def decrypt_aead(key, ct):
nonce = ct[:12]
cipher = ct[12:]
ad = ""
plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt(
cipher, ad, nonce, key)
return plaintext
def simpleTest():
key = "AAAAAAAAaaaaaaaaAAAAAAAAaaaaaaaa"
input_ = "ItsNotATumor"
print "Key:", key, "(", len(key), " bytes)"
print "Input:", input_, " (", len(input_), " bytes)"
nonce = pysodium.randombytes(12)
ad = "1234"
print "Nonce:", nonce, "(", len(nonce), " bytes)"
print "Additional Data: ", ad, " (", len(ad), " bytes)"
cipher = pysodium.crypto_aead_chacha20poly1305_encrypt(
input_, ad, nonce, key)
print "Cipher:", cipher, " (", len(cipher), " bytes)"
print "Network Packet:", cipher, ad, nonce, " (", len(cipher) + len(
ad) + len(nonce), " bytes)"
try:
plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt(
cipher, ad, nonce, key)
except Exception:
print "Failed to verify"
else:
print "Verified and Decrypted."
print "Plaintext:", plaintext
def aead_chacha20poly1305_decrypt(key, input_cipherText, nonce):
key = bytes.fromhex(key)
ad = nonce = bytes.fromhex(nonce)
input_cipherText = bytes.fromhex(input_cipherText)
output_str = pysodium.crypto_aead_chacha20poly1305_decrypt(
input_cipherText, ad, nonce, key)
return output_str.decode()
def test_aead_chacha20poly1305(self):
key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007")
input_ = binascii.unhexlify(b"86d09974840bded2a5ca")
nonce = binascii.unhexlify(b"cd7cf67be39c794a")
ad = binascii.unhexlify(b"87e229d4500845a079c0")
output = pysodium.crypto_aead_chacha20poly1305_encrypt(input_, ad, nonce, key)
self.assertEqual(binascii.unhexlify(b"e3e446f7ede9a19b62a4677dabf4e3d24b876bb284753896e1d6"), output)
output = pysodium.crypto_aead_chacha20poly1305_decrypt(output, ad, nonce, key)
self.assertEqual(output, input_)
def test_aead_chacha20poly1305(self):
key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007")
input_ = binascii.unhexlify(b"86d09974840bded2a5ca")
nonce = binascii.unhexlify(b"cd7cf67be39c794a")
ad = binascii.unhexlify(b"87e229d4500845a079c0")
output = pysodium.crypto_aead_chacha20poly1305_encrypt(input_, ad, nonce, key)
self.assertEqual(binascii.unhexlify(b"e3e446f7ede9a19b62a4677dabf4e3d24b876bb284753896e1d6"), output)
output = pysodium.crypto_aead_chacha20poly1305_decrypt(output, ad, nonce, key)
self.assertEqual(output, input_)
def decrypt_box(box_key, header_number, ciphertext_header_packed):
try:
return pysodium.crypto_aead_chacha20poly1305_decrypt(
bytearray_to_char_array(ciphertext_header_packed), None,
u64_to_be(header_number), box_key)
except ValueError:
raise ValueError(
'Failed to decrypt disk. Either (A) the device is not formatted with PUREE, (B) the password is invalid, or (C) the disk has been corrupted.'
)
def udpServe(key=b'this is my key value!',addr=('localhost',8080)) :
s = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
nonce = pysodium.randombytes(8)
ciphertext = pysodium.crypto_aead_chacha20poly1305_encrypt(b'this is my key value!',None,nonce,key)
plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt(ciphertext,None,nonce,key)
print(plaintext)
print(ciphertext)
print(reprlib.repr(ciphertext))
print(nonce)
print(ciphertext+nonce)
s.sendto(ciphertext+nonce,addr)
s.close()
def decrypt_aead(self, key, ct):
nonce = ct[:8]
cipher = ct[8:]
ad = ""
try:
plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt(
cipher, ad, nonce, key)
except Exception:
self.log.error("Failed to decrypt packet.")
