Python Crypto.Cipher.AES 模块，MODE_CFB 实例源码

def get_encryption():
    return '''
import base64
from Crypto import Random
from Crypto.Cipher import AES

abbrev = '{2}'
{0} = base64.b64decode('{1}')

def encrypt(raw):
    iv = Random.new().read( AES.block_size )
    cipher = AES.new({0}, AES.MODE_CFB, iv )
    return (base64.b64encode( iv + cipher.encrypt( raw ) ) )

def decrypt(enc):
    enc = base64.b64decode(enc)
    iv = enc[:16]
    cipher = AES.new({0}, AES.MODE_CFB, iv )
    return cipher.decrypt( enc[16:] )
'''.format(st_obf[0],aes_encoded,aes_abbrev)

################################################################################
#                       st_protocol.py stitch_gen variables                    #
################################################################################

def get_key(encoded_key):
    IV = None
    CIPHER = None
    if encoded_key is False:
        try:
            MYFILE = Tools.__path__[0]+os.sep+"admin"+os.sep+'secret.key'
            with open(MYFILE, 'r') as myfileHandle:
                encoded_key = myfileHandle.read()
        except IOError:
            print_error("Could not find the secret.key file in Tools/Admin!")
    try:
        IV = Random.new().read(AES.block_size)
        CIPHER = AES.new(base64.b64decode(encoded_key), AES.MODE_CFB, IV)
    except Exception as e:
        print_exception("Some problem occured: {0}".format(e))

    return IV, CIPHER

def test_encrypter(self):
        """
        test_encrypter
        :return:
        """
        key = '0123456701234567'
        iv = Random.new().read(AES.block_size)
        s = '?? 10:00 AM'
        # ECB
        encrypter = tools.Encrypter(key)
        self.assertEqual(encrypter.decrypt(encrypter.encrypt(s)), s)
        # CBC
        encrypter = tools.Encrypter(key, AES.MODE_CBC, iv)
        self.assertEqual(encrypter.decrypt(encrypter.encrypt(s)), s)
        # CFB
        encrypter = tools.Encrypter(key, AES.MODE_CFB, iv)
        self.assertEqual(encrypter.decrypt(encrypter.encrypt(s)), s)

def decryptData(self, key, encdata):
        '''
        Decrypts a file using AES (CFB mode) with the
        given key.
        Parameters are similar to encryptData
        '''

        # converting passkey to a 32 bytes len str
        if not isinstance(key, bytes):
            key = key.encode('utf-8')
        key = SHA256.new(key).digest()
        iv = encdata[:16]
        cipher = AES.new(key, AES.MODE_CFB, iv)
        data = cipher.decrypt(encdata[16:])

        res = {'error': False, 'message': data}
        return(res)

def decryptData(key, encdata):
    """ Decrypts a file using AES (CBC mode) with the
        given key. Parameters are similar to encrypt_file
    """

    ''' with CBC
    # converting passkey to a 32 bytes len str
    key = SHA256.new(key.encode('utf-8')).digest()
    iv = encdata[:16]
    decryptor = AES.new(key, AES.MODE_CBC, iv)
    data = decryptor.decrypt(encdata[16:])
    return(data)
    '''

    # converting passkey to a 32 bytes len str
    key = SHA256.new(key.encode('utf-8')).digest()
    iv = encdata[:16]
    cipher = AES.new(key, AES.MODE_CFB, iv)
    data = cipher.decrypt(encdata[16:])
    return(data)

def encrypt(key, text, isfile=False):

    ciphertexts = ''
    print_text = str(text[0:min(50, len(text))]) + '...'
    print "Begin to encrypt:", print_text

    if not isfile:
        for start in xrange(0, len(text), chunk_size(key)):
            end = start + chunk_size(key)
            chunk = text[start:end]
            ciphertext = key.encrypt(chunk, K=0)[0]
            ciphertexts = ciphertexts + base64.b64encode(ciphertext)
            # len(base64.b64encode(ciphertext)) = 344
    else:
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(key, AES.MODE_CFB, iv)
        ciphertexts = iv + cipher.encrypt(text)

    return ciphertexts

def encryptData(self, encryptKey, privParameters, dataToEncrypt):
        if AES is None:
            raise error.StatusInformation(
                errorIndication=errind.encryptionError
            )

        snmpEngineBoots, snmpEngineTime, salt = privParameters

        # 3.3.1.1
        aesKey, iv, salt = self.__getEncryptionKey(
            encryptKey, snmpEngineBoots, snmpEngineTime
        )

        # 3.3.1.3
        aesObj = AES.new(aesKey, AES.MODE_CFB, iv, segment_size=128)

        # PyCrypto seems to require padding
        dataToEncrypt = dataToEncrypt + univ.OctetString((0,) * (16-len(dataToEncrypt)%16)).asOctets()

        ciphertext = aesObj.encrypt(dataToEncrypt)

        # 3.3.1.4
        return univ.OctetString(ciphertext), univ.OctetString(salt)

    # 3.2.4.2

def decrypt(private_key, ciphertext):
  """Decrypt a message with a given private key.

  Takes in a private_key generated by Crypto.PublicKey.RSA, which must be of
  size exactly 4096

  If the ciphertext is invalid, return None
  """
  if len(ciphertext) < 512 + 16:
    return None
  msg_header = ciphertext[:512]
  msg_iv = ciphertext[512:512+16]
  msg_body = ciphertext[512+16:]
  try:
    symmetric_key = PKCS1_OAEP.new(private_key).decrypt(msg_header)
  except ValueError:
    return None
  if len(symmetric_key) != 32:
    return None
  return AES.new(symmetric_key,
      mode=AES.MODE_CFB,
      IV=msg_iv).decrypt(msg_body)

def encrypt(self, secret_key):
        """
        Generate a random initialization vector (IV) for AES. Pad the plaintext to the AES block size (16 bytes) and
        encrypt. Prepend the IV for use in decryption. Finally, record the SHA256 hash of the plaintext for validation
        upon decryption.
        """
        if self.plaintext is None:
            raise Exception("Must unlock or set plaintext before locking.")

        # Pad and encrypt plaintext
        iv = os.urandom(16)
        aes = AES.new(secret_key, AES.MODE_CFB, iv)
        self.ciphertext = iv + aes.encrypt(self._pad(self.plaintext))

        # Generate SHA256 using Django's built-in password hashing mechanism
        self.hash = make_password(self.plaintext, hasher=SecretValidationHasher())

        self.plaintext = None

def decrypt(self, secret_key):
        """
        Consume the first 16 bytes of self.ciphertext as the AES initialization vector (IV). The remainder is decrypted
        using the IV and the provided secret key. Padding is then removed to reveal the plaintext. Finally, validate the
        decrypted plaintext value against the stored hash.
        """
        if self.plaintext is not None:
            return
        if not self.ciphertext:
            raise Exception("Must define ciphertext before unlocking.")

        # Decrypt ciphertext and remove padding
        iv = bytes(self.ciphertext[0:16])
        ciphertext = bytes(self.ciphertext[16:])
        aes = AES.new(secret_key, AES.MODE_CFB, iv)
        plaintext = self._unpad(aes.decrypt(ciphertext))

        # Verify decrypted plaintext against hash
        if not self.validate(plaintext):
            raise ValueError("Invalid key or ciphertext!")

        self.plaintext = plaintext

def encryptData(self, encryptKey, privParameters, dataToEncrypt):
        if AES is None:
            raise error.StatusInformation(
                errorIndication=errind.encryptionError
            )

        snmpEngineBoots, snmpEngineTime, salt = privParameters

        # 3.3.1.1
        aesKey, iv, salt = self.__getEncryptionKey(
            encryptKey, snmpEngineBoots, snmpEngineTime
        )

        # 3.3.1.3
        aesObj = AES.new(aesKey, AES.MODE_CFB, iv, segment_size=128)

        # PyCrypto seems to require padding
        dataToEncrypt = dataToEncrypt + univ.OctetString((0,) * (16-len(dataToEncrypt)%16)).asOctets()

        ciphertext = aesObj.encrypt(dataToEncrypt)

        # 3.3.1.4
        return univ.OctetString(ciphertext), univ.OctetString(salt)

    # 3.2.4.2

def encrypt(raw, aes_key=secret):
    iv = Random.new().read( AES.block_size )
    cipher = AES.new(aes_key, AES.MODE_CFB, iv )
    return (base64.b64encode( iv + cipher.encrypt( raw ) ) )

def decrypt(enc, aes_key=secret):
    enc = base64.b64decode(enc)
    iv = enc[:16]
    cipher = AES.new(aes_key, AES.MODE_CFB, iv )
    return cipher.decrypt( enc[16:] )

def encrypt(text):
    """text (string)"""
    aes = AES.new(settings.CRYPT_KEY, AES.MODE_CFB, settings.CRYPT_IV)
    return base64.b64encode(aes.encrypt(text.encode())).decode()

def decrypt(text):
    """Returns original string"""
    text = base64.b64decode(text.encode())
    aes = AES.new(settings.CRYPT_KEY, AES.MODE_CFB, settings.CRYPT_IV)
    return aes.decrypt(text).decode()

def unpack(self, key, inp, algo=SHA256, passes=1):
        if algo in self.supported_hashing_algorithms:
            for i in xrange(passes):
                h = algo.new()
                h.update(key)
                key = h.hexdigest()

        if not ":::" in inp:
            return "Error: missing initialization vector"

        iv, ct = inp.split(":::")
        cipher = AES.new(key.decode('hex'), AES.MODE_CFB, iv.decode('hex'))

        return cipher.decrypt(ct.decode('hex')).encode('hex')

def generate(self, key, algo=SHA256, passes=1):     


        if algo in self.supported_hashing_algorithms:
            for i in xrange(passes):
                h = algo.new()
                h.update(key)
                key = h.hexdigest().decode('hex')

        temp_data = []

        poinlen = 0
        for i in xrange(len(self.pointerlengths)):
            poinlen += int(self.pointerlengths[i])

        if poinlen % 8 != 0:
            poinlen += 8 - poinlen % 8


        temp_pointers = Random.new().read(poinlen/8)

        temp = bin( int (temp_pointers.encode('hex'), 16) )
        temp = temp[2:]
        for i in xrange(len(self.pointerlengths)):
            pointer = temp[0:int(self.pointerlengths[i])]
            temp = temp[int(self.pointerlengths[i]):]

            pointer = int(pointer, 2)
            temp_data.append(self._get(pointer, self.DATA_LEN))

        h = self.algo.new()
        h.update("".join(temp_data))
        hashval = h.hexdigest()
        data = "".join(temp_pointers) + hashval.decode('hex')


        iv = Random.new().read( AES.block_size)
        cipher = AES.new(key, AES.MODE_CFB, iv)
        output = iv.encode('hex') + ":::" + cipher.encrypt(data).encode('hex')

        return output

def encrypt(msg):
    key = get_secret('encrypt_key').decode('hex')
    iv = Random.new().read(AES.block_size)
    cipher = AES.new(key, AES.MODE_CFB, iv)
    return (iv + cipher.encrypt(_strify(msg))).encode('base-64').strip()

def decrypt(msg):
    key = get_secret('encrypt_key').decode('hex')
    msg = msg.strip().decode('base-64')
    iv = msg[:16]
    cipher = AES.new(key, AES.MODE_CFB, iv)
    return cipher.decrypt(msg)[16:]

def ComputeNetlogonCredentialAES(inputData, Sk):
    IV='\x00'*16
    Crypt1 = AES.new(Sk, AES.MODE_CFB, IV)
    return Crypt1.encrypt(inputData)

# Section 3.1.4.3.1

def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
    # [MS-NRPC] Section 3.3.4.2.1, point 9
    IV = checkSum[:8] + checkSum[:8]
    Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
    return Cipher.encrypt(sequenceNum)

def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
    # [MS-NRPC] Section 3.3.4.2.1, point 9
    IV = checkSum[:8] + checkSum[:8]
    Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
    return Cipher.decrypt(sequenceNum)

def SEAL(data, confounder, sequenceNum, key, aes = False):
    signature = SIGN(data, confounder, sequenceNum, key, aes)
    sequenceNum = deriveSequenceNumber(sequenceNum)
    XorKey = []
    for i in key:
       XorKey.append(chr(ord(i) ^ 0xf0))

