# reading json header contained in encrypted file
json_header = read_header(self._f_original)
# reading iv from header
initialization_vector = base64.b64decode(json_header['iv'])
# try to get a key for one of the subject in the file-header
for private_key_subject in json_header['keys'].keys():
try:
private_pem = get_key_pair(private_key_subject)
# reading (wrapped) key information and extracting relevant one
encrypted_file_key_string = json_header['keys'].get(
private_key_subject)
break
except KeyError:
# This is part of the process finding a key, get_key_private will be called for all
# key subjects read from the header until it returns a valid KeyPair
pass
else:
# (else is executed if break was not hit in loop)
# if own subject not in key info -> error as we cannot decrypt
raise NoKeyError('No decryption key present')
# store the set of available subject ids from the header
self.subject_ids = set(json_header['keys'].keys())
# decoding wrapped file key (symmetric)
encrypted_file_key = base64.b64decode(encrypted_file_key_string)
# getting private key (PEM)
private_key = serialization.load_pem_private_key(
private_pem, None, backend=default_backend())
# initializing file key (AES) by unwrapping wrapped key info with private key
self._file_key = decrypt_with_private_key(
private_key=private_key, ciphertext=encrypted_file_key)
# initializing cipher to decrypt using file key
self._cypher = Cipher(
algorithms.AES(self._file_key),
modes.CFB(initialization_vector=initialization_vector),
backend=default_backend())
self._decryptor = self._cypher.decryptor()
def __init__(self, f_original, public_keys, file_key=None):
"""
initializer
:param f_original: the original FLO to wrap and get plaintext from
:param public_keys: list of tuples representing public key information
in the format of (subject, public key), where subject is the email_address
of the recipient and public key is a string containing the RSA public key
in PEM format
:param file_key: the symmetric key used for encryption (AES256). If not
passed, it will be generated randomly
(os.urandom)
"""
super().__init__()
# we never encrypt a file without public keys ;)
assert len(public_keys)
# setting symmetric key used for file encryption
if not file_key:
# creating random file key if not passed
self._file_key = os.urandom(AES_KEY_LENGTH)
else:
# setting file key if passed (assuming right size)
self._file_key = file_key
# creating random IV
initialization_vector = os.urandom(AES_IV_LENGTH)
# creating cipher to perform encryption using given IV
self._cypher = Cipher(
algorithms.AES(self._file_key),
modes.CFB(initialization_vector=initialization_vector),
backend=default_backend())
self._encryptor = self._cypher.encryptor()
self._f_original = f_original
# wrapping encryption key (symmetric) with all public keys of intended recipients
keys = {}
for subject, public_key_str in public_keys.items():
public_key = serialization.load_pem_public_key(
public_key_str, default_backend())
# wrapping symmetric key with public key of user
encrypted_file_key = encrypt_with_public_key(
public_key=public_key, plaintext=self._file_key)
# storing wrapped file key
keys[subject] = encrypted_file_key
# creating header information and adding to output buffer
self._buffer = \
b''.join(create_header(
initialization_vector=initialization_vector, keys=keys))
# determining header size
self.header_size = len(self._buffer)
def write(text, key):
cipher = Cipher(algorithms.AES(base64.urlsafe_b64decode(key)),
modes.CFB(iv),
backend=backend)
encryptor = cipher.encryptor()
while len(text) // 16 != len(text) / 16:
text += b' '
ct = encryptor.update(bytes(text)) + encryptor.finalize()
out = base64.urlsafe_b64encode(iv + ct)
return out
def encrypt(self, data):
if self._first_package is True or self._transport_protocol == protocol.TRANSPORT_UDP:
self._first_package = False
self._iv = os.urandom(self._iv_len)
self._encryptor = Cipher(algorithms.AES(self._key),
modes.CFB(self._iv),
backend=default_backend()).encryptor()
return self._iv + self._encrypt_impl(data, self._key, self._iv)
else:
return self._encrypt_impl(data, self._key, self._iv)
def generate_aes_cfb(key, nonce_or_iv):
backend = default_backend()
iv = nonce_or_iv
cipher = Cipher(algorithms.AES(key), modes.CFB(iv), backend=backend)
def do_computation(msg: bytes):
encryptor = cipher.encryptor()
ct = encryptor.update(msg) + encryptor.finalize()
return do_computation
def encrypt(self, buffer, is_encrypt):
cipher = Cipher(algorithms.AES(self.connection_info.encrypted_key),
modes.CFB(self.connection_info.encrypted_iv),
backend=default_backend())
if is_encrypt:
encryptor = cipher.encryptor()
return encryptor.update(buffer) + encryptor.finalize()
else:
decryptor = cipher.decryptor()
return decryptor.update(buffer) + decryptor.finalize()
