def test_open_with_wrong_associated_data(self):
     """Ensure 'open' raises IntegrityError if wrong associated data is given"""
     bad_ad = [b"INVALID"]
     for ex in SIVExample.load():
         siv = SIV(ex.key)
         with self.assertRaises(IntegrityError):
             siv.open(ex.ciphertext, bad_ad)
    def test_open_with_wrong_key(self):
        """Ensure 'open' raises IntegrityError if wrong key is given"""
        bad_key = b"\x01" * 32
        siv = SIV(bad_key)

        for ex in SIVExample.load():
            with self.assertRaises(IntegrityError):
                siv.open(ex.ciphertext, ex.ad)
Exemple #3
0
 def decrypt(self: object, passphrase: bytes) -> None:
     with open(self.in_path, 'rb') as in_file:
         salt = in_file.read(self.SALT_SIZE)
         key = self._derive_key(passphrase, salt)
         siv = SIV(key)
         nonce = in_file.read(self.NONCE_SIZE)
         plaintext = siv.open(in_file.read(), [nonce])
     self._extract(plaintext)
Exemple #4
0
def dec_file(filepath, data_key):
    siv = SIV(data_key)
    with open(filepath, 'rb') as myfile:
        ciphertext = myfile.read()
        # first 16 bytes are the nonce
        nonce = ciphertext[:16]
        plaintext = siv.open(ciphertext[16:], [nonce])
        return plaintext.decode()
    return None
Exemple #5
0
    def dec_file(self):
        """
        Decrypt file and return plaintext
        """

        with open(self.input_file, 'rb') as f:
            data = f.read()
            siv = SIV(self.k)
            nonce = data[:16]
            pt = siv.open(data[16:], [nonce])

            return pt.decode()
Exemple #6
0
class AES(Encryption):

    default_options = {"salt": None}

    pubkey = None

    def setup(self):

        password = self.ask_password()

        # Generate Salt
        if not self.config["salt"]:
            salt = urandom(SALT_SIZE)
            self.config["salt"] = binascii.hexlify(salt)

        # Derive key from password and initialize SIV
        key = self.derive_key(password)
        self.engine = SIV(key)

    def derive_key(self, password):

        salt = binascii.unhexlify(self.config["salt"])
        pw_bytes = bytes(password, "utf-8")

        dk = hash_secret_raw(
            pw_bytes,
            salt,
            time_cost=ARGON2_TIME_COST,
            memory_cost=ARGON2_MEMORY_COST,
            parallelism=ARGON2_PARALLELISM,
            hash_len=ARGON2_HASH_LEN,
            type=ARGON2_TYPE,
        )

        return dk

    def encrypt(self, data):

        nonce = urandom(NONCE_SIZE)

        if not isinstance(data, bytes):
            data = bytes(data, "utf-8")

        sealed_data = self.engine.seal(data, [nonce])

        return (sealed_data, nonce)

    def decrypt(self, payload):

        data = self.engine.open(payload[0], [payload[1]])

        return data
Exemple #7
0
def unwrap_key_owner(passphrase, wrapped_key_ciphertext):
    #derive key using passphrase and salt
    salt = wrapped_key_ciphertext[:16]
    derived_key = argon2.low_level.hash_secret_raw(
        passphrase.encode(),
        salt,
        time_cost=1,
        memory_cost=8,
        parallelism=1,
        hash_len=32,
        type=argon2.low_level.Type.I)

    # unwrap the data key using the derived key
    siv = SIV(derived_key)
    data_key = siv.open(wrapped_key_ciphertext[16:])
    return data_key
 def test_open(self):
     """Ensure the 'open' passes all AES-SIV test vectors"""
     for ex in PMACSIVExample.load():
         siv = SIV(ex.key, PMAC)
         plaintext = siv.open(ex.ciphertext, ex.ad)
         self.assertEqual(plaintext, ex.plaintext)
Exemple #9
0
def dec_str(ciphertext, data_key):
    siv = SIV(data_key)
    nonce = ciphertext[:16]
    plaintext = siv.open(ciphertext[16:], [nonce])
    return plaintext.decode()
Exemple #10
0
def decryption_machine(encrypt):
    siv = SIV(encrypt[2])
    plaintext = siv.open(encrypt[0], [encrypt[1]])
    return plaintext