def test_document_signature(self, client): key = RSA.generate(2048) private_key = key.export_key() file_out = open("test_document_signature_private.pem", "wb") file_out.write(private_key) file_out.close() public_key = key.publickey().export_key() file_out = open("test_document_signature_receiver.pem", "wb") file_out.write(public_key) file_out.close() document = b'test_create_document test document' # sign signature_key = RSA.import_key(open("test_document_signature_private.pem").read()) signer = pkcs1_15.new(signature_key) hash_sign = SHA384.new() hash_sign.update(document) signature = signer.sign(hash_sign) database_key = str(uuid.uuid4()) doc_creation = client.post('/create_document', json={ 'database key': database_key, 'document': document, 'signature': base64.b64encode(signature) }) assert b'Document successfully created' in doc_creation.data json_file = json.loads(doc_creation.data) doc_key = json_file['document key'] chain = client.post('/get_latest', json={ 'database key': database_key, 'document key': doc_key }) assert b'Document successfully retrieved' in chain.data json2_file = json.loads(chain.data) retrieved_signature = base64.b64decode(json2_file['document']['signature']) verification_key_string = open("test_document_signature_receiver.pem").read() verification_key = RSA.import_key(verification_key_string) verifier = pkcs1_15.new(verification_key) hash_verify = SHA384.new() hash_verify.update(json2_file['document']['document'].encode('utf-8')) verifier.verify(hash_verify, retrieved_signature) updated_chain = client.post('/update_document', json={ 'database key': database_key, 'document key': doc_key, 'document': 'test_update_document test document update', 'signature': base64.b64encode(signature), 'public key': verification_key_string }) assert b'Document successfully updated' in updated_chain.data
def pack_hkdf_info(label, context): if len(label) > 30: label = SHA384.new(label).digest()[:30] if len(context) > 30: context = SHA384.new(context).digest()[:30] h = HMAC.new(label, digestmod=SHA512) h.update(bytes(struct.pack('>30s', label))) h.update('\x00') h.update(bytes(struct.pack('>30s', context))) return h.digest()[:30]
def test_digital_signature(self, client): key = RSA.generate(2048) private_key = key.export_key() file_out = open("test_digital_signature_private.pem", "wb") file_out.write(private_key) file_out.close() public_key = key.publickey().export_key() file_out = open("test_digital_signature_receiver.pem", "wb") file_out.write(public_key) file_out.close() message = b'test_digital_signature' # sign signature_key = RSA.import_key(open("test_digital_signature_private.pem").read()) signer = pkcs1_15.new(signature_key) hash_sign = SHA384.new() hash_sign.update(message) signature = signer.sign(hash_sign) # verify verification_key = RSA.import_key(open("test_digital_signature_receiver.pem").read()) verifier = pkcs1_15.new(verification_key) hash_verify = SHA384.new() hash_verify.update(message) verifier.verify(hash_verify, signature) # test message tampering with pytest.raises(ValueError): tampered_message = message + b' this message has been tampered' verification_key = RSA.import_key(open("test_digital_signature_receiver.pem").read()) verifier = pkcs1_15.new(verification_key) hash_verify = SHA384.new() hash_verify.update(tampered_message) verifier.verify(hash_verify, signature) # test incorrect key key = RSA.generate(2048) private_key = key.export_key() file_out = open("test_digital_signature_private_wrong.pem", "wb") file_out.write(private_key) file_out.close() public_key = key.publickey().export_key() file_out = open("test_digital_signature_receiver_wrong.pem", "wb") file_out.write(public_key) file_out.close() with pytest.raises(ValueError): verification_key = RSA.import_key(open("test_digital_signature_receiver_wrong.pem").read()) verifier = pkcs1_15.new(verification_key) hash_verify = SHA384.new() hash_verify.update(message) verifier.verify(hash_verify, signature)
def doRSA(vectors, RSA_mode): counter = 0 #This variable stores the numbers of vectors read addition1 = 0 #This variable stores execution times for encrypt/sign addition2 = 0 #This variable stores execution times for decrypt/verify key = RSA.generate(1024) #a random key is created (1024 bits) cipher_PKCS1 = PKCS1_OAEP.new(key) #a RSA-OAEP cipher object is created for vector in vectors: counter += 1 data = bytes.fromhex( vector) #vector is converted from hex to a binary object if RSA_mode == "OAEP": # Encrypt start = timer() #begin time measure data_in = cipher_PKCS1.encrypt(data) #message encryption end = timer() #end time measure #print(end-start) #total execution time addition1 += end - start # Decrypt start = timer() #begin time measure data_out = cipher_PKCS1.decrypt(data_in) #message decryption end = timer() #end time measure #print(end-start) #total