tools v5.0
Introduction of alfcrypto library for speed Reorganisation of archive plugins,apps,otherpull/6/head v5.0
parent
882edb6c69
commit
07e532f59c
File diff suppressed because it is too large
Load Diff
Binary file not shown.
@ -1,250 +1,290 @@
|
||||
#! /usr/bin/python
|
||||
# vim:ts=4:sw=4:softtabstop=4:smarttab:expandtab
|
||||
#! /usr/bin/env python
|
||||
|
||||
import sys
|
||||
import csv
|
||||
import os
|
||||
import getopt
|
||||
import sys, os
|
||||
import hmac
|
||||
from struct import pack
|
||||
from struct import unpack
|
||||
|
||||
|
||||
class PParser(object):
|
||||
def __init__(self, gd, flatxml, meta_array):
|
||||
self.gd = gd
|
||||
self.flatdoc = flatxml.split('\n')
|
||||
self.docSize = len(self.flatdoc)
|
||||
self.temp = []
|
||||
|
||||
self.ph = -1
|
||||
self.pw = -1
|
||||
startpos = self.posinDoc('page.h') or self.posinDoc('book.h')
|
||||
for p in startpos:
|
||||
(name, argres) = self.lineinDoc(p)
|
||||
self.ph = max(self.ph, int(argres))
|
||||
startpos = self.posinDoc('page.w') or self.posinDoc('book.w')
|
||||
for p in startpos:
|
||||
(name, argres) = self.lineinDoc(p)
|
||||
self.pw = max(self.pw, int(argres))
|
||||
|
||||
if self.ph <= 0:
|
||||
self.ph = int(meta_array.get('pageHeight', '11000'))
|
||||
if self.pw <= 0:
|
||||
self.pw = int(meta_array.get('pageWidth', '8500'))
|
||||
|
||||
res = []
|
||||
startpos = self.posinDoc('info.glyph.x')
|
||||
for p in startpos:
|
||||
argres = self.getDataatPos('info.glyph.x', p)
|
||||
res.extend(argres)
|
||||
self.gx = res
|
||||
|
||||
res = []
|
||||
startpos = self.posinDoc('info.glyph.y')
|
||||
for p in startpos:
|
||||
argres = self.getDataatPos('info.glyph.y', p)
|
||||
res.extend(argres)
|
||||
self.gy = res
|
||||
|
||||
res = []
|
||||
startpos = self.posinDoc('info.glyph.glyphID')
|
||||
for p in startpos:
|
||||
argres = self.getDataatPos('info.glyph.glyphID', p)
|
||||
res.extend(argres)
|
||||
self.gid = res
|
||||
|
||||
|
||||
# return tag at line pos in document
|
||||
def lineinDoc(self, pos) :
|
||||
if (pos >= 0) and (pos < self.docSize) :
|
||||
item = self.flatdoc[pos]
|
||||
if item.find('=') >= 0:
|
||||
(name, argres) = item.split('=',1)
|
||||
else :
|
||||
name = item
|
||||
argres = ''
|
||||
return name, argres
|
||||
|
||||
# find tag in doc if within pos to end inclusive
|
||||
def findinDoc(self, tagpath, pos, end) :
|
||||
result = None
|
||||
if end == -1 :
|
||||
end = self.docSize
|
||||
else:
|
||||
end = min(self.docSize, end)
|
||||
foundat = -1
|
||||
for j in xrange(pos, end):
|
||||
item = self.flatdoc[j]
|
||||
if item.find('=') >= 0:
|
||||
(name, argres) = item.split('=',1)
|
||||
else :
|
||||
name = item
|
||||
argres = ''
|
||||
if name.endswith(tagpath) :
|
||||
result = argres
|
||||
foundat = j
|
||||
break
|
||||
return foundat, result
|
||||
|
||||
# return list of start positions for the tagpath
|
||||
def posinDoc(self, tagpath):
|
||||
startpos = []
|
||||
pos = 0
|
||||
res = ""
|
||||
while res != None :
|
||||
(foundpos, res) = self.findinDoc(tagpath, pos, -1)
|
||||
if res != None :
|
||||
startpos.append(foundpos)
|
||||
pos = foundpos + 1
|
||||
return startpos
|
||||
|
||||
def getData(self, path):
|
||||
result = None
|
||||
cnt = len(self.flatdoc)
|
||||
for j in xrange(cnt):
|
||||
item = self.flatdoc[j]
|
||||
if item.find('=') >= 0:
|
||||
(name, argt) = item.split('=')
|
||||
argres = argt.split('|')
|
||||
else:
|
||||
name = item
|
||||
argres = []
|
||||
if (name.endswith(path)):
|
||||
result = argres
|
||||
break
|
||||
if (len(argres) > 0) :
|
||||
for j in xrange(0,len(argres)):
|
||||
