def __init__(self, params: Dict[int, Any]): """ """ super().__init__(params) self._cipher: AESGCM # Validate alg. if self._alg == 1: # A128GCM if not self._key: self._key = AESGCM.generate_key(bit_length=128) if len(self._key) != 16: raise ValueError("The length of A128GCM key should be 16 bytes.") elif self._alg == 2: # A192GCM if not self._key: self._key = AESGCM.generate_key(bit_length=192) if len(self._key) != 24: raise ValueError("The length of A192GCM key should be 24 bytes.") elif self._alg == 3: # A256GCM if not self._key: self._key = AESGCM.generate_key(bit_length=256) if len(self._key) != 32: raise ValueError("The length of A256GCM key should be 32 bytes.") else: raise ValueError(f"Unsupported or unknown alg(3) for AES GCM: {self._alg}.") self._cipher = AESGCM(self._key) return
def handle_echo(reader, writer): global key global conn_cnt conn_cnt +=1 #gerar a key key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) aad = b'authenticated but unencrypted data' #Enviar a chave para o cliente writer.write(key) yield from writer.drain() srvwrk = ServerWorker(conn_cnt, aesgcm) data = yield from reader.read(100) while True: if data[:1]==b'E': break if not data: continue addr = writer.get_extra_info('peername') res = srvwrk.respond(data[1:], addr) if not res: break res = b'M'+res writer.write(res) yield from writer.drain() data = yield from reader.read(100) print("[%d]" % srvwrk.id) writer.close()
def encrypter(fname): tools.empty_folder('./encrypted/' + fname + '/files/' ) tools.empty_folder('./key/') key_1 = Fernet.generate_key() key_1_1 = Fernet.generate_key() key_1_2 = Fernet.generate_key() key_2 = ChaCha20Poly1305.generate_key() key_3 = AESGCM.generate_key(bit_length=128) key_4 = AESCCM.generate_key(bit_length=128) nonce13 = os.urandom(13) nonce12 = os.urandom(12) files = sorted(tools.list_dir('files')) for index in range(0,len(files)): if index%4 == 0: Algo1_extented(files[index],key_1_1,key_1_2, fname) elif index%4 == 1: Algo2(files[index],key_2,nonce12, fname) elif index%4 == 2: Algo3(files[index],key_3,nonce12, fname) else: Algo4(files[index],key_4,nonce13, fname) secret_information = (key_1_1)+":::::"+(key_1_2)+":::::"+(key_2)+":::::"+(key_3)+":::::"+(key_4)+":::::"+(nonce12)+":::::"+(nonce13) Algo1(secret_information,key_1, fname) # Static path to the image file for Steganography in_f = "./static/png.png" #out_f = './encrypted/' + fname + '/key/' + fname + '.png' out_f = './key/' + fname + '.png' in_img = cv2.imread(in_f) steg = Steganography(in_img) res = steg.encode_binary(key_1) cv2.imwrite(out_f, res) tools.empty_folder('files')
def generateAESkey(self): self.rtspSocket.send(b'Connection Request') while True: cert_data = self.rtspSocket.recv(1024) if cert_data: cert = x509.load_pem_x509_certificate( cert_data, backend=default_backend()) sig = cert.signature cert_bytes = cert.tbs_certificate_bytes self.ca_pk.verify(sig, cert_bytes, padding.PKCS1v15(), cert.signature_hash_algorithm) self.aes_key = AESGCM.generate_key(bit_length=128) self.aesgcm = AESGCM(self.aes_key) enc_key = self.ca_pk.encrypt( self.aes_key, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)) self.rtspSocket.send(enc_key) while True: conf = self.rtspSocket.recv(1024) if conf: if conf.decode() == "Connection Established": self.state = self.ESTABLISHED break break print("Key Exchange Completed")
def generate_symmetric_key(): """ Generate a new symmetric key and save it path specified by user in config YAML passed to `set_config()` Parameters ---------- num_bytes : int Number of bytes for key """ num_bytes = _LIB.cipher_key_size() if _CONF.get("general_config") is None: raise MC2ClientConfigError("Configuration not set") symmetric_key_path = EnvYAML( _CONF["general_config"])["user"]["symmetric_key"] if os.path.exists(symmetric_key_path): logger.warning( "Skipping symmetric key generation - key already exists at {}". format(symmetric_key_path)) return key = AESGCM.generate_key(bit_length=num_bytes * 8) with open(symmetric_key_path, "wb") as symm_key: symm_key.write(key) logger.info("Generated symmetric key and outputted to {}".format( symmetric_key_path))