execution time addition2 += end - start # Print result #for i in range(len(data_in)): # print('{:0>2X}'.format(data_in[i]), end='') #print("") elif RSA_mode == "PSS": # Signature start = timer() #begin time measure h = SHA384.new(data) data_out = pss.new(key).sign(h) #hash is signed with private key end = timer() #end time measure #print(end-start) #total execution time addition1 += end - start # Verification start = timer() #begin time measure h = SHA384.new(data) verifier = pss.new(key) #verifier uses the public key try: verifier.verify(h, data_out) #data is verified end = timer() #end time measure #print(end-start) #total execution time addition2 += end - start #print("The signature is authentic.") except (ValueError, TypeError): pass #print("The signature is not authentic.") #for i in range(len(data_out)): # print('{:0>2X}'.format(data_out[i]), end='') #print("") return addition1 / counter, addition2 / counter
def verify_signature(my_transaction): #receiver node verifies signature of sender node p_key = RSA.importKey(my_transaction.sender.encode()) verifier = PKCS1_v1_5.new(p_key) myhash = SHA384.new(my_transaction.to_dict().encode()) print("myhash is " + str(myhash)) return verifier.verify(myhash, base64.b64decode(my_transaction.signature))
def sign(self): rsa_key = RSA.importKey( data.privateKey) # δημιουργία αντικειμένου τύπου κλειδιού signer = PKCS1_v1_5.new(rsa_key) # δημιουργία του υπογραφέα signedId = SHA384.new(self.id.encode()) # αντικείμενο πρός υπογραφή self.signature = base64.b64encode( signer.sign(signedId)).decode() # υπογραφή
def password_create_new(password): # Create 32 characters salt to be hashed with the password and stored salt = binascii.hexlify(get_random_bytes(16)).decode('utf-8') hasher = SHA384.new() hasher.update((salt + password).encode('utf-8')) new_pass = hasher.hexdigest() return salt, new_pass
def encrypt(self, data): if self.initialized == 0 and self.is_server == False: taddr = self.proto.factory.tun.addr taddr_hash = SHA384.new(taddr).digest() iv = Random.new().read(AES.block_size) salt = Random.new().read(SALT_LEN) passwd = self.proto.passwd self.key = PBKDF2(passwd, salt, dkLen=AES_KEYLEN * 4, count=PBKDF2_ITERATIONS) self.aes_e = AES.new(self.key[:AES_KEYLEN], AES.MODE_CFB, iv) self.aes_d = AES.new(self.key[AES_KEYLEN:AES_KEYLEN * 2], AES.MODE_CFB, iv) self.hmac_txkey = self.key[AES_KEYLEN * 2:AES_KEYLEN * 3] self.hmac_rxkey = self.key[AES_KEYLEN * 3:] data = taddr_hash + salt + iv + self.aes_e.encrypt(data) tag = HMAC.new(self.hmac_txkey, msg=data, digestmod=SHA384).digest()[:SHA384_LEN] data = data + tag self.initialized = 1 else: data = self.aes_e.encrypt(data) tag = HMAC.new(self.hmac_txkey, msg=data, digestmod=SHA384).digest()[:SHA384_LEN] data = data + tag return data
def encrypt(self, data): if self.initialized == 0 and self.is_server == False: taddr = self.proto.factory.tun.addr taddr_hash = SHA384.new(taddr).digest() iv = Random.new().read(AES.block_size) salt = Random.new().read(SALT_LEN) passwd = self.proto.factory.passwd self.key = PBKDF2(passwd, salt, dkLen=AES_KEYLEN*2, count=PBKDF2_ITERATIONS) self.aes_e = AES.new(self.key[:AES_KEYLEN], AES.MODE_CFB, iv) self.aes_d = AES.new(self.key[AES_KEYLEN:], AES.MODE_CFB, iv) data = iv+self.aes_e.encrypt(data) tag = HMAC.new(self.key, msg=data, digestmod=SHA384).digest()[:SHA384_LEN] data = taddr_hash+salt+data+tag self.initialized = 1 else: data = self.aes_e.encrypt(data) tag = HMAC.new(self.key, msg=data, digestmod=SHA384).digest()[:SHA384_LEN] data = data+tag return data
def sign_trans(self): myhash = SHA384.new(self.to_dict().encode()) p_key = RSA.importKey(self.sender_private_key) signer = PKCS1_v1_5.new(p_key) self.index = myhash.hexdigest() # TODO: Fix! self.signature = base64.b64encode(signer.sign(myhash)).decode()
def verify_signature(self): digest = SHA384.new() data = copy.copy(vars(self)) del data['signature'] digest.update(str.encode(str(data))) key = RSA.import_key(self.sender_public_key) pkcs1_15.new(key).verify(digest, base64.b64decode(self.signature))
def crypto_hash_sha384(data): """ 调用 Crypto 库的 sha384 函数进行哈希操作 :param data: 待哈希的数值, 比如 b"test_hash" :return: "708af8efbb882bb662a5a5f19d3164133621266903cec7ee0ce9eca950a7b7f8d09defedb4474da4257274741f2a07a8" """ return SHA384.new(data).hexdigest()