argres[j] = int(argres[j])
|
||||
return result
|
||||
|
||||
def getDataatPos(self, path, pos):
|
||||
result = None
|
||||
item = self.flatdoc[pos]
|
||||
if item.find('=') >= 0:
|
||||
(name, argt) = item.split('=')
|
||||
argres = argt.split('|')
|
||||
import hashlib
|
||||
|
||||
|
||||
# interface to needed routines libalfcrypto
|
||||
def _load_libalfcrypto():
|
||||
import ctypes
|
||||
from ctypes import CDLL, byref, POINTER, c_void_p, c_char_p, c_int, c_long, \
|
||||
Structure, c_ulong, create_string_buffer, addressof, string_at, cast, sizeof
|
||||
|
||||
pointer_size = ctypes.sizeof(ctypes.c_voidp)
|
||||
name_of_lib = None
|
||||
if sys.platform.startswith('darwin'):
|
||||
name_of_lib = 'libalfcrypto.dylib'
|
||||
elif sys.platform.startswith('win'):
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'alfcrypto.dll'
|
||||
else:
|
||||
name = item
|
||||
argres = []
|
||||
if (len(argres) > 0) :
|
||||
for j in xrange(0,len(argres)):
|
||||
argres[j] = int(argres[j])
|
||||
if (name.endswith(path)):
|
||||
result = argres
|
||||
return result
|
||||
|
||||
def getDataTemp(self, path):
|
||||
result = None
|
||||
cnt = len(self.temp)
|
||||
for j in xrange(cnt):
|
||||
item = self.temp[j]
|
||||
if item.find('=') >= 0:
|
||||
(name, argt) = item.split('=')
|
||||
argres = argt.split('|')
|
||||
else:
|
||||
name = item
|
||||
argres = []
|
||||
if (name.endswith(path)):
|
||||
result = argres
|
||||
self.temp.pop(j)
|
||||
break
|
||||
if (len(argres) > 0) :
|
||||
for j in xrange(0,len(argres)):
|
||||
argres[j] = int(argres[j])
|
||||
return result
|
||||
|
||||
def getImages(self):
|
||||
result = []
|
||||
self.temp = self.flatdoc
|
||||
while (self.getDataTemp('img') != None):
|
||||
h = self.getDataTemp('img.h')[0]
|
||||
w = self.getDataTemp('img.w')[0]
|
||||
x = self.getDataTemp('img.x')[0]
|
||||
y = self.getDataTemp('img.y')[0]
|
||||
src = self.getDataTemp('img.src')[0]
|
||||
result.append('<image xlink:href="../img/img%04d.jpg" x="%d" y="%d" width="%d" height="%d" />\n' % (src, x, y, w, h))
|
||||
return result
|
||||
|
||||
def getGlyphs(self):
|
||||
result = []
|
||||
if (self.gid != None) and (len(self.gid) > 0):
|
||||
glyphs = []
|
||||
for j in set(self.gid):
|
||||
glyphs.append(j)
|
||||
glyphs.sort()
|
||||
for gid in glyphs:
|
||||
id='id="gl%d"' % gid
|
||||
path = self.gd.lookup(id)
|
||||
if path:
|
||||
result.append(id + ' ' + path)
|
||||
return result
|
||||
|
||||
|
||||
def convert2SVG(gdict, flat_xml, pageid, previd, nextid, svgDir, raw, meta_array, scaledpi):
|
||||
ml = ''
|
||||
pp = PParser(gdict, flat_xml, meta_array)
|
||||
ml += '<?xml version="1.0" standalone="no"?>\n'
|
||||
if (raw):
|
||||
ml += '<!DOCTYPE svg PUBLIC "-//W3C/DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">\n'
|
||||
ml += '<svg width="%fin" height="%fin" viewBox="0 0 %d %d" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">\n' % (pp.pw / scaledpi, pp.ph / scaledpi, pp.pw -1, pp.ph -1)
|
||||
ml += '<title>Page %d - %s by %s</title>\n' % (pageid, meta_array['Title'],meta_array['Authors'])
|
||||
name_of_lib = 'alfcrypto64.dll'
|
||||
else:
|
||||
ml += '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">\n'
|
||||
ml += '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" ><head>\n'
|
||||
ml += '<title>Page %d - %s by %s</title>\n' % (pageid, meta_array['Title'],meta_array['Authors'])
|
||||
ml += '<script><![CDATA[\n'
|
||||
ml += 'function gd(){var p=window.location.href.replace(/^.*\?dpi=(\d+).*$/i,"$1");return p;}\n'
|
||||
ml += 'var dpi=%d;\n' % scaledpi
|
||||
if (previd) :
|
||||
ml += 'var prevpage="page%04d.xhtml";\n' % (previd)
|
||||
if (nextid) :
|
||||
ml += 'var nextpage="page%04d.xhtml";\n' % (nextid)
|
||||
ml += 'var pw=%d;var ph=%d;' % (pp.pw, pp.ph)
|
||||
ml += 'function zoomin(){dpi=dpi*(0.8);setsize();}\n'
|
||||
ml += 'function zoomout(){dpi=dpi*1.25;setsize();}\n'
|
||||
ml += 'function setsize(){var svg=document.getElementById("svgimg");var prev=document.getElementById("prevsvg");var next=document.getElementById("nextsvg");var width=(pw/dpi)+"in";var height=(ph/dpi)+"in";svg.setAttribute("width",width);svg.setAttribute("height",height);prev.setAttribute("height",height);prev.setAttribute("width","50px");next.setAttribute("height",height);next.setAttribute("width","50px");}\n'
|
||||
ml += 'function ppage(){window.location.href=prevpage+"?dpi="+Math.round(dpi);}\n'
|
||||
ml += 'function npage(){window.location.href=nextpage+"?dpi="+Math.round(dpi);}\n'
|
||||
ml += 'var gt=gd();if(gt>0){dpi=gt;}\n'
|
||||
ml += 'window.onload=setsize;\n'
|
||||
ml += ']]></script>\n'
|
||||
ml += '</head>\n'
|
||||
ml += '<body onLoad="setsize();" style="background-color:#777;text-align:center;">\n'
|
||||
ml += '<div style="white-space:nowrap;">\n'
|
||||
if previd == None:
|
||||
ml += '<a href="javascript:ppage();"><svg id="prevsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"></svg></a>\n'
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'libalfcrypto32.so'
|
||||
else:
|
||||
ml += '<a href="javascript:ppage();"><svg id="prevsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"><polygon points="5,150,95,5,95,295" fill="#AAAAAA" /></svg></a>\n'
|
||||
|
||||
ml += '<a href="javascript:npage();"><svg id="svgimg" viewBox="0 0 %d %d" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" style="background-color:#FFF;border:1px solid black;">' % (pp.pw, pp.ph)
|
||||
if (pp.gid != None):
|
||||
ml += '<defs>\n'
|
||||
gdefs = pp.getGlyphs()
|
||||
for j in xrange(0,len(gdefs)):
|
||||
ml += gdefs[j]
|
||||
ml += '</defs>\n'
|
||||
img = pp.getImages()
|
||||
if (img != None):
|
||||
for j in xrange(0,len(img)):
|
||||
ml += img[j]
|
||||
if (pp.gid != None):
|
||||
for j in xrange(0,len(pp.gid)):
|
||||
ml += '<use xlink:href="#gl%d" x="%d" y="%d" />\n' % (pp.gid[j], pp.gx[j], pp.gy[j])
|
||||
if (img == None or len(img) == 0) and (pp.gid == None or len(pp.gid) == 0):
|
||||
xpos = "%d" % (pp.pw // 3)
|
||||
ypos = "%d" % (pp.ph // 3)
|
||||
ml += '<text x="' + xpos + '" y="' + ypos + '" font-size="' + meta_array['fontSize'] + '" font-family="Helvetica" stroke="black">This page intentionally left blank.</text>\n'
|
||||
if (raw) :
|
||||
ml += '</svg>'
|
||||
else :
|
||||
ml += '</svg></a>\n'
|
||||
if nextid == None:
|
||||
ml += '<a href="javascript:npage();"><svg id="nextsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"></svg></a>\n'
|
||||
else :
|
||||
ml += '<a href="javascript:npage();"><svg id="nextsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"><polygon points="5,5,5,295,95,150" fill="#AAAAAA" /></svg></a>\n'
|
||||
ml += '</div>\n'
|
||||
ml += '<div><a href="javascript:zoomin();">zoom in</a> - <a href="javascript:zoomout();">zoom out</a></div>\n'
|
||||
ml += '</body>\n'
|
||||
ml += '</html>\n'
|
||||
return ml
|
||||
name_of_lib = 'libalfcrypto64.so'
|
||||
|
||||
libalfcrypto = sys.path[0] + os.sep + name_of_lib
|
||||
|
||||
if not os.path.isfile(libalfcrypto):
|
||||
raise Exception('libalfcrypto not found')
|
||||
|
||||
libalfcrypto = CDLL(libalfcrypto)
|
||||
|
||||
c_char_pp = POINTER(c_char_p)
|
||||
c_int_p = POINTER(c_int)
|
||||
|
||||
|
||||
def F(restype, name, argtypes):
|
||||
func = getattr(libalfcrypto, name)
|
||||
func.restype = restype
|
||||
func.argtypes = argtypes
|
||||
return func
|
||||
|
||||
# aes cbc decryption
|
||||
#
|
||||
# struct aes_key_st {
|
||||
# unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
# int rounds;
|
||||
# };
|
||||
#
|
||||
# typedef struct aes_key_st AES_KEY;
|
||||
#
|
||||
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);
|
||||
#
|
||||
#
|
||||
# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
# const unsigned long length, const AES_KEY *key,
|
||||
# unsigned char *ivec, const int enc);
|
||||
|
||||
AES_MAXNR = 14
|
||||
|
||||
class AES_KEY(Structure):
|
||||
_fields_ = [('rd_key', c_long * (4 * (AES_MAXNR + 1))), ('rounds', c_int)]
|
||||
|
||||
AES_KEY_p = POINTER(AES_KEY)
|
||||
AES_cbc_encrypt = F(None, 'AES_cbc_encrypt',[c_char_p, c_char_p, c_ulong, AES_KEY_p, c_char_p, c_int])
|
||||
AES_set_decrypt_key = F(c_int, 'AES_set_decrypt_key',[c_char_p, c_int, AES_KEY_p])
|
||||
|
||||
|
||||
|
||||
# Pukall 1 Cipher
|
||||
# unsigned char *PC1(const unsigned char *key, unsigned int klen, const unsigned char *src,
|
||||
# unsigned char *dest, unsigned int len, int decryption);
|
||||
|
||||
PC1 = F(c_char_p, 'PC1', [c_char_p, c_ulong, c_char_p, c_char_p, c_ulong, c_ulong])
|
||||
|
||||
# Topaz Encryption
|
||||
# typedef struct _TpzCtx {
|
||||
# unsigned int v[2];
|
||||
# } TpzCtx;
|
||||
#
|
||||
# void topazCryptoInit(TpzCtx *ctx, const unsigned char *key, int klen);
|
||||
# void topazCryptoDecrypt(const TpzCtx *ctx, const unsigned char *in, unsigned char *out, int len);
|
||||
|
||||
class TPZ_CTX(Structure):
|
||||
_fields_ = [('v', c_long * 2)]
|
||||
|
||||
TPZ_CTX_p = POINTER(TPZ_CTX)
|
||||
topazCryptoInit = F(None, 'topazCryptoInit', [TPZ_CTX_p, c_char_p, c_ulong])
|
||||
topazCryptoDecrypt = F(None, 'topazCryptoDecrypt', [TPZ_CTX_p, c_char_p, c_char_p, c_ulong])
|
||||
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._blocksize = 0
|
||||
self._keyctx = None
|
||||
self._iv = 0
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._blocksize = len(userkey)
|
||||
if (self._blocksize != 16) and (self._blocksize != 24) and (self._blocksize != 32) :
|
||||
raise Exception('AES CBC improper key used')
|
||||
return
|
||||
keyctx = self._keyctx = AES_KEY()
|
||||
self._iv = iv
|
||||
rv = AES_set_decrypt_key(userkey, len(userkey) * 8, keyctx)
|
||||
if rv < 0:
|
||||
raise Exception('Failed to initialize AES CBC key')
|
||||
|
||||
def decrypt(self, data):
|
||||
out = create_string_buffer(len(data))
|
||||
mutable_iv = create_string_buffer(self._iv, len(self._iv))
|
||||
rv = AES_cbc_encrypt(data, out, len(data), self._keyctx, mutable_iv, 0)
|
||||
if rv == 0:
|
||||
raise Exception('AES CBC decryption failed')
|
||||
return out.raw
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
self.key = key
|
||||
out = create_string_buffer(len(src))
|
||||
de = 0
|
||||
if decryption:
|
||||
de = 1
|
||||
rv = PC1(key, len(key), src, out, len(src), de)
|
||||
return out.raw
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
tpz_ctx = self._ctx = TPZ_CTX()
|
||||
topazCryptoInit(tpz_ctx, key, len(key))
|
||||
return tpz_ctx
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
out = create_string_buffer(len(data))
|
||||
topazCryptoDecrypt(ctx, data, out, len(data))
|
||||
return out.raw
|
||||
|
||||
print "Using Library AlfCrypto DLL/DYLIB/SO"
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_python_alfcrypto():
|
||||
|
||||
import aescbc
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
sum1 = 0;
|
||||
sum2 = 0;
|
||||
keyXorVal = 0;
|
||||
if len(key)!=16:
|
||||
print "Bad key length!"
|
||||
return None
|
||||
wkey = []
|
||||
for i in xrange(8):
|
||||
wkey.append(ord(key[i*2])<<8 | ord(key[i*2+1]))
|
||||
dst = ""
|
||||
for i in xrange(len(src)):
|
||||
temp1 = 0;
|
||||
byteXorVal = 0;
|
||||
for j in xrange(8):
|
||||
temp1 ^= wkey[j]
|
||||
sum2 = (sum2+j)*20021 + sum1
|
||||
sum1 = (temp1*346)&0xFFFF
|
||||
sum2 = (sum2+sum1)&0xFFFF
|
||||
temp1 = (temp1*20021+1)&0xFFFF
|
||||
byteXorVal ^= temp1 ^ sum2
|
||||
curByte = ord(src[i])
|
||||
if not decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF
|
||||
if decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
for j in xrange(8):
|
||||
wkey[j] ^= keyXorVal;
|
||||
dst+=chr(curByte)
|
||||
return dst
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
ctx1 = 0x0CAFFE19E
|
||||
for keyChar in key:
|
||||
keyByte = ord(keyChar)
|
||||
ctx2 = ctx1
|
||||
ctx1 = ((((ctx1 >>2) * (ctx1 >>7))&0xFFFFFFFF) ^ (keyByte * keyByte * 0x0F902007)& 0xFFFFFFFF )
|
||||
self._ctx = [ctx1, ctx2]
|
||||
return [ctx1,ctx2]
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
ctx1 = ctx[0]
|
||||
ctx2 = ctx[1]
|
||||
plainText = ""
|
||||
for dataChar in data:
|
||||
dataByte = ord(dataChar)
|
||||
m = (dataByte ^ ((ctx1 >> 3) &0xFF) ^ ((ctx2<<3) & 0xFF)) &0xFF
|
||||
ctx2 = ctx1
|
||||
ctx1 = (((ctx1 >> 2) * (ctx1 >> 7)) &0xFFFFFFFF) ^((m * m * 0x0F902007) &0xFFFFFFFF)
|
||||
plainText += chr(m)
|
||||
return plainText
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._key = None
|
||||
self._iv = None
|
||||
self.aes = None
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._key = userkey
|
||||
self._iv = iv
|
||||
self.aes = aescbc.AES_CBC(userkey, aescbc.noPadding(), len(userkey))
|
||||
|
||||
def decrypt(self, data):
|
||||
iv = self._iv
|
||||
cleartext = self.aes.decrypt(iv + data)
|
||||
return cleartext
|
||||
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_crypto():
|
||||
AES_CBC = Pukall_Cipher = Topaz_Cipher = None
|
||||
cryptolist = (_load_libalfcrypto, _load_python_alfcrypto)
|
||||
for loader in cryptolist:
|
||||
try:
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = loader()
|
||||
break
|
||||
except (ImportError, Exception):
|
||||
pass
|
||||
return AES_CBC, Pukall_Cipher, Topaz_Cipher
|
||||
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = _load_crypto()
|
||||
|
||||
|
||||
class KeyIVGen(object):
|
||||
# this only exists in openssl so we will use pure python implementation instead
|
||||
# PKCS5_PBKDF2_HMAC_SHA1 = F(c_int, 'PKCS5_PBKDF2_HMAC_SHA1',
|
||||
# [c_char_p, c_ulong, c_char_p, c_ulong, c_ulong, c_ulong, c_char_p])
|
||||
def pbkdf2(self, passwd, salt, iter, keylen):
|
||||
|
||||
def xorstr( a, b ):
|
||||
if len(a) != len(b):
|
||||
raise Exception("xorstr(): lengths differ")
|
||||
return ''.join((chr(ord(x)^ord(y)) for x, y in zip(a, b)))
|
||||
|
||||
def prf( h, data ):
|
||||
hm = h.copy()
|
||||
hm.update( data )
|
||||
return hm.digest()
|
||||
|
||||
def pbkdf2_F( h, salt, itercount, blocknum ):
|
||||
U = prf( h, salt + pack('>i',blocknum ) )