def getRecordedTransactionIds(): keyExchange.completeExchange("Polling", "Audit") # Get shared key file = open("PollingToAuditSharedKey.txt", 'r') sharedKey = file.read() masterKey = getPollingMasterKey() polledVotersDictionary = getPolledVotersDictionary(masterKey) transactionIds = ",".join(polledVotersDictionary.values()) if transactionIds: pass else: transactionIds = "No votes" key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) nonce = os.urandom(12) messageToSendBytes = aesgcm.encrypt(nonce, transactionIds.encode(), None) ctr = Counter.new(128) cipher = AES.new(sharedKey, AES.MODE_CTR, counter=ctr) keyToSend = cipher.encrypt(key) nonceToSend = cipher.encrypt(nonce) return (messageToSendBytes, nonceToSend, keyToSend)
def isRegisteredVoter(voterId): keyExchange.completeExchange("Polling", "Registration") # Get shared key file = open("PollingToRegistrationSharedKey.txt", 'r') sharedKey = file.read() key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) nonce = os.urandom(12) voterIdBytes = aesgcm.encrypt(nonce, voterId.encode(), None) ctr = Counter.new(128) cipher = AES.new(sharedKey, AES.MODE_CTR, counter=ctr) keyToSend = cipher.encrypt(key) nonceToSend = cipher.encrypt(nonce) response = registration.checkVoterStatus(voterIdBytes, nonceToSend, keyToSend) receivedMessageCtr = Counter.new(128) receivedMessageCipher = AES.new(sharedKey, AES.MODE_CTR, counter=receivedMessageCtr) decryptedKey = receivedMessageCipher.decrypt(response[2]) decryptedNonce = receivedMessageCipher.decrypt(response[1]) aesgcm = AESGCM(decryptedKey) statusBytes = aesgcm.decrypt(decryptedNonce, response[0], None) status = eval(statusBytes.decode("utf-8")) return status
def transmitVote(vote, transactionId): keyExchange.completeExchange("Polling", "Audit") # Get shared key file = open("PollingToAuditSharedKey.txt", 'r') sharedKey = file.read() key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) nonce = os.urandom(12) messageToSendBytes = aesgcm.encrypt( nonce, "{0},{1}".format(transactionId, vote).encode(), None) ctr = Counter.new(128) cipher = AES.new(sharedKey, AES.MODE_CTR, counter=ctr) keyToSend = cipher.encrypt(key) nonceToSend = cipher.encrypt(nonce) response = audit.transmitVote(messageToSendBytes, nonceToSend, keyToSend) responseCtr = Counter.new(128) receivedMessageCtr = Counter.new(128) receivedMessageCipher = AES.new(sharedKey, AES.MODE_CTR, counter=receivedMessageCtr) decryptedKey = receivedMessageCipher.decrypt(response[2]) decryptedNonce = receivedMessageCipher.decrypt(response[1]) aesgcm = AESGCM(decryptedKey) statusBytes = aesgcm.decrypt(decryptedNonce, response[0], None) status = eval(statusBytes.decode("utf-8")) return status
def tcp_echo_client(loop=None): if loop is None: loop = asyncio.get_event_loop() reader, writer = yield from asyncio.open_connection('127.0.0.1', 8888, loop=loop) key = AESGCM.generate_key(bit_length=128) iid = yield from reader.read(256) #Receber os parametros p = yield from reader.read(3000) g = yield from reader.read(3000) criaAssinatura(iid.decode()) pn = dh.DHParameterNumbers(int(p.decode()), int(g.decode())) parameters = pn.parameters(default_backend()) private_key = parameters.generate_private_key() public_key = private_key.public_key() public_bytes = public_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo) writer.write(public_bytes) yield from writer.drain() #Receber a public key dele public_key2 = yield from reader.read(3000) partner_pk = load_pem_public_key(public_key2, default_backend()) shared_key = private_key.exchange(partner_pk) assinatura = assinar(public_bytes, public_key2) writer.write(assinatura) assinatura_partner = yield from reader.read(3000) if(len(assinatura_partner)!=0): res = verificar(assinatura_partner,public_bytes, public_key2) if res == 0: writer.write(b"") yield from writer.drain() data = b'S' #Gerar a chave aesgcm = AESGCM(shared_key[:32]) client = Client("Cliente 1", aesgcm) msg = client.initmsg() while len(data)>0: if msg: msg = b'M' + msg writer.write(msg) if msg[:1] == b'E': break data = yield from reader.read(100) if len(data)>0 : msg = client.respond(data[1:]) else: break else: break writer.write(b'E') print('Socket closed!') writer.close()
