forked from r4sas/PBinCLI
R4SAS
8 years ago
5 changed files with 115 additions and 21 deletions
@ -1,35 +1,35 @@ |
|||||||
"""Action functions for argparser""" |
"""Action functions for argparser""" |
||||||
import base64 |
import json |
||||||
|
import os |
||||||
import pbincli.actions |
import pbincli.actions |
||||||
|
'''from pbincli.sjcl_gcm import SJCL''' |
||||||
|
import pbincli.sjcl_simple |
||||||
|
from base64 import b64encode |
||||||
from Crypto.Hash import SHA256 |
from Crypto.Hash import SHA256 |
||||||
from Crypto.Random import get_random_bytes |
|
||||||
from pbincli.sjcl_gcm import SJCL |
|
||||||
from pbincli.transports import privatebin |
from pbincli.transports import privatebin |
||||||
from pbincli.utils import PBinCLIException, check_readable, check_writable |
from pbincli.utils import PBinCLIException, check_readable, check_writable |
||||||
from zlib import compress |
from zlib import compress |
||||||
import json |
|
||||||
|
|
||||||
def send(args): |
def send(args): |
||||||
""" Sub-command for sending paste """ |
""" Sub-command for sending paste """ |
||||||
check_readable(args.filename) |
check_readable(args.filename) |
||||||
with open(args.filename, "rb") as f: |
with open(args.filename, "rb") as f: |
||||||
contents = f.read() |
contents = f.read() |
||||||
file = base64.b64encode(compress(contents)) |
file = b64encode(compress(contents)) |
||||||
|
|
||||||
passphrase = base64.b64encode(get_random_bytes(32)) |
passphrase = os.urandom(32) |
||||||
if not args.password: |
print("Passphrase: {}".format(passphrase)) |
||||||
password = passphrase |
if args.password: |
||||||
else: |
|
||||||
p = SHA256.new() |
p = SHA256.new() |
||||||
p.update(args.password.encode("UTF-8")) |
p.update(args.password.encode("UTF-8")) |
||||||
password = passphrase + p.hexdigest().encode("UTF-8") |
passphrase = passphrase + p.hexdigest().encode("UTF-8") |
||||||
|
print("Password: {}".format(password)) |
||||||
|
print(args.password) |
||||||
|
|
||||||
data = SJCL().encrypt(file, password) |
'''data = SJCL().encrypt(file, password.decode("UTF-8"))''' |
||||||
#request = "data={}&expire={}&formatter={}&burnafterreading={}&opendiscussion={}".format(json.dumps(data, ensure_ascii=False), args.expire, args.format, int(args.burn), int(args.discus)) |
data = pbincli.sjcl_simple.encrypt(password, file) |
||||||
request = {'data':json.dumps(data, ensure_ascii=False),'expire':args.expire,'formatter':args.format,'burnafterreading':int(args.burn),'opendiscussion':int(args.discus) |
request = {'data':json.dumps(data, ensure_ascii=False),'expire':args.expire,'formatter':args.format,'burnafterreading':int(args.burn),'opendiscussion':int(args.discus) |
||||||
} |
} |
||||||
print(request) |
print(request) |
||||||
|
|
||||||
'''Here we must run function post from pbincli.transports''' |
'''Here we must run function post from pbincli.transports''' |
||||||
print(request) |
privatebin().post(request, passphrase) |
||||||
privatebin().post(request) |
|
||||||
|
@ -0,0 +1,89 @@ |
|||||||
|
import os |
||||||
|
from base64 import b64decode, b64encode |
||||||
|
|
||||||
|
from cryptography.hazmat.primitives import hashes |
||||||
|
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes |
||||||
|
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC |
||||||
|
from cryptography.hazmat.backends import default_backend |
||||||
|
|
||||||
|
|
||||||
|
_BACKEND = default_backend() |
||||||
|
|
||||||
|
|
||||||
|
def decrypt(pwd, json): |
||||||
|
iv = b64decode(json['iv']) |
||||||
|
ct = b64decode(json['ct']) |
||||||
|
salt = b64decode(json['salt']) |
||||||
|
ts = data['ts'] / 8 |
||||||
|
|
||||||
|
tag_start = len(ct) - ts |
||||||
|
tag = ct[tag_start:] |
||||||
|
ciphertext = ct[:tag_start] |
||||||
|
|
||||||
|
mode_class = getattr(modes, json['mode'].upper()) |
||||||
|
algo_class = getattr(algorithms, json['cipher'].upper()) |
||||||
|
|
||||||
|
kdf = _kdf(json['ks'], iters=json['iter'], salt=salt)[0] |
||||||
|
key = kdf.derive(pwd) |
||||||
|
cipher = Cipher(algo_class(key), |
||||||
|
mode_class(iv, tag, min_tag_length=ts), |
||||||
|
backend=_BACKEND) |
||||||
|
|
||||||
|
dec = cipher.decryptor() |
||||||
|
result = dec.update(ciphertext) + dec.finalize() |
||||||
|
return result |
||||||
|
|
||||||
|
|
||||||
|
def encrypt(pwd, plaintext, mode='gcm', algorithm='aes', |
||||||
|
keysize=256, tagsize=128, iters=256000): |
||||||
|
ts = tagsize / 8 |
||||||
|
|
||||||
|
mode_class = getattr(modes, mode.upper()) |
||||||
|
algo_class = getattr(algorithms, algorithm.upper()) |
||||||
|
|
||||||
|
iv = os.urandom(16) |
||||||
|
kdf, salt = _kdf(keysize, iters) |
||||||
|
key = kdf.derive(pwd) |
||||||
|
cipher = Cipher(algo_class(key), |
||||||
|
mode_class(iv, min_tag_length=ts), |
||||||
|
backend=_BACKEND) |
||||||
|
|
||||||
|
enc = cipher.encryptor() |
||||||
|
ciphertext = enc.update(plaintext) + enc.finalize() |
||||||
|
|
||||||
|
json = { |
||||||
|
"v": 1, |
||||||
|
"iv": b64encode(iv), |
||||||
|
"salt": b64encode(salt), |
||||||
|
"ct": b64encode(ciphertext + enc.tag[:ts]), |
||||||
|
"iter": iters, |
||||||
|
"ks": keysize, |
||||||
|
"ts": tagsize, |
||||||
|
"mode": mode, |
||||||
|
"cipher": algorithm, |
||||||
|
"adata": "" |
||||||
|
} |
||||||
|
return json |
||||||
|
|
||||||
|
|
||||||
|
def _kdf(keysize=256, iters=256000, salt=None, **kwargs): |
||||||
|
kdf_salt = salt or os.urandom(8) |
||||||
|
print("Salt: {}".format(kdf_salt)) |
||||||
|
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), |
||||||
|
length=keysize / 8, |
||||||
|
salt=kdf_salt, |
||||||
|
iterations=iters, |
||||||
|
backend=_BACKEND) |
||||||
|
|
||||||
|
return kdf, kdf_salt |
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__": |
||||||
|
import json |
||||||
|
|
||||||
|
blob = '{"iv":"/6dKRRAOZ60oyumLMQsBtg==","v":1,"iter":256000,"ks":128,"ts":64,"mode":"gcm","adata":"","cipher":"aes","salt":"s8+LFcBmbcc=","ct":"wTapp5CWmD6SFA=="}' |
||||||
|
data = json.loads(blob) |
||||||
|
result = decrypt('pwd', data) |
||||||
|
assert result == "hi" |
||||||
|
|
||||||
|
print(decrypt('pwd', encrypt('pwd', result, tagsize=64))) |
Loading…
Reference in new issue