# Read the plaintext file. filename = raw_input('Type the file to encrypt-then-MAC: ') with open(filename, 'rb') as f: plaintext = f.read() # Read the keys in hexadecimal digits from keyboard. key_hex = raw_input('Type the encryption key in ' + str(2 * block) + ' hexadecimal digits: ') cryptkey = binascii.unhexlify(key_hex) key_hex = raw_input('Type the authentication key in ' + str(2 * hashes.SHA256.digest_size) + ' hexadecimal digits: ') authkey = binascii.unhexlify(key_hex) # Pad the plaintext to make it multiple of the block size. ctx = padding.PKCS7(8 * block).padder() padded_plaintext = ctx.update(plaintext) + ctx.finalize() # Encrypt the plaintext with a random IV. iv = os.urandom(block) cipher = Cipher(algorithms.AES(cryptkey), modes.CBC(iv), default_backend()) ctx = cipher.encryptor() ciphertext = ctx.update(padded_plaintext) + ctx.finalize() # Authenticate the ciphertext and the IV. ctx = hmac.HMAC(authkey, hashes.SHA256(), default_backend()) ctx.update(iv) ctx.update(ciphertext) digest = ctx.finalize() # Write the MAC, the IV, and the ciphertext in the output file.
def dec(bitstring): decryptor = cipher.decryptor() ddata = decryptor.update(bitstring) + decryptor.finalize() unpadder = padding.PKCS7(algoer.block_size).unpadder() ddata = unpadder.update(ddata) + unpadder.finalize() return ddata
def unpadding_message(message): unpadder = padding.PKCS7(128).unpadder() data = unpadder.update(message) + unpadder.finalize() return data
def Pad(self, data): padder = sym_padding.PKCS7(128).padder() return padder.update(data) + padder.finalize()
from cryptography.hazmat.primitives import padding # para o AES backend = default_backend() key = hashlib.sha512(b'chave').hexdigest()[:32].encode() iv = os.urandom(16) cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) encryptor = cipher.encryptor() msg = 'coisas muito secretas aqui:::123aloycfturdxryewsztewzewza' msgb = msg.encode() msgb = b'1:60:14460114' # padding padder = padding.PKCS7(128).padder() padded_msg = padder.update(msgb) + padder.finalize() msg_cryp = encryptor.update(padded_msg) + encryptor.finalize() decryptor = cipher.decryptor() msg_denovo_pad = decryptor.update(msg_cryp) + decryptor.finalize() # unpadding unpadder = padding.PKCS7(128).unpadder() msg_denovo_b = unpadder.update(msg_denovo_pad) + unpadder.finalize() msg_denovo = msg_denovo_b.decode() print(msg) print(msgb) print(padded_msg)
def encrypt_data(self, data, username): from constants import session, config from data.users import User cached_user = session.query(User).filter(User.username == username).first() if cached_user: response = {"status": "OK", "public_key": cached_user.public_key} else: response = self.get_public_key(username) if response["status"] == "OK": user = User() user.username = username user.public_key = response["public_key"] session.add(user) session.commit() else: print(response["error"]) return {"status": "error", "error": response["error"]} if response["status"] == "OK": # Pad data padder = padding.PKCS7(128).padder() padded_data = padder.update(data) + padder.finalize() # Define backend and key + iv backend = default_backend() key = os.urandom(32) iv = os.urandom(16) key_iv = key + iv # Encrypt all data cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) encryptor = cipher.encryptor() encrypted_data = encryptor.update(padded_data) + encryptor.finalize() # Get public key of user users_pub = serialization.load_pem_public_key(bytes(response["public_key"], "utf-8"), backend=default_backend()) # Get your private and public keys my_private = serialization.load_pem_private_key(open(hashlib.sha512(bytes(self.credentials["login"], "utf-8")).hexdigest() + ".pem", "rb").read(), password=bytes(self.credentials["password"], "utf-8"), backend=default_backend()) my_pub = my_private.public_key() # Encrypt keys user_encrypted_key = users_pub.encrypt( key_iv, asymmetric_padding.OAEP( mgf=asymmetric_padding.MGF1(algorithm=hashes.SHA512()), algorithm=hashes.SHA512(), label=None ) ) my_encrypted_key = my_pub.encrypt( key_iv, asymmetric_padding.OAEP( mgf=asymmetric_padding.MGF1(algorithm=hashes.SHA512()), algorithm=hashes.SHA512(), label=None ) ) # Sign hash of data signature = my_private.sign( hashlib.sha512(data).digest(), asymmetric_padding.PSS( mgf=asymmetric_padding.MGF1(hashes.SHA512()), salt_length=asymmetric_padding.PSS.MAX_LENGTH ), hashes.SHA512() ) users_keys = {username: user_encrypted_key.hex(), self.credentials["username"]: my_encrypted_key.hex()} payload = { "status": "OK", "data": encrypted_data.hex(), "signature": signature.hex(), "keys": users_keys } return payload else: return {"status": "error", "error": response["error"]}
def encrypt(self, algorithm, msg, hasht, block, pkey): backend = default_backend() salt = os.urandom(16) password = os.urandom(32) if hasht == 1: alg = hashes.SHA256() elif hasht == 2: alg = hashes.SHA512() else: return None # AES128 if algorithm == 1: iv = os.urandom(16) if block == 1: m = modes.CBC(iv) elif block == 2: m = modes.CTR(iv) else: return None kdf = PBKDF2HMAC(algorithm=alg, length=32, salt=salt, iterations=100000, backend=backend) key = kdf.derive(password) hybrid = self.rsa.encrypt(pkey, iv + salt + password) cipher = Cipher(algorithms.AES(key), mode=m, backend=backend) encryptor = cipher.encryptor() if block == 1: padder = padding.PKCS7(128).padder() padded_data = padder.update(msg) padded_data += padder.finalize() ct = encryptor.update(padded_data) ct += encryptor.finalize() return base64.b64encode(hybrid + ct) else: ct = encryptor.update(msg) ct += encryptor.finalize() return base64.b64encode(hybrid + ct) # 3DES Não aceita CTR elif algorithm == 2: iv = os.urandom(8) kdf = PBKDF2HMAC(algorithm=alg, length=16, salt=salt, iterations=100000, backend=backend) key = kdf.derive(password) cipher = Cipher(algorithms.TripleDES(key), mode=modes.CBC(iv), backend=backend) hybrid = self.rsa.encrypt(pkey, iv + salt + password) encryptor = cipher.encryptor() padder = padding.PKCS7(64).padder() padded_data = padder.update(msg) padded_data += padder.finalize() ct = encryptor.update(padded_data) ct += encryptor.finalize() return base64.b64encode(hybrid + ct) # CHACHA20 elif algorithm == 3: nonce = os.urandom(16) kdf = PBKDF2HMAC(algorithm=alg, length=32, salt=salt, iterations=100000, backend=backend) key = kdf.derive(password) cipher = Cipher(algorithms.ChaCha20(key, nonce), mode=None, backend=backend) hybrid = self.rsa.encrypt(pkey, nonce + salt + password) encryptor = cipher.encryptor() ct = encryptor.update(msg) ct += encryptor.finalize() return base64.b64encode(hybrid + ct) return None
async def run(self): """Main loop of the TelegramClient, will wait for user action""" self.add_event_handler(self.message_handler, events.NewMessage(incoming=True)) # Enter a while loop to chat as long as the user wants while True: dialog_count = 15 dialogs = await self.get_dialogs(limit=dialog_count) i = None while i is None: print_title("Dialogs window") # Display them so the user can choose for i, dialog in enumerate(dialogs, start=1): sprint("{}. {}".format(i, get_display_name(dialog.entity))) # Let the user decide who they want to talk to print() print("> Who do you want to send messages to?") print("> Available commands:") print(" !q: Quits the dialogs window and exits.") print(" !l: Logs out, terminating this session.") print() i = await async_input("Enter dialog ID or a command: ") if i == "!q": return if i == "!l": await self.log_out() return try: i = int(i if i else 0) - 1 # Ensure it is inside the bounds, otherwise