def test_aes_gcm(self):
key = b'Sixteen byte key'
plain_text = b'Attack at dawn'
hdr = b'To your eyes only'
nonce, mac, cipher_text = AESHandler.aes_gcm_encrypt(
plain_text, hdr, key)
decrypt_out = AESHandler.aes_gcm_decrypt(cipher_text, hdr, nonce, mac,
key)
self.assertEqual(plain_text, decrypt_out)
def test_aes_gcm_with_iv(self):
key = b'Sixteen byte key'
plain_text = b'Attack at dawn'
hdr = b'To your eyes only'
iv = Random.new().read(AES.block_size)
mac, cipher_text = AESHandler.aes_gcm_encrypt_with_iv(
plain_text, hdr, key, iv)
decrypt_out = AESHandler.aes_gcm_decrypt_with_iv(
cipher_text, hdr, mac, key, iv)
self.assertEqual(plain_text, decrypt_out)
def get_gcm_decoded_private_key(encrypted_key_str: str, password: str, b58_address: str, salt: str, n: int,
scheme: SignatureScheme) -> str:
"""
This interface is used to decrypt an private key which has been encrypted.
:param encrypted_key_str: an gcm encrypted private key in the form of string.
:param password: the secret pass phrase to generate the keys from.
:param b58_address: a base58 encode address which should be correspond with the private key.
:param salt: a string to use for better protection from dictionary attacks.
:param n: CPU/memory cost parameter.
:param scheme: the signature scheme.
:return: a private key in the form of string.
"""
r = 8
p = 8
dk_len = 64
scrypt = Scrypt(n, r, p, dk_len)
derived_key = scrypt.generate_kd(password, salt)
iv = derived_key[0:12]
key = derived_key[32:64]
encrypted_key = base64.b64decode(encrypted_key_str).hex()
mac_tag = bytes.fromhex(encrypted_key[64:96])
cipher_text = bytes.fromhex(encrypted_key[0:64])
private_key = AESHandler.aes_gcm_decrypt_with_iv(cipher_text, b58_address.encode(), mac_tag, key, iv)
if len(private_key) == 0:
raise SDKException(ErrorCode.decrypt_encrypted_private_key_error)
acct = Account(private_key, scheme)
if acct.get_address().b58encode() != b58_address:
raise SDKException(ErrorCode.other_error('Address error.'))
return private_key.hex()
def decrypt_with_gcm_mode(nonce: bytes, mac_tag: bytes, cipher_text: bytes,
private_key: bytes, hdr: bytes,
encode_g_tilde: bytes):
aes_key = ECIES.generate_decrypt_aes_key(private_key, encode_g_tilde)
plain_text = AESHandler.aes_gcm_decrypt(cipher_text, hdr, nonce,
mac_tag, aes_key)
return plain_text
def encrypt_with_cbc_mode(plain_text: bytes,
public_key: bytes,
iv: bytes = b'') -> (bytes, bytes, bytes):
aes_key, encode_g_tilde = ECIES.generate_encrypt_aes_key(public_key)
aes_iv, cipher_text = AESHandler.aes_cbc_encrypt(
plain_text, aes_key, iv)
return aes_iv, encode_g_tilde, cipher_text
def decrypt_with_cbc_mode(cipher_text: bytes, private_key: bytes,
iv: bytes, encode_g_tilde: bytes) -> bytes:
aes_key = ECIES.generate_decrypt_aes_key(private_key, encode_g_tilde)
try:
plain_text = AESHandler.aes_cbc_decrypt(cipher_text, iv, aes_key)
except ValueError as e:
raise SDKException(ErrorCode.other_error(e.args[0]))
return plain_text
def export_gcm_encrypted_private_key(self, password: str, salt: str, n: int = 16384) -> str:
"""
This interface is used to export an AES algorithm encrypted private key with the mode of GCM.
:param password: the secret pass phrase to generate the keys from.
:param salt: A string to use for better protection from dictionary attacks.
This value does not need to be kept secret, but it should be randomly chosen for each derivation.
It is recommended to be at least 8 bytes long.
:param n: CPU/memory cost parameter. It must be a power of 2 and less than 2**32
:return: an gcm encrypted private key in the form of string.
"""
r = 8
p = 8
dk_len = 64
scrypt = Scrypt(n, r, p, dk_len)
derived_key = scrypt.generate_kd(password, salt)
iv = derived_key[0:12]
key = derived_key[32:64]
hdr = self.__address.b58encode().encode()
mac_tag, cipher_text = AESHandler.aes_gcm_encrypt_with_iv(self.__private_key, hdr, key, iv)
encrypted_key = bytes.hex(cipher_text) + bytes.hex(mac_tag)
encrypted_key_str = base64.b64encode(bytes.fromhex(encrypted_key))
return encrypted_key_str.decode('utf-8')
def test_aes_ctr(self):
key = b'Sixteen byte key'
plain_text = b'Attack at dawn'
nonce, cipher_text = AESHandler.aes_ctr_encrypt(plain_text, key)
decrypt_out = AESHandler.aes_ctr_decrypt(cipher_text, nonce, key)
self.assertEqual(plain_text, decrypt_out)
def encrypt_with_gcm_mode(plain_text: bytes, hdr: bytes,
public_key: bytes):
aes_key, encode_g_tilde = ECIES.generate_encrypt_aes_key(public_key)
nonce, mac_tag, cipher_text = AESHandler.aes_gcm_encrypt(
plain_text, hdr, aes_key)
return nonce, mac_tag, encode_g_tilde, cipher_text