def setSessionKeys(self, nwkSKeyStr, appSKeyStr):
# Create AES and CMAC objects that can be reused. But remember to reset
# them after each encryption operation
self.aesWithNwkSKey = python_AES.new(nwkSKeyStr, python_AES.MODE_ECB)
self.aesWithAppSKey = python_AES.new(appSKeyStr, python_AES.MODE_ECB)
#self.cmacWithNwkSKey = python_AES.new(nwkSKeyStr, python_AES.MODE_CMAC)
self.nwkSKeyStr = nwkSKeyStr
self.appSKeyStr = appSKeyStr
def aesEncrypt(key, data, mode=None):
"""AES encryption function
Args:
key (str): packed 128 bit key
data (str): packed plain text data
mode (str): Optional mode specification (CMAC)
Returns:
Packed encrypted data string
"""
if mode == 'CMAC':
# Create AES cipher using key argument, and encrypt data
cipher = python_AES.new(key, python_AES.MODE_CMAC)
elif mode == None:
cipher = python_AES.new(key)
return cipher.encrypt(data)
def setKey(self, vek):
self.vek = vek
self.key1 = vek[0:16]
self.key2 = vek[16:]
self.cipher = python_AES.new((self.key1, self.key2),
python_AES.MODE_XTS)
if self.size > 0:
self.doLoadInitialBevy()
def encryptJoinAccept(self, byteStr):
'''
byteStr is | AppNonce | NetID | DevAddr | RFU | RxDelay | CFList | MIC |
secret key is AppKey
LoRaWAN Specification v1.0 Ch6.2.5
'''
paddedBuf = self.padToBlockSize(byteStr)
aesWithAppKey = python_AES.new(self.appKeyStr, python_AES.MODE_ECB)
return aesWithAppKey.decrypt(paddedBuf) # DECRYPT here is on purpose
def computeJoinMic(self, byteStr):
'''
byteStr is everything in the PHYPayload except MIC
secret key is AppKey
LoRaWAN Specification v1.0 Ch6.2.4 and Ch6.2.5
'''
# no padding is needed
cmacWithAppKey = python_AES.new(self.appKeyStr, python_AES.MODE_CMAC)
return cmacWithAppKey.encrypt(byteStr)[:4]
def e(key, plaintext):
"""! Security function e
Security function e generates 128-bit encryptedData from
a 128-bit key and 128-bit plaintextData using the
AES-128-bit block cypher
"""
c = python_AES.new(key)
ret = c.encrypt(plaintext)
return ret
def deriveSessionKey(self, byteStr):
'''
byteStr is | 0x01 or 0x02 | AppNonce | NetID | DevNonce | padding |
secret key is AppKey
LoRaWAN Specification v1.0 Ch6.2.5
'''
# Just to be certain that the buffer is padded
paddedBuf = self.padToBlockSize(byteStr)
aesWithAppKey = python_AES.new(self.appKeyStr, python_AES.MODE_ECB)
return aesWithAppKey.encrypt(paddedBuf)
def doDecompress(self, cbuffer, chunk_id):
if self.DEBUG:
return cbuffer
unit_number = chunk_id
tweak = struct.pack("<Q", unit_number)
cipher = python_AES.new((self.key1, self.key2), python_AES.MODE_XTS)
plaintext = cipher.decrypt(cbuffer, tweak)
return plaintext
def aesDecrypt(key, data):
"""AES decryption fucnction
Args:
key (str): packed 128 bit key
data (str): packed encrypted data
Returns:
Packed decrypted data string
"""
cipher = python_AES.new(key)
return cipher.decrypt(data)
def testEncrypt(self):
vek = binascii.unhexlify("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")
plaintext = src + b'\x00' * (512-len(src))
key1 = vek[0:16]
key2 = vek[16:]
tweak = codecs.decode('00', 'hex')
cipher = python_AES.new((key1,key2), python_AES.MODE_XTS)
ciphertext = cipher.encrypt(plaintext, tweak)
self.assertEqual(target_ciphertext, ciphertext)
def testDecrypt(self):
g = rdflib.Graph()
g.parse(data=keybagturtle, format="turtle")
kb = keybag.PasswordWrappedKeyBag.load(g)
key = "password"
kek = digest.pbkdf2_hmac("sha256", key, kb.salt, kb.iterations, kb.keySizeBytes);
vek = aes_unwrap_key(kek, kb.wrappedKey)
key1 = vek[0:16]
key2 = vek[16:]
tweak = codecs.decode('00', 'hex')
cipher = python_AES.new((key1, key2), python_AES.MODE_XTS)
text = cipher.decrypt(target_ciphertext, tweak)
self.assertEqual(src[0:len(src)], text[0:len(src)])
def testWrap(self):
keysize = 0x20 # in bytes
key = "password"
iterations = 147256
saltSize = 16
salt = binascii.unhexlify("000102030405060708090a0b0c0d0e0f")
#hhh = hashlib.pbkdf2_hmac("sha256", key.encode(), salt, iterations, keysize);
#print(len(hhh))
#print(binascii.hexlify(hhh))
kek = digest.pbkdf2_hmac("sha256", key, salt, iterations, keysize);
print(binascii.hexlify(kek))
#h = pbkdf2_sha256.encrypt(key, rounds=iterations, salt_size=saltSize)
# print(h)
vek = binascii.unhexlify("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")
print(len(vek))
wrapped_key= aes_wrap_key(kek, vek)
print(binascii.hexlify(wrapped_key))
plaintext = src + b'\x00' * (512-len(src))
#msg = dict_xts_aes['msg%i' % i].decode('hex')
#key = (dict_xts_aes['key1_%i' % i].decode('hex'), dict_xts_aes['key2_%i' % i].decode('hex'))
key1 = vek[0:16]
key2 = vek[16:]
#cip = dict_xts_aes['cip%i' % i].decode('hex')
#n = dict_xts_aes['n%i' % i].decode('hex')
tweak = codecs.decode('00', 'hex')
print(len(tweak))
cipher = python_AES.new((key1,key2), python_AES.MODE_XTS)
ciphertext = cipher.encrypt(plaintext, tweak)
print(len(ciphertext))
print(binascii.hexlify(ciphertext))
def computeFrameMic(self, msgStr, updown, devAddr, seqCnt, msgLen):
'''
msg: | MHDR | FHDR | FPORT | FRMPAYLOAD |
updown: 0 for UP_LINK and 1 for DOWN_LINK
devAddr (uint32): 4-byte device address
seqCnt (uint32): frame count
msgLen (uint8): byte count of msg
LoRaWAN Specification v1.0 Ch4.4
'''