def RSAverifyPublic(data, signdata, n, h, e="010001"): RsaID = "300d06092a864886f70d0101010500" # RSA的算法标识 if len(n) / 2 == 128: # rsa1024 if n[0:2] > "80": pubkey = "00" + n publickey = "30819f" + RsaID + "03818d00308189028181" + pubkey + "0203" + e if n[0:2] < "80": publickey = "30819e" + RsaID + "03818c00308188028180" + n + "0203" + e if len(n) / 2 == 256: # rsa2048 if n[0:2] > "80": pubkey = "00" + n publickey = "30820122" + RsaID + "0382010f003082010a02820101" + pubkey + "0203" + e if n[0:2] < "80": publickey = "30820121" + RsaID + "0382010e003082010902820100" + n + "0203" + e public_keyBytes = bytes.fromhex(publickey) public = RSA.importKey(public_keyBytes) # 导入读取到的公钥 verifier = PKCS1_v1_5.new(public) # 生成对象 if h == "MD5": verdata = verifier.verify(MD5.new(a2b_hex(data)), a2b_hex(signdata)) if h == "SHA1": verdata = verifier.verify(SHA1.new(a2b_hex(data)), a2b_hex(signdata)) if h == "SHA256": verdata = verifier.verify(SHA256.new(a2b_hex(data)), a2b_hex(signdata)) if h == "SHA384": verdata = verifier.verify(SHA384.new(a2b_hex(data)), a2b_hex(signdata)) if h == "SHA512": verdata = verifier.verify(SHA512.new(a2b_hex(data)), a2b_hex(signdata)) return verdata
def __init__(self, signatureFile, hashAlgorithm, keyLength, privateKeyE): self.signatureFile = open(signatureFile, "w") self.hashAlgorithmName = hashAlgorithm self.keyLength = keyLength self.privateKey = privateKeyE #tuple of (n, e, d) if hashAlgorithm == 'SHA-2-224': self.hashAlgorithm = SHA224.new() elif hashAlgorithm == 'SHA-2-256': self.hashAlgorithm = SHA256.new() elif hashAlgorithm == 'SHA-2-384': self.hashAlgorithm = SHA384.new() elif hashAlgorithm == 'SHA-2-512': self.hashAlgorithm = SHA512.new() elif hashAlgorithm == 'SHA-3-224': self.hashAlgorithm = SHA3_224.new() elif hashAlgorithm == 'SHA-3-256': self.hashAlgorithm = SHA3_256.new() elif hashAlgorithm == 'SHA-2-384': self.hashAlgorithm = SHA3_384.new() elif hashAlgorithm == 'SHA-2-256': self.hashAlgorithm = SHA3_512.new() else: raise Exception("Invalid hash function: " + hashAlgorithm)
def get_sha384(data: str) -> dict: """ Returns the SHA384 value (hex). """ sha384_call = SHA384.new() sha384_call.update(data.encode('utf-8')) return {"SHA384_hex": sha384_call.hexdigest()}
def decrypt_data(data): if data is None: return None key = derive_key(128, data[:0x20])[:0x20] iv = derive_key(128, data[0x10:0x30])[:0x10] cipher = AES.new(key, AES.MODE_CBC, iv) def pad(s): return s + (-len(s) % 16) * bytes([-len(s) % 16]) data = pad(data[0x30:]) data = cipher.decrypt(data) if len(data) >= 8: size, _ = struct.unpack_from('=II', data) signature = data[size+0x08:size+0x68] data = data[:size+0x08] try: verifier.verify(SHA384.new(data), signature) except ValueError: log.warning('[!] WARNING: Bad public key signature') data = data[0x08:] return data
def start_mine(host, transactions, difficulty): """Find nonce and send API back to the main process.""" try: transactions = transactions b = {} b['transactions'] = transactions nonce = randint(0, 1000000) # Create API API = f'{host}/send_block/' while True: b['nonce'] = nonce b['timestamp'] = str(datetime.datetime.now()) b_json = json.dumps(b, sort_keys=True) sha = SHA384.new(b_json.encode()).hexdigest() if sha.startswith('0' * int(difficulty)): # Send API to process that we forked from block_details = { 'transactions': b['transactions'], 'nonce': b['nonce'], 'sha': sha, 'timestamp': b['timestamp'] } requests.post(API, block_details) exit(0) # Continue until you compute nonce nonce = randint(0, 1000000) except Exception as e: with open('error.txt', mode='w') as f: f.write(e)
def update_document(self, database_key, document_key, document, signature, public_key=b''): previous_document = self.get_document(database_key, document_key, 'latest') if previous_document['return code'] != 300: return previous_document self.database_key = database_key if previous_document['return info']['document']: if previous_document['return info']['signature'] == 'Open': self.document = { 'document key': document_key, 'version': previous_document['return info']['version'] + 1, 'is alive': True, 'document': document, 'signature': signature } else: if public_key == '': return {{ 'return code': 201, 'return message': 'Public key cannot be empty' }} retrieved_signature = base64.b64decode( previous_document['return info']['signature']) verification_key = RSA.import_key(public_key) verifier = pkcs1_15.new(verification_key) hash_verify = SHA384.new() hash_verify.update(previous_document['return info'] ['document'].encode('utf-8')) try: verifier.verify(hash_verify, retrieved_signature) except ValueError: return { 'return code': 202, 'return message': 'Cannot verify document' } self.document = { 'document key': document_key, 'version': previous_document['return info']['version'] + 1, 'is alive': True, 'document': document, 'signature': signature } self.mine_block() logging.debug('Document updated') return { 'return code': 101, 'return message': 'Document successfully updated' } return { 'return code': 200, 'return message': 'Issue updating the document' }
def verify(self, sig, data): h = SHA384.new(data) verifier = DSS.new(self.key, 'fips-186-3') try: verifier.verify(h, bytes(sig)) return True except ValueError as e: return False
def check_signature(msg, signature, public_key): sha384_hash = SHA384.new(msg) verifier = DSS.new(public_key, 'fips-186-3', encoding='der') try: verifier.verify(sha384_hash, signature) return True except ValueError: return False