retry if not 0 <= i < dialog_count: i = None except ValueError: i = None # Retrieve the selected user (or chat, or channel) entity = dialogs[i].entity # Show some information print_title('Chat with "{}"'.format(get_display_name(entity))) print("Available commands:") print(" !q: Quits the current chat.") print(" !Q: Quits the current chat and exits.") print() # And start a while loop to chat while True: msg = await async_input("Enter a message: ") # Quit if msg == "!q": break if msg == "!Q": return # Send chat message (if any) if msg: # If the receiver's aes key is not present, # fetch his public key from server and derive a aes key print("SENDING MESSAGE TO ENTITTY: ", entity.id) aes_shared_key = None for dlg in Dialog.select(): if dlg.dialog_id == entity.id: # found a entry of aes shared key. aes_shared_key = dlg.aes_shared_key break if aes_shared_key is None: # get the public key. peer_pub_key = get_public_key(entity.id) shared_key = my_ecdh_private_key.exchange( ec.ECDH(), peer_pub_key ) aes_shared_key = HKDF( algorithm=hashes.SHA256(), length=32, salt=None, info=None, backend=default_backend(), ).derive(shared_key) peer = Dialog( dialog_id=entity.id, aes_shared_key=aes_shared_key ) peer.save(force_insert=True) init_vector = token_bytes(16) aes = Cipher( algorithms.AES(aes_shared_key), modes.CBC(init_vector), backend=default_backend(), ) encryptor = aes.encryptor() padder = padding.PKCS7(128).padder() padded_data = padder.update(msg.encode("utf-8")) + padder.finalize() enc_msg_bytes = encryptor.update(padded_data) + encryptor.finalize() enc_msg_bytes = init_vector + enc_msg_bytes b64_enc_txt = base64.b64encode(enc_msg_bytes).decode("utf-8") await self.send_message(entity, b64_enc_txt, link_preview=False)
def handle_data_transfer(keys, s_bob): # Create default header data_transfer_record_header = bytearray( [0x17, 0x03, 0x00] ) # Application data record (0x17) and SSL v3 (ADD LENGTH AFTER KNOWING HOW LONG!) # Padder and unpadder padder = pad.PKCS7(128).padder() unpadder = pad.PKCS7(128).unpadder() # Create ciphers cipher_encrypt = Cipher(algorithms.AES(keys['encrypt']), modes.CBC(keys['iv'][:16]), backend=default_backend()) cipher_decrypt = Cipher(algorithms.AES(keys['decrypt']), modes.CBC(keys['iv'][16:]), backend=default_backend()) # Create HMACs hmac_send = hmac.HMAC(keys['auth_send'], hashes.SHA256(), backend=default_backend()) hmac_recv = hmac.HMAC(keys['auth_recv'], hashes.SHA256(), backend=default_backend()) # Sending first sequence sequence_num = 1 record_data = requested_file length_of_record = len(record_data) total_record_header = data_transfer_record_header + ( length_of_record).to_bytes(2, byteorder='big') # Calculate the HMAC hmac_send.update((sequence_num).to_bytes(1, byteorder='big')) hmac_send.update(total_record_header) hmac_send.update(record_data) hmac_val = hmac_send.finalize() # Pad and encrypt the record data and HMAC encryptor = cipher_encrypt.encryptor() msg_to_pad = record_data + hmac_val padded_data = padder.update(msg_to_pad) + padder.finalize() ct = encryptor.update(padded_data) + encryptor.finalize() total_msg = total_record_header + ct print('Sending request for file', requested_file.decode()) print('HMAC', hmac_val) print('Unecrypted msg:', padded_data) print('Encrypted msg:', ct) print('Total msg being sent:', total_msg) print('\n') s_bob.sendall(total_msg) print('Receiving file now:') # Now receive the file from the server! file_bytes = bytearray() # Begin processing messages while (True): # Wait until a message come sin msg = s_bob.recv(MESSAGE_SIZE) sequence_num += 1 # Must use a new unpadder each time unpadder = pad.PKCS7(128).unpadder() # Check to make sure the headers are correct if msg[0] != 0x17: print('BAD! Record header is not application data type') version_number = msg[1:3] if version_number != b'\x03\x00': print('BAD! Wrong version number. Expecting SSL v3') exit(-1) length_of_data = int.from_bytes(msg[3:5], byteorder='big') # If no data is contained, done receiving the file if length_of_data == 0: print('Done receiving file!') break encrypted_vals = msg[5:] # Decrypt the values, unpad, grab the hmac and data encrypted_vals = msg[5:] decryptor = cipher_decrypt.decryptor() decrypted_val = decryptor.update(encrypted_vals) + decryptor.finalize() unpadded_data = unpadder.update(decrypted_val) + unpadder.finalize() file_data = unpadded_data[:length_of_data] hmac_val = unpadded_data[length_of_data:] print('Received encrypted file data (truncated):', encrypted_vals[:20]) print('Received unencrypted file data (truncated):', file_data[:20]) print('Received HMAC:', hmac_val) print('Verifying HMAC...') # Verify the data was not tampered with (add sequence number, record header, and record data) # Create a new one each time since thats how the library works hmac_recv = hmac.HMAC(keys['auth_recv'], hashes.SHA256(), backend=default_backend()) hmac_recv.update((sequence_num).to_bytes(1, byteorder='big')) hmac_recv.update(msg[:5]) hmac_recv.update(decrypted_val[:length_of_data]) try: hmac_recv.verify(hmac_val) print('HMAC verification passed! Wasn\'t tampered with') print('Correctly received seq', sequence_num, '\n') except Exception: print('HMAC verification failed! Exiting') exit(-1) # Add file bytes since they were not tampered with file_bytes.extend(file_data) f = open(requested_file.decode().split('.')[0] + '_received.txt', 'w+b') f.write(file_bytes) f.close()
def decrypt(self, cypher: bytes) -> str: decryptor = self.cipher.decryptor() padded_data: bytes = decryptor.update(cypher) + decryptor.finalize() unpadder = padding.PKCS7(128).unpadder() plain: bytes = unpadder.update(padded_data) + unpadder.finalize() return plain.decode("utf-8")
def decrypt(self, token, ttl=None): current_time = int(time.time()) print("Current time:\t",time.ctime(current_time)) print("\nToken Details") print("=============") if not isinstance(token, bytes): raise TypeError("token must be bytes.") try: data = base64.urlsafe_b64decode(token) except (TypeError, binascii.Error): raise InvalidToken print("Decoded data: ",binascii.hexlify(bytearray(data))) print("======Analysis====") print("Version:\t",binascii.hexlify(bytearray(data[0:1]))) print("Date created:\t",binascii.hexlify(bytearray(data[1:9]))) print("IV:\t\t",binascii.hexlify(bytearray(data[9:25]))) print("Cipher:\t\t",binascii.hexlify(bytearray(data[25:-32]))) print("HMAC:\t\t",binascii.hexlify(bytearray(data[-32:]))) print("======Converted====") if not data or six.indexbytes(data, 0) != 0x80: raise InvalidToken try: timestamp, = struct.unpack(">Q", data[1:9]) print("Time stamp:\t",timestamp) print("Date created:\t",time.ctime(timestamp)) except struct.error: raise InvalidToken if ttl is not None: if timestamp + ttl < current_time: raise InvalidToken if current_time + _MAX_CLOCK_SKEW < timestamp: raise InvalidToken h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend) h.update(data[:-32]) try: h.verify(data[-32:]) except InvalidSignature: raise InvalidToken iv = data[9:25] print("IV:\t\t",binascii.hexlify(iv)) ciphertext = data[25:-32] decryptor = Cipher( algorithms.AES(self._encryption_key), modes.CBC(iv), self._backend ).decryptor() plaintext_padded = decryptor.update(ciphertext) try: plaintext_padded += decryptor.finalize() except ValueError: raise InvalidToken unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder() unpadded = unpadder.update(plaintext_padded) try: unpadded += unpadder.finalize() except ValueError: raise InvalidToken print("Decoded:\t",unpadded) return unpadded
def encrypt(self, plain: str) -> bytes: encryptor = self.cipher.encryptor() padder = padding.PKCS7(128).padder() padded_data: bytes = padder.update(plain.encode("utf-8")) + padder.finalize() return encryptor.update(padded_data) + encryptor.finalize()
def encrypt(certificate, data): # encrypt data with block cipher AES-256-CBC session_key = os.urandom(32) iv = os.urandom(16) algorithm = algorithms.AES(session_key) encryptor = Cipher(algorithm, modes.CBC(iv), backend=default_backend()).encryptor() padder = padding.PKCS7(128).padder() padded_data = padder.update(data) + padder.finalize() encrypted_data = encryptor.update(padded_data) + encryptor.finalize() # load certificate with open(certificate, 'rb') as fp: cert = x509.Certificate.load(pem.unarmor(fp.read())[2]) tbs_cert = cert['tbs_certificate'] # encrypt session key with public key pub = serialization.load_der_public_key(cert.public_key.dump()) encrypted_key = pub.encrypt( session_key, apadding.OAEP(mgf=apadding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) # encode encrypted key and RSA parameters for recipient recipient_info = cms.RecipientInfo(name='ktri', value={ 'version': 'v0', 'rid': cms.RecipientIdentifier( name='issuer_and_serial_number', value={ 'issuer': tbs_cert['issuer'], 'serial_number': tbs_cert['serial_number'] }), 'key_encryption_algorithm': { 'algorithm': 'rsaes_oaep', 'parameters': algos.RSAESOAEPParams({ 'hash_algorithm': { 'algorithm': 'sha256' }, 'mask_gen_algorithm': { 'algorithm': 'mgf1', 'parameters': { 'algorithm': 'sha256' } } }), }, 'encrypted_key': encrypted_key, }) # wrap up encrypted data along with symmetric encryption parameters # and recipient info enveloped_data = cms.ContentInfo({ 'content_type': 'enveloped_data', 'content': { 'version': 'v0', 'recipient_infos': [recipient_info], 'encrypted_content_info': { 'content_type': 'data', 'content_encryption_algorithm': { 'algorithm': 'aes256_cbc', 'parameters': iv, }, 'encrypted_content': encrypted_data } } }) return enveloped_data
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes os.system("dd if=./panda.bmp of=panda_enc.bmp bs=1 count=54 conv=notrunc") # abre imagem bmp que irá ser cifrada img = open("./panda.bmp", "rb") # guarda em data os bytes da imagem data = img.read() img.close() # gera chave para o algoritmo AES no modo ECB key = os.urandom(32) # seleciona o encription scheme cipher = Cipher(algorithms.AES(key), modes.ECB()) # retorna instancia encryptor que irá ser usada para cifragem encryptor = cipher.encryptor() # seleciona algoritmo de padding padder = padding.PKCS7(algorithms.AES.block_size).padder() # adiciona padding ao último bloco de bytes da imagem de modo a ter tamanho do bloco do algoritmo AES padded = padder.update(data) # finaliza operação padded += padder.finalize() # cifra dados ct = encryptor.update(padded) + encryptor.finalize() # retorna instancia decryptor que irá ser usada para decifrarmgem decryptor = cipher.decryptor() # algoritmo para retirar padding para decifragem unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder() # decifra imagem imgdata = decryptor.update(ct) # retira bytes adicionados à imagem unpadded = unpadder.update(imgdata) + unpadder.finalize() # escreve para ficheiro resultado da imagem cifrada
def decrypt(data): cipher = Cipher(algorithms.AES(key), modes.CBC(key), backend=default_backend()).decryptor() data = cipher.update(data) + cipher.finalize() padder = padding.PKCS7(128).unpadder() return padder.update(data) + padder.finalize()
def test_invalid_block_size(self, size): with pytest.raises(ValueError): padding.PKCS7(size)