def encrypter(): tools.empty_folder('key') tools.empty_folder('encrypted') key_1 = Fernet.generate_key() key_1_1 = Fernet.generate_key() key_1_2 = Fernet.generate_key() key_2 = ChaCha20Poly1305.generate_key() key_3 = AESGCM.generate_key(bit_length=128) key_4 = AESCCM.generate_key(bit_length=128) nonce13 = os.urandom(13) nonce12 = os.urandom(12) files = sorted(tools.list_dir('files')) for index in range(0, len(files)): if index % 4 == 0: Algo1_extented(files[index], key_1_1, key_1_2) elif index % 4 == 1: Algo2(files[index], key_2, nonce12) elif index % 4 == 2: Algo3(files[index], key_3, nonce12) else: Algo4(files[index], key_4, nonce13) secret_information = (key_1_1) + ":::::" + (key_1_2) + ":::::" + ( key_2) + ":::::" + (key_3) + ":::::" + (key_4) + ":::::" + ( nonce12) + ":::::" + (nonce13) Algo1(secret_information, key_1) public_key = open("./key/Taale_Ki_Chabhi.pem", "wb") public_key.write(key_1) public_key.close() tools.empty_folder('files')
def tcp_echo_client(loop=None): if loop is None: loop = asyncio.get_event_loop() #gerar a key key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) reader, writer = yield from asyncio.open_connection('127.0.0.1', 8888, loop=loop) data = b'S' #transição da chave key = yield from reader.read(128) aesgcm = AESGCM(key) client = Client("Cliente 1", aesgcm) msg = client.initmsg() while len(data)>0: if msg: msg = b'M' + msg writer.write(msg) if msg[:1] == b'E': break data = yield from reader.read(100) if len(data)>0 : msg = client.respond(data[1:]) else: break else: break writer.write(b'E') print('Socket closed!') writer.close()
def AES_GCM(data, aad): key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) nonce = os.urandom(12) ct = aesgcm.encrypt(nonce, data, aad) pt = aesgcm.decrypt(nonce, ct, aad) return ct, pt
def _data_encrypt(self, data: bytes) -> Tuple[bytes, bytes, bytes]: """Asymmetrically encrypt a piece of data, returning a tuple containing the encrypted data as a bytes object, the plaintext (!) encryption key as a bytes object, and the nonce used to encrypt as a bytes object. Uses a 256-bit AES cipher in Galois Counter Mode, as recommended by Google for generating data encryption keys: https://cloud.google.com/kms/docs/envelope-encryption#data_encryption_keys Uses a 96-bit nonce length, as recommended by NIST for AES in GCM: https://csrc.nist.gov/publications/detail/sp/800-38d/final Args: data: The data to encrypt. Returns: Tuple: bytes: Encrypted data bytes: Plaintext (!) data encryption key -- encrypt with your key encryption key ASAP and do NOT store in plaintext!! bytes: 96-bit nonce value used with data encryption key when encrypting data. Under NO circumstances to be reused for encryption with the same key. """ key = AESGCM.generate_key(bit_length=256) aesgcm = AESGCM(key) nonce = os.urandom(12) # 12 bytes == 96 bits encrypted = aesgcm.encrypt(nonce, data, associated_data=None) return encrypted, key, nonce
def aesgcm_mode_encryption(bitlength, filename, key): fd = open(filename, "r") data = fd.read() data = data.encode() fd.close() if not key: print("****Generating key with key length:" + str(bitlength)) key = AESGCM.generate_key(bit_length=bitlength) else: fd = shelve.open(key) key = fd["key"] key = key[0] key1 = AESGCM(key) nonce = os.urandom(12) print("***Encrypting your data***") ct = key1.encrypt(nonce, data, None) ls = [key, nonce] print("***Saving your data to file:" + filename + "_encrypted.db***") new_name = filename + "_encrypted" db = shelve.open(new_name) db["data"] = ct db.close() print("***saving you key and nonces to file:" + filename + "_keys.db") key_file = filename + "_keys" db = shelve.open(key_file) db["key"] = ls db.close()