def decrypt(self, data): if len(data) <= AES.block_size: return None if self.initialized == 0 and self.is_server == True: taddr = None taddr_hash = data[:SHA384_LEN] for user in self.proto.factory.users: user_hash = SHA384.new(user).digest() if user_hash == taddr_hash: taddr = user break if taddr == None: self.proto.sendClose() return None logstr = ("Received request from client %s") % (taddr) log.msg(logstr, logLevel=logging.INFO) # Check if the TUN IP is already being used if(self.proto.factory.register(taddr, self.proto)) == False: log.msg("Address already registered, ignoring", logLevel=logging.INFO) self.proto.sendClose() return None salt = data[SHA384_LEN:SHA384_LEN+SALT_LEN] iv = data[SHA384_LEN+SALT_LEN:SHA384_LEN+SALT_LEN+AES.block_size] passwd = self.proto.factory.users[taddr] self.key = PBKDF2(passwd, salt, dkLen=AES_KEYLEN*4, count=PBKDF2_ITERATIONS) self.aes_e = AES.new(self.key[AES_KEYLEN:AES_KEYLEN*2], AES.MODE_CFB, iv) self.aes_d = AES.new(self.key[:AES_KEYLEN], AES.MODE_CFB, iv) self.hmac_txkey = self.key[AES_KEYLEN*3:] self.hmac_rxkey = self.key[AES_KEYLEN*2:AES_KEYLEN*3] if self.verify_tag(data) == False: log.msg("Initial HMAC bad, unauthorized.", logLevel=logging.INFO) self.proto.sendClose() return None else: log.msg("Remote authorized", logLevel=logging.INFO) data = data[SHA384_LEN+SALT_LEN+AES.block_size:len(data)-SHA384_LEN] data = self.aes_d.decrypt(data) self.initialized = 1 else: if self.verify_tag(data) == False: log.msg("Invalid HMAC, ignoring data", logLevel=logging.INFO) return None data = self.aes_d.decrypt(data[:len(data)-SHA384_LEN]) return data
def keygenerator(): if state.privatekey != None and state.publickey != None: return keypair = RSA.generate(2048) state.privatekey = keypair.exportKey('PEM').decode() state.publickey = keypair.publickey().exportKey('PEM').decode() state.token = SHA384.new(state.privatekey[::2].encode()).hexdigest()
def decrypt(self, data): if len(data) <= AES.block_size: log.msg("Received invalid (small) data", logLevel=logging.INFO) return None taddr = None if self.initialized == 0 and self.is_server == True: taddr_hash = data[:SHA384_LEN] for user in self.proto.factory.users: user_hash = SHA384.new(user).digest() if user_hash == taddr_hash: taddr = user break if taddr == None: log.msg("Invalid TUN IP trying to register, ignored", logLevel=logging.INFO) self.proto.sendClose() return None salt = data[SHA384_LEN:SHA384_LEN+SALT_LEN] data = data[SHA384_LEN+SALT_LEN:] passwd = self.proto.factory.users[taddr] logstr = ("Received request from client with TUN address %s") % (taddr) log.msg(logstr, logLevel=logging.INFO) # Check if the TUN IP is already being used if(self.proto.factory.register(taddr, self.proto)) == False: log.msg("Duplicate TUN address tried to register, ignored", logLevel=logging.INFO) self.proto.sendClose() return None self.key = PBKDF2(passwd, salt, dkLen=AES_KEYLEN*2, count=PBKDF2_ITERATIONS) if self.verify_tag(data) == False: log.msg("Invalid HMAC on first packet, remote unauthorized", logLevel=logging.INFO) self.proto.sendClose() return None iv = data[:AES.block_size] self.aes_e = AES.new(self.key[AES_KEYLEN:], AES.MODE_CFB, iv) self.aes_d = AES.new(self.key[:AES_KEYLEN], AES.MODE_CFB, iv) data = data[AES.block_size:len(data)-SHA384_LEN] data = self.aes_d.decrypt(data) log.msg("Remote authorized", logLevel=logging.INFO) self.initialized = 1 else: # client if self.verify_tag(data) == False: log.msg("Invalid HMAC, ignoring data", logLevel=logging.INFO) return None data = self.aes_d.decrypt(data[:len(data)-SHA384_LEN]) return data
def testSignature(signatureFile, originalFile, pubFile): pubKeyL, n, e = readPublicKey(pubFile) public_key = RSA.construct((n, e)) verifier = PKCS1_v1_5.new(public_key) fileName, hashed, key, signature = readSignature(signatureFile) (hashing, hashingKeyL) = hashed (enc, encKeyL) = key assert fileName == originalFile assert enc == 'RSA' assert encKeyL == pubKeyL hashAlgorithm = hashing + "-" + str(hashingKeyL) if hashAlgorithm == 'SHA-2-224': hashAlgorithm = SHA224.new() elif hashAlgorithm == 'SHA-2-256': hashAlgorithm = SHA256.new() elif hashAlgorithm == 'SHA-2-384': hashAlgorithm = SHA384.new() elif hashAlgorithm == 'SHA-2-512': hashAlgorithm = SHA512.new() elif hashAlgorithm == 'SHA-3-224': hashAlgorithm = SHA3_224.new() elif hashAlgorithm == 'SHA-3-256': hashAlgorithm = SHA3_256.new() elif hashAlgorithm == 'SHA-2-384': hashAlgorithm = SHA3_384.new() elif hashAlgorithm == 'SHA-2-256': hashAlgorithm = SHA3_512.new() else: raise Exception("Invalid hash function: " + hashAlgorithm) data = open(originalFile, "rb").read() hashAlgorithm.update(data) assert verifier.verify(hashAlgorithm, signature) print("SIGNATURE TEST SUCCESSFUL!!")