def decrypt_message(self, message): from constants import session, config from data.users import User if session is None: session = db_session.create_session() unpadder = padding.PKCS7(128).unpadder() my_private = serialization.load_pem_private_key(open(hashlib.sha512(bytes(self.credentials["login"], "utf-8")).hexdigest() + ".pem", "rb").read(), password=bytes(self.credentials["password"], "utf-8"), backend=default_backend()) if message["sent_by"] == self.credentials["username"]: public_key = my_private.public_key() else: cached_user = session.query(User).filter(User.username == message["sent_by"]).first() if cached_user: pub_response = {"status": "OK", "public_key": cached_user.public_key} else: pub_response = self.get_public_key(message["sent_by"]) user = User() user.username = message["sent_by"] user.public_key = pub_response["public_key"] session.add(user) session.commit() if pub_response["status"] == "OK": public_key = serialization.load_pem_public_key(bytes(pub_response["public_key"], "utf-8"), backend=default_backend()) else: return {"status": "error", "error": "Error getting users public key"} key_iv = my_private.decrypt( bytes.fromhex(message["key"]), asymmetric_padding.OAEP( mgf=asymmetric_padding.MGF1(algorithm=hashes.SHA512()), algorithm=hashes.SHA512(), label=None ) ) key = key_iv[:32] iv = key_iv[32:] cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend()) decryptor = cipher.decryptor() decrypted_data = decryptor.update(bytes.fromhex(message["data"])) + decryptor.finalize() decrypted_data = unpadder.update(decrypted_data) + unpadder.finalize() if message["type"] == MessageTypes.Text: public_key.verify( bytes.fromhex(message["signature"]), hashlib.sha512(decrypted_data).digest(), asymmetric_padding.PSS( mgf=asymmetric_padding.MGF1(hashes.SHA512()), salt_length=asymmetric_padding.PSS.MAX_LENGTH ), hashes.SHA512() ) payload = { "status": "OK", "data": decrypted_data.decode("utf-8"), "sent_by": message["sent_by"], "type": MessageTypes(int(message["type"])), "unix_time": message["unix_time"], "viewed": message["viewed"], "status": "OK", "key": key_iv.hex(), "signature": message["signature"] } return payload
def test_invalid_padding(self, size, padded): unpadder = padding.PKCS7(size).unpadder() with pytest.raises(ValueError): unpadder.update(padded) unpadder.finalize()
def add_padding(cls, plaintext, block_size): padder = padding.PKCS7(block_size).padder() return padder.update(plaintext) + padder.finalize()
def test_pad(self, size, unpadded, padded): padder = padding.PKCS7(size).padder() result = padder.update(unpadded) result += padder.finalize() assert result == padded
def decrypt(self, algorithm, msg, hasht, block, privkey): backend = default_backend() msg = base64.b64decode(msg) hybrid = self.rsa.decrypt(privkey, msg[0:256]) msg = msg[256:] if hasht == 1: alg = hashes.SHA256() elif hasht == 2: alg = hashes.SHA512() else: return None # AES128 if algorithm == 1: iv = hybrid[:16] salt = hybrid[16:32] password = hybrid[32:] if block == 1: m = modes.CBC(iv) elif block == 2: m = modes.CTR(iv) else: return None kdf = PBKDF2HMAC(algorithm=alg, length=32, salt=salt, iterations=100000, backend=backend) key = kdf.derive(password) decipher = Cipher(algorithms.AES(key), mode=m, backend=default_backend()) decryptor = decipher.decryptor() dec = decryptor.update(msg) dec += decryptor.finalize() if block == 1: unpadder = padding.PKCS7(128).unpadder() data = unpadder.update(dec) data += unpadder.finalize() return data else: return dec elif algorithm == 2: iv = hybrid[:8] salt = hybrid[8:24] password = hybrid[24:] kdf = PBKDF2HMAC(algorithm=alg, length=16, salt=salt, iterations=100000, backend=backend) key = kdf.derive(password) decipher = Cipher(algorithms.TripleDES(key), mode=modes.CBC(iv), backend=default_backend()) decryptor = decipher.decryptor() dec = decryptor.update(msg) dec += decryptor.finalize() unpadder = padding.PKCS7(64).unpadder() data = unpadder.update(dec) data += unpadder.finalize() return data # CHACHA20 elif algorithm == 3: nonce = hybrid[:16] salt = hybrid[16:32] password = hybrid[32:] kdf = PBKDF2HMAC(algorithm=alg, length=32, salt=salt, iterations=100000, backend=backend) key = kdf.derive(password) decipher = Cipher(algorithms.ChaCha20(key, nonce), mode=None, backend=default_backend()) decryptor = decipher.decryptor() dec = decryptor.update(msg) dec += decryptor.finalize() return dec return None
def test_unpad(self, size, unpadded, padded): unpadder = padding.PKCS7(size).unpadder() result = unpadder.update(padded) result += unpadder.finalize() assert result == unpadded
def UnPad(self, padded_data): unpadder = sym_padding.PKCS7(128).unpadder() return unpadder.update(padded_data) + unpadder.finalize()
def unpad(self, value): unpadder = padding.PKCS7(128).unpadder() return unpadder.update(value) + unpadder.finalize()
def enc(bitstring): padder = padding.PKCS7(algoer.block_size).padder() bitstring = padder.update(bitstring) + padder.finalize() encryptor = cipher.encryptor() return encryptor.update(bitstring) + encryptor.finalize()
def pad(m): padder = padding.PKCS7(128).padder() return padder.update(m) + padder.finalize()
def padPKCS7(self, newPlainText): padder = padding.PKCS7(128).padder() padded_data = padder.update(newPlainText) padded_data += padder.finalize() return padded_data
def unpad(m): unpadder = padding.PKCS7(128).unpadder() return unpadder.update(m) + unpadder.finalize()
def padding_message(message): padder = padding.PKCS7(128).padder() data = padder.update(message) + padder.finalize() return data
def createMail(secType, sender, receiver, emailInputFile, emailOutputFile, digestAlg, encryAlg, rsaKeySize): senderPrivateKeyFile = sender + '_priv_' + str(rsaKeySize) + '.txt' senderPublicKeyFile = sender + '_pub_' + str(rsaKeySize) + '.txt' receiverPrivateKeyFile = receiver + '_priv_' + str(rsaKeySize) + '.txt' receiverPublicKeyFile = receiver + '_pub_' + str(rsaKeySize) + '.txt' with open(senderPrivateKeyFile, "rb") as key_file: senderPrivateKey = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend()) # print(senderPrivateKey) with open(senderPublicKeyFile, "rb") as key_file: senderPublicKey = serialization.load_pem_public_key( key_file.read(), backend=default_backend()) with open(receiverPrivateKeyFile, "rb") as key_file: receiverPrivateKey = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend()) with open(receiverPublicKeyFile, "rb") as key_file: receiverPublicKey = serialization.load_pem_public_key( key_file.read(), backend=default_backend()) with open(emailInputFile, 'r') as file: message = file.read() if secType == 'AUIN': print("Generating message digest") if digestAlg == 'sha512': signature = senderPrivateKey.sign( message.encode(), padding.PSS(mgf=padding.MGF1(hashes.SHA512()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA512()) # digest = hashes.Hash(hashes.SHA512(), backend=default_backend()) # digest.update(message.encode()) # digest.finalize() # encrypted = senderPrivateKey.encrypt( # digest, # padding.OAEP( # mgf=padding.MGF1(algorithm=hashes.SHA256()), # algorithm=hashes.SHA256(), # label=None # ) # ) elif digestAlg == 'sha3-512': # digest = hashes.Hash(hashes.SHA3_512()) # digest.update(message.encode()) # digest.finalize() # encrypted = senderPrivateKey.encrypt( # digest, # padding.OAEP( # mgf=padding.MGF1(algorithm=hashes.SHA256()), # algorithm=hashes.SHA256(), # label=None # ) # ) signature = senderPrivateKey.sign( message.encode(), padding.PSS(mgf=padding.MGF1(hashes.SHA3_512()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA3_512()) base64_enc_digest = base64.b64encode(signature) with open(emailOutputFile, 'wb') as f: f.write(base64_enc_digest) # f.newLine() f.write('\n'.encode()) f.write(message.encode()) print("Message