Exemplo n.º 1
0
 def New():
     """
 Constructs and returns a new _Session instance, containing a newly-generated
 AES key and random nonce.
 """
     return _Session.__Create(keys.AesKey.Generate(),
                              util.RandBytes(SESSION_NONCE_SIZE))
Exemplo n.º 2
0
  def Generate(size=keyinfo.HMAC_SHA1.default_size):
    """
    Return a newly generated HMAC-SHA1 key.

    @param size: length of key in bits to generate
    @type size: integer

    @return: an HMAC-SHA1 key
    @rtype: L{HmacKey}
    """
    key_bytes = util.RandBytes(size // 8)
    key_string = util.Base64WSEncode(key_bytes)
    return HmacKey(key_string, size)
Exemplo n.º 3
0
  def Generate(size=keyinfo.AES.default_size):
    """
    Return a newly generated AES key.

    @param size: length of key in bits to generate
    @type size: integer

    @return: an AES key
    @rtype: L{AesKey}
    """
    key_bytes = util.RandBytes(size // 8)
    key_string = util.Base64WSEncode(key_bytes)
    hmac_key = HmacKey.Generate()  # use default HMAC-SHA1 key size
    return AesKey(key_string, hmac_key, size)
Exemplo n.º 4
0
  def EncryptIO(self, reader , writer):
    """
    Return ciphertext byte string containing Header|IV|Ciph|Sig.

    @param data: plaintext to be encrypted.
    @type data: string

    @return: raw byte string ciphertext formatted to have Header|IV|Ciph|Sig.
    @rtype: string
    """    
    mac = self.hmac_key.CreateStreamable()
    
    #Write and update mac for header
    header = self.Header()
    writer.write(header)
    mac.Update(header)

    #Generate, write, and update mac for IV
    iv_bytes = util.RandBytes(self.block_size)
    writer.write(iv_bytes)
    mac.Update(iv_bytes)

    buffer_size = self.block_size * 4
    cipher = self.__CreateCipher(self.key_bytes, iv_bytes)
    more = True
    while more:
      data = util.ReadLength(reader, buffer_size)
      more = len(data) == buffer_size

      if not more:
        data = self._Pad(data)

      #encrypt, update mac and write out ciphertext
      ciph_bytes = cipher.encrypt(data)
      mac.Update(ciph_bytes)
      writer.write(ciph_bytes)

    #call final mac and write whatever is returned
    ciph_bytes = cipher.final()
    mac.Update(ciph_bytes)
    writer.write(ciph_bytes)

    #write mac and flush
    writer.write(mac.Sign())
    writer.flush()
Exemplo n.º 5
0
    def Encrypt(self, data):
        """
    Return ciphertext byte string containing Header|IV|Ciph|Sig.

    @param data: plaintext to be encrypted.
    @type data: string

    @return: raw byte string ciphertext formatted to have Header|IV|Ciph|Sig.
    @rtype: string
    """
        data = self._Pad(data)
        iv_bytes = util.RandBytes(self.block_size)
        cipher = self.__CreateCipher(self.key_bytes, iv_bytes)
        ciph_bytes = cipher.encrypt(data)
        ciph_bytes += cipher.final()
        msg_bytes = self.Header() + iv_bytes + ciph_bytes
        sig_bytes = self.hmac_key.Sign(msg_bytes)  # Sign bytes
        return msg_bytes + sig_bytes
Exemplo n.º 6
0
  def __init__(self, key, output_stream):
    """
    Constructor

    @param key: Keyczar Key to perform the padding, verification, cipher
    creation needed by this stream
    @type key: Key

    @param output_stream: stream for encrypted output
    @type output_stream: 'file-like' object
    """
    self.__key = key
    self.__output_stream = output_stream
    self.__data = b''
    self.__closed = False

    self.__hmac_stream = key.hmac_key.CreateStreamable()
    iv_bytes = util.RandBytes(key.block_size)
    self.__cipher = AES.new(key.key_bytes, AES.MODE_CBC, iv_bytes)

    hdr = key.Header()
    self.__hmac_stream.Update(hdr + iv_bytes)
    self.__output_stream.write(hdr + iv_bytes)
Exemplo n.º 7
0
  def __Encode(self, msg, label=b""):
    if len(label) >= 2**61:  # the input limit for SHA-1
      raise errors.KeyczarError("OAEP parameter string too long.")
    k = int(math.floor(math.log(self.key.n, 256)) + 1) # num bytes in n
    if len(msg) > k - 2 * util.HLEN - 2:
      raise errors.KeyczarError("Message too long to OAEP encode.")
    label_hash = util.Hash(label)
    pad_octets = (k - len(msg) - 2 * util.HLEN - 2)  # Number of zeros to pad
    if pad_octets < 0:
      raise errors.KeyczarError("Message is too long: %d" % len(msg))
    datablock = label_hash + util.RepeatByte(0x00, pad_octets) + b'\x01' + msg
    seed = util.RandBytes(util.HLEN)

    # Steps 2e, f
    datablock_mask = util.MGF(seed, k - util.HLEN - 1)
    masked_datablock = util.Xor(datablock, datablock_mask)

    # Steps 2g, h
    seed_mask = util.MGF(masked_datablock, util.HLEN)
    masked_seed = util.Xor(seed, seed_mask)

    # Step 2i: Construct the encoded message
    return b'\x00' + masked_seed + masked_datablock