def password_check_valid(username, password): query = "select salt, pass from users where email=? and verified=0 limit 1;" args = [username] rows = users_run_db_statement(query, args) salt = rows[0][0] stored_hash = rows[0][1] hasher = SHA384.new() hasher.update((salt + password).encode('utf-8')) calc_hash = hasher.hexdigest() return (calc_hash == stored_hash)
def sign_msg(self, msg): digest = SHA384.new() digest.update(msg) privKey = RSA.importKey(open("server_private_key.pem", "rb").read()) signer = pkcs1_15.new(privKey) signed = signer.sign(digest) return signed
def testSeal_verification(signatureFile, envelopeFile, pubFile): pubKeyL, n, e = readPublicKey(pubFile) public_key = RSA.construct((n, e)) verifier = PKCS1_v1_5.new(public_key) fileName, hashed, key, signature = readSignature(signatureFile) (hashing, hashingKeyL) = hashed (enc, encKeyL) = key assert enc == 'RSA' assert encKeyL == pubKeyL hashAlgorithm = hashing + "-" + str(hashingKeyL) if hashAlgorithm == 'SHA-2-224': hashAlgorithm = SHA224.new() elif hashAlgorithm == 'SHA-2-256': hashAlgorithm = SHA256.new() elif hashAlgorithm == 'SHA-2-384': hashAlgorithm = SHA384.new() elif hashAlgorithm == 'SHA-2-512': hashAlgorithm = SHA512.new() elif hashAlgorithm == 'SHA-3-224': hashAlgorithm = SHA3_224.new() elif hashAlgorithm == 'SHA-3-256': hashAlgorithm = SHA3_256.new() elif hashAlgorithm == 'SHA-2-384': hashAlgorithm = SHA3_384.new() elif hashAlgorithm == 'SHA-2-256': hashAlgorithm = SHA3_512.new() else: raise Exception("Invalid hash function: " + hashAlgorithm) fileName, simConf, rsaConf, data, cryptKey, mode, iv = readEnvelope( envelopeFile) hashAlgorithm.update(data + cryptKey) assert verifier.verify(hashAlgorithm, signature) print("SEAL SIGNATURE TEST SUCCESSFUL!!")
def sign_file(f): #sign files using master's private key #load private key key = RSA.importKey(open('privkey.pem').read()) hashed = SHA384.new(f) signer = PKCS1_v1_5.new(key) #sign the file signature = signer.sign(hashed) return signature + f
def sign_bson_data(self, data_bson): # generate hash hash = SHA384.new() hash.update(data_bson) # Sign with pvt key signer = pkcs1_15.new(self.priv_key) signature = signer.sign(hash) signature = base58.b58encode(signature).decode("utf-8") return signature
def verify_msg(self, hash_msg, msg): pubKey = RSA.importKey(open("server_public_key.pem", "rb").read()) verifier = pkcs1_15.new(pubKey) hash_verify = SHA384.new() hash_verify.update(msg) try: verifier.verify(hash_verify, hash_msg) except ValueError: return False else: return True
def create_digest(alg): if alg == 'sha256': h = SHA256.new() elif alg == 'sha224': h = SHA224.new() elif alg == 'sha384': h = SHA384.new() elif alg == 'sha512': h = SHA512.new() else: raise ValueError("unexpected hash algorithm") return h
def sign(self, data): """ Signs a piece of data using the stored key :param data: bytes Data to be signed :return: bytes Signature of the data """ hash_obj = SHA384.new(data) signer = pkcs1_15.new(self.key) signature = signer.sign(hash_obj) return signature
def hashed_message(hash_type, message): if hash_type == 'SHA-1': h = SHA.new(bytes(message, 'utf-8')) elif hash_type == 'SHA-224': h = SHA256.new(bytes(message, 'utf-8')) elif hash_type == 'SHA-256': h = SHA256.new(bytes(message, 'utf-8')) elif hash_type == 'SHA-384': h = SHA384.new(bytes(message, 'utf-8')) else: h = SHA256.new(bytes(message, 'utf-8')) return h
def _get_hash(hash_alg: str = DEFAULT_HASH_ALG) -> Any: if hash_alg == "SHA-512": digest = SHA512.new() elif hash_alg == "SHA-384": digest = SHA384.new() elif hash_alg == "SHA-256": digest = SHA256.new() elif hash_alg == "SHA-1": digest = SHA.new() else: digest = MD5.new() return digest
def decrypt(self, data): if len(data) <= AES.block_size: log.msg("Received invalid (small) data", logLevel=logging.INFO) return None if self.initialized == 0 and self.is_server == True: taddr = inet_ntoa(data[:4]) data = data[4:] logstr = ("Received request from client with TUN address %s") % (taddr) log.msg(logstr, logLevel=logging.INFO) try: passwd = self.proto.factory.users[taddr] except: log.msg("Invalid TUN IP trying to register, ignored", logLevel=logging.INFO) self.proto.sendClose() return None # Check if the TUN IP is already being used if(self.proto.factory.register(taddr, self.proto)) == False: log.msg("Duplicate TUN address tried to register, ignored", logLevel=logging.INFO) self.proto.sendClose() return None