return ""
return plaintext
def test_aead_chacha20poly1305(self):
key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007")
input_ = binascii.unhexlify(b"86d09974840bded2a5ca")
nonce = binascii.unhexlify(b"cd7cf67be39c794a")
ct_common = b"e3e446f7ede9a19b62a4"
for ad, ct in [
(binascii.unhexlify(b"87e229d4500845a079c0"), b"677dabf4e3d24b876bb284753896e1d6"),
(None, b"69e7789bcd954e658ed38423e23161dc"),
]:
output = pysodium.crypto_aead_chacha20poly1305_encrypt(input_, ad, nonce, key)
self.assertEqual(binascii.unhexlify(ct_common + ct), output)
output = pysodium.crypto_aead_chacha20poly1305_decrypt(output, ad, nonce, key)
self.assertEqual(output, input_)
def test_aead_chacha20poly1305(self):
key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007")
input_ = binascii.unhexlify(b"86d09974840bded2a5ca")
nonce = binascii.unhexlify(b"cd7cf67be39c794a")
ct_common = b"e3e446f7ede9a19b62a4"
for ad, ct in [
(binascii.unhexlify(b"87e229d4500845a079c0"), b"677dabf4e3d24b876bb284753896e1d6"),
(None, b"69e7789bcd954e658ed38423e23161dc"),
]:
output = pysodium.crypto_aead_chacha20poly1305_encrypt(input_, ad, nonce, key)
self.assertEqual(binascii.unhexlify(ct_common + ct), output)
output = pysodium.crypto_aead_chacha20poly1305_decrypt(output, ad, nonce, key)
self.assertEqual(output, input_)
def twolayers():
key = "AAAAAAAAaaaaaaaaAAAAAAAAaaaaaaaa"
input_ = "ItsNotATumor"
print "Key:", key, "(", len(key), " bytes)"
print "Input:", input_, " (", len(input_), " bytes)"
nonce = pysodium.randombytes(12)
ad = "1234"
print "Nonce:", nonce, "(", len(nonce), " bytes)"
print "Additional Data: ", ad, " (", len(ad), " bytes)"
cipher = pysodium.crypto_aead_chacha20poly1305_encrypt(
input_, ad, nonce, key)
print "Cipher:", cipher, " (", len(cipher), " bytes)"
print "Cipher1:", cipher, ad, nonce, " (", len(cipher) + len(ad) + len(
nonce), " bytes)"
key2 = "BBBBBBBBbbbbbbbbBBBBBBBBbbbbbbbb"
nonce2 = pysodium.randombytes(12)
cipher2 = pysodium.crypto_aead_chacha20poly1305_encrypt(
cipher, ad, nonce2, key2)
print "Ciper2:", cipher2, " (", len(cipher2), " bytes)"
try:
cipher1 = pysodium.crypto_aead_chacha20poly1305_decrypt(
cipher2, ad, nonce2, key2)
except Exception:
print "Failed to verify outer layer."
else:
print "Verified and Decrypted Outer Layer."
try:
plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt(
cipher1, ad, nonce, key)
except Exception:
print "Failed to verify inner layer."
