def decrypt(self, payload):
"""Decrypts the each encrypted item of the payload.
Initialize decryption cipher for each item and and use cipher to decrypt payload items.
:param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC
:return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption"
"""
text = json.loads(payload)
rece_HMAC = ubinascii.unhexlify(text["HMAC"])
rece_iv = ubinascii.unhexlify(text["e_iv"])
rece_nodeid = ubinascii.unhexlify(text["e_nodeid"])
rece_sensord = ubinascii.unhexlify(text["e_sd"])
#encrypt iv
myaes = aes(self.ivkey, 2, self.staticiv)
iv = myaes.decrypt(rece_iv)
striv = iv.decode("utf-8")
print(striv)
#encrypt data
myes = aes(self.datakey, 2, striv)
node_id = myes.decrypt(rece_nodeid).decode("utf-8")
byte_sensord = myes.decrypt(rece_sensord)
sensord = byte_sensord.decode("utf-8")
data = sensord.strip(chr(0)).split(' ')
data_x = float(data[0])
data_y = float(data[1])
data_z = float(data[2])
data_temp = float(data[3])
print(data_x, data_y, data_z, data_temp)
return True, node_id, data_x, data_y, data_z, data_temp
def decrypt(self, payload):
"""Decrypts the each encrypted item of the payload.
Initialize decryption cipher for each item and and use cipher to decrypt payload items.
:param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC
:return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption"
"""
decrypted_payload = ujson.loads(payload)
decrypted_iv = ubinascii.unhexlify(decrypted_payload['encrypted_iv'])
decrypted_nodeid = ubinascii.unhexlify(decrypted_payload['encrypted_nodeid'])
decrypted_data = ubinascii.unhexlify(decrypted_payload['encrypted_data'])
decrypted_hmac = decrypted_payload['hmac']
decryption_cipher = aes(self.ivkey,2,self.staticiv)
decrypt_iv= decryption_cipher.decrypt(decrypted_iv)
decryption_data = aes(self.datakey,2,decrypt_iv)
decrypt_data = decryption_data.decrypt(decrypted_data)
sensor_data={}
sensor_data['a_x']=float(decrypt_data[0:8])
sensor_data['a_y']=float(decrypt_data[8:16])
sensor_data['a_z']=float(decrypt_data[16:24])
sensor_data['temp']=float(decrypt_data[24:32])
return (0,sensor_data)
def decrypt(self, payload):
"""Decrypts the each encrypted item of the payload.
Initialize decryption cipher for each item and and use cipher to decrypt payload items.
:param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC
:return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption"
"""
json_data = json.loads(payload)
encrypted_nodeid = json_data["node_id"]
encrypted_iv = json_data["encrypted_iv"]
encrypted_data = json_data["data"]
#print(bytes(encrypted_iv[2:-1]), 'utf8')
#self.data_aes.decrypt(bytes(encrypted_nodeid), self.decrypted_nodeid)
decrypter_iv = aes(self.ivkey, 2, self.staticiv)
self.decrypted_iv = decrypter_iv.decrypt(decode_str(encrypted_iv))
decrypter_data = aes(self.datakey, 2, self.decrypted_iv)
self.decrypted_nodeid = decrypter_data.decrypt(
decode_str(encrypted_nodeid))
self.decrypted_data = decrypter_data.decrypt(
decode_str(encrypted_data))
#sensor_data[0], sensor_data[1], sensor_data[2], sensor_data[3] = struct.unpack("ffff", self.decrypted_data)
return "Successful Decryption"
def decrypt(self, payload):
"""Decrypts the each encrypted item of the payload.
Initialize decryption cipher for each item and and use cipher to decrypt payload items.
