PrivateBin CLI on python 3
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

148 lines
4.0 KiB

8 years ago
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Edited SJCL.py library (https://github.com/berlincode/sjcl/)
for AES.MODE_GCM support, work begin.
8 years ago
pip3.5 install pycryptodome
8 years ago
"""
from Crypto.Hash import SHA256, HMAC
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import base64
def truncate_iv(iv, ol, tlen): # ol and tlen in bits
ivl = len(iv) # iv length in bytes
ol = (ol - tlen) // 8
# "compute the length of the length" (see gcm.js)
L = 2
while (L < 4) and ((ol >> (8*L))) > 0:
L += 1
if L < 15 - ivl:
L = 15 - ivl
return iv[:(15-L)]
def check_mode_gcm():
# checks if pycrypto has support for gcm
try:
AES.MODE_GCM
except:
raise Exception(
"Pycrypto does not seem to support MODE_gcm. " +
"You need a version >= 2.7a1 (or a special branch)."
)
class SJCL(object):
def __init__(self):
self.salt_size = 8 # bytes
self.tag_size = 16 # bytes
self.mac_size = 16 # bytes; mac = message authentication code (MAC)
self.prf = lambda p, s: HMAC.new(p, s, SHA256).digest()
def decrypt(self, data, passphrase):
check_mode_gcm() # check gcm support
if data["cipher"] != "aes":
raise Exception("only aes cipher supported")
print(data["mode"])
if data["mode"] != "gcm":
raise Exception("unknown mode(!=gcm)")
if data["adata"] != "":
raise Exception("additional authentication data not equal ''")
if data["v"] != 1:
raise Exception("only version 1 is currently supported")
if data["ts"] != self.tag_size * 8:
raise Exception("desired tag length != %d" % (self.tag_size * 8))
salt = base64.b64decode(data["salt"])
# print "salt", hex_string(salt)
if len(salt) != self.salt_size:
raise Exception("salt should be %d bytes long" % self.salt_size)
dkLen = data["ks"] / 8
if dkLen != 32:
raise Exception("key length should be 32 bytes")
8 years ago
key = PBKDF2(
passphrase,
salt,
count=data['iter'],
dkLen=dkLen,
prf=self.prf
)
# print "key", hex_string(key)
ciphertext = base64.b64decode(data["ct"])
# ciphertext = data["ct"]
8 years ago
iv = base64.b64decode(data["iv"])
# print AES.block_size
nonce = truncate_iv(iv, len(ciphertext)*8, data["ts"])
# split tag from ciphertext (tag was simply appended to ciphertext)
mac = ciphertext[-(data["ts"] / 8):]
8 years ago
# print len(ciphertext)
ciphertext = ciphertext[:-(data["ts"] / 8)]
8 years ago
# print len(ciphertext)
# print len(tag)
# print "len", len(nonce)
cipher = AES.new(key, AES.MODE_GCM, nonce)
plaintext = cipher.decrypt(ciphertext)
# print(mac)
8 years ago
# cipher.verify(mac)
return plaintext
def encrypt(self, plaintext, passphrase, count=10000, dkLen=32):
8 years ago
# dkLen = key length in bytes
check_mode_gcm() # check gcm support
salt = get_random_bytes(self.salt_size)
iv = get_random_bytes(16) # TODO dkLen?
key = PBKDF2(passphrase, salt, count=count, dkLen=dkLen, prf=self.prf)
# TODO plaintext padding?
nonce = truncate_iv(iv, len(plaintext) * 8, self.tag_size * 8)
# print len(nonce)
cipher = AES.new(
key,
AES.MODE_GCM,
nonce,
mac_len=self.mac_size
)
ciphertext = cipher.encrypt(plaintext)
mac = cipher.digest()
ciphertext = ciphertext + mac
return {
"salt": base64.b64encode(salt).decode('UTF-8'),
8 years ago
"iter": count,
"ks": dkLen*8,
"ct": base64.b64encode(ciphertext).decode('UTF-8'),
"iv": base64.b64encode(iv).decode('UTF-8'),
8 years ago
"cipher": "aes",
"mode": "gcm",
"adata": "",
"v": 1,
"ts": self.tag_size * 8
}