Python cryptography.exceptions.InvalidTag() Examples
The following are 13
code examples of cryptography.exceptions.InvalidTag().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.exceptions
, or try the search function
.
.
Example #1
| Source File: deserialize.py From aws-encryption-sdk-python with Apache License 2.0 | 6 votes |
|
def validate_header(header, header_auth, raw_header, data_key):
"""Validates the header using the header authentication data.
:param header: Deserialized header
:type header: aws_encryption_sdk.structures.MessageHeader
:param header_auth: Deserialized header auth
:type header_auth: aws_encryption_sdk.internal.structures.MessageHeaderAuthentication
:type stream: io.BytesIO
:param bytes raw_header: Raw header bytes
:param bytes data_key: Data key with which to perform validation
:raises SerializationError: if header authorization fails
"""
_LOGGER.debug("Starting header validation")
try:
decrypt(
algorithm=header.algorithm,
key=data_key,
encrypted_data=EncryptedData(header_auth.iv, b"", header_auth.tag),
associated_data=raw_header,
)
except InvalidTag:
raise SerializationError("Header authorization failed")
Example #2
| Source File: crypto.py From tattle with Mozilla Public License 2.0 | 5 votes |
|
def decrypt_data(raw, keys=None):
"""
Decrypt data using the given keys
:param raw: data to decrypt
:param keys: list of encryption keys
:return:
"""
offset = 0
version, = struct.unpack('>B', raw[0:VER_SIZE])
offset += VER_SIZE
nonce = raw[offset:offset + IV_SIZE]
offset += IV_SIZE
tag = raw[offset:offset + TAG_SIZE]
offset += TAG_SIZE
cipher_text = raw[offset:]
for key in keys:
validate_key(key)
cipher = ciphers.Cipher(algorithms.AES(key), modes.GCM(nonce, tag), backend=backends.default_backend())
decryptor = cipher.decryptor()
try:
plain_text = decryptor.update(cipher_text) + decryptor.finalize()
except (exceptions.InvalidTag, exceptions.InvalidKey):
continue
return plain_text
raise DecryptError("Failed to decrypt data")
Example #3
| Source File: test_deserialize.py From aws-encryption-sdk-python with Apache License 2.0 | 5 votes |
|
def test_validate_header_invalid(self):
"""Validate that the validate_header function behaves
as expected for a valid header.
"""
self.mock_decrypt.side_effect = InvalidTag()
with pytest.raises(SerializationError) as excinfo:
aws_encryption_sdk.internal.formatting.deserialize.validate_header(
header=VALUES["deserialized_header_block"],
header_auth=VALUES["deserialized_header_auth_block"],
raw_header=VALUES["header"],
data_key=VALUES["data_key_obj"],
)
excinfo.match("Header authorization failed")
Example #4
| Source File: cipher_aead.py From scapy with GNU General Public License v2.0 | 5 votes |
|
def auth_decrypt(self, A, C, seq_num):
"""
Decrypt the data and verify the authentication code (in this order).
If the verification fails, an AEADTagError is raised. It is the user's
responsibility to catch it if deemed useful. If we lack the key, we
raise a CipherError which contains the encrypted input.
"""
C, mac = C[:-self.tag_len], C[-self.tag_len:]
if False in six.itervalues(self.ready):
raise CipherError(C, mac)
if hasattr(self, "pc_cls"):
self._cipher.mode._initialization_vector = self._get_nonce(seq_num)
self._cipher.mode._tag = mac
decryptor = self._cipher.decryptor()
decryptor.authenticate_additional_data(A)
P = decryptor.update(C)
try:
decryptor.finalize()
except InvalidTag:
raise AEADTagError(P, mac)
else:
try:
if (conf.crypto_valid_advanced and
isinstance(self._cipher, AESCCM)):
P = self._cipher.decrypt(self._get_nonce(seq_num), C + mac, A) # noqa: E501
else:
if (conf.crypto_valid_advanced and
isinstance(self, Cipher_CHACHA20_POLY1305)):
A += struct.pack("!H", len(C))
P = self._cipher.decrypt(self._get_nonce(seq_num), C + mac, A) # noqa: E501
except InvalidTag:
raise AEADTagError("<unauthenticated data>", mac)
return P, mac
Example #5
| Source File: connection.py From noiseprotocol with MIT License | 5 votes |
|
def decrypt(self, data: bytes) -> bytes:
if not self.handshake_finished:
raise NoiseHandshakeError('Handshake not finished yet!')
if not isinstance(data, bytes) or len(data) > MAX_MESSAGE_LEN:
raise NoiseInvalidMessage('Data must be bytes and less or equal {} bytes in length'.format(MAX_MESSAGE_LEN))
try:
return self.noise_protocol.cipher_state_decrypt.decrypt_with_ad(None, data)
except InvalidTag:
raise NoiseInvalidMessage('Failed authentication of message')
Example #6
| Source File: pre.py From pyUmbral with GNU General Public License v3.0 | 5 votes |
|
def decrypt(ciphertext: bytes, capsule: Capsule, decrypting_key: UmbralPrivateKey,
check_proof: bool = True) -> bytes:
"""
Opens the capsule and gets what's inside.