:param payload : received MQTT message from Spinner #1. This includes all encrypted data, nodeid, iv, and HMAC
:return : MQTT message to publish to Spinner #1 on Topic "Acknowledge", can be "Successful Decryption"
"""
#### decrypt iv
iv = aes(self.ivkey, 2, self.staticiv)
#print(self.iv)
self.iv = iv.decrypt(bytes(self.iv))
print("hello", self.iv)
#### decrypt sensor_data
data = aes(self.datakey, 2, self.iv)
self.enData = data.decrypt(bytes(payload))
#print("enData",self.enData)
while (self.counterData != 0):
self.counterData -= 1
self.enData = self.enData[:-1]
#print("enData without zero",self.enData)
####decrypt nodeid
self.nodeid = data.decrypt(self.nodeid)
#print("nodeid",self.nodeid)
return self.enData
def __init__(self,
mode=2,
key_enc=None,
iv_enc=None,
key_dec=None,
iv_dec=None,
load_keys=False,
buffer_size=2048):
self.sess_keyfile_dev = 'session.key'
self.sess_keyfile_host = 'session{}.key'.format(
hexlify(unique_id()).decode())
self.mode = mode
self.block_len = 0
self.key_e = key_enc
self.iv_e = iv_enc
self.msg_hex = b''
self.buff = bytearray(buffer_size)
self.buff_size = buffer_size
self.err_buff = io.StringIO(100)
self.buff_out = io.StringIO(500)
self.gbls = globals()
self.wrepl = None
self.buff_crepl = None
self.message_out = ''
self.data_bytes = bytearray(20)
self.rec_msg = ''
self.resp_msg = ''
if key_dec is None:
self.key_d = key_enc
self.iv_d = iv_enc
else:
self.key_d = key_dec
self.iv_d = iv_dec
if load_keys:
try:
with open(self.sess_keyfile_dev, 'r') as sess_config:
sess_keys_dev = json.load(sess_config)
self.key_e = sess_keys_dev['SKEY']
self.iv_e = sess_keys_dev['IV']
with open(self.sess_keyfile_host, 'r') as sess_config:
sess_keys_host = json.load(sess_config)
self.key_d = sess_keys_host['SKEY']
self.iv_d = sess_keys_host['IV']
except Exception as e:
print('No session keys found in the device')
pass
self.enc = ucryptolib.aes(self.key_e, self.mode, self.iv_e)
self.dec = ucryptolib.aes(self.key_d, self.mode, self.iv_d)
def encrypt(self, sensor_data):
"""Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data
:param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature
"""
myAES = aes(self.ivkey, 2,
self.staticiv) # using (staticiv, ivkey) for iv
print(self.iv)
print(bytes(self.iv, 'utf-8'))
self.encrypted_iv = myAES.encrypt(bytes(self.iv, 'utf-8'))
print(self.encrypted_iv)
myAES = aes(self.datakey, 2,
self.iv) #(iv, datakey) for nodeid and sensor_data
self.encrypted_nodeid = myAES.encrypt(bytes(self.nodeid, 'utf-8'))
self.encrypted_sensor_data = self.blockEncrypterAES(myAES, sensor_data)
def encrypt_payload(self, key, direction, data):
k = int(math.ceil(len(data) / 16.0))
a = []
for i in range(k):
a += [0x01]
a += [0x00, 0x00, 0x00, 0x00]
a += [direction]
a += self.mac_payload.get_fhdr().get_devaddr()
a += self.mac_payload.get_fhdr().get_fcnt()
a += [0x00] # fcnt 32bit
a += [0x00] # fcnt 32bit
a += [0x00]
a += [i+1]
cipher = ucryptolib.aes(bytearray(key), MODE_ECB)
s = cipher.encrypt(bytes(a))
padded_payload = []
for i in range(k):
idx = (i + 1) * 16
padded_payload += (data[idx - 16:idx] + ([0x00] * 16))[:16]
payload = []
for i in range(len(data)):
payload += [s[i] ^ padded_payload[i]]
return list(map(int, payload))
def decode(data, pwd):
if pwd == None:
return data
pwd = (pwd + hex(data[0])[2:]).zfill(16)
decryptor = aes(pwd.encode(), 1)
data = decryptor.decrypt(data[1:])
return data[2:2 + int.from_bytes(data[:2], 'little')]
def encrypt(self, sensor_data):
"""Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data
using (staticiv, ivkey) for iv and (iv, datakey) for nodeid and sensor_data
:param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature
"""
encode = aes(self.ivkey,2,self.staticiv)
self.encrypted_iv = encode.encrypt(self.iv)
encode = aes(self.datakey,2,self.iv)
self.encrypted_nodeid = encode.encrypt(self.nodeid)
ax = sensor_data["ax"]
ay = sensor_data["ay"]
az = sensor_data["az"]
temp = sensor_data["temp"]
sensorData = b'{0:08.4f}{1:08.4f}{2:08.4f}{3:08.4f}'.format(ax, ay, az, temp)
encode = aes(self.datakey, 2, self.iv)
self.encrypted_data = encode.encrypt(sensorData)
def entropy_encrypt(entropy_plain):
# 2 - MODE_CBC
crypto = aes(Key.key, 2, Key.iv)
# encrypted data should be mod 16 (blocksize)
pad_len = 16-((len(entropy_plain)+1) % 16)
data = bytes([len(entropy_plain)])+entropy_plain+bytes(pad_len)
return crypto.encrypt(data);
def encode(self, K, M):
const_Bsize = 16
const_Zero = b'\x00' * 16
AES_128 = ucryptolib.aes(bytearray(K), MODE_ECB)
K1, K2 = self.gen_subkey(K)
n = int(len(M) / const_Bsize)
if n == 0:
n = 1
flag = False
else:
if (len(M) % const_Bsize) == 0:
flag = True
else:
n += 1
flag = False
M_n = M[(n - 1) * const_Bsize:]
if flag is True:
M_last = self.xor_128(M_n, K1)
else:
M_last = self.xor_128(self.pad(M_n), K2)
X = const_Zero
for i in range(n - 1):
M_i = M[(i) * const_Bsize:][:16]
Y = self.xor_128(X, M_i)
X = AES_128.encrypt(Y)
Y = self.xor_128(M_last, X)
T = AES_128.encrypt(Y)
return T
def encode(text):
key = generate_key()
cipher = aes(key, 1)
pad = 16 - len(text) % 16
text = text + " " * pad
encrypted = cipher.encrypt(text)
return encrypted
def encrypt(self, sensor_data):
"""Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data
using (staticiv, ivkey) for iv and (iv, datakey) for nodeid and sensor_data
:param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature
"""
# set encryption parameters
encryption1 = aes(self.ivkey, 2, self.staticiv)
encryption2 = aes(self.datakey, 2, self.iv)
# encrypt data
self.encrypted_data = encryption2.encrypt(sensor_data)
self.encrypted_iv = encryption1.encrypt(self.iv)
self.encrypted_nodeid = encryption2.encrypt(self.nodeid)
self.iv = bytes(random.getrandbits(8)
for _ in range(16)) # changes every time
def encrypt_payload(self, key, direction, mhdr):
a = []
a += self.to_clear_raw()
a += self.compute_mic(key, direction, mhdr)
cipher = ucryptolib.aes(bytearray(key), MODE_ECB)
return list(map(int, cipher.decrypt(bytes(a))))
async def write(self, sid, data):
cipher = ucryptolib.aes(GW_PASSWD, MODE_CBC, GW_IV)
key = ubinascii.hexlify(cipher.encrypt(self.tokens[sid])).decode()
data["key"] = key
cmd = {"cmd": "write", "model": "gateway", "sid": sid, "data": data}
await self.send_msg(cmd)
return await self.wait_resp("write_ack")
def decrypt_hex(self, msg):
self.msg_hex = unhexlify(msg)
self.buff[:] = bytearray(self.buff_size)
self.dec = ucryptolib.aes(self.key_d, self.mode, self.iv_d)
self.dec.decrypt(self.msg_hex, self.buff)
gc.collect()
return self.buff.decode().split('\x00')[0]
def __init__(self, connect_retry=10):
ap = WLAN(AP_IF)
ap.active(1)
sta = WLAN(STA_IF)
sta.active(1)
self.s = socket.socket()
self.s.bind(("0.0.0.0", 80))
self.s.listen(1)
self.ssid, self.password = "", ""
self.connect_retry = connect_retry
self.lock_status = 0
try:
wificonfig = open("wificonfig", "r")
self.ssid, self.password = config.read().split("\n")[:2]
wificonfig.close()
except Exception:
pass
if not self.ssid:
print("config does not exist, initializing config")
self.first_time_raw()
else:
print("found existing config, connecting to wifi")
success = self.connect_to_wifi()
self.s.settimeout(2)
self.IV = bytes()
self.key = bytes()
with open("aes", "rb") as f:
self.IV = f.read(16)
self.key = f.read()
self.IV = b'[S\x83\x11v\x9cY;\xbcH\xe3\t\xd6\xf9\xbf\x9f'