self.key = SHA384.new(data=passwd).digest()[:AES_KEYLEN] if self.verify_tag(data) == False: log.msg("Invalid HMAC on first packet, remote unauthorized", logLevel=logging.INFO) self.proto.sendClose() return None self.iv = data[:AES.block_size] self.aes_e = AES.new(self.key, AES.MODE_CFB, self.iv) self.aes_d = AES.new(self.key, AES.MODE_CFB, self.iv) data = data[AES.block_size:len(data)-TAG_LEN] data = self.aes_d.decrypt(data) log.msg("Remote authorized", logLevel=logging.INFO) self.initialized = 1 else: # client if self.verify_tag(data) == False: log.msg("Invalid HMAC, ignoring data", logLevel=logging.INFO) return None data = self.aes_d.decrypt(data[:len(data)-TAG_LEN]) return data
def generateHash(str, sec_level = 1): hasher = None if sec_level == 1: hasher = SHA256.new() elif sec_level == 2: hasher = SHA384.new() elif sec_level == 3: hasher = SHA512.new() hasher.update(str) hash = hasher.digest() return hash
def encrypt(self, data): if self.initialized == 0 and self.is_server == False: taddr = inet_aton(self.proto.factory.tun.tun.addr) self.iv = Random.new().read(AES.block_size) passwd = self.proto.factory.passwd self.key = SHA384.new(data=passwd).digest()[:AES_KEYLEN] self.aes_e = AES.new(self.key, AES.MODE_CFB, self.iv) self.aes_d = AES.new(self.key, AES.MODE_CFB, self.iv) data = self.iv+self.aes_e.encrypt(data) tag = HMAC.new(self.key, msg=data, digestmod=SHA384).digest()[:TAG_LEN] data = taddr+data+tag self.initialized = 1 else: data = self.aes_e.encrypt(data) tag = HMAC.new(self.key, msg=data, digestmod=SHA384).digest()[:TAG_LEN] data = data+tag return data
def get_hash_instance(type_): """Given a hash type code, returns a new hash instance for that type. """ if type_ == 1: return MD5.new() elif type_ == 2: return SHA.new() elif type_ == 3: return RIPEMD.new() elif type_ == 8: return SHA256.new() elif type_ == 9: return SHA384.new() elif type_ == 10: return SHA512.new() elif type_ == 11: return SHA224.new() else: raise UnsupportedDigestAlgorithm(type_)
def return_alg(k): """ @type k: str, unicode @return: @raise: """ if k == 'HMAC': return HMAC.new("kjhfsd") elif k == 'MD4': return MD4.new() elif k == 'MD5': return MD5.new() elif k == 'RIPEMD': return RIPEMD.new() elif k == 'SHA': return SHA.new() elif k == 'SHA224': return SHA224.new() elif k == 'SHA256': return SHA256.new() elif k == 'SHA384': return SHA384.new() elif k == 'SHA512': return SHA512.new()
def sign(alg, jwk, signingInput): """ Sign an octet string with the specified algorithm and key. @type alg: string @param alg: The JWS 'alg' value specifying the signing algorithm @type jwk: dict @param jwk: The signing (private) key @type signingInput: bytes @param signingInput: The octet string to be signed @rtype: bytes @return: The signature value """ key = importKey(jwk, private=True) if alg == "HS256": h = HMAC.new(key, digestmod=SHA256) h.update(signingInput) return h.digest() elif alg == "HS384": h = HMAC.new(key, digestmod=SHA384) h.update(signingInput) return h.digest() elif alg == "HS512": h = HMAC.new(key, digestmod=SHA512) h.update(signingInput) return h.digest() elif alg == "RS256": h = SHA256.new(signingInput) signer = PKCS1_v1_5_sig.new(key) return signer.sign(h) elif alg == "RS384": h = SHA384.new(signingInput) signer = PKCS1_v1_5_sig.new(key) return signer.sign(h) elif alg == "RS512": h = SHA512.new(signingInput) signer = PKCS1_v1_5_sig.new(key) return signer.sign(h) elif alg == "ES256": h = bytes_to_long(SHA256.new(signingInput).digest()) return P256.dsaSign(h, key) elif alg == "ES384": h = bytes_to_long(SHA384.new(signingInput).digest()) sig = P384.dsaSign(h, key) return sig elif alg == "ES512": h = bytes_to_long(SHA512.new(signingInput).digest()) return P521.dsaSign(h, key) elif alg == "PS256": h = SHA256.new(signingInput) signer = PKCS1_PSS.new(key) return signer.sign(h) elif alg == "PS384": h = SHA384.new(signingInput) signer = PKCS1_PSS.new(key) return signer.sign(h) elif alg == "PS512": h = SHA512.new(signingInput) signer = PKCS1_PSS.new(key) return signer.sign(h) elif alg == "none": raise Exception("DO NOT USE 'alg':'none'! NOT SECURE!") else: raise Exception("Unsupported algorithm {}".format(alg))