We hope that's a symmetric key, which we use to decrypt the ciphertext
and return the resulting cleartext.
"""
if not isinstance(ciphertext, bytes) or len(ciphertext) < DEM_NONCE_SIZE:
raise ValueError("Input ciphertext must be a bytes object of length >= {}".format(DEM_NONCE_SIZE))
elif not isinstance(capsule, Capsule) or not capsule.verify():
raise Capsule.NotValid
elif not isinstance(decrypting_key, UmbralPrivateKey):
raise TypeError("The decrypting key is not an UmbralPrivateKey")
if capsule._attached_cfrags:
# Since there are cfrags attached, we assume this is Bob opening the Capsule.
# (i.e., this is a re-encrypted capsule)
encapsulated_key = _open_capsule(capsule, decrypting_key, check_proof=check_proof)
else:
# Since there aren't cfrags attached, we assume this is Alice opening the Capsule.
# (i.e., this is an original capsule)
encapsulated_key = _decapsulate_original(decrypting_key, capsule)
dem = UmbralDEM(encapsulated_key)
try:
cleartext = dem.decrypt(ciphertext, authenticated_data=bytes(capsule))
except InvalidTag as e:
raise UmbralDecryptionError() from e
return cleartext
Example #7
| Source File: test_dem.py From pyUmbral with GNU General Public License v3.0 | 5 votes |
|
def test_encrypt_decrypt_associated_data():
key = os.urandom(32)
aad = b'secret code 1234'
dem = UmbralDEM(key)
plaintext = b'peace at dawn'
ciphertext0 = dem.encrypt(plaintext, authenticated_data=aad)
ciphertext1 = dem.encrypt(plaintext, authenticated_data=aad)
assert ciphertext0 != plaintext
assert ciphertext1 != plaintext
assert ciphertext0 != ciphertext1
assert ciphertext0[:DEM_NONCE_SIZE] != ciphertext1[:DEM_NONCE_SIZE]
cleartext0 = dem.decrypt(ciphertext0, authenticated_data=aad)
cleartext1 = dem.decrypt(ciphertext1, authenticated_data=aad)
assert cleartext0 == plaintext
assert cleartext1 == plaintext
# Attempt decryption with invalid associated data
with pytest.raises(InvalidTag):
cleartext2 = dem.decrypt(ciphertext0, authenticated_data=b'wrong data')
Example #8
| Source File: aegis.py From pass-import with GNU General Public License v3.0 | 4 votes |
|
def decrypt(self, jsons):
"""Import file is AES GCM encrypted, let's decrypt it.
Based on the import script from Aegis:
https://github.com/beemdevelopment/Aegis/blob/master/scripts/decrypt.py
Format documentation:
https://github.com/beemdevelopment/Aegis/blob/master/docs/vault.md
"""
if not CRYPTOGRAPHY:
raise ImportError(name='cryptography')
password = getpassword(self.prefix)
master_key = None
for slot in jsons['header']['slots']:
if slot['type'] != 1:
continue
kdf = Scrypt(salt=bytes.fromhex(slot['salt']),
length=32,
n=slot['n'],
r=slot['r'],
p=slot['p'],
backend=default_backend())
key = kdf.derive(password.encode("utf-8"))
cipher = AESGCM(key)
param = slot['key_params']
try:
nonce = bytes.fromhex(param['nonce'])
data = bytes.fromhex(slot['key']) + bytes.fromhex(param['tag'])
master_key = cipher.decrypt(nonce=nonce,
data=data,
associated_data=None)
except InvalidTag: # pragma: no cover
pass
if master_key is None: # pragma: no cover
raise FormatError("unable to decrypt the master key.")
