def _decrypt_stealth(self, descriptor_cookie): assert len(self._crypted_data) > 2 + self.CIPHER_IV_LEN, 'Size of encrypted data is too small' assert self._crypted_data[0] == AuthType.Stealth iv = self._crypted_data[1:1 + self.CIPHER_IV_LEN] d = aes_ctr_decryptor(descriptor_cookie, iv) data = self._crypted_data[1 + self.CIPHER_IV_LEN:] return d.update(data)
def _decrypt_basic(self, descriptor_cookie): assert self._crypted_data[0] == AuthType.Basic block_count = self._crypted_data[1] entries_len = block_count * self.REND_BASIC_AUTH_CLIENT_MULTIPLE * self.REND_BASIC_AUTH_CLIENT_ENTRY_LEN assert len(self._crypted_data) > 2 + entries_len + self.CIPHER_IV_LEN, 'Size of crypted data too small' iv = self._crypted_data[2 + entries_len:2 + entries_len + self.CIPHER_IV_LEN] client_id = sha1(descriptor_cookie + iv)[:4] session_key = self._get_session_key(self._crypted_data[2:2 + entries_len], descriptor_cookie, client_id) d = aes_ctr_decryptor(session_key, iv) data = self._crypted_data[2 + entries_len + self.CIPHER_IV_LEN:] return d.update(data)
def _get_session_key(self, data, descriptor_cookie, client_id): pos = 0 d = aes_ctr_decryptor(descriptor_cookie) while pos < len(data): if data[pos:pos + self.REND_BASIC_AUTH_CLIENT_ID_LEN] == client_id: start_key_pos = pos + self.REND_BASIC_AUTH_CLIENT_ID_LEN end_key_pos = start_key_pos + self.CIPHER_KEY_LEN enc_session_key = data[start_key_pos:end_key_pos] return aes_update(d, enc_session_key) pos += self.REND_BASIC_AUTH_CLIENT_ENTRY_LEN raise Exception('Session key for client {!r} not found'.format(client_id))
def __init__(self, data): """ Parse handshake data and create forward/backward digests. When used in the ntor handshake, the first HASH_LEN bytes form the forward digest Df; the next HASH_LEN form the backward digest Db; the next KEY_LEN form Kf, the next KEY_LEN form Kb, and the final DIGEST_LEN bytes are taken as a nonce to use in the place of KH in the hidden service protocol. Excess bytes from K are discarded. :type data: bytes """ (_fdig, _bdig, _ekey, _dkey) = struct.unpack('!20s20s16s16s', data) self._forward_digest = sha1_stream(_fdig) self._backward_digest = sha1_stream(_bdig) self._forward_cipher = aes_ctr_encryptor(_ekey) self._backward_cipher = aes_ctr_decryptor(_dkey)