# no padding is needed for CMAC. No finalizing needed either.
byteStr = str(bytearray([0x49, 0, 0, 0, 0, updown,
devAddr & 0xFF,
(devAddr >> 8) & 0xFF,
(devAddr >> 16) & 0xFF,
(devAddr >> 24) & 0xFF,
seqCnt & 0xFF,
(seqCnt >> 8) & 0xFF,
(seqCnt >> 16) & 0xFF,
(seqCnt >> 24) & 0xFF,
0, msgLen])) + msgStr
cmacWithNwkSKey = python_AES.new(self.nwkSKeyStr, python_AES.MODE_CMAC)
return cmacWithNwkSKey.encrypt(byteStr)[:4]
print 'ERROR! for present_e80-kvar_t12 in %i'%i
if msg <> decipher.decrypt(cip):
print 'DECRYPTION ERROR! for present_e80-kvar_t12 in %i'%i
# CBC, CFB, OFB and CTR with AES
print "AES"
from CryptoPlus.Cipher import python_AES
from CryptoPlus.Util import util
for i in range(1,len(dict_cbc_aes)/4+1):
msg = dict_cbc_aes['msg%i'%i].decode('hex')
iv = dict_cbc_aes['iv%i'%i].decode('hex')
key = dict_cbc_aes['key%i'%i].decode('hex')
cip = dict_cbc_aes['cip%i'%i].decode('hex')
cipher = python_AES.new(key,python_AES.MODE_CBC,iv)
decipher = python_AES.new(key,python_AES.MODE_CBC,iv)
if cip <> cipher.encrypt(msg):
print 'ERROR! for CBC-AES in %i'%i
if msg <> decipher.decrypt(cip):
print 'DECRYPTION ERROR! for CBC-AES in %i'%i
for i in range(1,len(dict_ctr_aes)/4+1):
msg = dict_ctr_aes['msg%i'%i].decode('hex')
ctr = dict_ctr_aes['ctr%i'%i].decode('hex')
key = dict_ctr_aes['key%i'%i].decode('hex')
cip = dict_ctr_aes['cip%i'%i].decode('hex')
counter = util.Counter(ctr)
counter2= util.Counter(ctr)
cipher = python_AES.new(key,python_AES.MODE_CTR,counter=counter)
decipher = python_AES.new(key,python_AES.MODE_CTR,counter=counter2)
def aes_cmac(k, m):
"""
@return MAC
"""
c = python_AES.new(k, python_AES.MODE_CMAC)
return c.encrypt(m)
print('ERROR! for present_e80-kvar_t12 in %i'%i)
if msg != decipher.decrypt(cip):
print('DECRYPTION ERROR! for present_e80-kvar_t12 in %i'%i)
# CBC, CFB, OFB and CTR with AES
print("AES")
from CryptoPlus.Cipher import python_AES
from CryptoPlus.Util import util
for i in range(1,len(dict_cbc_aes)//4+1):
msg = codecs.decode(dict_cbc_aes['msg%i'%i], 'hex')
iv = codecs.decode(dict_cbc_aes['iv%i'%i], 'hex')
key = codecs.decode(dict_cbc_aes['key%i'%i], 'hex')
cip = codecs.decode(dict_cbc_aes['cip%i'%i], 'hex')
cipher = python_AES.new(key,python_AES.MODE_CBC,iv)
decipher = python_AES.new(key,python_AES.MODE_CBC,iv)
if cip != cipher.encrypt(msg):
print('ERROR! for CBC-AES in %i'%i)
if msg != decipher.decrypt(cip):
print('DECRYPTION ERROR! for CBC-AES in %i'%i)
for i in range(1,len(dict_ctr_aes)//4+1):
msg = codecs.decode(dict_ctr_aes['msg%i'%i], 'hex')
ctr = codecs.decode(dict_ctr_aes['ctr%i'%i], 'hex')
key = codecs.decode(dict_ctr_aes['key%i'%i], 'hex')
cip = codecs.decode(dict_ctr_aes['cip%i'%i], 'hex')
counter = util.Counter(ctr)
counter2= util.Counter(ctr)
cipher = python_AES.new(key,python_AES.MODE_CTR,counter=counter)
decipher = python_AES.new(key,python_AES.MODE_CTR,counter=counter2)