def __init__(self, in_key=None): self._backend = default_backend() self._block_size_bytes = int(ciphers.algorithms.AES.block_size / 8) if in_key is None: self._key = AESGCM.generate_key(bit_length=128) else: self._key = in_key self._aesgcm = AESGCM(self._key)
def test_params_not_bytes(self, nonce, data, associated_data, backend): key = AESGCM.generate_key(128) aesgcm = AESGCM(key) with pytest.raises(TypeError): aesgcm.encrypt(nonce, data, associated_data) with pytest.raises(TypeError): aesgcm.decrypt(nonce, data, associated_data)
def aesgcm_encrypt_message_and_sign(message, private_key): signature = sign_message(message, private_key) data = message + "*-*-*-*-*-*" + signature key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) nonce = os.urandom(12) ct = aesgcm.encrypt(nonce, data, None) return (ct, key, nonce)
def generate_key(cls, bit_length=256): """Generates an encryption key, then coverts it into a hex string. :param int bit_length: must be 128, 192, or 256. :return str: the generated key. """ key = AESGCM.generate_key(bit_length) return key.hex().upper()
def __encryptMessage(self, other_jid, plaintext): messages = {other_jid: {}, self.__my_jid: {}} aes_gcm_key = AESGCM.generate_key(bit_length=128) aes_gcm_iv = os.urandom(16) aes_gcm = AESGCM(aes_gcm_key) ciphertext = aes_gcm.encrypt(aes_gcm_iv, plaintext, None) aes_gcm_tag = ciphertext[-16:] ciphertext = ciphertext[:-16] other_devices = list(self.__bundles[other_jid].keys()) my_devices = list(self.__bundles[self.__my_jid].keys()) my_devices.remove(self.__my_device_id) def encryptAll(devices, jid): for device in devices: try: dr = self.__sessions[jid][device] pre_key = False except KeyError: session_init_data = self.initSessionActive( self.__bundles[jid][device]) dr = session_init_data["dr"] session_init_data = session_init_data["to_other"] pre_key = True self.__sessions[jid] = self.__sessions.get(jid, {}) self.__sessions[jid][device] = dr message = dr.encryptMessage(aes_gcm_key + aes_gcm_tag) message_data = wireformat.message_header.toWire( message["ciphertext"], message["header"], message["ad"], message["authentication_key"]) if pre_key: message_data = wireformat.pre_key_message_header.toWire( session_init_data, message_data) messages[jid][device] = { "message": message_data, "pre_key": pre_key } encryptAll(other_devices, other_jid) encryptAll(my_devices, self.__my_jid) return { "iv": aes_gcm_iv, "messages": messages, "payload": ciphertext, "cipher": aes_gcm }
def __init__(self, bit_length=0, key=None): Encrypter.__init__(self) if key: self.key = AESGCM(key) elif bit_length: if bit_length not in [128, 192, 256]: raise UnsupportedBitLength(bit_length) self.key = AESGCM.generate_key(bit_length=bit_length)
def transport_write(self,data): print("transport_write") #self.key_iv() key = AESGCM.generate_key(bit_length=128) encData = AESGCM(self.enc).encrypt(self.iv,data,None) self.iv = self.increIv(self.iv) dataPacket = DataPacket(data=encData) self.transport.write(dataPacket.__serialize__()) print("crap encrypted and sent data")
def AES_GCM_ecnrypt(text): data = bytes(text,'utf-8') aad = bytes("Research",'utf-8') key = AESGCM.generate_key(bit_length=128) aesgcm = AESGCM(key) nonce = os.urandom(12) ct = aesgcm.encrypt(nonce, data, aad) aesgcm.decrypt(nonce, ct, aad) return True
def test_associated_data_none_equal_to_empty_bytestring(self, backend): key = AESGCM.generate_key(128) aesgcm = AESGCM(key) nonce = os.urandom(12) ct1 = aesgcm.encrypt(nonce, b"some_data", None) ct2 = aesgcm.encrypt(nonce, b"some_data", b"") assert ct1 == ct2 pt1 = aesgcm.decrypt(nonce, ct1, None) pt2 = aesgcm.decrypt(nonce, ct2, b"") assert pt1 == pt2
def test_data_too_large(self): key = AESGCM.generate_key(128) aesgcm = AESGCM(key) nonce = b"0" * 12 with pytest.raises(OverflowError): aesgcm.encrypt(nonce, FakeData(), b"") with pytest.raises(OverflowError): aesgcm.encrypt(nonce, b"", FakeData())
def test_invalid_nonce_length(self, length, backend): if backend._fips_enabled: # Red Hat disables non-96-bit IV support as part of its FIPS # patches. pytest.skip("Non-96-bit IVs unsupported in FIPS mode.") key = AESGCM.generate_key(128) aesgcm = AESGCM(key) with pytest.raises(ValueError): aesgcm.encrypt(b"\x00" * length, b"hi", None)
def __init__(self, bit_length=0, key=None): Encrypter.__init__(self) if key: self.key = AESGCM(key) elif bit_length: if bit_length not in [128, 192, 256]: raise UnsupportedBitLength(bit_length) self.key = AESGCM(AESGCM.generate_key(bit_length=bit_length)) else: raise ValueError("Need key or key bit length")
def encrypt(message, key=None, nonce=None): if key is None: key = AESGCM.generate_key(bit_length=256) if nonce is None: nonce = urandom(12) data = message.encode() mac = HMAC(key, data + nonce, digestmod=sha256).digest() aesgcm = AESGCM(key) encrypted = aesgcm.encrypt(nonce, data, mac) splitter = "%%%".encode() return key, splitter.join([nonce, encrypted, mac])
def encrypt(self, msg): # initialize the key and nonce. encrypt the message using these values key = AESGCM.generate_key(bit_length = 128) aesgcm = AESGCM(key) nonce = os.urandom(12) _ciphertext = aesgcm.encrypt(nonce, msg, None) # append the nonce and key to the encrypted message so that we can # seperate the values in the decrypt method, as we will need access to # the same key and nonce _ciphertext = _ciphertext + nonce + key return _ciphertext
def test_invite_key_verification_fails_with_wrong_valid_key(client): invite = models.Invite.query.filter_by( email="*****@*****.**", role="Researcher").one_or_none() assert invite generate_invite_key_pair(invite) assert invite.nonce is not None assert invite.private_key is not None assert invite.public_key is not None token = encrypted_jwt_token( username="", sensitive_content=AESGCM.generate_key(bit_length=256).hex(), expires_in=datetime.timedelta(hours=24), additional_claims={"inv": invite.email}, ) assert token response = client.get(tests.DDSEndpoint.USER_CONFIRM + token, content_type="application/json") assert response.status == "200 OK" assert b"Create account" in response.data form_token = flask.g.csrf_token form_data = { "csrf_token": form_token, "email": invite.email, "name": "Test User", "username": "******", "password": "******", "confirm": "Password123", "submit": "submit", } response = client.post( tests.DDSEndpoint.USER_NEW, json=form_data, follow_redirects=True, ) assert response.status == "200 OK" invite = models.Invite.query.filter_by( email="*****@*****.**", role="Researcher").one_or_none() assert invite is not None user = models.User.query.filter_by( username=form_data["username"]).one_or_none() assert user is None
def encrypt_AESGCM(key:bytes, data:bytes, nonce:bytes, associated_data:bytes): if key == None: key = AESGCM.generate_key(256) aesgcm = AESGCM(key) encrypted_data = aesgcm.encrypt(nonce, data, associated_data) return key, encrypted_data else: aesgcm = AESGCM(key) encrypted_data = aesgcm.encrypt(nonce, data, associated_data) return encrypted_data
def test_buffer_protocol(self, backend): key = AESGCM.generate_key(128) aesgcm = AESGCM(key) pt = b"encrypt me" ad = b"additional" nonce = os.urandom(12) ct = aesgcm.encrypt(nonce, pt, ad) computed_pt = aesgcm.decrypt(nonce, ct, ad) assert computed_pt == pt aesgcm2 = AESGCM(bytearray(key)) ct2 = aesgcm2.encrypt(bytearray(nonce), pt, ad) assert ct2 == ct computed_pt2 = aesgcm2.decrypt(bytearray(nonce), ct2, ad) assert computed_pt2 == pt
def test_bad_generate_key(self, backend): with pytest.raises(TypeError): AESGCM.generate_key(object()) with pytest.raises(ValueError): AESGCM.generate_key(129)
def test_invalid_nonce_length(self, backend): key = AESGCM.generate_key(128) aesgcm = AESGCM(key) with pytest.raises(ValueError): aesgcm.encrypt(b"", b"hi", None)