def verify(alg, jwk, signingInput, sig): """ Verify a signature over an octet string with the specified algorithm and key. @type alg: string @param alg: The JWS 'alg' value specifying the signing algorithm @type jwk: dict @param jwk: The verification (public) key @type signingInput: bytes @param signingInput: The octet string to be verified @type sig: bytes @param sig: The signature value @rtype: boolean @return: Whether the signature verified successfully """ key = importKey(jwk, private=False) if alg == "HS256": h = HMAC.new(key, digestmod=SHA256) h.update(signingInput) candidate = h.digest() return (candidate == sig) elif alg == "HS384": h = HMAC.new(key, digestmod=SHA384) h.update(signingInput) candidate = h.digest() return (candidate == sig) elif alg == "HS512": h = HMAC.new(key, digestmod=SHA512) h.update(signingInput) candidate = h.digest() return (candidate == sig) elif alg == "RS256": h = SHA256.new(signingInput) verifier = PKCS1_v1_5_sig.new(key) return verifier.verify(h, sig) elif alg == "RS384": h = SHA384.new(signingInput) verifier = PKCS1_v1_5_sig.new(key) return verifier.verify(h, sig) elif alg == "RS512": h = SHA512.new(signingInput) verifier = PKCS1_v1_5_sig.new(key) return verifier.verify(h, sig) elif alg == "ES256": h = bytes_to_long(SHA256.new(signingInput).digest()) return P256.dsaVerify(h, sig, key) elif alg == "ES384": h = bytes_to_long(SHA384.new(signingInput).digest()) return P384.dsaVerify(h, sig, key) elif alg == "ES512": h = bytes_to_long(SHA512.new(signingInput).digest()) return P521.dsaVerify(h, sig, key) elif alg == "PS256": h = SHA256.new(signingInput) verifier = PKCS1_PSS.new(key) return verifier.verify(h, sig) elif alg == "PS384": h = SHA384.new(signingInput) verifier = PKCS1_PSS.new(key) return verifier.verify(h, sig) elif alg == "PS512": h = SHA512.new(signingInput) verifier = PKCS1_PSS.new(key) return verifier.verify(h, sig) elif alg == "none": raise Exception("DO NOT USE 'alg':'none'! NOT SECURE!") else: raise Exception("Unsupported signing algorithm {}".format(alg))
'none': lambda key: None, 'HS256': prepare_HS_key, 'HS384': prepare_HS_key, 'HS512': prepare_HS_key } try: from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from Crypto.Hash import SHA384 from Crypto.Hash import SHA512 from Crypto.PublicKey import RSA signing_methods.update({ 'RS256': lambda msg, key: PKCS1_v1_5.new(key).sign(SHA256.new(msg)), 'RS384': lambda msg, key: PKCS1_v1_5.new(key).sign(SHA384.new(msg)), 'RS512': lambda msg, key: PKCS1_v1_5.new(key).sign(SHA512.new(msg)) }) verify_methods.update({ 'RS256': lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA256.new(msg), sig), 'RS384': lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA384.new(msg), sig), 'RS512': lambda msg, key, sig: PKCS1_v1_5.new(key).verify(SHA512.new(msg), sig) }) def prepare_RS_key(key): if isinstance(key, RSA._RSAobj): return key if isinstance(key, basestring): if isinstance(key, unicode):
def _sha384_new(*args): from Crypto.Hash import SHA384 _new_funcs['SHA384'] = _new_funcs['sha384'] = SHA384.new return SHA384.new(*args)
from Crypto.Hash import MD4 from Crypto.Hash import MD5 from Crypto.Hash import RIPEMD from Crypto.Hash import SHA224 from Crypto.Hash import SHA256 from Crypto.Hash import SHA384 from Crypto.Hash import SHA512 print("HMAC encryption", HMAC.new('abc').hexdigest()) print("MD2 encryption", MD2.new('abc').hexdigest()) print("MD4 encryption", MD4.new('abc').hexdigest()) print("MD5 encryption", MD5.new('abc').hexdigest()) print("RIPEMD encryption", RIPEMD.new('abc').hexdigest()) print("SHA224 encryption", SHA224.new('abc').hexdigest()) print("SHA256 encryption", SHA256.new('abc').hexdigest()) print("SHA384 encryption", SHA384.new('abc').hexdigest()) print("SHA512 encryption", SHA512.new('abc').hexdigest()) #################3 from Crypto.Cipher import DES des = DES.new('01234567', DES.MODE_ECB) text = 'abcdefgh' cipher_text = des.encrypt(text) text = des.decrypt(cipher_text) print(cipher_text, text) #############################3 from Crypto.Cipher import DES from Crypto import Random
##https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/Hash/SHA384.py from Crypto.Hash import SHA384 h = SHA384.new() h.update(b'Hello') print h.hexdigest()
def get_lbry_hash_obj(): return SHA384.new()