digest generation is successful") elif secType == 'CONF': print("Encrypting sender's message") if encryAlg == 'aes-256-cbc': # sessionKey = AESGCM.generate_key(bit_length=256) # aesgcm = AESGCM(sessionKey) # nonce = os.urandom(12) # encryptedMessage = aesgcm.encrypt(nonce, message.encode(), None) sessionKey = os.urandom(32) iv = os.urandom(16) padder = sym_padding.PKCS7(128).padder() padded_message = padder.update(message.encode()) padded_message += padder.finalize() cipher = Cipher(algorithms.AES(sessionKey), modes.CBC(iv)) encryptor = cipher.encryptor() encryptedMessage = encryptor.update( padded_message) + encryptor.finalize() elif encryAlg == 'des-ede3-cbc': #print("DES") sessionKey = os.urandom(24) iv = os.urandom(8) padder = sym_padding.PKCS7(64).padder() padded_message = padder.update(message.encode()) padded_message += padder.finalize() cipher = Cipher(algorithms.TripleDES(sessionKey), modes.CBC(iv)) encryptor = cipher.encryptor() encryptedMessage = encryptor.update( padded_message) + encryptor.finalize() encryptedSessionKey = receiverPublicKey.encrypt( sessionKey, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) with open(emailOutputFile, 'wb') as f: f.write(base64.b64encode(encryptedSessionKey)) # f.newLine() f.write('\n'.encode()) f.write(base64.b64encode(encryptedMessage)) f.write('\n'.encode()) f.write(base64.b64encode(iv)) print("Encryption of sender's message successful") elif secType == 'COAI': print("Generating message digest") if digestAlg == 'sha512': signature = senderPrivateKey.sign( message.encode(), padding.PSS(mgf=padding.MGF1(hashes.SHA512()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA512()) elif digestAlg == 'sha3-512': signature = senderPrivateKey.sign( message.encode(), padding.PSS(mgf=padding.MGF1(hashes.SHA3_512()), salt_length=padding.PSS.MAX_LENGTH), hashes.SHA3_512()) print("Message digest generation is successful") print("Encrypting sender's message digest") if encryAlg == 'aes-256-cbc': sessionKey = os.urandom(32) iv = os.urandom(16) sig_padder = sym_padding.PKCS7(128).padder() msg_padder = sym_padding.PKCS7(128).padder() padded_signature = sig_padder.update(signature) padded_signature += sig_padder.finalize() padded_message = msg_padder.update(message.encode()) padded_message += msg_padder.finalize() cipher = Cipher(algorithms.AES(sessionKey), modes.CBC(iv)) sig_encryptor = cipher.encryptor() msg_encryptor = cipher.encryptor() encryptedSignature = sig_encryptor.update( padded_signature) + sig_encryptor.finalize() encryptedMessage = msg_encryptor.update( padded_message) + msg_encryptor.finalize() elif encryAlg == 'des-ede3-cbc': #print("DES") sessionKey = os.urandom(24) iv = os.urandom(8) sig_padder = sym_padding.PKCS7(64).padder() msg_padder = sym_padding.PKCS7(64).padder() padded_signature = sig_padder.update(signature) padded_signature += sig_padder.finalize() padded_message = msg_padder.update(message.encode()) padded_message += msg_padder.finalize() cipher = Cipher(algorithms.TripleDES(sessionKey), modes.CBC(iv)) sig_encryptor = cipher.encryptor() msg_encryptor = cipher.encryptor() encryptedSignature = sig_encryptor.update( padded_signature) + sig_encryptor.finalize() encryptedMessage = msg_encryptor.update( padded_message) + msg_encryptor.finalize() encryptedSessionKey = receiverPublicKey.encrypt( sessionKey, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)) with open(emailOutputFile, 'wb') as f: f.write(base64.b64encode(encryptedSessionKey)) # f.newLine() f.write('\n'.encode()) f.write(base64.b64encode(encryptedSignature)) f.write('\n'.encode()) f.write(base64.b64encode(encryptedMessage)) f.write('\n'.encode()) f.write(base64.b64encode(iv)) print("Encryption of sender's message successful")