Python cryptography.exceptions.InvalidTag() Examples
The following are 13
code examples of cryptography.exceptions.InvalidTag().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.exceptions
, or try the search function
.
Example #1
Source File: deserialize.py From aws-encryption-sdk-python with Apache License 2.0 | 6 votes |
def validate_header(header, header_auth, raw_header, data_key): """Validates the header using the header authentication data. :param header: Deserialized header :type header: aws_encryption_sdk.structures.MessageHeader :param header_auth: Deserialized header auth :type header_auth: aws_encryption_sdk.internal.structures.MessageHeaderAuthentication :type stream: io.BytesIO :param bytes raw_header: Raw header bytes :param bytes data_key: Data key with which to perform validation :raises SerializationError: if header authorization fails """ _LOGGER.debug("Starting header validation") try: decrypt( algorithm=header.algorithm, key=data_key, encrypted_data=EncryptedData(header_auth.iv, b"", header_auth.tag), associated_data=raw_header, ) except InvalidTag: raise SerializationError("Header authorization failed")
Example #2
Source File: crypto.py From tattle with Mozilla Public License 2.0 | 5 votes |
def decrypt_data(raw, keys=None): """ Decrypt data using the given keys :param raw: data to decrypt :param keys: list of encryption keys :return: """ offset = 0 version, = struct.unpack('>B', raw[0:VER_SIZE]) offset += VER_SIZE nonce = raw[offset:offset + IV_SIZE] offset += IV_SIZE tag = raw[offset:offset + TAG_SIZE] offset += TAG_SIZE cipher_text = raw[offset:] for key in keys: validate_key(key) cipher = ciphers.Cipher(algorithms.AES(key), modes.GCM(nonce, tag), backend=backends.default_backend()) decryptor = cipher.decryptor() try: plain_text = decryptor.update(cipher_text) + decryptor.finalize() except (exceptions.InvalidTag, exceptions.InvalidKey): continue return plain_text raise DecryptError("Failed to decrypt data")
Example #3
Source File: test_deserialize.py From aws-encryption-sdk-python with Apache License 2.0 | 5 votes |
def test_validate_header_invalid(self): """Validate that the validate_header function behaves as expected for a valid header. """ self.mock_decrypt.side_effect = InvalidTag() with pytest.raises(SerializationError) as excinfo: aws_encryption_sdk.internal.formatting.deserialize.validate_header( header=VALUES["deserialized_header_block"], header_auth=VALUES["deserialized_header_auth_block"], raw_header=VALUES["header"], data_key=VALUES["data_key_obj"], ) excinfo.match("Header authorization failed")
Example #4
Source File: cipher_aead.py From scapy with GNU General Public License v2.0 | 5 votes |
def auth_decrypt(self, A, C, seq_num): """ Decrypt the data and verify the authentication code (in this order). If the verification fails, an AEADTagError is raised. It is the user's responsibility to catch it if deemed useful. If we lack the key, we raise a CipherError which contains the encrypted input. """ C, mac = C[:-self.tag_len], C[-self.tag_len:] if False in six.itervalues(self.ready): raise CipherError(C, mac) if hasattr(self, "pc_cls"): self._cipher.mode._initialization_vector = self._get_nonce(seq_num) self._cipher.mode._tag = mac decryptor = self._cipher.decryptor() decryptor.authenticate_additional_data(A) P = decryptor.update(C) try: decryptor.finalize() except InvalidTag: raise AEADTagError(P, mac) else: try: if (conf.crypto_valid_advanced and isinstance(self._cipher, AESCCM)): P = self._cipher.decrypt(self._get_nonce(seq_num), C + mac, A) # noqa: E501 else: if (conf.crypto_valid_advanced and isinstance(self, Cipher_CHACHA20_POLY1305)): A += struct.pack("!H", len(C)) P = self._cipher.decrypt(self._get_nonce(seq_num), C + mac, A) # noqa: E501 except InvalidTag: raise AEADTagError("<unauthenticated data>", mac) return P, mac
Example #5
Source File: connection.py From noiseprotocol with MIT License | 5 votes |
def decrypt(self, data: bytes) -> bytes: if not self.handshake_finished: raise NoiseHandshakeError('Handshake not finished yet!') if not isinstance(data, bytes) or len(data) > MAX_MESSAGE_LEN: raise NoiseInvalidMessage('Data must be bytes and less or equal {} bytes in length'.format(MAX_MESSAGE_LEN)) try: return self.noise_protocol.cipher_state_decrypt.decrypt_with_ad(None, data) except InvalidTag: raise NoiseInvalidMessage('Failed authentication of message')