self.key = b'b\xe7\x02$D\x18\x0c\xd8I5:\x1d%\xeft\xdb'
self.cipher = ucryptolib.aes(key, 2, IV)
self.last_sender_addr = "0.0.0.0"
with open("lastsender", "r") as f:
self.last_sender_addr = f.read()
topic = "mcer4294967296/data"
broker = "mqtt.eclipse.org"
print("connecting to MQTT")
mqtt = MQTTClient("umqtt_client", broker)
mqtt.connect()
print("connected to MQTT")
mqtt.subscribe(topic)
mqtt.set_callback(self.on_receive_mqtt)
self.override = False
self.at_home = False
self.dist_thresh = 0.5 # kilometer
self.timestamp_left = time.time()
self.time_thresh = 60 # seconds
self.poll_interval = 5 # seconds
self.key_update_thresh = 86400 # a day
self.last_key_update = time.time()
def entropy_decrypt(entropy_encrypted):
# 2 - MODE_CBC
crypto = aes(Key.key, 2, Key.iv)
data = crypto.decrypt(entropy_encrypted)
l = data[0]
if l > 32:
raise RuntimeError("Failed to decrypt entropy - data is corrupted")
return data[1:l+1]
def __init__(self, key, mode, IV):
if mode not in __MODES:
raise ValueError("unknown mode '{}'".format(mode))
if IV:
if len(IV) != 16:
raise ValueError('only 16-byte IVs are supported')
self._encryptor = ucryptolib.aes(key, mode, IV)
self._decryptor = ucryptolib.aes(key, mode, IV)
else:
if mode != MODE_ECB:
raise ValueError('{} mode requires an IV'.format(
__MODES[mode]))
self._encryptor = ucryptolib.aes(key, mode)
self._decryptor = ucryptolib.aes(key, mode)
self.block_size = len(key)
self._mode = mode
self._filebuf = bytearray(self.block_size)
self._filebuf_mv = memoryview(self._filebuf)
def dec_key_handle(data, application_parameter):
global ks_u2f
if len(data) != KEY_HANDLE_LENGTH:
return b''
if data[-32:] != hmac_sha256(ks_u2f.KEY_5C, ks_u2f.KEY_36,
data[:-32] + application_parameter):
return b''
dec = aes(ks_u2f.AES_KEY, MODE_CBC, ks_u2f.AES_IV)
return dec.decrypt(data[:32])
def derive_appskey(self, key, devnonce):
a = [0x02]
a += self.get_appnonce()
a += self.get_netid()
a += devnonce
a += [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
cipher = ucryptolib.aes(bytearray(key), MODE_ECB)
return list(map(int, cipher.encrypt(bytes(a))))
def encode(data, pwd):
if pwd == None:
return data
q = os.urandom(1)
pwd = (pwd + hex(q[0])[2:]).zfill(16)
data = len(data).to_bytes(2, 'little') + data
data = data + bytes(16 - len(data) % 16)
encryptor = aes(pwd.encode(), 1)
out = q + encryptor.encrypt(data)
return out
def encrypt(key,data):
# ended up not hasing the key, just pad it, make sure it's 16 bytes
cryptor = aes(pad_mod_16(key),2,iv)
# append chunk delimiter string before base64 encoding
ciphertext = cryptor.encrypt(pad_mod_16(str.encode(data)))
# encode to base 64 for sending
ciphertext_b64 = ubinascii.b2a_base64(ciphertext)
return ciphertext_b64+delimiter
def __decrypt_img(self, json_payload):
# decrypt key and IV using our RSA private key, then decrypt the image using AES
dec_key = a2b_base64(
rsa_decrypt(a2b_base64(json_payload['k']), self.private_key))
dec_iv = a2b_base64(
rsa_decrypt(a2b_base64(json_payload['i']), self.private_key))
decryptor = aes(dec_key, 2, dec_iv)
dec = decryptor.decrypt(a2b_base64(json_payload['d']))
# server uses DEFLATE to keep sizes down
return inflate(dec)
def encrypt_hex_bytes(self, msg):
self.buff[:] = bytearray(self.buff_size)
self.enc = ucryptolib.aes(self.key_e, self.mode, self.iv_e)
self.data_bytes = msg
self.block_len = len(self.data_bytes + b'\x00' *
((16 - (len(self.data_bytes) % 16)) % 16))
self.enc.encrypt(
self.data_bytes + b'\x00' *
((16 - (len(self.data_bytes) % 16)) % 16), self.buff)
gc.collect()
return hexlify(bytes(self.buff[:self.block_len]))
def encrypt(plain: bytes, key: bytes) -> bytes:
"""Encrypt data with bit padding (0x80...)"""
iv = rng.get_random_bytes(IV_SIZE)
crypto = aes(key, AES_CBC, iv)
# encrypted data should be mod 16 (blocksize)
# add padding
plain += b'\x80'
if len(plain) % AES_BLOCK != 0:
# fill with zeroes
plain += b"\x00" * (AES_BLOCK - (len(plain) % AES_BLOCK))
return iv + crypto.encrypt(plain)
def make_secure_packet(self, h):
"""Encrypts and returns plaintext appended with a 32B nonce (also returned)
AES 256 CBC is used (as opposed to EBC which would not be secure
in this implementation)
"""
nonce = urandom(32)
plaintext = h + nonce
e = aes(self.__key, 2, self.__iv)
print("AES encrypter created")
return e.encrypt(plaintext), nonce
def encrypt(self, mode, message):
"""
Encrypt message
"""
if self.__key is not None and mode != self.CRYPTO_MODE_NONE:
if mode == self.CRYPTO_MODE_AES:
cipher = aes(self.__key, self.UCRYPTOLIB_MODE_CBC, self.__iv)
if(len(message) % 16 > 0):
message += (b' ' * (16 - len(message) % 16))
return Tag.CRYPTO.ENCRYPTED + mode + cipher.encrypt(message)
return Tag.CRYPTO.ENCRYPTED + self.CRYPTO_MODE_NONE + message
def encrypt(self, sensor_data):
"""Encrypt each of the current initialization vector (iv), the nodeid, and the sensor_data
using (staticiv, ivkey) for iv and (iv, datakey) for nodeid and sensor_data
:param sensor_data : Acceleration X, Acceleration Y, Acceleration Z, and Temperature
"""
data = aes(self.datakey, 2, self.iv)
while (len(sensor_data) % 16 != 0):
self.counterData += 1
sensor_data += "0"
self.enData = data.encrypt(sensor_data)
##print("enData",self.enData)
self.nodeid = self.nodeid + b'0000'
self.nodeid = data.encrypt(bytes(self.nodeid))
#print('nodeid',self.nodeid)
iv = aes(self.ivkey, 2, self.staticiv)
#print(self.iv)
####'utf-8' is transfer to byte string
self.iv = iv.encrypt(bytes(self.iv, 'utf-8'))
def test(vector):
"Run the test block by block and compare to expected results"
key = VECTORS[vector]["key"]
mode = VECTORS[vector]["mode"]
initial = VECTORS[vector]["initial"]
blocks = VECTORS[vector]["blocks"]
# Encrypt direction
eng = ucryptolib.aes(key, mode, initial)
for block in blocks:
ciphertext = eng.encrypt(block[0])
assert ciphertext == block[1]
# Get a new object for decrypting.
# (Each aes object can be used for either encrypting or decrypting,
# but not both.)
eng = ucryptolib.aes(key, mode, initial)
for block in blocks:
plaintext = eng.decrypt(block[1])
assert plaintext == block[0]
print("Pass")
def _new(k, ctr_initial):
return aes(k, 6, ctr_initial)
# Inplace operations (input and output buffer is the same)
try:
from ucryptolib import aes
except ImportError:
print("SKIP")
raise SystemExit
crypto = aes(b"1234" * 4, 1)
buf = bytearray(bytes(range(32)))
crypto.encrypt(buf, buf)
print(buf)
crypto = aes(b"1234" * 4, 1)
crypto.decrypt(buf, buf)
print(buf)
try:
from Crypto.Cipher import AES
aes = AES.new
except ImportError:
try:
from ucryptolib import aes
except ImportError:
print("SKIP")
raise SystemExit
crypto = aes(b"1234" * 4, 2, b"5678" * 4)
enc = crypto.encrypt(bytes(range(32)))
print(enc)
crypto = aes(b"1234" * 4, 2, b"5678" * 4)
print(crypto.decrypt(enc))
