def get_encryption():
return '''
import base64
from Crypto import Random
from Crypto.Cipher import AES
abbrev = '{2}'
{0} = base64.b64decode('{1}')
def encrypt(raw):
iv = Random.new().read( AES.block_size )
cipher = AES.new({0}, AES.MODE_CFB, iv )
return (base64.b64encode( iv + cipher.encrypt( raw ) ) )
def decrypt(enc):
enc = base64.b64decode(enc)
iv = enc[:16]
cipher = AES.new({0}, AES.MODE_CFB, iv )
return cipher.decrypt( enc[16:] )
'''.format(st_obf[0],aes_encoded,aes_abbrev)
################################################################################
# st_protocol.py stitch_gen variables #
################################################################################
python类new()的实例源码
def AESEnc(sour, key):
from Crypto.Cipher import AES
from Crypto import Random
sour = sour.encode('utf8')
key = key.encode('utf8')
bs = AES.block_size
pad = lambda s: s + (bs - len(s) % bs) * chr(bs - len(s) % bs)
iv = Random.new().read(bs)
cipher = AES.new(key, AES.MODE_ECB, iv)
resData1 = cipher.encrypt(pad(sour))
resData2 = resData1.encode('hex')
resData3 = resData2.upper()
print resData3
return resData3
def testEncrypt1(self):
# Verify encryption using all test vectors
for test in self._testData:
# Build the key
comps = [ long(rws(test[0][x]),16) for x in ('n','e') ]
key = RSA.construct(comps)
# RNG that takes its random numbers from a pool given
# at initialization
class randGen:
def __init__(self, data):
self.data = data
self.idx = 0
def __call__(self, N):
r = self.data[self.idx:N]
self.idx += N
return r
# The real test
key._randfunc = randGen(t2b(test[3]))
cipher = PKCS.new(key, test[4])
ct = cipher.encrypt(t2b(test[1]))
self.assertEqual(ct, t2b(test[2]))
def testEncryptDecrypt1(self):
# Helper function to monitor what's requested from RNG
global asked
def localRng(N):
global asked
asked += N
return self.rng(N)
# Verify that OAEP is friendly to all hashes
for hashmod in (MD2,MD5,SHA1,SHA256,RIPEMD):
# Verify that encrypt() asks for as many random bytes
# as the hash output size
asked = 0
pt = self.rng(40)
self.key1024._randfunc = localRng
cipher = PKCS.new(self.key1024, hashmod)
ct = cipher.encrypt(pt)
self.assertEqual(cipher.decrypt(ct), pt)
self.failUnless(asked > hashmod.digest_size)
def testEncrypt1(self):
for test in self._testData:
# Build the key
key = RSA.importKey(test[0])
# RNG that takes its random numbers from a pool given
# at initialization
class randGen:
def __init__(self, data):
self.data = data
self.idx = 0
def __call__(self, N):
r = self.data[self.idx:N]
self.idx += N
return r
# The real test
key._randfunc = randGen(t2b(test[3]))
cipher = PKCS.new(key)
ct = cipher.encrypt(b(test[1]))
self.assertEqual(ct, t2b(test[2]))
def testSign1(self):
for i in range(len(self._testData)):
row = self._testData[i]
# Build the key
if isStr(row[0]):
key = RSA.importKey(row[0])
else:
comps = [ long(rws(row[0][x]),16) for x in ('n','e','d') ]
key = RSA.construct(comps)
h = row[3].new()
# Data to sign can either be in hex form or not
try:
h.update(t2b(row[1]))
except:
h.update(b(row[1]))
# The real test
signer = PKCS.new(key)
self.failUnless(signer.can_sign())
s = signer.sign(h)
self.assertEqual(s, t2b(row[2]))
def testVerify1(self):
for i in range(len(self._testData)):
row = self._testData[i]
# Build the key
if isStr(row[0]):
key = RSA.importKey(row[0]).publickey()
else:
comps = [ long(rws(row[0][x]),16) for x in ('n','e') ]
key = RSA.construct(comps)
h = row[3].new()
# Data to sign can either be in hex form or not
try:
h.update(t2b(row[1]))
except:
h.update(b(row[1]))
# The real test
verifier = PKCS.new(key)
self.failIf(verifier.can_sign())
result = verifier.verify(h, t2b(row[2]))
self.failUnless(result)
def testSign1(self):
for i in range(len(self._testData)):
# Build the key
comps = [ long(rws(self._testData[i][0][x]),16) for x in ('n','e','d') ]
key = MyKey(RSA.construct(comps))
# Hash function
h = self._testData[i][4].new()
# Data to sign
h.update(t2b(self._testData[i][1]))
# Salt
test_salt = t2b(self._testData[i][3])
key._randfunc = lambda N: test_salt
# The real test
signer = PKCS.new(key)
self.failUnless(signer.can_sign())
s = signer.sign(h)
self.assertEqual(s, t2b(self._testData[i][2]))
def getRandomInteger(N, randfunc=None):
"""getRandomInteger(N:int, randfunc:callable):long
Return a random number with at most N bits.
If randfunc is omitted, then Random.new().read is used.
This function is for internal use only and may be renamed or removed in
the future.
"""
if randfunc is None:
_import_Random()
randfunc = Random.new().read
S = randfunc(N>>3)
odd_bits = N % 8
if odd_bits != 0:
char = ord(randfunc(1)) >> (8-odd_bits)
S = bchr(char) + S
value = bytes_to_long(S)
return value
def __init__(self, ciphermodule, mode=None, IV=None):
"""AllOrNothing(ciphermodule, mode=None, IV=None)
ciphermodule is a module implementing the cipher algorithm to
use. It must provide the PEP272 interface.
Note that the encryption key is randomly generated
automatically when needed. Optional arguments mode and IV are
passed directly through to the ciphermodule.new() method; they
are the feedback mode and initialization vector to use. All
three arguments must be the same for the object used to create
the digest, and to undigest'ify the message blocks.
"""
self.__ciphermodule = ciphermodule
self.__mode = mode
self.__IV = IV
self.__key_size = ciphermodule.key_size
if not isInt(self.__key_size) or self.__key_size==0:
self.__key_size = 16
def __init__(self):
self.iv = Random.new().read(AES.block_size)
self.key = Random.new().read(AES.block_size)
self.cipher = AES.new(key=self.key, mode=AES.MODE_CBC, IV=self.iv)
texts = []
self.plaintexts = []
# Reads all the lines from the data, as binary strings, then decodes
# them from base64 and applies Pkcs7 padding.
with open('data/7.txt', 'rb') as dataFile:
texts = dataFile.readlines()
for text in texts:
strText = base64.b64decode(text)
self.plaintexts.append(Pkcs7(strText))
def RandomEncrypt(plaintext):
"""Returns a tuple with the encrypted text and the mode used."""
# Random key.
key = Random.new().read(AES.block_size)
# Random padding both before and after the plaintext. The
# size of the second padding cannot be random since the result
# needs to have a number of bytes multiple of 16.
paddingSize = random.randint(5, 10)
prepend = Random.new().read(paddingSize)
append = Random.new().read(AES.block_size - paddingSize)
# Pick encryption mode at random.
mode = None
if random.randint(0, 1) == 0:
mode = AES.MODE_ECB
else:
mode = AES.MODE_CBC
# Perform the encryption.
aes = aes_lib.AESCipher(key, mode=mode)
text = prepend + plaintext + append
return (aes.aes_encrypt(text), mode)
def __init__(self, key=None, mode=AES.MODE_ECB, iv=None):
"""Initialize a AES cipher with the given mode, and key (as a byte string)
Parameters:
key: the key, as a byte string (e.g. b'YELLOW SUBMARINE'). If None,
a random one will be generated.
mode: AES mode. Default: AES.MODE_ECB.
iv: IV. If None, a random one will be generated internally.
"""
if iv is None:
self._iv = self.GenerateRandomBytes(AES.block_size)
else:
self._iv = iv
if key is None:
self._key = self.GenerateRandomBytes(AES.block_size)
else:
self._key = key
self.mode = mode
self._cipher = AES.new(key=self._key, mode=self.mode, IV=self._iv)
def MerkleDamgard(message, state, stateLen):
"""Applies an arbitrary Merkle-Damgard construction to the message.
The default state length and initial state are those used all over
this program.
"""
newState = state
# The state length we use is shorter than what AES wants for the keys.
newState = padPKCS7(newState)
for i in range(GetNumBlocks(message)):
cipher = AES.new(newState, AES.MODE_ECB)
newState = cipher.encrypt(GetBlock(message, i))
# This would be a really bad idea to do in practice, if we are
# actually using AES or an algorithm that requires keys of
# a certain size. It's needed here because the hash and
# the key needs to be the same for the challenge to work, and
# the hash we return has 2 bytes.
newState = padPKCS7(newState[:stateLen])
return newState[:stateLen]
# Generates the initial 2**k states of the tree at random. We make
# all of them different with each other.
def CBCMacWithStates(message, iv):
"""Computes the CBC-MAC of a message given the IV.
Returns a tuple with the hash and a list of tuples; the first
element is the block index and the second is the intermediate state
associated with that block, as a byte string.
It is expected that this returns the same hash as CBC-MAC above
given the same inputs.
"""
M_states = []
paddedMessage = padPKCS7(message)
intermediateMessage = b''
currentState = iv
for bIndex in range(GetNumBlocks(paddedMessage)):
intermediateMessage = GetBlock(paddedMessage, bIndex)
cipher = AES.new(b'YELLOW SUBMARINE', AES.MODE_CBC, currentState)
currentState = cipher.encrypt(intermediateMessage)
currentState = currentState[-AES.block_size:]
M_states.append( ( bIndex, currentState ) )
return currentState, M_states
def encrypt(self, plaintext):
"""CBC encryption."""
cipher = AES.new(key=self._key, mode=AES.MODE_ECB)
# The full URL is not necessary for this setup, so I am just encrypting
# the plaintext as it is. I don't even need to support padding.
prev_ct = self._iv
block_index = 0
ciphertext = b''
# The loop simulates encryption through AES in CBC mode.
while block_index < len(plaintext):
block = plaintext[block_index : block_index + AES.block_size]
final_block = strxor(block, prev_ct)
cipher_block = cipher.encrypt(final_block)
prev_ct = cipher_block
ciphertext += cipher_block
block_index += AES.block_size
return ciphertext
def EditCTR(ciphertext, offset, newText, ctrObj):
numBlocks = block_utils.GetNumBlocks(ciphertext)
# Sanity checking.
if offset < 0 or offset > numBlocks - 1:
raise ValueError("Invalid offset.")
if len(newText) != AES.block_size:
raise ValueError("New plaintext must be 1 block in size")
# Encrypt the new block of text using the value of the
# counter for the 'offset' block of the ciphertext. The idea
# is that newBlock will replace the block at position 'offset'
# in the ciphertext, although here we do not perform the
# actual substitution.
newBlock = ctrObj.OneBlockCrypt(newText, offset)
return newBlock
# This function is only here to recover the text as explained
# in the challenge. Of course here we need to know the key :)
def testEncrypt1(self):
# Verify encryption using all test vectors
for test in self._testData:
# Build the key
comps = [ long(rws(test[0][x]),16) for x in ('n','e') ]
key = RSA.construct(comps)
# RNG that takes its random numbers from a pool given
# at initialization
class randGen:
def __init__(self, data):
self.data = data
self.idx = 0
def __call__(self, N):
r = self.data[self.idx:N]
self.idx += N
return r
# The real test
key._randfunc = randGen(t2b(test[3]))
cipher = PKCS.new(key, test[4])
ct = cipher.encrypt(t2b(test[1]))
self.assertEqual(ct, t2b(test[2]))
def testEncryptDecrypt1(self):
# Helper function to monitor what's requested from RNG
global asked
def localRng(N):
global asked
asked += N
return self.rng(N)
# Verify that OAEP is friendly to all hashes
for hashmod in (MD2,MD5,SHA1,SHA256,RIPEMD):
# Verify that encrypt() asks for as many random bytes
# as the hash output size
asked = 0
pt = self.rng(40)
self.key1024._randfunc = localRng
cipher = PKCS.new(self.key1024, hashmod)
ct = cipher.encrypt(pt)
self.assertEqual(cipher.decrypt(ct), pt)
self.failUnless(asked > hashmod.digest_size)
def testEncrypt1(self):
for test in self._testData:
# Build the key
key = RSA.importKey(test[0])
# RNG that takes its random numbers from a pool given
# at initialization
class randGen:
def __init__(self, data):
self.data = data
self.idx = 0
def __call__(self, N):
r = self.data[self.idx:N]
self.idx += N
return r
# The real test
key._randfunc = randGen(t2b(test[3]))
cipher = PKCS.new(key)
ct = cipher.encrypt(b(test[1]))
self.assertEqual(ct, t2b(test[2]))
def testSign1(self):
for i in range(len(self._testData)):
row = self._testData[i]
# Build the key
if isStr(row[0]):
key = RSA.importKey(row[0])
else:
comps = [ long(rws(row[0][x]),16) for x in ('n','e','d') ]
key = RSA.construct(comps)
h = row[3].new()
# Data to sign can either be in hex form or not
try:
h.update(t2b(row[1]))
except:
h.update(b(row[1]))
# The real test
signer = PKCS.new(key)
self.failUnless(signer.can_sign())
s = signer.sign(h)
self.assertEqual(s, t2b(row[2]))
def testVerify1(self):
for i in range(len(self._testData)):
row = self._testData[i]
# Build the key
if isStr(row[0]):
key = RSA.importKey(row[0]).publickey()
else:
comps = [ long(rws(row[0][x]),16) for x in ('n','e') ]
key = RSA.construct(comps)
h = row[3].new()
# Data to sign can either be in hex form or not
try:
h.update(t2b(row[1]))
except:
h.update(b(row[1]))
# The real test
verifier = PKCS.new(key)
self.failIf(verifier.can_sign())
result = verifier.verify(h, t2b(row[2]))
self.failUnless(result)
def testSign1(self):
for i in range(len(self._testData)):
# Build the key
comps = [ long(rws(self._testData[i][0][x]),16) for x in ('n','e','d') ]
key = MyKey(RSA.construct(comps))
# Hash function
h = self._testData[i][4].new()
# Data to sign
h.update(t2b(self._testData[i][1]))
# Salt
test_salt = t2b(self._testData[i][3])
key._randfunc = lambda N: test_salt
# The real test
signer = PKCS.new(key)
self.failUnless(signer.can_sign())
s = signer.sign(h)
self.assertEqual(s, t2b(self._testData[i][2]))
def getRandomInteger(N, randfunc=None):
"""getRandomInteger(N:int, randfunc:callable):long
Return a random number with at most N bits.
If randfunc is omitted, then Random.new().read is used.
This function is for internal use only and may be renamed or removed in
the future.
"""
if randfunc is None:
_import_Random()
randfunc = Random.new().read
S = randfunc(N>>3)
odd_bits = N % 8
if odd_bits != 0:
char = ord(randfunc(1)) >> (8-odd_bits)
S = bchr(char) + S
value = bytes_to_long(S)
return value
def __init__(self, ciphermodule, mode=None, IV=None):
"""AllOrNothing(ciphermodule, mode=None, IV=None)
ciphermodule is a module implementing the cipher algorithm to
use. It must provide the PEP272 interface.
Note that the encryption key is randomly generated
automatically when needed. Optional arguments mode and IV are
passed directly through to the ciphermodule.new() method; they
are the feedback mode and initialization vector to use. All
three arguments must be the same for the object used to create
the digest, and to undigest'ify the message blocks.
"""
self.__ciphermodule = ciphermodule
self.__mode = mode
self.__IV = IV
self.__key_size = ciphermodule.key_size
if not isInt(self.__key_size) or self.__key_size==0:
self.__key_size = 16
def get_key(encoded_key):
IV = None
CIPHER = None
if encoded_key is False:
try:
MYFILE = Tools.__path__[0]+os.sep+"admin"+os.sep+'secret.key'
with open(MYFILE, 'r') as myfileHandle:
encoded_key = myfileHandle.read()
except IOError:
print_error("Could not find the secret.key file in Tools/Admin!")
try:
IV = Random.new().read(AES.block_size)
CIPHER = AES.new(base64.b64decode(encoded_key), AES.MODE_CFB, IV)
except Exception as e:
print_exception("Some problem occured: {0}".format(e))
return IV, CIPHER
def decrypt_file_aes(self, in_file, out_file, password, key_length=32):
bs = AES.block_size
salt = in_file.read(bs)[len('Salted__'):]
key, iv = self.derive_key_and_iv(password, salt, key_length, bs)
cipher = AES.new(key, AES.MODE_CBC, iv)
next_chunk = ''
finished = False
while not finished:
chunk, next_chunk = next_chunk, cipher.decrypt(in_file.read(1024 * bs))
if len(next_chunk) == 0:
padding_length = ord(chunk[-1])
if padding_length < 1 or padding_length > bs:
raise ValueError('bad decrypt pad (%d)' % padding_length)
# all the pad-bytes must be the same
if chunk[-padding_length:] != (padding_length * chr(padding_length)):
# this is similar to the bad decrypt:evp_enc.c from openssl program
raise ValueError('bad decrypt')
chunk = chunk[:-padding_length]
finished = True
out_file.write(chunk)
def lmots_sig_to_pub(sig, S, lmots_type, message):
signature = LmotsSignature.deserialize(sig)
if (signature.type != lmots_type):
raise ValueError(err_unknown_typecode)
n, p, w, ls = lmots_params[lmots_type]
hashQ = H(S + signature.C + message + D_MESG)
V = hashQ + checksum(hashQ, w, ls)
hash = SHA256.new()
hash.update(S)
for i, y in enumerate(signature.y):
tmp = y
for j in xrange(coef(V, i, w), 2**w - 1):
tmp = H(S + tmp + u16str(i) + u8str(j) + D_ITER)
hash.update(tmp)
hash.update(D_PBLC)
return hash.digest()
# ***************************************************************
# |
# LMS N-time signatures functions |
# |
# ***************************************************************
def testEncrypt1(self):
# Verify encryption using all test vectors
for test in self._testData:
# Build the key
comps = [ long(rws(test[0][x]),16) for x in ('n','e') ]
key = RSA.construct(comps)
# RNG that takes its random numbers from a pool given
# at initialization
class randGen:
def __init__(self, data):
self.data = data
self.idx = 0
def __call__(self, N):
r = self.data[self.idx:N]
self.idx += N
return r
# The real test
key._randfunc = randGen(t2b(test[3]))
cipher = PKCS.new(key, test[4])
ct = cipher.encrypt(t2b(test[1]))
self.assertEqual(ct, t2b(test[2]))
def testEncryptDecrypt1(self):
# Helper function to monitor what's requested from RNG
global asked
def localRng(N):
global asked
asked += N
return self.rng(N)
# Verify that OAEP is friendly to all hashes
for hashmod in (MD2,MD5,SHA1,SHA256,RIPEMD):
# Verify that encrypt() asks for as many random bytes
# as the hash output size
asked = 0
pt = self.rng(40)
self.key1024._randfunc = localRng
cipher = PKCS.new(self.key1024, hashmod)
ct = cipher.encrypt(pt)
self.assertEqual(cipher.decrypt(ct), pt)
self.failUnless(asked > hashmod.digest_size)
