我们从Python开源项目中,提取了以下8个代码示例,用于说明如何使用Crypto.Cipher.AES.MODE_GCM。
def _encrypt(key, plaintext, associated_data=''): # Generate a random 96-bit IV. iv = os.urandom(IV_LENGTH) # 16 (AES-128), 24 (AES-192), or 32 (AES-256) if len(key) not in (16, 24, 32): key = hash256(key) # makes it 256-bit # Construct an AES-GCM Cipher object with the given key and a # randomly generated IV. # create the ciphertext encryptor = AES.new(key=key, mode=AES.MODE_GCM, nonce=iv) # associated_data will be authenticated but not encrypted, # it must also be passed in on decryption. encryptor.update(associated_data) ctx = encryptor.encrypt(plaintext) # Encrypt the plaintext and get the associated ciphertext. # GCM does not require padding. tag = encryptor.digest() return (iv, ctx, tag)
def _decrypt(key, iv, ciphertext, tag, associated_data=''): # Construct a Cipher object, with the key, iv, and additionally the # GCM tag used for authenticating the message. if len(key) not in (16, 24, 32): key = hash256(key) # makes it 256-bit decryptor = AES.new(key=key, mode=AES.MODE_GCM, nonce=iv) # We put associated_data back in or the tag will fail to verify # when we finalize the decryptor. decryptor.update(associated_data) plaintext = decryptor.decrypt(ciphertext) # Decryption gets us the authenticated plaintext. # If the tag does not match an InvalidTag exception will be raised. decryptor.verify(tag) return plaintext
def __init__(self, name, cipher, mode, block_size=None, iv_size=None, key_size=None, icv_size=None): """ @param name: the name of this encryption algorithm @param cipher: a Cipher module @param mode: the mode used with the cipher module @param block_size: the length a block for this algo. Defaults to the `block_size` of the cipher. @param iv_size: the length of the initialization vector of this algo. Defaults to the `block_size` of the cipher. @param key_size: an integer or list/tuple of integers. If specified, force the secret keys length to one of the values. Defaults to the `key_size` of the cipher. """ self.name = name self.cipher = cipher self.mode = mode self.icv_size = icv_size self.is_aead = (hasattr(self.cipher, 'MODE_GCM') and self.mode == self.cipher.MODE_GCM) or \ (hasattr(self.cipher, 'MODE_CCM') and self.mode == self.cipher.MODE_CCM) if block_size is not None: self.block_size = block_size elif cipher is not None: self.block_size = cipher.block_size else: self.block_size = 1 if iv_size is None: self.iv_size = self.block_size else: self.iv_size = iv_size if key_size is not None: self.key_size = key_size elif cipher is not None: self.key_size = cipher.key_size else: self.key_size = None
def _encrypt(plaintext, key, iv=None): #Deal with the case when field is empty if plaintext is None: plaintext = '' if iv is not None and len(nonce) != AES.block_size: raise EncryptionException('IV size must equal cipher block size') if iv is None: iv = Random.new().read(AES.block_size) cipher = AES.new(key, AES.MODE_GCM, nonce = iv) (cipher_text, digest) = cipher.encrypt_and_digest(plaintext) return iv + cipher_text + digest
def _decrypt(ciphertext, key): #error handling Pycrypto_AES_Base._has_iv_material(ciphertext) nonce = ciphertext[:AES.block_size] digest = ciphertext[-AES.block_size:] cipher = AES.new(key, AES.MODE_GCM, nonce = nonce) cipher_text = str(ciphertext[AES.block_size:-AES.block_size]) return cipher.decrypt_and_verify(cipher_text, digest)
def decrypt(ciphertext, password, iv): key = hashlib.pbkdf2_hmac('sha256', password, iv, 100000) try: aes = AES.new(key, AES.MODE_GCM, iv) except AttributeError as ae: crypto_fail() return aes.decrypt(base64.b64decode(ciphertext))
def encrypt(plaintext, password, iv): key = hashlib.pbkdf2_hmac('sha256', password, iv, 100000) try: aes = AES.new(key, AES.MODE_GCM, iv) except AttributeError as ae: crypto_fail() return base64.b64encode(aes.encrypt(plaintext))