Python Crypto.Cipher.AES.MODE_CCM Examples

The following are 30 code examples of Crypto.Cipher.AES.MODE_CCM(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module Crypto.Cipher.AES , or try the search function .
Example #1
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 8 votes vote down vote up
def test_mac_len(self):
        # Invalid MAC length
        for mac_len in range(3, 17 + 1, 2):
            self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_CCM,
                              nonce=self.nonce_96, mac_len=mac_len)

        # Valid MAC length
        for mac_len in range(4, 16 + 1, 2):
            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                             mac_len=mac_len)
            _, mac = cipher.encrypt_and_digest(self.data_128)
            self.assertEqual(len(mac), mac_len)

        # Default MAC length
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        _, mac = cipher.encrypt_and_digest(self.data_128)
        self.assertEqual(len(mac), 16) 
Example #2
Source File: test_CCM.py    From android_universal with MIT License 8 votes vote down vote up
def test_output_param_neg(self):

        pt = b'5' * 16
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        ct = cipher.encrypt(pt)

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.encrypt, pt, output=b'0'*16)
        
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.decrypt, ct, output=b'0'*16)

        shorter_output = bytearray(15)
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(ValueError, cipher.encrypt, pt, output=shorter_output)
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(ValueError, cipher.decrypt, ct, output=shorter_output) 
Example #3
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 7 votes vote down vote up
def test_loopback_128(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        pt = get_tag_random("plaintext", 16 * 100)
        ct = cipher.encrypt(pt)

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        pt2 = cipher.decrypt(ct)
        self.assertEqual(pt, pt2) 
Example #4
Source File: test_CCM.py    From android_universal with MIT License 6 votes vote down vote up
def test_invalid_decrypt_or_update_after_verify(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        ct = cipher.encrypt(self.data_128)
        mac = cipher.digest()

        for method_name in "decrypt", "update":
            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
            cipher.decrypt(ct)
            cipher.verify(mac)
            self.assertRaises(TypeError, getattr(cipher, method_name),
                              self.data_128)

            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
            cipher.decrypt_and_verify(ct, mac)
            self.assertRaises(TypeError, getattr(cipher, method_name),
                              self.data_128) 
Example #5
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_invalid_decrypt_or_update_after_verify(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        ct = cipher.encrypt(self.data_128)
        mac = cipher.digest()

        for method_name in "decrypt", "update":
            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
            cipher.decrypt(ct)
            cipher.verify(mac)
            self.assertRaises(TypeError, getattr(cipher, method_name),
                              self.data_128)

            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
            cipher.decrypt_and_verify(ct, mac)
            self.assertRaises(TypeError, getattr(cipher, method_name),
                              self.data_128) 
Example #6
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_output_param_neg(self):

        pt = b'5' * 16
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        ct = cipher.encrypt(pt)

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.encrypt, pt, output=b'0'*16)
        
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.decrypt, ct, output=b'0'*16)

        shorter_output = bytearray(15)
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(ValueError, cipher.encrypt, pt, output=shorter_output)
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(ValueError, cipher.decrypt, ct, output=shorter_output) 
Example #7
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_valid_init_update_digest_verify(self):
        # No plaintext, fixed authenticated data
        for assoc_len in (None, len(self.data_128)):
            for msg_len in (None, 0):
                # Verify path INIT->UPDATE->DIGEST
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                mac = cipher.digest()

                # Verify path INIT->UPDATE->VERIFY
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                cipher.verify(mac) 
Example #8
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_valid_full_path(self):
        # Fixed authenticated data, fixed plaintext
        for assoc_len in (None, len(self.data_128)):
            for msg_len in (None, len(self.data_128)):
                # Verify path INIT->UPDATE->ENCRYPT->DIGEST
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                ct = cipher.encrypt(self.data_128)
                mac = cipher.digest()

                # Verify path INIT->UPDATE->DECRYPT->VERIFY
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                cipher.decrypt(ct)
                cipher.verify(mac) 
Example #9
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_valid_multiple_encrypt_or_decrypt(self):
        # Only possible if msg_len is declared in advance
        for method_name in "encrypt", "decrypt":
            for auth_data in (None, b"333", self.data_128,
                              self.data_128 + b"3"):
                if auth_data is None:
                    assoc_len = None
                else:
                    assoc_len = len(auth_data)
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 msg_len=64,
                                 assoc_len=assoc_len)
                if auth_data is not None:
                    cipher.update(auth_data)
                method = getattr(cipher, method_name)
                method(self.data_128)
                method(self.data_128)
                method(self.data_128)
                method(self.data_128) 
Example #10
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_encrypt(self, tv):
        self._id = "Wycheproof Encrypt CCM Test #" + str(tv.id)

