def _get_session_key(self, data, descriptor_cookie, client_id):
pos = 0
d = aes_ctr_decryptor(descriptor_cookie)
while pos < len(data):
if data[pos:pos + self.REND_BASIC_AUTH_CLIENT_ID_LEN] == client_id:
start_key_pos = pos + self.REND_BASIC_AUTH_CLIENT_ID_LEN
end_key_pos = start_key_pos + self.CIPHER_KEY_LEN
enc_session_key = data[start_key_pos:end_key_pos]
return aes_update(d, enc_session_key)
pos += self.REND_BASIC_AUTH_CLIENT_ENTRY_LEN
raise Exception('Session key for client {!r} not found'.format(client_id))
def hybrid_encrypt(data, rsa_key_der):
"""
Hybrid encryption scheme.
Encrypt the entire contents of the byte array "data" with the given "TorPublicKey" according to
the "hybrid encryption" scheme described in the main Tor specification (tor-spec.txt).
"""
rsa_key = rsa_load_der(rsa_key_der)
if len(data) < PK_DATA_LEN:
return rsa_encrypt(rsa_key, data)
aes_key_bytes = os.urandom(KEY_LEN)
# RSA(K | M1) --> C1
m1 = data[:PK_DATA_LEN_WITH_KEY]
c1 = rsa_encrypt(rsa_key, aes_key_bytes + m1)
# AES_CTR(M2) --> C2
m2 = data[PK_DATA_LEN_WITH_KEY:]
aes_key = aes_ctr_encryptor(aes_key_bytes)
c2 = aes_update(aes_key, m2)
return c1 + c2
def _decrypting_func(self, payload):
return aes_update(self._backward_cipher, payload)
def _encrypting_func(self, payload):
return aes_update(self._forward_cipher, payload)