def decrypt_aead(key, ct): nonce = ct[:12] cipher = ct[12:] ad = "" plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt( cipher, ad, nonce, key) return plaintext
def simpleTest(): key = "AAAAAAAAaaaaaaaaAAAAAAAAaaaaaaaa" input_ = "ItsNotATumor" print "Key:", key, "(", len(key), " bytes)" print "Input:", input_, " (", len(input_), " bytes)" nonce = pysodium.randombytes(12) ad = "1234" print "Nonce:", nonce, "(", len(nonce), " bytes)" print "Additional Data: ", ad, " (", len(ad), " bytes)" cipher = pysodium.crypto_aead_chacha20poly1305_encrypt( input_, ad, nonce, key) print "Cipher:", cipher, " (", len(cipher), " bytes)" print "Network Packet:", cipher, ad, nonce, " (", len(cipher) + len( ad) + len(nonce), " bytes)" try: plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt( cipher, ad, nonce, key) except Exception: print "Failed to verify" else: print "Verified and Decrypted." print "Plaintext:", plaintext
def aead_chacha20poly1305_decrypt(key, input_cipherText, nonce): key = bytes.fromhex(key) ad = nonce = bytes.fromhex(nonce) input_cipherText = bytes.fromhex(input_cipherText) output_str = pysodium.crypto_aead_chacha20poly1305_decrypt( input_cipherText, ad, nonce, key) return output_str.decode()
def test_aead_chacha20poly1305(self): key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007") input_ = binascii.unhexlify(b"86d09974840bded2a5ca") nonce = binascii.unhexlify(b"cd7cf67be39c794a") ad = binascii.unhexlify(b"87e229d4500845a079c0") output = pysodium.crypto_aead_chacha20poly1305_encrypt(input_, ad, nonce, key) self.assertEqual(binascii.unhexlify(b"e3e446f7ede9a19b62a4677dabf4e3d24b876bb284753896e1d6"), output) output = pysodium.crypto_aead_chacha20poly1305_decrypt(output, ad, nonce, key) self.assertEqual(output, input_)
def decrypt_box(box_key, header_number, ciphertext_header_packed): try: return pysodium.crypto_aead_chacha20poly1305_decrypt( bytearray_to_char_array(ciphertext_header_packed), None, u64_to_be(header_number), box_key) except ValueError: raise ValueError( 'Failed to decrypt disk. Either (A) the device is not formatted with PUREE, (B) the password is invalid, or (C) the disk has been corrupted.' )
def udpServe(key=b'this is my key value!',addr=('localhost',8080)) : s = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) nonce = pysodium.randombytes(8) ciphertext = pysodium.crypto_aead_chacha20poly1305_encrypt(b'this is my key value!',None,nonce,key) plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt(ciphertext,None,nonce,key) print(plaintext) print(ciphertext) print(reprlib.repr(ciphertext)) print(nonce) print(ciphertext+nonce) s.sendto(ciphertext+nonce,addr) s.close()
def decrypt_aead(self, key, ct): nonce = ct[:8] cipher = ct[8:] ad = "" try: plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt( cipher, ad, nonce, key) except Exception: self.log.error("Failed to decrypt packet.") return "" return plaintext
def test_aead_chacha20poly1305(self): key = binascii.unhexlify(b"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007") input_ = binascii.unhexlify(b"86d09974840bded2a5ca") nonce = binascii.unhexlify(b"cd7cf67be39c794a") ct_common = b"e3e446f7ede9a19b62a4" for ad, ct in [ (binascii.unhexlify(b"87e229d4500845a079c0"), b"677dabf4e3d24b876bb284753896e1d6"), (None, b"69e7789bcd954e658ed38423e23161dc"), ]: output = pysodium.crypto_aead_chacha20poly1305_encrypt(input_, ad, nonce, key) self.assertEqual(binascii.unhexlify(ct_common + ct), output) output = pysodium.crypto_aead_chacha20poly1305_decrypt(output, ad, nonce, key) self.assertEqual(output, input_)
def twolayers(): key = "AAAAAAAAaaaaaaaaAAAAAAAAaaaaaaaa" input_ = "ItsNotATumor" print "Key:", key, "(", len(key), " bytes)" print "Input:", input_, " (", len(input_), " bytes)" nonce = pysodium.randombytes(12) ad = "1234" print "Nonce:", nonce, "(", len(nonce), " bytes)" print "Additional Data: ", ad, " (", len(ad), " bytes)" cipher = pysodium.crypto_aead_chacha20poly1305_encrypt( input_, ad, nonce, key) print "Cipher:", cipher, " (", len(cipher), " bytes)" print "Cipher1:", cipher, ad, nonce, " (", len(cipher) + len(ad) + len( nonce), " bytes)" key2 = "BBBBBBBBbbbbbbbbBBBBBBBBbbbbbbbb" nonce2 = pysodium.randombytes(12) cipher2 = pysodium.crypto_aead_chacha20poly1305_encrypt( cipher, ad, nonce2, key2) print "Ciper2:", cipher2, " (", len(cipher2), " bytes)" try: cipher1 = pysodium.crypto_aead_chacha20poly1305_decrypt( cipher2, ad, nonce2, key2) except Exception: print "Failed to verify outer layer." else: print "Verified and Decrypted Outer Layer." try: plaintext = pysodium.crypto_aead_chacha20poly1305_decrypt( cipher1, ad, nonce, key) except Exception: print "Failed to verify inner layer." else: print "Plaintext: ", plaintext
def test_pysodium(): from xaal.lib import messages import pysodium payload = "FooBar".encode("utf-8") ad = '[]' data = messages.build_timestamp() nonce = messages.build_nonce(data) key = tools.pass2key("My Friend Goo") dump_hex("Payload", payload) dump_hex("Key", key) ciph = pysodium.crypto_aead_chacha20poly1305_encrypt( payload, ad, nonce, key) dump_hex("Ciph", ciph) pjson = pysodium.crypto_aead_chacha20poly1305_decrypt(ciph, ad, nonce, key) print(pjson)
def deconstructSTSResponse(self, data, addr): # TODO verification # m = None decrypData = None addrStr = sts_utility.addrToString(addr) if addrStr in STS.STSConnectionStates.keys(): cp = 0 m = struct.pack('>B', data[cp]) # if data[cp] == 2: cp += 1 nonce_length = data[cp:cp + 4] length = struct.unpack('>I', nonce_length)[0] m += nonce_length cp += 4 nonce = data[cp:cp + length] cp += length encrypData = data[cp:] if STS.STSConnectionStates[addrStr][ 'cSuite'] == 1 or STS.STSConnectionStates[addrStr][ 'cSuite'] == 4: try: decrypData = pysodium.crypto_aead_chacha20poly1305_ietf_decrypt( encrypData, m, nonce, STS.STSConnectionStates[addrStr]['session_key'][:32]) except: decrypData = None # TODO suites 2 or 5 elif STS.STSConnectionStates[addrStr][ 'cSuite'] == 2 or STS.STSConnectionStates[addrStr][ 'cSuite'] == 5: try: decrypData = pysodium.crypto_aead_chacha20poly1305_decrypt( encrypData, m, nonce, STS.STSConnectionStates[addrStr]['session_key'][:32]) except: decrypData = None return decrypData
def crypt_aed_decrypt(data, keystr): key = binascii.unhexlify(binary_to_hex(pysodium.crypto_hash_sha256(keystr))) nonce = binascii.unhexlify(b"cd7cf67be39c7977") ad = "" rtn = pysodium.crypto_aead_chacha20poly1305_decrypt(data, ad, nonce, key) return rtn
def udp_message(self, data): pw = self.password[:5] if ":" + self.user[:-4] + ":" not in data: packet = list() for i in data: packet.append(hex(ord(i))) IDENT = self.hex_convert(packet[0:3], "i") # 14593470 is the first 3 bytes (0xDE 0xAD 0xBE) which identifies this type of packet if IDENT == 14593470: OPSLIMIT = self.hex_convert(packet[4:8], "i") MEMLIMIT = self.hex_convert(packet[8:12], "i") SALT = self.hex_convert(packet[12:28], "s") NONCE = self.hex_convert(packet[28:36], "s") CIPHERTEXT = self.hex_convert(packet[36:70], "s") key = pysodium.crypto_pwhash( pysodium.crypto_auth_KEYBYTES, pw, SALT, OPSLIMIT, MEMLIMIT, pysodium.crypto_pwhash_ALG_ARGON2I13) try: output = pysodium.crypto_aead_chacha20poly1305_decrypt( CIPHERTEXT, None, NONCE, key) outputHex = list() for i in output: outputHex.append(hex(ord(i))) INTERCOM_ID = self.hex_convert(outputHex[0:6], "s") EVENT = self.hex_convert(outputHex[6:14], "s") TIMESTAMP = self.hex_convert(outputHex[14:18], "i") self.logger.debug("------------------------------") self.logger.debug(indigo.devices[self.indigoID].name + ": Decrypted UDP packet details") self.logger.debug(" Intercom_ID: " + str(INTERCOM_ID)) self.logger.debug(" Event: " + str(EVENT)) self.logger.debug(" Timestamp: " + str(TIMESTAMP)) self.logger.debug("------------------------------") if TIMESTAMP != self.lastEvent: #Multiple duplicate UDP packets sent by Doorbird. This removes the duplicates if str(EVENT).rstrip() == "motion": self.motion_event() elif str(EVENT).rstrip() == "1": self.doorbell_event() else: self.logger.debug( indigo.devices[self.indigoID].name + ": Unknown event (" + EVENT + ")") self.lastEvent = TIMESTAMP except: pass # Just keep going as multiple packets are sent with different passwords. Some will always fail here as wrong password #11189196 is the first 3 bytes (0xAA 0xBB 0xCC) which occurs when an IP Chime is connected to the Doorbird elif IDENT == 11189196: pass # For now do nothing. Maybe useful later when we work out what to do with this type of packet? else: self.logger.debug(indigo.devices[self.indigoID].name + ": Unknown packet identifier (" + str(IDENT) + ")") else: self.keepAlive = time.time()
def decrypt(k, data): n = data[:pysodium.crypto_aead_chacha20poly1305_NONCEBYTES] c = data[len(n):] return pysodium.crypto_aead_chacha20poly1305_decrypt(c, None, n, k)