Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/pskc/aeskw.py
blob: da75a182f3d3261a77525cc32f2c5a86188f60d5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# aeskw.py - implementation of AES key wrapping
# coding: utf-8
#
# Copyright (C) 2014 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA

"""Implement key wrapping as described in RFC 3394."""

from Crypto.Cipher import AES
from Crypto.Util.number import long_to_bytes
from Crypto.Util.strxor import strxor

from pskc.exceptions import EncryptionError, DecryptionError


def _split(value):
    return value[:8], value[8:]


RFC3394_IV = 'a6a6a6a6a6a6a6a6'.decode('hex')


def wrap(plaintext, key):
    """Apply the AES key wrap algorithm to the plaintext."""

    if len(plaintext) % 8 != 0 or len(plaintext) < 16:
        raise EncryptionError('Plaintext length wrong')

    encrypt = AES.new(key).encrypt
    n = len(plaintext) / 8
    A = RFC3394_IV
    R = [plaintext[i * 8:i * 8 + 8]
         for i in range(n)]
    for j in range(6):
        for i in range(n):
            A, R[i] = _split(encrypt(A + R[i]))
            A = strxor(A, long_to_bytes(n * j + i + 1, 8))
    return A + ''.join(R)


def unwrap(ciphertext, key):
    """Apply the AES key unwrap algorithm to the ciphertext."""

    if len(ciphertext) % 8 != 0 or len(ciphertext) < 24:
        raise DecryptionError('Ciphertext length wrong')

    decrypt = AES.new(key).decrypt
    n = len(ciphertext) / 8 - 1
    A = ciphertext[:8]
    R = [ciphertext[(i + 1) * 8:(i + 2) * 8]
         for i in range(n)]
    for j in reversed(range(6)):
        for i in reversed(range(n)):
            A = strxor(A, long_to_bytes(n * j + i + 1, 8))
            A, R[i] = _split(decrypt(A + R[i]))

    if A == RFC3394_IV:
        return ''.join(R)
    raise DecryptionError('IV does not match')