Example #6
Source File: pre.py From pyUmbral with GNU General Public License v3.0 | 5 votes |
def decrypt(ciphertext: bytes, capsule: Capsule, decrypting_key: UmbralPrivateKey, check_proof: bool = True) -> bytes: """ Opens the capsule and gets what's inside. We hope that's a symmetric key, which we use to decrypt the ciphertext and return the resulting cleartext. """ if not isinstance(ciphertext, bytes) or len(ciphertext) < DEM_NONCE_SIZE: raise ValueError("Input ciphertext must be a bytes object of length >= {}".format(DEM_NONCE_SIZE)) elif not isinstance(capsule, Capsule) or not capsule.verify(): raise Capsule.NotValid elif not isinstance(decrypting_key, UmbralPrivateKey): raise TypeError("The decrypting key is not an UmbralPrivateKey") if capsule._attached_cfrags: # Since there are cfrags attached, we assume this is Bob opening the Capsule. # (i.e., this is a re-encrypted capsule) encapsulated_key = _open_capsule(capsule, decrypting_key, check_proof=check_proof) else: # Since there aren't cfrags attached, we assume this is Alice opening the Capsule. # (i.e., this is an original capsule) encapsulated_key = _decapsulate_original(decrypting_key, capsule) dem = UmbralDEM(encapsulated_key) try: cleartext = dem.decrypt(ciphertext, authenticated_data=bytes(capsule)) except InvalidTag as e: raise UmbralDecryptionError() from e return cleartext
Example #7
Source File: test_dem.py From pyUmbral with GNU General Public License v3.0 | 5 votes |
def test_encrypt_decrypt_associated_data(): key = os.urandom(32) aad = b'secret code 1234' dem = UmbralDEM(key) plaintext = b'peace at dawn' ciphertext0 = dem.encrypt(plaintext, authenticated_data=aad) ciphertext1 = dem.encrypt(plaintext, authenticated_data=aad) assert ciphertext0 != plaintext assert ciphertext1 != plaintext assert ciphertext0 != ciphertext1 assert ciphertext0[:DEM_NONCE_SIZE] != ciphertext1[:DEM_NONCE_SIZE] cleartext0 = dem.decrypt(ciphertext0, authenticated_data=aad) cleartext1 = dem.decrypt(ciphertext1, authenticated_data=aad) assert cleartext0 == plaintext assert cleartext1 == plaintext # Attempt decryption with invalid associated data with pytest.raises(InvalidTag): cleartext2 = dem.decrypt(ciphertext0, authenticated_data=b'wrong data')
Example #8
Source File: aegis.py From pass-import with GNU General Public License v3.0 | 4 votes |
def decrypt(self, jsons): """Import file is AES GCM encrypted, let's decrypt it. Based on the import script from Aegis: https://github.com/beemdevelopment/Aegis/blob/master/scripts/decrypt.py Format documentation: https://github.com/beemdevelopment/Aegis/blob/master/docs/vault.md """ if not CRYPTOGRAPHY: raise ImportError(name='cryptography') password = getpassword(self.prefix) master_key = None for slot in jsons['header']['slots']: if slot['type'] != 1: continue kdf = Scrypt(salt=bytes.fromhex(slot['salt']), length=32, n=slot['n'], r=slot['r'], p=slot['p'], backend=default_backend()) key = kdf.derive(password.encode("utf-8")) cipher = AESGCM(key) param = slot['key_params'] try: nonce = bytes.fromhex(param['nonce']) data = bytes.fromhex(slot['key']) + bytes.fromhex(param['tag']) master_key = cipher.decrypt(nonce=nonce, data=data, associated_data=None) except InvalidTag: # pragma: no cover pass if master_key is None: # pragma: no cover raise FormatError("unable to decrypt the master key.") cipher = AESGCM(master_key) param = jsons['header']['params'] content = base64.b64decode(jsons['db']) + bytes.fromhex(param['tag']) plain = cipher.decrypt(nonce=bytes.fromhex(param['nonce']), data=content, associated_data=None) return plain.decode('utf-8')
Example #9
Source File: payload.py From py-ipv8 with GNU Lesser General Public License v3.0 | 4 votes |