    XorKey = ''.join(XorKey)
    if aes is False:
        hm = hmac.new(XorKey)
        hm.update('\x00'*4)
        hm2 = hmac.new(hm.digest())
        hm2.update(sequenceNum)
        encryptionKey = hm2.digest()

        cipher = ARC4.new(encryptionKey)
        cfounder = cipher.encrypt(confounder)
        cipher = ARC4.new(encryptionKey)
        encrypted = cipher.encrypt(data)

        signature['Confounder'] = cfounder

        return encrypted, signature
    else:
        IV = sequenceNum + sequenceNum
        cipher = AES.new(XorKey, AES.MODE_CFB, IV)
        cfounder = cipher.encrypt(confounder)
        encrypted = cipher.encrypt(data)

        signature['Confounder'] = cfounder

        return encrypted, signature

def UNSEAL(data, auth_data, key, aes = False):
    auth_data = NL_AUTH_SIGNATURE(auth_data)
    XorKey = []
    for i in key:
       XorKey.append(chr(ord(i) ^ 0xf0))

    XorKey = ''.join(XorKey)
    if aes is False:
        sequenceNum = decryptSequenceNumberRC4(auth_data['SequenceNumber'], auth_data['Checksum'],  key)
        hm = hmac.new(XorKey)
        hm.update('\x00'*4)
        hm2 = hmac.new(hm.digest())
        hm2.update(sequenceNum)
        encryptionKey = hm2.digest()

        cipher = ARC4.new(encryptionKey)
        cfounder = cipher.encrypt(auth_data['Confounder'])
        cipher = ARC4.new(encryptionKey)
        plain = cipher.encrypt(data)

        return plain, cfounder
    else:
        sequenceNum = decryptSequenceNumberAES(auth_data['SequenceNumber'], auth_data['Checksum'],  key)
        IV = sequenceNum + sequenceNum
        cipher = AES.new(XorKey, AES.MODE_CFB, IV)
        cfounder = cipher.decrypt(auth_data['Confounder'])
        plain = cipher.decrypt(data)
        return plain, cfounder

def decrypt(data):
   this = open(__main__.__file__, 'r')
   data = base64.b64decode(data);

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(this).read(24), AES.MODE_CFB, iv)

   this.close()
   return cipher.decrypt(data)[16:]

# Gets the virus file

def decrypt(data):
   this = open(__main__.__file__, 'r')
   data = base64.b64decode(data);

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(this).read(24), AES.MODE_CFB, iv)

   this.close()
   return cipher.decrypt(data)[16:]

# Gets the virus file

def decrypt(data):
   this = open(__main__.__file__, 'r')
   data = base64.b64decode(data);

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(this).read(24), AES.MODE_CFB, iv)

   this.close()
   return cipher.decrypt(data)[16:]

# Gets the virus file

def decrypt(data):
   this = open(__main__.__file__, 'r')
   data = base64.b64decode(data);

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(this).read(24), AES.MODE_CFB, iv)

   this.close()
   return cipher.decrypt(data)[16:]

# Gets the virus file

def encrypt(data,filename):
   source = open(filename + '-copy', 'r')

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(source).read(24), AES.MODE_CFB, iv)
   encrypted = iv + cipher.encrypt(data)

   source.close()
   return base64.b64encode(encrypted)
 ####################

def decrypt(data):
   this = open(__main__.__file__, 'r')
   data = base64.b64decode(data);

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(this).read(24), AES.MODE_CFB, iv)

   this.close()
   return cipher.decrypt(data)[16:]

# Gets the virus file

def decrypt(data):
   this = open(__main__.__file__, 'r')
   data = base64.b64decode(data);

   iv = Random.new().read(AES.block_size)
   cipher = AES.new(StringIO.StringIO(this).read(24), AES.MODE_CFB, iv)

   this.close()
   return cipher.decrypt(data)[16:]

# Gets the virus file

def encrypt(self, plaintext):
        aes = AES.new(self.key, AES.MODE_CFB, self.iv)
        return aes.encrypt(plaintext)

def decrypt(self, ciphertext):
        aes = AES.new(self.key, AES.MODE_CFB, self.iv)
        return aes.decrypt(ciphertext)

def encryptData(self, key, data):
        '''
        Encrypts a file using AES (CFB mode) with the
        given key.

        key:
            The encryption key - a string that must be
            either 16, 24 or 32 bytes long. Longer keys
            are more secure.

        data:
            data to encrypt
        '''

        # converting passkey to a 32 bytes len str
        if not isinstance(key, bytes):
            key = key.encode('utf-8')
        key = SHA256.new(key).digest()
        # generating random entropy for Initialization Vector
        iv = Random.new().read(AES.block_size)

        cipher = AES.new(key, AES.MODE_CFB, iv)
        encdata = (iv + cipher.encrypt(data))

        res = {'error': False, 'message': encdata}
        return(res)

def encryptData(key, data):
    """ Encrypts a file using AES (CBC mode) with the
        given key.

        key:
            The encryption key - a string that must be
            either 16, 24 or 32 bytes long. Longer keys
            are more secure.

        data:
            data to encrypt
    """

    ''' with CBC
    # generating random entropy for Initialization Vector
    iv = Random.new().read(AES.block_size)
    # converting passkey to a 32 bytes len str
    key = SHA256.new(key.encode('utf-8')).digest()

    encryptor = AES.new(key, AES.MODE_CBC, iv)

    data = data.encode('utf-8')
    if len(data) % 16 != 0:
        dataTmp = ' ' * (16 - len(data) % 16)
        data += dataTmp.encode('utf-8')

    data = iv + encryptor.encrypt(data)
    return(data)
    '''

    # converting passkey to a 32 bytes len str
    key = SHA256.new(key.encode('utf-8')).digest()
    # generating random entropy for Initialization Vector
    iv = Random.new().read(AES.block_size)

    cipher = AES.new(key, AES.MODE_CFB, iv)
    encdata = (iv + cipher.encrypt(data))
    return(encdata)

def encrypt(text):

    iv = Random.new().read(AES.block_size)

    cipher = AES.new(key, AES.MODE_CFB, iv)
    msg = iv + cipher.encrypt(b''.join(text))

    return msg.encode('hex')

def decrypt(cypher_text):

    try:

        enc_msg = cypher_text.decode('hex')
        iv = enc_msg[:AES.block_size]
        cipher = AES.new(key, AES.MODE_CFB, iv)

        dec_msg = cipher.decrypt(enc_msg)

    except Exception:
        return 'invalid'

    return dec_msg[AES.block_size:]

# msg = encrypt('10301681000181')
# print msg
# print decrypt(msg)

def encrypt(self, message, key, mode=AES.MODE_CFB):
        message = self._pad(message)
        iv = os.urandom(self.iv_length)
        cipher = AES.new(key,mode,iv)
        ciphertext = base64.b64encode(iv + cipher.encrypt(message))
        return ciphertext

def decrypt(self, ciphertext, key, mode=AES.MODE_CFB):
        ciphertext = base64.b64decode(ciphertext)
        iv = ciphertext[:self.iv_length]
        cipher = AES.new(key,mode,iv)
        message = self._unpad((cipher.decrypt(ciphertext[self.iv_length:])).decode('utf-8'))
        return message

def passphrase_encrypt(self, message, passphrase, salt, bits_to_read=32, mode=AES.MODE_CFB):
        assert salt != None
        key = self.hash_passphrase(passphrase, salt, bits_to_read)
        return self.encrypt(message,key,mode)

def passphrase_decrypt(self,ciphertext,passphrase,salt, bits_to_read=32, mode=AES.MODE_CFB):
        assert salt != None
        key = self.hash_passphrase(passphrase, salt, bits_to_read)
        return self.decrypt(ciphertext, key, mode)

def test_aescrypt(self):
        black_box = AESCrypt()
        plaintext = "hello world"
        secret_password = "secret password"
        salt = os.urandom(black_box.salt_length)
        ciphertext = black_box.passphrase_encrypt(plaintext, secret_password, salt, bits_to_read=32, \
            mode=AES.MODE_CFB)
        alleged_plaintext = black_box.passphrase_decrypt(ciphertext, secret_password, salt, bits_to_read=32, \
            mode=AES.MODE_CFB)
        print "plaintext:\t", plaintext
        print "alleged plaintext:\t", alleged_plaintext
        self.assertTrue(plaintext == alleged_plaintext)

def decrypt(self, ciphertext, key, mode=AES.MODE_CFB):
        ciphertext = base64.b64decode(ciphertext)
        iv = ciphertext[:self.iv_length]
        cipher = AES.new(key,mode,iv)
        message = self._unpad((cipher.decrypt(ciphertext[self.iv_length:])).decode('utf-8'))
        return message

def passphrase_encrypt(self, message, passphrase, salt, bits_to_read=32, mode=AES.MODE_CFB):
        assert salt != None
        key = self.hash_passphrase(passphrase, salt, bits_to_read)
        return self.encrypt(message,key,mode)

def passphrase_decrypt(self,ciphertext,passphrase,salt, bits_to_read=32, mode=AES.MODE_CFB):
        assert salt != None
        key = self.hash_passphrase(passphrase, salt, bits_to_read)
        return self.decrypt(ciphertext, key, mode)

def test_aescrypt(self):
        black_box = AESCrypt()
        plaintext = "hello world"
        secret_password = "secret password"
        salt = os.urandom(black_box.salt_length)
        ciphertext = black_box.passphrase_encrypt(plaintext, secret_password, salt, bits_to_read=32, \
            mode=AES.MODE_CFB)
        alleged_plaintext = black_box.passphrase_decrypt(ciphertext, secret_password, salt, bits_to_read=32, \
            mode=AES.MODE_CFB)
        print "plaintext:\t", plaintext
        print "alleged plaintext:\t", alleged_plaintext
        self.assertTrue(plaintext == alleged_plaintext)

def ComputeNetlogonCredentialAES(inputData, Sk):
    IV='\x00'*16
    Crypt1 = AES.new(Sk, AES.MODE_CFB, IV)
    return Crypt1.encrypt(inputData)

# Section 3.1.4.3.1

def encryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
    # [MS-NRPC] Section 3.3.4.2.1, point 9
    IV = checkSum[:8] + checkSum[:8]
    Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
    return Cipher.encrypt(sequenceNum)

def decryptSequenceNumberAES(sequenceNum, checkSum, sessionKey):
    # [MS-NRPC] Section 3.3.4.2.1, point 9
    IV = checkSum[:8] + checkSum[:8]
    Cipher = AES.new(sessionKey, AES.MODE_CFB, IV)
    return Cipher.decrypt(sequenceNum)

def SEAL(data, confounder, sequenceNum, key, aes = False):
    signature = SIGN(data, confounder, sequenceNum, key, aes)
    sequenceNum = deriveSequenceNumber(sequenceNum)
    XorKey = []
    for i in key:
       XorKey.append(chr(ord(i) ^ 0xf0))

    XorKey = ''.join(XorKey)
    if aes is False:
        hm = hmac.new(XorKey)
        hm.update('\x00'*4)
        hm2 = hmac.new(hm.digest())
        hm2.update(sequenceNum)
        encryptionKey = hm2.digest()

        cipher = ARC4.new(encryptionKey)
        cfounder = cipher.encrypt(confounder)
        cipher = ARC4.new(encryptionKey)
        encrypted = cipher.encrypt(data)

        signature['Confounder'] = cfounder

        return encrypted, signature
    else:
        IV = sequenceNum + sequenceNum
        cipher = AES.new(XorKey, AES.MODE_CFB, IV)
        cfounder = cipher.encrypt(confounder)
        encrypted = cipher.encrypt(data)

        signature['Confounder'] = cfounder

        return encrypted, signature