cipher = AESGCM(master_key)
param = jsons['header']['params']
content = base64.b64decode(jsons['db']) + bytes.fromhex(param['tag'])
plain = cipher.decrypt(nonce=bytes.fromhex(param['nonce']),
data=content,
associated_data=None)
return plain.decode('utf-8')
Example #9
| Source File: payload.py From py-ipv8 with GNU Lesser General Public License v3.0 | 4 votes |
|
def decrypt(self, crypto, circuit=None, relay_session_keys=None):
if self.plaintext:
return
if circuit:
if not circuit.hops:
raise CryptoException("Error decrypting message for 0-hop circuit %d" % self.circuit_id)
# Remove all the encryption layers
for layer, hop in enumerate(circuit.hops):
try:
self.message = crypto.decrypt_str(self.message,
hop.session_keys[ORIGINATOR],
hop.session_keys[ORIGINATOR_SALT])
except InvalidTag as e:
raise CryptoException("Got exception %r when trying to remove encryption layer %s "
"for message: %r received for circuit_id: %s, circuit_hops: %r" %
(e, layer, self.message, self.circuit_id, circuit.hops))
if circuit.hs_session_keys and circuit.ctype in [CIRCUIT_TYPE_RP_SEEDER, CIRCUIT_TYPE_RP_DOWNLOADER]:
direction = int(circuit.ctype == CIRCUIT_TYPE_RP_DOWNLOADER)
direction_salt = direction + 2
self.message = crypto.decrypt_str(self.message,
circuit.hs_session_keys[direction],
circuit.hs_session_keys[direction_salt])
elif relay_session_keys:
try:
self.message = crypto.decrypt_str(self.message,
relay_session_keys[EXIT_NODE],
relay_session_keys[EXIT_NODE_SALT])
except InvalidTag as e:
# Reasons that can cause this:
# - The introductionpoint circuit is extended with a candidate
# that is already part of the circuit, causing a crypto error.
# Should not happen anyway, thorough analysis of the debug log
# may reveal why and how this candidate is discovered.
# - The pubkey of the introduction point changed (e.g. due to a
# restart), while other peers in the network are still exchanging
# the old key information.
# - A hostile peer may have forged the key of a candidate while
# pexing information about candidates, thus polluting the network
# with wrong information. I doubt this is the case but it's
# possible. :)
# (from https://github.com/Tribler/tribler/issues/1932#issuecomment-182035383)
raise CryptoException("Got exception %r when trying to decrypt relay message: "
"cell received for circuit_id: %s" % (e, self.circuit_id))
else:
raise CryptoException("Error decrypting message for unknown circuit %d" % self.circuit_id)
Example #10
| Source File: cipher_aead.py From scapy with GNU General Public License v2.0 | 4 votes |
|
def auth_decrypt(self, A, C, seq_num=None, add_length=True):
"""
Decrypt the data and authenticate the associated data (i.e. A).
If the verification fails, an AEADTagError is raised. It is the user's
responsibility to catch it if deemed useful. If we lack the key, we
raise a CipherError which contains the encrypted input.
Note that we add the TLSCiphertext length to A although we're supposed
to add the TLSCompressed length. Fortunately, they are the same,
but the specifications actually messed up here. :'(
The 'add_length' switch should always be True for TLS, but we provide
it anyway (mostly for test cases, hum).
The 'seq_num' should never be used here, it is only a safeguard needed
because one cipher (ChaCha20Poly1305) using TLS 1.2 logic in record.py
actually is a _AEADCipher_TLS13 (even though others are not).
"""
nonce_explicit_str, C, mac = (C[:self.nonce_explicit_len],
C[self.nonce_explicit_len:-self.tag_len],
C[-self.tag_len:])
if False in six.itervalues(self.ready):
raise CipherError(nonce_explicit_str, C, mac)
self.nonce_explicit = pkcs_os2ip(nonce_explicit_str)
if add_length:
A += struct.pack("!H", len(C))
if hasattr(self, "pc_cls"):
self._cipher.mode._initialization_vector = self._get_nonce()
self._cipher.mode._tag = mac
decryptor = self._cipher.decryptor()
decryptor.authenticate_additional_data(A)
P = decryptor.update(C)
try:
decryptor.finalize()
except InvalidTag:
raise AEADTagError(nonce_explicit_str, P, mac)
else:
try:
P = self._cipher.decrypt(self._get_nonce(), C + mac, A)
except InvalidTag:
raise AEADTagError(nonce_explicit_str,
"<unauthenticated data>",
mac)
return nonce_explicit_str, P, mac
Example #11
| Source File: ipsec.py From scapy with GNU General Public License v2.0 | 4 votes |
|
def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0):
"""
Decrypt an ESP packet
:param sa: the SecurityAssociation associated with the ESP packet.
:param esp: an encrypted ESP packet
:param key: the secret key used for encryption
:param icv_size: the length of the icv used for integrity check
:param esn_en: extended sequence number enable which allows to use
64-bit sequence number instead of 32-bit when using an
AEAD algorithm
:param esn: extended sequence number (32 MSB)
:returns: a valid ESP packet encrypted with this algorithm
:raise scapy.layers.ipsec.IPSecIntegrityError: if the integrity check
fails with an AEAD algorithm
"""
if icv_size is None:
icv_size = self.icv_size if self.is_aead else 0
iv = esp.data[:self.iv_size]
data = esp.data[self.iv_size:len(esp.data) - icv_size]
icv = esp.data[len(esp.data) - icv_size:]
if self.cipher:
mode_iv = self._format_mode_iv(sa=sa, iv=iv)
cipher = self.new_cipher(key, mode_iv, icv)
decryptor = cipher.decryptor()
if self.is_aead:
# Tag value check is done during the finalize method
if esn_en:
decryptor.authenticate_additional_data(
struct.pack('!LLL', esp.spi, esn, esp.seq))
else:
decryptor.authenticate_additional_data(
struct.pack('!LL', esp.spi, esp.seq))
try:
data = decryptor.update(data) + decryptor.finalize()
except InvalidTag as err:
raise IPSecIntegrityError(err)
# extract padlen and nh
padlen = orb(data[-2])
nh = orb(data[-1])
# then use padlen to determine data and padding
data = data[:len(data) - padlen - 2]
padding = data[len(data) - padlen - 2: len(data) - 2]
return _ESPPlain(spi=esp.spi,
seq=esp.seq,
iv=iv,
data=data,
padding=padding,
padlen=padlen,
nh=nh,
icv=icv)
###############################################################################
# The names of the encryption algorithms are the same than in scapy.contrib.ikev2 # noqa: E501
# see http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
Example #12
| Source File: ipsec.py From kamene with GNU General Public License v2.0 | 4 votes |
|
def decrypt(self, esp, key, icv_size=None):
"""
Decrypt an ESP packet
@param esp: an encrypted ESP packet
@param key: the secret key used for encryption
@param icv_size: the length of the icv used for integrity check
@return: a valid ESP packet encrypted with this algorithm
@raise IPSecIntegrityError: if the integrity check fails with an AEAD
algorithm
"""
if icv_size is None:
icv_size = self.icv_size if self.is_aead else 0
iv = esp.data[:self.iv_size]
data = esp.data[self.iv_size:len(esp.data) - icv_size]
icv = esp.data[len(esp.data) - icv_size:]
if self.cipher:
cipher = self.new_cipher(key, iv, icv)
decryptor = cipher.decryptor()
if self.is_aead:
# Tag value check is done during the finalize method
decryptor.authenticate_additional_data(
struct.pack('!LL', esp.spi, esp.seq)
)
try:
data = decryptor.update(data) + decryptor.finalize()
except InvalidTag as err:
raise IPSecIntegrityError(err)
# extract padlen and nh
padlen = (data[-2])
nh = data[-1]
# then use padlen to determine data and padding
data = data[:len(data) - padlen - 2]
padding = data[len(data) - padlen - 2: len(data) - 2]
return _ESPPlain(spi=esp.spi,
seq=esp.seq,
iv=iv,
data=data,
padding=padding,
padlen=padlen,
nh=nh,
icv=icv)
#------------------------------------------------------------------------------
# The names of the encryption algorithms are the same than in kamene.contrib.ikev2
# see http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
Example #13
| Source File: ipsec.py From arissploit with GNU General Public License v3.0 | 4 votes |
|
def decrypt(self, esp, key, icv_size=None):
"""
Decrypt an ESP packet
@param esp: an encrypted ESP packet
@param key: the secret key used for encryption
@param icv_size: the length of the icv used for integrity check
@return: a valid ESP packet encrypted with this algorithm
@raise IPSecIntegrityError: if the integrity check fails with an AEAD
algorithm
"""
if icv_size is None:
icv_size = self.icv_size if self.is_aead else 0
iv = esp.data[:self.iv_size]
data = esp.data[self.iv_size:len(esp.data) - icv_size]
icv = esp.data[len(esp.data) - icv_size:]
if self.cipher:
cipher = self.new_cipher(key, iv, icv)
decryptor = cipher.decryptor()
if self.is_aead:
# Tag value check is done during the finalize method
decryptor.authenticate_additional_data(
struct.pack('!LL', esp.spi, esp.seq)
)
try:
data = decryptor.update(data) + decryptor.finalize()
except InvalidTag as err:
raise IPSecIntegrityError(err)
# extract padlen and nh
padlen = (data[-2])
nh = data[-1]
# then use padlen to determine data and padding
data = data[:len(data) - padlen - 2]
padding = data[len(data) - padlen - 2: len(data) - 2]
return _ESPPlain(spi=esp.spi,
seq=esp.seq,
iv=iv,
data=data,
padding=padding,
padlen=padlen,
nh=nh,
icv=icv)
#------------------------------------------------------------------------------
# The names of the encryption algorithms are the same than in scapy.contrib.ikev2
# see http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
