362 lines
16 KiB
Python
362 lines
16 KiB
Python
from __future__ import unicode_literals
|
|
|
|
from math import ceil
|
|
|
|
from .compat import compat_b64decode
|
|
from .utils import bytes_to_intlist, intlist_to_bytes
|
|
|
|
BLOCK_SIZE_BYTES = 16
|
|
|
|
|
|
def aes_ctr_decrypt(data, key, counter):
|
|
"""
|
|
Decrypt with aes in counter mode
|
|
|
|
@param {int[]} data cipher
|
|
@param {int[]} key 16/24/32-Byte cipher key
|
|
@param {instance} counter Instance whose next_value function (@returns {int[]} 16-Byte block)
|
|
returns the next counter block
|
|
@returns {int[]} decrypted data
|
|
"""
|
|
expanded_key = key_expansion(key)
|
|
block_count = int(ceil(float(len(data)) / BLOCK_SIZE_BYTES))
|
|
|
|
decrypted_data = []
|
|
for i in range(block_count):
|
|
counter_block = counter.next_value()
|
|
block = data[i * BLOCK_SIZE_BYTES: (i + 1) * BLOCK_SIZE_BYTES]
|
|
block += [0] * (BLOCK_SIZE_BYTES - len(block))
|
|
|
|
cipher_counter_block = aes_encrypt(counter_block, expanded_key)
|
|
decrypted_data += xor(block, cipher_counter_block)
|
|
decrypted_data = decrypted_data[:len(data)]
|
|
|
|
return decrypted_data
|
|
|
|
|
|
def aes_cbc_decrypt(data, key, iv):
|
|
"""
|
|
Decrypt with aes in CBC mode
|
|
|
|
@param {int[]} data cipher
|
|
@param {int[]} key 16/24/32-Byte cipher key
|
|
@param {int[]} iv 16-Byte IV
|
|
@returns {int[]} decrypted data
|
|
"""
|
|
expanded_key = key_expansion(key)
|
|
block_count = int(ceil(float(len(data)) / BLOCK_SIZE_BYTES))
|
|
|
|
decrypted_data = []
|
|
previous_cipher_block = iv
|
|
for i in range(block_count):
|
|
block = data[i * BLOCK_SIZE_BYTES: (i + 1) * BLOCK_SIZE_BYTES]
|
|
block += [0] * (BLOCK_SIZE_BYTES - len(block))
|
|
|
|
decrypted_block = aes_decrypt(block, expanded_key)
|
|
decrypted_data += xor(decrypted_block, previous_cipher_block)
|
|
previous_cipher_block = block
|
|
decrypted_data = decrypted_data[:len(data)]
|
|
|
|
return decrypted_data
|
|
|
|
|
|
def aes_cbc_encrypt(data, key, iv):
|
|
"""
|
|
Encrypt with aes in CBC mode. Using PKCS#7 padding
|
|
|
|
@param {int[]} data cleartext
|
|
@param {int[]} key 16/24/32-Byte cipher key
|
|
@param {int[]} iv 16-Byte IV
|
|
@returns {int[]} encrypted data
|
|
"""
|
|
expanded_key = key_expansion(key)
|
|
block_count = int(ceil(float(len(data)) / BLOCK_SIZE_BYTES))
|
|
|
|
encrypted_data = []
|
|
previous_cipher_block = iv
|
|
for i in range(block_count):
|
|
block = data[i * BLOCK_SIZE_BYTES: (i + 1) * BLOCK_SIZE_BYTES]
|
|
remaining_length = BLOCK_SIZE_BYTES - len(block)
|
|
block += [remaining_length] * remaining_length
|
|
mixed_block = xor(block, previous_cipher_block)
|
|
|
|
encrypted_block = aes_encrypt(mixed_block, expanded_key)
|
|
encrypted_data += encrypted_block
|
|
|
|
previous_cipher_block = encrypted_block
|
|
|
|
return encrypted_data
|
|
|
|
|
|
def key_expansion(data):
|
|
"""
|
|
Generate key schedule
|
|
|
|
@param {int[]} data 16/24/32-Byte cipher key
|
|
@returns {int[]} 176/208/240-Byte expanded key
|
|
"""
|
|
data = data[:] # copy
|
|
rcon_iteration = 1
|
|
key_size_bytes = len(data)
|
|
expanded_key_size_bytes = (key_size_bytes // 4 + 7) * BLOCK_SIZE_BYTES
|
|
|
|
while len(data) < expanded_key_size_bytes:
|
|
temp = data[-4:]
|
|
temp = key_schedule_core(temp, rcon_iteration)
|
|
rcon_iteration += 1
|
|
data += xor(temp, data[-key_size_bytes: 4 - key_size_bytes])
|
|
|
|
for _ in range(3):
|
|
temp = data[-4:]
|
|
data += xor(temp, data[-key_size_bytes: 4 - key_size_bytes])
|
|
|
|
if key_size_bytes == 32:
|
|
temp = data[-4:]
|
|
temp = sub_bytes(temp)
|
|
data += xor(temp, data[-key_size_bytes: 4 - key_size_bytes])
|
|
|
|
for _ in range(3 if key_size_bytes == 32 else 2 if key_size_bytes == 24 else 0):
|
|
temp = data[-4:]
|
|
data += xor(temp, data[-key_size_bytes: 4 - key_size_bytes])
|
|
data = data[:expanded_key_size_bytes]
|
|
|
|
return data
|
|
|
|
|
|
def aes_encrypt(data, expanded_key):
|
|
"""
|
|
Encrypt one block with aes
|
|
|
|
@param {int[]} data 16-Byte state
|
|
@param {int[]} expanded_key 176/208/240-Byte expanded key
|
|
@returns {int[]} 16-Byte cipher
|
|
"""
|
|
rounds = len(expanded_key) // BLOCK_SIZE_BYTES - 1
|
|
|
|
data = xor(data, expanded_key[:BLOCK_SIZE_BYTES])
|
|
for i in range(1, rounds + 1):
|
|
data = sub_bytes(data)
|
|
data = shift_rows(data)
|
|
if i != rounds:
|
|
data = mix_columns(data)
|
|
data = xor(data, expanded_key[i * BLOCK_SIZE_BYTES: (i + 1) * BLOCK_SIZE_BYTES])
|
|
|
|
return data
|
|
|
|
|
|
def aes_decrypt(data, expanded_key):
|
|
"""
|
|
Decrypt one block with aes
|
|
|
|
@param {int[]} data 16-Byte cipher
|
|
@param {int[]} expanded_key 176/208/240-Byte expanded key
|
|
@returns {int[]} 16-Byte state
|
|
"""
|
|
rounds = len(expanded_key) // BLOCK_SIZE_BYTES - 1
|
|
|
|
for i in range(rounds, 0, -1):
|
|
data = xor(data, expanded_key[i * BLOCK_SIZE_BYTES: (i + 1) * BLOCK_SIZE_BYTES])
|
|
if i != rounds:
|
|
data = mix_columns_inv(data)
|
|
data = shift_rows_inv(data)
|
|
data = sub_bytes_inv(data)
|
|
data = xor(data, expanded_key[:BLOCK_SIZE_BYTES])
|
|
|
|
return data
|
|
|
|
|
|
def aes_decrypt_text(data, password, key_size_bytes):
|
|
"""
|
|
Decrypt text
|
|
- The first 8 Bytes of decoded 'data' are the 8 high Bytes of the counter
|
|
- The cipher key is retrieved by encrypting the first 16 Byte of 'password'
|
|
with the first 'key_size_bytes' Bytes from 'password' (if necessary filled with 0's)
|
|
- Mode of operation is 'counter'
|
|
|
|
@param {str} data Base64 encoded string
|
|
@param {str,unicode} password Password (will be encoded with utf-8)
|
|
@param {int} key_size_bytes Possible values: 16 for 128-Bit, 24 for 192-Bit or 32 for 256-Bit
|
|
@returns {str} Decrypted data
|
|
"""
|
|
NONCE_LENGTH_BYTES = 8
|
|
|
|
data = bytes_to_intlist(compat_b64decode(data))
|
|
password = bytes_to_intlist(password.encode('utf-8'))
|
|
|
|
key = password[:key_size_bytes] + [0] * (key_size_bytes - len(password))
|
|
key = aes_encrypt(key[:BLOCK_SIZE_BYTES], key_expansion(key)) * (key_size_bytes // BLOCK_SIZE_BYTES)
|
|
|
|
nonce = data[:NONCE_LENGTH_BYTES]
|
|
cipher = data[NONCE_LENGTH_BYTES:]
|
|
|
|
class Counter(object):
|
|
__value = |