else:
print "Plaintext: ", plaintext
def test_pysodium():
from xaal.lib import messages
import pysodium
payload = "FooBar".encode("utf-8")
ad = '[]'
data = messages.build_timestamp()
nonce = messages.build_nonce(data)
key = tools.pass2key("My Friend Goo")
dump_hex("Payload", payload)
dump_hex("Key", key)
ciph = pysodium.crypto_aead_chacha20poly1305_encrypt(
payload, ad, nonce, key)
dump_hex("Ciph", ciph)
pjson = pysodium.crypto_aead_chacha20poly1305_decrypt(ciph, ad, nonce, key)
print(pjson)
def deconstructSTSResponse(self, data, addr):
# TODO verification
# m = None
decrypData = None
addrStr = sts_utility.addrToString(addr)
if addrStr in STS.STSConnectionStates.keys():
cp = 0
m = struct.pack('>B', data[cp])
# if data[cp] == 2:
cp += 1
nonce_length = data[cp:cp + 4]
length = struct.unpack('>I', nonce_length)[0]
m += nonce_length
cp += 4
nonce = data[cp:cp + length]
cp += length
encrypData = data[cp:]
if STS.STSConnectionStates[addrStr][
'cSuite'] == 1 or STS.STSConnectionStates[addrStr][
'cSuite'] == 4:
try:
decrypData = pysodium.crypto_aead_chacha20poly1305_ietf_decrypt(
encrypData, m, nonce,
STS.STSConnectionStates[addrStr]['session_key'][:32])
except:
decrypData = None
# TODO suites 2 or 5
elif STS.STSConnectionStates[addrStr][
'cSuite'] == 2 or STS.STSConnectionStates[addrStr][
'cSuite'] == 5:
try:
decrypData = pysodium.crypto_aead_chacha20poly1305_decrypt(
encrypData, m, nonce,
STS.STSConnectionStates[addrStr]['session_key'][:32])
except:
decrypData = None
return decrypData
def crypt_aed_decrypt(data, keystr):
key = binascii.unhexlify(binary_to_hex(pysodium.crypto_hash_sha256(keystr)))
nonce = binascii.unhexlify(b"cd7cf67be39c7977")
ad = ""
rtn = pysodium.crypto_aead_chacha20poly1305_decrypt(data, ad, nonce, key)
return rtn
def udp_message(self, data):
pw = self.password[:5]
if ":" + self.user[:-4] + ":" not in data:
packet = list()
for i in data:
packet.append(hex(ord(i)))
IDENT = self.hex_convert(packet[0:3], "i")
# 14593470 is the first 3 bytes (0xDE 0xAD 0xBE) which identifies this type of packet
if IDENT == 14593470:
OPSLIMIT = self.hex_convert(packet[4:8], "i")
MEMLIMIT = self.hex_convert(packet[8:12], "i")
SALT = self.hex_convert(packet[12:28], "s")
NONCE = self.hex_convert(packet[28:36], "s")
CIPHERTEXT = self.hex_convert(packet[36:70], "s")
key = pysodium.crypto_pwhash(
pysodium.crypto_auth_KEYBYTES, pw, SALT, OPSLIMIT,
MEMLIMIT, pysodium.crypto_pwhash_ALG_ARGON2I13)
try:
output = pysodium.crypto_aead_chacha20poly1305_decrypt(
CIPHERTEXT, None, NONCE, key)
outputHex = list()
for i in output:
outputHex.append(hex(ord(i)))
INTERCOM_ID = self.hex_convert(outputHex[0:6], "s")
EVENT = self.hex_convert(outputHex[6:14], "s")
TIMESTAMP = self.hex_convert(outputHex[14:18], "i")
self.logger.debug("------------------------------")
self.logger.debug(indigo.devices[self.indigoID].name +
": Decrypted UDP packet details")
self.logger.debug(" Intercom_ID: " + str(INTERCOM_ID))
self.logger.debug(" Event: " + str(EVENT))
self.logger.debug(" Timestamp: " + str(TIMESTAMP))
self.logger.debug("------------------------------")
if TIMESTAMP != self.lastEvent: #Multiple duplicate UDP packets sent by Doorbird. This removes the duplicates
if str(EVENT).rstrip() == "motion":
self.motion_event()
elif str(EVENT).rstrip() == "1":
self.doorbell_event()
else:
self.logger.debug(
indigo.devices[self.indigoID].name +
": Unknown event (" + EVENT + ")")
self.lastEvent = TIMESTAMP
except:
pass # Just keep going as multiple packets are sent with different passwords. Some will always fail here as wrong password
#11189196 is the first 3 bytes (0xAA 0xBB 0xCC) which occurs when an IP Chime is connected to the Doorbird
elif IDENT == 11189196:
pass # For now do nothing. Maybe useful later when we work out what to do with this type of packet?
else:
self.logger.debug(indigo.devices[self.indigoID].name +
": Unknown packet identifier (" +
str(IDENT) + ")")
else:
self.keepAlive = time.time()
def decrypt(k, data):
n = data[:pysodium.crypto_aead_chacha20poly1305_NONCEBYTES]
c = data[len(n):]
return pysodium.crypto_aead_chacha20poly1305_decrypt(c, None, n, k)