def digest(algorithm=_DEFAULT_HASH_ALGORITHM, hash_library=_DEFAULT_HASH_LIBRARY): """ <Purpose> Provide the caller with the ability to create digest objects without having to worry about hash library availability or which library to use. The caller also has the option of specifying which hash algorithm and/or library to use. # Creation of a digest object using defaults # or by specifying hash algorithm and library. digest_object = tuf.hash.digest() digest_object = tuf.hash.digest('sha384') digest_object = tuf.hash.digest('pycrypto') # The expected interface for digest objects. digest_object.digest_size digest_object.hexdigest() digest_object.update('data') digest_object.digest() # Added hash routines by this module. digest_object = tuf.hash.digest_fileobject(file_object) digest_object = tuf.hash.digest_filename(filename) <Arguments> algorithm: The hash algorithm (e.g., md5, sha1, sha256). hash_library: The library providing the hash algorithms (e.g., pycrypto, hashlib). <Exceptions> tuf.UnsupportedAlgorithmError tuf.UnsupportedLibraryError <Side Effects> None. <Returns> Digest object (e.g., hashlib.new(algorithm) or algorithm.new() # pycrypto). """ # Was a hashlib digest object requested and is it supported? # If so, return the digest object. if hash_library == 'hashlib' and hash_library in _supported_libraries: try: return hashlib.new(algorithm) except ValueError: raise tuf.UnsupportedAlgorithmError(algorithm) # Was a pycrypto digest object requested and is it supported? elif hash_library == 'pycrypto' and hash_library in _supported_libraries: # Pycrypto does not offer a comparable hashlib.new(hashname). # Let's first check the 'algorithm' argument before returning # the correct pycrypto digest object using pycrypto's object construction. if algorithm == 'md5': return MD5.new() elif algorithm == 'sha1': return SHA.new() elif algorithm == 'sha224': return SHA224.new() elif algorithm == 'sha256': return SHA256.new() elif algorithm == 'sha384': return SHA384.new() elif algorithm == 'sha512': return SHA512.new() else: raise tuf.UnsupportedAlgorithmError(algorithm) # The requested hash library is not supported. else: raise tuf.UnsupportedLibraryError('Unsupported library requested. ' 'Supported hash libraries: '+str(_SUPPORTED_LIB_LIST))
def Verify(self, issuer = None): if issuer == None: issuer = self sigAlgo = self.SignatureAlgorithm() CertDer = encoder.encode(self.Asn1Obj.getComponentByName('tbsCertificate')) if sigAlgo == 'sha1WithRSAEncryption' or sigAlgo == 'ecdsa-with-SHA1': from Crypto.Hash import SHA SigHash = SHA.new(CertDer) elif sigAlgo == 'sha256WithRSAEncryption' or sigAlgo == 'ecdsa-with-SHA256': from Crypto.Hash import SHA256 SigHash = SHA256.new(CertDer) elif sigAlgo == 'sha384WithRSAEncryption' or sigAlgo == 'ecdsa-with-SHA384': from Crypto.Hash import SHA384 SigHash = SHA384.new(CertDer) elif sigAlgo == 'sha512WithRSAEncryption' or sigAlgo == 'ecdsa-with-SHA512': from Crypto.Hash import SHA512 SigHash = SHA512.new(CertDer) elif sigAlgo == 'sha224WithRSAEncryption' or sigAlgo == 'ecdsa-with-SHA224': from Crypto.Hash import SHA224 SigHash = SHA224.new(CertDer) elif sigAlgo == 'md2WithRSAEncryption': from Crypto.Hash import MD2 SigHash = MD2.new(CertDer) elif sigAlgo == 'md4WithRSAEncryption': from Crypto.Hash import MD4 SigHash = MD4.new(CertDer) elif sigAlgo == 'md5WithRSAEncryption': from Crypto.Hash import MD5 SigHash = MD5.new(CertDer) else: raise NotImplementedError('Signature algorithm not supported ({0})'.format(sigAlgo)) if issuer.PublicKeyAlgorithm() == 'rsaEncryption': from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 PubKeyDer = issuer.PublicKey().Raw() key = RSA.importKey(PubKeyDer) verifier = PKCS1_v1_5.new(key) try: if verifier.verify(SigHash, self.Signature()): return True else: return False except ValueError: return False elif issuer.PublicKeyAlgorithm() == 'id-ecPublicKey': from ecdsa import VerifyingKey, NIST192p, NIST224p, NIST256p, NIST384p, NIST521p, SECP256k1 from ecdsa.util import sigdecode_der curves = [NIST192p, NIST224p, NIST256p, NIST384p, NIST521p, SECP256k1] TheCurve = None for crv in curves: if crv.name == issuer.PublicKey().CurveMap(): TheCurve = crv break if TheCurve == None: raise NotImplementedError('Public Key Curve not supported ({0})'.format(issuer.PublicKey().CurveMap())) VerKey = VerifyingKey.from_string(issuer.PublicKey().Raw(), curve=TheCurve) try: if VerKey.verify_digest(self.Signature(), SigHash.digest(), sigdecode=sigdecode_der): return True else: return False except: return False else: raise NotImplementedError('Public key algorithm not supported ({0})'.format(issuer.PublicKeyAlgorithm()))
def shared_key(priv, pub): """Generate a new shared encryption key from a keypair.""" key = priv.get_ecdh_key(pub) key = key[:32] + SHA384.new(key[32:]).digest() return key