import struct from collections import deque from types import ModuleType from typing import Union from Crypto.Util.strxor import strxor def W(cipher: ModuleType, plaintext: Union[bytes, bytearray]) -> bytes: S = [plaintext[i:i+8] for i in range(0, len(plaintext), 8)] n = len(S) s = 6 * (n - 1) A = S[0] R = deque(S[1:]) for t in range(1, s + 1): t_64 = struct.pack('>Q', t) ct = cipher.encrypt(A + R.popleft()) A = strxor(ct[:8], t_64) R.append(ct[8:]) return A + b''.join(R) def W_inverse(cipher: ModuleType, ciphertext: Union[bytes, bytearray]) -> bytes: C = [ciphertext[i:i+8] for i in range(0, len(ciphertext), 8)] n = len(C) s = 6 * (n - 1) A = C[0] R = deque(C[1:]) for t in range(s, 0, -1): t_64 = struct.pack('>Q', t) pt = cipher.decrypt(strxor(A, t_64) + R.pop()) A = pt[:8] R.appendleft(pt[8:]) return A + b''.join(R) class KWMode(object): """Key Wrap (KW) mode. This is a deterministic Authenticated Encryption (AE) mode for protecting cryptographic keys. See `NIST SP800-38F`_. It provides both confidentiality and authenticity, and it designed so that any bit of the ciphertext depends on all bits of the plaintext. This mode is only available for ciphers that operate on 128 bits blocks (e.g., AES). .. _`NIST SP800-38F`: http://csrc.nist.gov/publications/nistpubs/800-38F/SP-800-38F.pdf :undocumented: __init__ """ def __init__(self, factory: ModuleType, key: Union[bytes, bytearray]): self.block_size = factory.block_size if self.block_size != 16: raise ValueError("Key Wrap mode is only available for ciphers" " that operate on 128 bits blocks") self._factory = factory self._cipher = factory.new(key, factory.MODE_ECB) self._done = False def seal(self, plaintext: Union[bytes, bytearray]) -> bytes: """Encrypt and authenticate (wrap) a cryptographic key. Args: plaintext: The cryptographic key to wrap. It must be at least 16 bytes long, and its length must be a multiple of 8. Returns: The wrapped key. """ if self._done: raise ValueError("The cipher cannot be used more than once") if len(plaintext) % 8: raise ValueError("The plaintext must have length multiple of 8 bytes") if len(plaintext) < 16: raise ValueError("The plaintext must be at least 16 bytes long") if len(plaintext) >= 2**32: raise ValueError("The plaintext is too long") res = W(self._cipher, b'\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6' + plaintext) self._done = True return res def unseal(self, ciphertext: Union[bytes, bytearray]) -> bytes: """Decrypt and authenticate (unwrap) a cryptographic key. Args: ciphertext: The cryptographic key to unwrap. It must be at least 24 bytes long, and its length must be a multiple of 8. Returns: The original key. Raises: ValueError If the ciphertext or the key are not valid. """ if self._done: raise ValueError("The cipher cannot be used more than once") if len(ciphertext) % 8: raise ValueError("The ciphertext must have length multiple of 8 bytes") if len(ciphertext) < 24: raise ValueError("The ciphertext must be at least 24 bytes long") pt = W_inverse(self._cipher, ciphertext) if pt[:8] != b'\xA6\xA6\xA6\xA6\xA6\xA6\xA6\xA6': raise ValueError("Incorrect integrity check value") self._done = True return pt[8:] def _create_kw_cipher(factory: ModuleType, **kwargs: Union[bytes, bytearray]) -> KWMode: """Create a new block cipher in Key Wrap mode. Args: factory: A block cipher module, taken from `Crypto.Cipher`. The cipher must have block length of 16 bytes, such as AES. Keywords: key: The secret key to use to seal or unseal. """ try: key = kwargs["key"] except KeyError as e: raise TypeError("Missing parameter:" + str(e)) return KWMode(factory, key)