        try:
            cipher = AES.new(tv.key, AES.MODE_CCM, tv.iv, mac_len=tv.tag_size,
                    **self._extra_params)
        except ValueError as e:
            if len(tv.iv) not in range(7, 13 + 1, 2) and "Length of parameter 'nonce'" in str(e):
                assert not tv.valid
                return
            if tv.tag_size not in range(4, 16 + 1, 2) and "Parameter 'mac_len'" in str(e):
                assert not tv.valid
                return
            raise e

        cipher.update(tv.aad)
        ct, tag = cipher.encrypt_and_digest(tv.msg)
        if tv.valid:
            self.assertEqual(ct, tv.ct)
            self.assertEqual(tag, tv.tag)
            self.warn(tv) 
Example #11
Source File: test_CCM.py    From FODI with GNU General Public License v3.0 6 votes vote down vote up
def test_decrypt(self, tv):
        self._id = "Wycheproof Decrypt CCM Test #" + str(tv.id)

        try:
            cipher = AES.new(tv.key, AES.MODE_CCM, tv.iv, mac_len=tv.tag_size,
                    **self._extra_params)
        except ValueError as e:
            if len(tv.iv) not in range(7, 13 + 1, 2) and "Length of parameter 'nonce'" in str(e):
                assert not tv.valid
                return
            if tv.tag_size not in range(4, 16 + 1, 2) and "Parameter 'mac_len'" in str(e):
                assert not tv.valid
                return
            raise e

        cipher.update(tv.aad)
        try:
            pt = cipher.decrypt_and_verify(tv.ct, tv.tag)
        except ValueError:
            assert not tv.valid
        else:
            assert tv.valid
            self.assertEqual(pt, tv.msg)
            self.warn(tv) 
Example #12
Source File: test_CCM.py    From android_universal with MIT License 6 votes vote down vote up
def test_mac_len(self):
        # Invalid MAC length
        for mac_len in range(3, 17 + 1, 2):
            self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_CCM,
                              nonce=self.nonce_96, mac_len=mac_len)

        # Valid MAC length
        for mac_len in range(4, 16 + 1, 2):
            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                             mac_len=mac_len)
            _, mac = cipher.encrypt_and_digest(self.data_128)
            self.assertEqual(len(mac), mac_len)

        # Default MAC length
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        _, mac = cipher.encrypt_and_digest(self.data_128)
        self.assertEqual(len(mac), 16) 
Example #13
Source File: test_CCM.py    From android_universal with MIT License 6 votes vote down vote up
def test_valid_init_update_digest_verify(self):
        # No plaintext, fixed authenticated data
        for assoc_len in (None, len(self.data_128)):
            for msg_len in (None, 0):
                # Verify path INIT->UPDATE->DIGEST
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                mac = cipher.digest()

                # Verify path INIT->UPDATE->VERIFY
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                cipher.verify(mac) 
Example #14
Source File: test_CCM.py    From android_universal with MIT License 6 votes vote down vote up
def test_valid_full_path(self):
        # Fixed authenticated data, fixed plaintext
        for assoc_len in (None, len(self.data_128)):
            for msg_len in (None, len(self.data_128)):
                # Verify path INIT->UPDATE->ENCRYPT->DIGEST
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                ct = cipher.encrypt(self.data_128)
                mac = cipher.digest()

                # Verify path INIT->UPDATE->DECRYPT->VERIFY
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 assoc_len=assoc_len,
                                 msg_len=msg_len)
                cipher.update(self.data_128)
                cipher.decrypt(ct)
                cipher.verify(mac) 
Example #15
Source File: test_CCM.py    From android_universal with MIT License 6 votes vote down vote up
def test_valid_multiple_encrypt_or_decrypt(self):
        # Only possible if msg_len is declared in advance
        for method_name in "encrypt", "decrypt":
            for auth_data in (None, b"333", self.data_128,
                              self.data_128 + b"3"):
                if auth_data is None:
                    assoc_len = None
                else:
                    assoc_len = len(auth_data)
                cipher = AES.new(self.key_128, AES.MODE_CCM,
                                 nonce=self.nonce_96,
                                 msg_len=64,
                                 assoc_len=assoc_len)
                if auth_data is not None:
                    cipher.update(auth_data)
                method = getattr(cipher, method_name)
                method(self.data_128)
                method(self.data_128)
                method(self.data_128)
                method(self.data_128) 
Example #16
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_valid_encrypt_and_digest_decrypt_and_verify(self):
        # encrypt_and_digest
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.update(self.data_128)
        ct, mac = cipher.encrypt_and_digest(self.data_128)

        # decrypt_and_verify
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.update(self.data_128)
        pt = cipher.decrypt_and_verify(ct, mac)
        self.assertEqual(self.data_128, pt) 
Example #17
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_valid_init_verify(self):
        # Verify path INIT->VERIFY
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        mac = cipher.digest()

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.verify(mac) 
Example #18
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_longer_assoc_data_than_declared(self):
        # More than zero
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                         assoc_len=0)
        self.assertRaises(ValueError, cipher.update, b"1")

        # Too large
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                         assoc_len=15)
        self.assertRaises(ValueError, cipher.update, self.data_128) 
Example #19
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_hex_mac(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        mac_hex = cipher.hexdigest()
        self.assertEqual(cipher.digest(), unhexlify(mac_hex))

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.hexverify(mac_hex) 
Example #20
Source File: cryptutils.py    From edl with MIT License 5 votes vote down vote up
def aes_ccm(self, key, nounce, tag_auth, data, decrypt=True):
            cipher = AES.new(key, AES.MODE_CCM, nounce)
            if decrypt:
                plaintext = cipher.decrypt(data)
                try:
                    cipher.verify(tag_auth)
                    return plaintext
                except ValueError:
                    return None
            else:
                ciphertext = cipher.encrypt(data)
                return ciphertext 
Example #21
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_data_must_be_bytes(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.encrypt, u'test1234567890-*')

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertRaises(TypeError, cipher.decrypt, u'test1234567890-*') 
Example #22
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_either_encrypt_or_decrypt(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.encrypt(b"")
        self.assertRaises(TypeError, cipher.decrypt, b"")

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.decrypt(b"")
        self.assertRaises(TypeError, cipher.encrypt, b"") 
Example #23
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_null_encryption_decryption(self):
        for func in "encrypt", "decrypt":
            cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
            result = getattr(cipher, func)(b"")
            self.assertEqual(result, b"") 
Example #24
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_unknown_parameters(self):
        self.assertRaises(TypeError, AES.new, self.key_128, AES.MODE_CCM,
                          self.nonce_96, 7)
        self.assertRaises(TypeError, AES.new, self.key_128, AES.MODE_CCM,
                          nonce=self.nonce_96, unknown=7)

        # But some are only known by the base cipher
        # (e.g. use_aesni consumed by the AES module)
        AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                use_aesni=False) 
Example #25
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_block_size(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertEqual(cipher.block_size, AES.block_size) 
Example #26
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_nonce_length(self):
        self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_CCM,
                          nonce=b"")
        self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_CCM,
                          nonce=bchr(1) * 6)
        self.assertRaises(ValueError, AES.new, self.key_128, AES.MODE_CCM,
                          nonce=bchr(1) * 14)
        for x in range(7, 13 + 1):
            AES.new(self.key_128, AES.MODE_CCM, nonce=bchr(1) * x) 
Example #27
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_nonce_must_be_bytes(self):
        self.assertRaises(TypeError, AES.new, self.key_128, AES.MODE_CCM,
                          nonce=u'test12345678') 
Example #28
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_nonce(self):
        # If not passed, the nonce is created randomly
        cipher = AES.new(self.key_128, AES.MODE_CCM)
        nonce1 = cipher.nonce
        cipher = AES.new(self.key_128, AES.MODE_CCM)
        nonce2 = cipher.nonce
        self.assertEqual(len(nonce1), 11)
        self.assertNotEqual(nonce1, nonce2)

        cipher = AES.new(self.key_128, AES.MODE_CCM, self.nonce_96)
        ct = cipher.encrypt(self.data_128)

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        self.assertEquals(ct, cipher.encrypt(self.data_128)) 
Example #29
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_loopback_128(self):
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        pt = get_tag_random("plaintext", 16 * 100)
        ct = cipher.encrypt(pt)

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        pt2 = cipher.decrypt(ct)
        self.assertEqual(pt, pt2) 
Example #30
Source File: test_CCM.py    From android_universal with MIT License 5 votes vote down vote up
def test_shorter_assoc_data_than_expected(self):
        # With plaintext
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                         assoc_len=17)
        cipher.update(self.data_128)
        self.assertRaises(ValueError, cipher.encrypt, self.data_128)

        # With empty plaintext
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                         assoc_len=17)
        cipher.update(self.data_128)
        self.assertRaises(ValueError, cipher.digest)

        # With ciphertext
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                         assoc_len=17)
        cipher.update(self.data_128)
        self.assertRaises(ValueError, cipher.decrypt, self.data_128)

        # With empty ciphertext
        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96)
        cipher.update(self.data_128)
        mac = cipher.digest()

        cipher = AES.new(self.key_128, AES.MODE_CCM, nonce=self.nonce_96,
                         assoc_len=17)
        cipher.update(self.data_128)
        self.assertRaises(ValueError, cipher.verify, mac)