def decrypt(self, crypto, circuit=None, relay_session_keys=None): if self.plaintext: return if circuit: if not circuit.hops: raise CryptoException("Error decrypting message for 0-hop circuit %d" % self.circuit_id) # Remove all the encryption layers for layer, hop in enumerate(circuit.hops): try: self.message = crypto.decrypt_str(self.message, hop.session_keys[ORIGINATOR], hop.session_keys[ORIGINATOR_SALT]) except InvalidTag as e: raise CryptoException("Got exception %r when trying to remove encryption layer %s " "for message: %r received for circuit_id: %s, circuit_hops: %r" % (e, layer, self.message, self.circuit_id, circuit.hops)) if circuit.hs_session_keys and circuit.ctype in [CIRCUIT_TYPE_RP_SEEDER, CIRCUIT_TYPE_RP_DOWNLOADER]: direction = int(circuit.ctype == CIRCUIT_TYPE_RP_DOWNLOADER) direction_salt = direction + 2 self.message = crypto.decrypt_str(self.message, circuit.hs_session_keys[direction], circuit.hs_session_keys[direction_salt]) elif relay_session_keys: try: self.message = crypto.decrypt_str(self.message, relay_session_keys[EXIT_NODE], relay_session_keys[EXIT_NODE_SALT]) except InvalidTag as e: # Reasons that can cause this: # - The introductionpoint circuit is extended with a candidate # that is already part of the circuit, causing a crypto error. # Should not happen anyway, thorough analysis of the debug log # may reveal why and how this candidate is discovered. # - The pubkey of the introduction point changed (e.g. due to a # restart), while other peers in the network are still exchanging # the old key information. # - A hostile peer may have forged the key of a candidate while # pexing information about candidates, thus polluting the network # with wrong information. I doubt this is the case but it's # possible. :) # (from https://github.com/Tribler/tribler/issues/1932#issuecomment-182035383) raise CryptoException("Got exception %r when trying to decrypt relay message: " "cell received for circuit_id: %s" % (e, self.circuit_id)) else: raise CryptoException("Error decrypting message for unknown circuit %d" % self.circuit_id)
Example #10
Source File: cipher_aead.py From scapy with GNU General Public License v2.0 | 4 votes |
def auth_decrypt(self, A, C, seq_num=None, add_length=True): """ Decrypt the data and authenticate the associated data (i.e. A). If the verification fails, an AEADTagError is raised. It is the user's responsibility to catch it if deemed useful. If we lack the key, we raise a CipherError which contains the encrypted input. Note that we add the TLSCiphertext length to A although we're supposed to add the TLSCompressed length. Fortunately, they are the same, but the specifications actually messed up here. :'( The 'add_length' switch should always be True for TLS, but we provide it anyway (mostly for test cases, hum). The 'seq_num' should never be used here, it is only a safeguard needed because one cipher (ChaCha20Poly1305) using TLS 1.2 logic in record.py actually is a _AEADCipher_TLS13 (even though others are not). """ nonce_explicit_str, C, mac = (C[:self.nonce_explicit_len], C[self.nonce_explicit_len:-self.tag_len], C[-self.tag_len:]) if False in six.itervalues(self.ready): raise CipherError(nonce_explicit_str, C, mac) self.nonce_explicit = pkcs_os2ip(nonce_explicit_str) if add_length: A += struct.pack("!H", len(C)) if hasattr(self, "pc_cls"): self._cipher.mode._initialization_vector = self._get_nonce() self._cipher.mode._tag = mac decryptor = self._cipher.decryptor() decryptor.authenticate_additional_data(A) P = decryptor.update(C) try: decryptor.finalize() except InvalidTag: raise AEADTagError(nonce_explicit_str, P, mac) else: try: P = self._cipher.decrypt(self._get_nonce(), C + mac, A) except InvalidTag: raise AEADTagError(nonce_explicit_str, "<unauthenticated data>", mac) return nonce_explicit_str, P, mac
Example #11
Source File: ipsec.py From scapy with GNU General Public License v2.0 | 4 votes |
def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): """ Decrypt an ESP packet :param sa: the SecurityAssociation associated with the ESP packet. :param esp: an encrypted ESP packet :param key: the secret key used for encryption :param icv_size: the length of the icv used for integrity check :param esn_en: extended sequence number enable which allows to use 64-bit sequence number instead of 32-bit when using an AEAD algorithm :param esn: extended sequence number (32 MSB) :returns: a valid ESP packet encrypted with this algorithm :raise scapy.layers.ipsec.IPSecIntegrityError: if the integrity check fails with an AEAD algorithm """ if icv_size is None: icv_size = self.icv_size if self.is_aead else 0 iv = esp.data[:self.iv_size] data = esp.data[self.iv_size:len(esp.data) - icv_size] icv = esp.data[len(esp.data) - icv_size:] if self.cipher: mode_iv = self._format_mode_iv(sa=sa, iv=iv) cipher = self.new_cipher(key, mode_iv, icv) decryptor = cipher.decryptor() if self.is_aead: # Tag value check is done during the finalize method if esn_en: decryptor.authenticate_additional_data( struct.pack('!LLL', esp.spi, esn, esp.seq)) else: decryptor.authenticate_additional_data( struct.pack('!LL', esp.spi, esp.seq)) try: data = decryptor.update(data) + decryptor.finalize() except InvalidTag as err: raise IPSecIntegrityError(err) # extract padlen and nh padlen = orb(data[-2]) nh = orb(data[-1]) # then use padlen to determine data and padding data = data[:len(data) - padlen - 2] padding = data[len(data) - padlen - 2: len(data) - 2] return _ESPPlain(spi=esp.spi, seq=esp.seq, iv=iv, data=data, padding=padding, padlen=padlen, nh=nh, icv=icv) ############################################################################### # The names of the encryption algorithms are the same than in scapy.contrib.ikev2 # noqa: E501 # see http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
Example #12
Source File: ipsec.py From kamene with GNU General Public License v2.0 | 4 votes |
def decrypt(self, esp, key, icv_size=None): """ Decrypt an ESP packet @param esp: an encrypted ESP packet @param key: the secret key used for encryption @param icv_size: the length of the icv used for integrity check @return: a valid ESP packet encrypted with this algorithm @raise IPSecIntegrityError: if the integrity check fails with an AEAD algorithm """ if icv_size is None: icv_size = self.icv_size if self.is_aead else 0 iv = esp.data[:self.iv_size] data = esp.data[self.iv_size:len(esp.data) - icv_size] icv = esp.data[len(esp.data) - icv_size:] if self.cipher: cipher = self.new_cipher(key, iv, icv) decryptor = cipher.decryptor() if self.is_aead: # Tag value check is done during the finalize method decryptor.authenticate_additional_data( struct.pack('!LL', esp.spi, esp.seq) ) try: data = decryptor.update(data) + decryptor.finalize() except InvalidTag as err: raise IPSecIntegrityError(err) # extract padlen and nh padlen = (data[-2]) nh = data[-1] # then use padlen to determine data and padding data = data[:len(data) - padlen - 2] padding = data[len(data) - padlen - 2: len(data) - 2] return _ESPPlain(spi=esp.spi, seq=esp.seq, iv=iv, data=data, padding=padding, padlen=padlen, nh=nh, icv=icv) #------------------------------------------------------------------------------ # The names of the encryption algorithms are the same than in kamene.contrib.ikev2 # see http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
Example #13
Source File: ipsec.py From arissploit with GNU General Public License v3.0 | 4 votes |
def decrypt(self, esp, key, icv_size=None): """ Decrypt an ESP packet @param esp: an encrypted ESP packet @param key: the secret key used for encryption @param icv_size: the length of the icv used for integrity check @return: a valid ESP packet encrypted with this algorithm @raise IPSecIntegrityError: if the integrity check fails with an AEAD algorithm """ if icv_size is None: icv_size = self.icv_size if self.is_aead else 0 iv = esp.data[:self.iv_size] data = esp.data[self.iv_size:len(esp.data) - icv_size] icv = esp.data[len(esp.data) - icv_size:] if self.cipher: cipher = self.new_cipher(key, iv, icv) decryptor = cipher.decryptor() if self.is_aead: # Tag value check is done during the finalize method decryptor.authenticate_additional_data( struct.pack('!LL', esp.spi, esp.seq) ) try: data = decryptor.update(data) + decryptor.finalize() except InvalidTag as err: raise IPSecIntegrityError(err) # extract padlen and nh padlen = (data[-2]) nh = data[-1] # then use padlen to determine data and padding data = data[:len(data) - padlen - 2] padding = data[len(data) - padlen - 2: len(data) - 2] return _ESPPlain(spi=esp.spi, seq=esp.seq, iv=iv, data=data, padding=padding, padlen=padlen, nh=nh, icv=icv) #------------------------------------------------------------------------------ # The names of the encryption algorithms are the same than in scapy.contrib.ikev2 # see http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml