def test_open_with_wrong_associated_data(self):
"""Ensure 'open' raises IntegrityError if wrong associated data is given"""
bad_ad = [b"INVALID"]
for ex in SIVExample.load():
siv = SIV(ex.key)
with self.assertRaises(IntegrityError):
siv.open(ex.ciphertext, bad_ad)
def test_open_with_wrong_key(self):
"""Ensure 'open' raises IntegrityError if wrong key is given"""
bad_key = b"\x01" * 32
siv = SIV(bad_key)
for ex in SIVExample.load():
with self.assertRaises(IntegrityError):
siv.open(ex.ciphertext, ex.ad)
def decrypt(self: object, passphrase: bytes) -> None:
with open(self.in_path, 'rb') as in_file:
salt = in_file.read(self.SALT_SIZE)
key = self._derive_key(passphrase, salt)
siv = SIV(key)
nonce = in_file.read(self.NONCE_SIZE)
plaintext = siv.open(in_file.read(), [nonce])
self._extract(plaintext)
def dec_file(filepath, data_key):
siv = SIV(data_key)
with open(filepath, 'rb') as myfile:
ciphertext = myfile.read()
# first 16 bytes are the nonce
nonce = ciphertext[:16]
plaintext = siv.open(ciphertext[16:], [nonce])
return plaintext.decode()
return None
def dec_file(self):
"""
Decrypt file and return plaintext
"""
with open(self.input_file, 'rb') as f:
data = f.read()
siv = SIV(self.k)
nonce = data[:16]
pt = siv.open(data[16:], [nonce])
return pt.decode()
class AES(Encryption):
default_options = {"salt": None}
pubkey = None
def setup(self):
password = self.ask_password()
# Generate Salt
if not self.config["salt"]:
salt = urandom(SALT_SIZE)
self.config["salt"] = binascii.hexlify(salt)
# Derive key from password and initialize SIV
key = self.derive_key(password)
self.engine = SIV(key)
def derive_key(self, password):
salt = binascii.unhexlify(self.config["salt"])
pw_bytes = bytes(password, "utf-8")
dk = hash_secret_raw(
pw_bytes,
salt,
time_cost=ARGON2_TIME_COST,
memory_cost=ARGON2_MEMORY_COST,
parallelism=ARGON2_PARALLELISM,
hash_len=ARGON2_HASH_LEN,
type=ARGON2_TYPE,
)
return dk
def encrypt(self, data):
nonce = urandom(NONCE_SIZE)
if not isinstance(data, bytes):
data = bytes(data, "utf-8")
sealed_data = self.engine.seal(data, [nonce])
return (sealed_data, nonce)
def decrypt(self, payload):
data = self.engine.open(payload[0], [payload[1]])
return data
def unwrap_key_owner(passphrase, wrapped_key_ciphertext):
#derive key using passphrase and salt
salt = wrapped_key_ciphertext[:16]
derived_key = argon2.low_level.hash_secret_raw(
passphrase.encode(),
salt,
time_cost=1,
memory_cost=8,
parallelism=1,
hash_len=32,
type=argon2.low_level.Type.I)
# unwrap the data key using the derived key
siv = SIV(derived_key)
data_key = siv.open(wrapped_key_ciphertext[16:])
return data_key
def test_open(self):
"""Ensure the 'open' passes all AES-SIV test vectors"""
for ex in PMACSIVExample.load():
siv = SIV(ex.key, PMAC)
plaintext = siv.open(ex.ciphertext, ex.ad)
self.assertEqual(plaintext, ex.plaintext)
def dec_str(ciphertext, data_key):
siv = SIV(data_key)
nonce = ciphertext[:16]
plaintext = siv.open(ciphertext[16:], [nonce])
return plaintext.decode()
def decryption_machine(encrypt):
siv = SIV(encrypt[2])
plaintext = siv.open(encrypt[0], [encrypt[1]])
return plaintext