First commit
This commit is contained in:
commit
236b0b319a
|
@ -0,0 +1,116 @@
|
|||
CC0 1.0 Universal
|
||||
|
||||
Statement of Purpose
|
||||
|
||||
The laws of most jurisdictions throughout the world automatically confer
|
||||
exclusive Copyright and Related Rights (defined below) upon the creator and
|
||||
subsequent owner(s) (each and all, an "owner") of an original work of
|
||||
authorship and/or a database (each, a "Work").
|
||||
|
||||
Certain owners wish to permanently relinquish those rights to a Work for the
|
||||
purpose of contributing to a commons of creative, cultural and scientific
|
||||
works ("Commons") that the public can reliably and without fear of later
|
||||
claims of infringement build upon, modify, incorporate in other works, reuse
|
||||
and redistribute as freely as possible in any form whatsoever and for any
|
||||
purposes, including without limitation commercial purposes. These owners may
|
||||
contribute to the Commons to promote the ideal of a free culture and the
|
||||
further production of creative, cultural and scientific works, or to gain
|
||||
reputation or greater distribution for their Work in part through the use and
|
||||
efforts of others.
|
||||
|
||||
For these and/or other purposes and motivations, and without any expectation
|
||||
of additional consideration or compensation, the person associating CC0 with a
|
||||
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
|
||||
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
|
||||
and publicly distribute the Work under its terms, with knowledge of his or her
|
||||
Copyright and Related Rights in the Work and the meaning and intended legal
|
||||
effect of CC0 on those rights.
|
||||
|
||||
1. Copyright and Related Rights. A Work made available under CC0 may be
|
||||
protected by copyright and related or neighboring rights ("Copyright and
|
||||
Related Rights"). Copyright and Related Rights include, but are not limited
|
||||
to, the following:
|
||||
|
||||
i. the right to reproduce, adapt, distribute, perform, display, communicate,
|
||||
and translate a Work;
|
||||
|
||||
ii. moral rights retained by the original author(s) and/or performer(s);
|
||||
|
||||
iii. publicity and privacy rights pertaining to a person's image or likeness
|
||||
depicted in a Work;
|
||||
|
||||
iv. rights protecting against unfair competition in regards to a Work,
|
||||
subject to the limitations in paragraph 4(a), below;
|
||||
|
||||
v. rights protecting the extraction, dissemination, use and reuse of data in
|
||||
a Work;
|
||||
|
||||
vi. database rights (such as those arising under Directive 96/9/EC of the
|
||||
European Parliament and of the Council of 11 March 1996 on the legal
|
||||
protection of databases, and under any national implementation thereof,
|
||||
including any amended or successor version of such directive); and
|
||||
|
||||
vii. other similar, equivalent or corresponding rights throughout the world
|
||||
based on applicable law or treaty, and any national implementations thereof.
|
||||
|
||||
2. Waiver. To the greatest extent permitted by, but not in contravention of,
|
||||
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
|
||||
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
|
||||
and Related Rights and associated claims and causes of action, whether now
|
||||
known or unknown (including existing as well as future claims and causes of
|
||||
action), in the Work (i) in all territories worldwide, (ii) for the maximum
|
||||
duration provided by applicable law or treaty (including future time
|
||||
extensions), (iii) in any current or future medium and for any number of
|
||||
copies, and (iv) for any purpose whatsoever, including without limitation
|
||||
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
|
||||
the Waiver for the benefit of each member of the public at large and to the
|
||||
detriment of Affirmer's heirs and successors, fully intending that such Waiver
|
||||
shall not be subject to revocation, rescission, cancellation, termination, or
|
||||
any other legal or equitable action to disrupt the quiet enjoyment of the Work
|
||||
by the public as contemplated by Affirmer's express Statement of Purpose.
|
||||
|
||||
3. Public License Fallback. Should any part of the Waiver for any reason be
|
||||
judged legally invalid or ineffective under applicable law, then the Waiver
|
||||
shall be preserved to the maximum extent permitted taking into account
|
||||
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
|
||||
is so judged Affirmer hereby grants to each affected person a royalty-free,
|
||||
non transferable, non sublicensable, non exclusive, irrevocable and
|
||||
unconditional license to exercise Affirmer's Copyright and Related Rights in
|
||||
the Work (i) in all territories worldwide, (ii) for the maximum duration
|
||||
provided by applicable law or treaty (including future time extensions), (iii)
|
||||
in any current or future medium and for any number of copies, and (iv) for any
|
||||
purpose whatsoever, including without limitation commercial, advertising or
|
||||
promotional purposes (the "License"). The License shall be deemed effective as
|
||||
of the date CC0 was applied by Affirmer to the Work. Should any part of the
|
||||
License for any reason be judged legally invalid or ineffective under
|
||||
applicable law, such partial invalidity or ineffectiveness shall not
|
||||
invalidate the remainder of the License, and in such case Affirmer hereby
|
||||
affirms that he or she will not (i) exercise any of his or her remaining
|
||||
Copyright and Related Rights in the Work or (ii) assert any associated claims
|
||||
and causes of action with respect to the Work, in either case contrary to
|
||||
Affirmer's express Statement of Purpose.
|
||||
|
||||
4. Limitations and Disclaimers.
|
||||
|
||||
a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
||||
surrendered, licensed or otherwise affected by this document.
|
||||
|
||||
b. Affirmer offers the Work as-is and makes no representations or warranties
|
||||
of any kind concerning the Work, express, implied, statutory or otherwise,
|
||||
including without limitation warranties of title, merchantability, fitness
|
||||
for a particular purpose, non infringement, or the absence of latent or
|
||||
other defects, accuracy, or the present or absence of errors, whether or not
|
||||
discoverable, all to the greatest extent permissible under applicable law.
|
||||
|
||||
c. Affirmer disclaims responsibility for clearing rights of other persons
|
||||
that may apply to the Work or any use thereof, including without limitation
|
||||
any person's Copyright and Related Rights in the Work. Further, Affirmer
|
||||
disclaims responsibility for obtaining any necessary consents, permissions
|
||||
or other rights required for any use of the Work.
|
||||
|
||||
d. Affirmer understands and acknowledges that Creative Commons is not a
|
||||
party to this document and has no duty or obligation with respect to this
|
||||
CC0 or use of the Work.
|
||||
|
||||
For more information, please see
|
||||
<http://creativecommons.org/publicdomain/zero/1.0/>
|
|
@ -0,0 +1,216 @@
|
|||
#!/usr/bin/env python3
|
||||
import hashlib
|
||||
import secrets
|
||||
import sys
|
||||
|
||||
sha256_blocksize = hashlib.sha256().block_size
|
||||
sha256_outputsize = hashlib.sha256().digest_size
|
||||
|
||||
def xor(x, y):
|
||||
assert len(x) == len(y)
|
||||
for a, b in zip(x, y):
|
||||
yield a ^ b
|
||||
|
||||
def hmac_sha256(key, message):
|
||||
# Handle long keys
|
||||
# Makes the key the length of hash output
|
||||
if len(key) > sha256_blocksize:
|
||||
key = sha256(key)
|
||||
|
||||
# Handle short keys
|
||||
# An if, not an elif, since output size < blocksize
|
||||
if len(key) < sha256_blocksize:
|
||||
key = key + b'\x00' * (sha256_blocksize - len(key))
|
||||
|
||||
ipad = b'\x36' * sha256_blocksize
|
||||
|
||||
# Do inner hash
|
||||
m = hashlib.sha256()
|
||||
m.update(bytes(xor(key, ipad)))
|
||||
m.update(message)
|
||||
inner = m.digest()
|
||||
|
||||
opad = b'\x5c' * sha256_blocksize
|
||||
|
||||
# Do outer hash
|
||||
m = hashlib.sha256()
|
||||
m.update(bytes(xor(key, opad)))
|
||||
m.update(inner)
|
||||
outer = m.digest()
|
||||
|
||||
return outer
|
||||
|
||||
def ceildiv(p, q):
|
||||
assert p >= 0
|
||||
assert q > 0
|
||||
truncated_result = p // q
|
||||
remainder = p % q
|
||||
if remainder > 0:
|
||||
return truncated_result + 1
|
||||
else:
|
||||
return truncated_result
|
||||
|
||||
def hkdf_sha256(salt, key_material, info, length):
|
||||
assert length <= 255
|
||||
|
||||
# Extract
|
||||
if salt == b'':
|
||||
salt = b'\x00' * sha256_outputsize
|
||||
pseudorandom_key = hmac_sha256(salt, key_material)
|
||||
|
||||
# Expand
|
||||
# output[n] corresponds to the T(n) in RFC5869
|
||||
# Since T(0) is an empty string, initialize output as [b'']
|
||||
output = [b'']
|
||||
|
||||
# In RFC5869 the indices for the parts we compute are in 1…N, but
|
||||
# range(ceildiv(length, sha256_outputsize)) generates 0…N-1
|
||||
for index_minus_one in range(ceildiv(length, sha256_outputsize)):
|
||||
index = index_minus_one + 1
|
||||
output.append(hmac_sha256(pseudorandom_key, output[index_minus_one] + info + bytes([index])))
|
||||
|
||||
# Cut the output into the size requested
|
||||
return b''.join(output)[:length]
|
||||
|
||||
def hmac_sha256_ctr_keystream(nonce, key):
|
||||
# We encrypt a 512 bit block that consist of a 256 bit nonce and a
|
||||
# 256 bit counter encoded in big-endian format
|
||||
assert len(nonce) == 256//8
|
||||
assert len(key) == 256//8
|
||||
|
||||
def encode_counter(counter):
|
||||
encoded_reverse = bytearray()
|
||||
for i in range(256//8):
|
||||
encoded_reverse.append(counter & 0xff)
|
||||
counter >>= 8
|
||||
return bytes(reversed(encoded_reverse))
|
||||
|
||||
counter = 0
|
||||
while True:
|
||||
yield from hmac_sha256(key, nonce + encode_counter(counter))
|
||||
counter += 1
|
||||
|
||||
def shacrypt_enc(key, plaintext):
|
||||
assert len(key) == 256//8
|
||||
|
||||
# Generate the IVs
|
||||
hkdf_salt = secrets.token_bytes(256//8)
|
||||
cipher_nonce = secrets.token_bytes(256//8)
|
||||
|
||||
# Derive keys
|
||||
keys = hkdf_sha256(hkdf_salt, key, b'', 512//8)
|
||||
del key
|
||||
# Create HMAC key before the encryption one, so that an attacker
|
||||
# needs to run the full HKDF invocation to get to the encryption
|
||||
# key, instead of just half of it which would be the case if they
|
||||
# were the other way around
|
||||
# No idea if this would end up helping against any attack but hey
|
||||
# it's not hurting in the very least
|
||||
hmac_key = keys[:256//8]
|
||||
cipher_key = keys[256//8:]
|
||||
del keys
|
||||
|
||||
# Encrypt
|
||||
ciphered = bytearray()
|
||||
for plaintextbyte, keybyte in zip(plaintext, hmac_sha256_ctr_keystream(cipher_nonce, cipher_key)):
|
||||
ciphered.append(plaintextbyte ^ keybyte)
|
||||
del plaintext
|
||||
del cipher_key
|
||||
|
||||
# HMAC
|
||||
hmac = hmac_sha256(hmac_key, ciphered)
|
||||
del hmac_key
|
||||
|
||||
# Construct the full ciphertext
|
||||
return b''.join((
|
||||
hkdf_salt,
|
||||
cipher_nonce,
|
||||
ciphered,
|
||||
hmac
|
||||
))
|
||||
|
||||
class AuthenticationError(Exception): pass
|
||||
|
||||
def shacrypt_dec(key, ciphertext):
|
||||
assert len(key) == 256//8
|
||||
|
||||
# Extract the IVs
|
||||
hkdf_salt = ciphertext[0:256//8]
|
||||
cipher_nonce = ciphertext[256//8:256//8 + 256//8]
|
||||
|
||||
# Extract the main part of ciphertext
|
||||
ciphered = ciphertext[2 * 256//8:-sha256_outputsize]
|
||||
|
||||
# Extract the expected HMAC
|
||||
expected_hmac = ciphertext[-sha256_outputsize:]
|
||||
|
||||
del ciphertext
|
||||
|
||||
# Derive keys
|
||||
keys = hkdf_sha256(hkdf_salt, key, b'', 512//8)
|
||||
del key
|
||||
# Create HMAC key before the encryption one, so that an attacker
|
||||
# needs to run the full HKDF invocation to get to the encryption
|
||||
# key, instead of just half of it which would be the case if they
|
||||
# were the other way around
|
||||
# No idea if this would end up helping against any attack but hey
|
||||
# it's not hurting in the very least
|
||||
hmac_key = keys[:256//8]
|
||||
cipher_key = keys[256//8:]
|
||||
del keys
|
||||
|
||||
# Verify HMAC
|
||||
hmac = hmac_sha256(hmac_key, ciphered)
|
||||
del hmac_key
|
||||
if not secrets.compare_digest(expected_hmac, hmac):
|
||||
raise AuthenticationError
|
||||
del expected_hmac
|
||||
del hmac
|
||||
|
||||
# Decrypt
|
||||
plaintext = bytearray()
|
||||
for cipheredbyte, keybyte in zip(ciphered, hmac_sha256_ctr_keystream(cipher_nonce, cipher_key)):
|
||||
plaintext.append(cipheredbyte ^ keybyte)
|
||||
del ciphered
|
||||
del cipher_nonce
|
||||
del cipher_key
|
||||
|
||||
return plaintext
|
||||
|
||||
def main():
|
||||
if len(sys.argv) != 3:
|
||||
print('Usage: %s enc|dec key' % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
try:
|
||||
key = bytes.fromhex(sys.argv[2])
|
||||
except ValueError:
|
||||
print('%s: Error: Key must be hex-encoded' % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
if len(key) != 256//8:
|
||||
print('%s: Error: Key must be 256 bits longs' % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
if sys.argv[1] == 'enc':
|
||||
plaintext = sys.stdin.buffer.read()
|
||||
ciphertext = shacrypt_enc(key, plaintext)
|
||||
sys.stdout.buffer.write(ciphertext)
|
||||
|
||||
elif sys.argv[1] == 'dec':
|
||||
ciphertext = sys.stdin.buffer.read()
|
||||
try:
|
||||
plaintext = shacrypt_dec(key, ciphertext)
|
||||
except AuthenticationError:
|
||||
print('%s: Error: HMAC mismatch' % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
sys.stdout.buffer.write(plaintext)
|
||||
|
||||
else:
|
||||
print('Usage: %0 enc|dec key' % sys.argv[0], file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
sys.stdout.buffer.flush()
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue