python/ai-business-write
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ai-business-write/venv/Lib/site-packages/Crypto/Cipher/_mode_kw.py

159 lines
4.3 KiB
Python
Raw Blame History

import struct
from collections import deque
from types import ModuleType
from typing import Union
from Crypto.Util.strxor import strxor
def W(cipher: ModuleType,
plaintext: Union[bytes, bytearray]) -> bytes:
S = [plaintext[i:i+8] for i in range(0, len(plaintext), 8)]
n = len(S)
s = 6 * (n - 1)
A = S[0]
R = deque(S[1:])
for t in range(1, s + 1):
t_64 = struct.pack('>Q', t)
ct = cipher.encrypt(A + R.popleft())
A = strxor(ct[:8], t_64)
R.append(ct[8:])
return A + b''.join(R)
def W_inverse(cipher: ModuleType,
ciphertext: Union[bytes, bytearray]) -> bytes:
C = [ciphertext[i:i+8] for i in range(0, len(ciphertext), 8)]
n = len(C)
s = 6 * (n - 1)
A = C[0]
R = deque(C[1:])
for t in range(s, 0, -1):
t_64 = struct.pack('>Q', t)
pt = cipher.decrypt(strxor(A, t_64) + R.pop())
A = pt[:8]
R.appendleft(pt[8:])
return A + b''.join(R)
class KWMode(object):
"""Key Wrap (KW) mode.
This is a deterministic Authenticated Encryption (AE) mode
for protecting cryptographic keys. See `NIST SP800-38F`_.
It provides both confidentiality and authenticity, and it designed
so that any bit of the ciphertext depends on all bits of the plaintext.
This mode is only available for ciphers that operate on 128 bits blocks
(e.g., AES).
.. _`NIST SP800-38F`: http://csrc.nist.gov/publications/nistpubs/800-38F/SP-800-38F.pdf
:undocumented: __init__
"""
def __init__(self,
factory: ModuleType,
key: Union[bytes, bytearray]):
self.block_size = factory.block_size
if self.block_size != 16:
raise ValueError("Key Wrap mode is only available for ciphers"
" that operate on 128 bits blocks")
self._factory = factory
self._cipher = factory.new(key, factory.MODE_ECB)
self._done = False
def seal(self, plaintext: Union[bytes, bytearray]) -> bytes:
"""Encrypt and authenticate (wrap) a cryptographic key.
Args:
plaintext:
The cryptographic key to wrap.
It must be at least 16 bytes long, and its length
must be a multiple of 8.
Returns:
The wrapped key.
"""
if self._done:
raise ValueError("The cipher cannot be used more than once")
if len(plaintext) % 8:
raise ValueError("The plaintext must have length multiple of 8 bytes")
if len(plaintext) < 16:
raise ValueError("The plaintext must be at least 16 bytes long")
if len(plaintext) >= 2**32:
raise ValueError("The plaintext is too long")
res = W(self._cipher, b'\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6' + plaintext)
self._done = True
return res
def unseal(self, ciphertext: Union[bytes, bytearray]) -> bytes:
"""Decrypt and authenticate (unwrap) a cryptographic key.
Args:
ciphertext:
The cryptographic key to unwrap.
It must be at least 24 bytes long, and its length
must be a multiple of 8.
Returns:
The original key.
Raises: ValueError
If the ciphertext or the key are not valid.
"""
if self._done:
raise ValueError("The cipher cannot be used more than once")
if len(ciphertext) % 8:
raise ValueError("The ciphertext must have length multiple of 8 bytes")
if len(ciphertext) < 24:
raise ValueError("The ciphertext must be at least 24 bytes long")
pt = W_inverse(self._cipher, ciphertext)
if pt[:8] != b'\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6':
raise ValueError("Incorrect integrity check value")
self._done = True
return pt[8:]
def _create_kw_cipher(factory: ModuleType,
**kwargs: Union[bytes, bytearray]) -> KWMode:
"""Create a new block cipher in Key Wrap mode.
Args:
factory:
A block cipher module, taken from `Crypto.Cipher`.
The cipher must have block length of 16 bytes, such as AES.
Keywords:
key:
The secret key to use to seal or unseal.
"""
try:
key = kwargs["key"]
except KeyError as e:
raise TypeError("Missing parameter:" + str(e))
return KWMode(factory, key)
Reference in New Issue View Git Blame Copy Permalink