|
||||
T = U
|
||||
for i in range(2, itercount+1):
|
||||
U = prf( h, U )
|
||||
T = xorstr( T, U )
|
||||
return T
|
||||
|
||||
sha = hashlib.sha1
|
||||
digest_size = sha().digest_size
|
||||
# l - number of output blocks to produce
|
||||
l = keylen / digest_size
|
||||
if keylen % digest_size != 0:
|
||||
l += 1
|
||||
h = hmac.new( passwd, None, sha )
|
||||
T = ""
|
||||
for i in range(1, l+1):
|
||||
T += pbkdf2_F( h, salt, iter, i )
|
||||
return T[0: keylen]
|
||||
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,726 @@
|
||||
# standlone set of Mac OSX specific routines needed for KindleBooks
|
||||
|
||||
from __future__ import with_statement
|
||||
|
||||
import sys
|
||||
import os
|
||||
import os.path
|
||||
import re
|
||||
import copy
|
||||
import subprocess
|
||||
from struct import pack, unpack, unpack_from
|
||||
|
||||
class DrmException(Exception):
|
||||
pass
|
||||
|
||||
|
||||
# interface to needed routines in openssl's libcrypto
|
||||
def _load_crypto_libcrypto():
|
||||
from ctypes import CDLL, byref, POINTER, c_void_p, c_char_p, c_int, c_long, \
|
||||
Structure, c_ulong, create_string_buffer, addressof, string_at, cast
|
||||
from ctypes.util import find_library
|
||||
|
||||
libcrypto = find_library('crypto')
|
||||
if libcrypto is None:
|
||||
raise DrmException('libcrypto not found')
|
||||
libcrypto = CDLL(libcrypto)
|
||||
|
||||
# From OpenSSL's crypto aes header
|
||||
#
|
||||
# AES_ENCRYPT 1
|
||||
# AES_DECRYPT 0
|
||||
# AES_MAXNR 14 (in bytes)
|
||||
# AES_BLOCK_SIZE 16 (in bytes)
|
||||
#
|
||||
# struct aes_key_st {
|
||||
# unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
# int rounds;
|
||||
# };
|
||||
# typedef struct aes_key_st AES_KEY;
|
||||
#
|
||||
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);
|
||||
#
|
||||
# note: the ivec string, and output buffer are both mutable
|
||||
# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
# const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc);
|
||||
|
||||
AES_MAXNR = 14
|
||||
c_char_pp = POINTER(c_char_p)
|
||||
c_int_p = POINTER(c_int)
|
||||
|
||||
class AES_KEY(Structure):
|
||||
_fields_ = [('rd_key', c_long * (4 * (AES_MAXNR + 1))), ('rounds', c_int)]
|
||||
AES_KEY_p = POINTER(AES_KEY)
|
||||
|
||||
def F(restype, name, argtypes):
|
||||
func = getattr(libcrypto, name)
|
||||
func.restype = restype
|
||||
func.argtypes = argtypes
|
||||
return func
|
||||
|
||||
AES_cbc_encrypt = F(None, 'AES_cbc_encrypt',[c_char_p, c_char_p, c_ulong, AES_KEY_p, c_char_p,c_int])
|
||||
|
||||
AES_set_decrypt_key = F(c_int, 'AES_set_decrypt_key',[c_char_p, c_int, AES_KEY_p])
|
||||
|
||||
# From OpenSSL's Crypto evp/p5_crpt2.c
|
||||
#
|
||||
# int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
|
||||
# const unsigned char *salt, int saltlen, int iter,
|
||||
# int keylen, unsigned char *out);
|
||||
|
||||
PKCS5_PBKDF2_HMAC_SHA1 = F(c_int, 'PKCS5_PBKDF2_HMAC_SHA1',
|
||||
[c_char_p, c_ulong, c_char_p, c_ulong, c_ulong, c_ulong, c_char_p])
|
||||
|
||||
class LibCrypto(object):
|
||||
def __init__(self):
|
||||
self._blocksize = 0
|
||||
self._keyctx = None
|
||||
self._iv = 0
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._blocksize = len(userkey)
|
||||
if (self._blocksize != 16) and (self._blocksize != 24) and (self._blocksize != 32) :
|
||||
raise DrmException('AES improper key used')
|
||||
return
|
||||
keyctx = self._keyctx = AES_KEY()
|
||||
self._iv = iv
|
||||
self._userkey = userkey
|
||||
rv = AES_set_decrypt_key(userkey, len(userkey) * 8, keyctx)
|
||||
if rv < 0:
|
||||
raise DrmException('Failed to initialize AES key')
|
||||
|
||||
def decrypt(self, data):
|
||||
out = create_string_buffer(len(data))
|
||||
mutable_iv = create_string_buffer(self._iv, len(self._iv))
|
||||
keyctx = self._keyctx
|
||||
rv = AES_cbc_encrypt(data, out, len(data), keyctx, mutable_iv, 0)
|
||||
if rv == 0:
|
||||
raise DrmException('AES decryption failed')
|
||||
return out.raw
|
||||
|
||||
def keyivgen(self, passwd, salt, iter, keylen):
|
||||
saltlen = len(salt)
|
||||
passlen = len(passwd)
|
||||
out = create_string_buffer(keylen)
|
||||
rv = PKCS5_PBKDF2_HMAC_SHA1(passwd, passlen, salt, saltlen, iter, keylen, out)
|
||||
return out.raw
|
||||
return LibCrypto
|
||||
|
||||
def _load_crypto():
|
||||
LibCrypto = None
|
||||
try:
|
||||
LibCrypto = _load_crypto_libcrypto()
|
||||
except (ImportError, DrmException):
|
||||
pass
|
||||
return LibCrypto
|
||||
|
||||
LibCrypto = _load_crypto()
|
||||
|
||||
#
|
||||
# Utility Routines
|
||||
#
|
||||
|
||||
# crypto digestroutines
|
||||
import hashlib
|
||||
|
||||
def MD5(message):
|
||||
ctx = hashlib.md5()
|
||||
ctx.update(message)
|
||||
return ctx.digest()
|
||||
|
||||
def SHA1(message):
|
||||
ctx = hashlib.sha1()
|
||||
ctx.update(message)
|
||||
return ctx.digest()
|
||||
|
||||
def SHA256(message):
|
||||
ctx = hashlib.sha256()
|
||||
ctx.update(message)
|
||||
return ctx.digest()
|
||||
|
||||
# Various character maps used to decrypt books. Probably supposed to act as obfuscation
|
||||
charMap1 = "n5Pr6St7Uv8Wx9YzAb0Cd1Ef2Gh3Jk4M"
|
||||
charMap2 = "ZB0bYyc1xDdW2wEV3Ff7KkPpL8UuGA4gz-Tme9Nn_tHh5SvXCsIiR6rJjQaqlOoM"
|
||||
|
||||
# For kinf approach of K4Mac 1.6.X or later
|
||||
# On K4PC charMap5 = "AzB0bYyCeVvaZ3FfUuG4g-TtHh5SsIiR6rJjQq7KkPpL8lOoMm9Nn_c1XxDdW2wE"
|
||||
# For Mac they seem to re-use charMap2 here
|
||||
charMap5 = charMap2
|
||||
|
||||
# new in K4M 1.9.X
|
||||
testMap8 = "YvaZ3FfUm9Nn_c1XuG4yCAzB0beVg-TtHh5SsIiR6rJjQdW2wEq7KkPpL8lOoMxD"
|
||||
|
||||
|
||||
def encode(data, map):
|
||||
result = ""
|
||||
for char in data:
|
||||
value = ord(char)
|
||||
Q = (value ^ 0x80) // len(map)
|
||||
R = value % len(map)
|
||||
result += map[Q]
|
||||
result += map[R]
|
||||
return result
|
||||
|
||||
# Hash the bytes in data and then encode the digest with the characters in map
|
||||
def encodeHash(data,map):
|
||||
return encode(MD5(data),map)
|
||||
|
||||
# Decode the string in data with the characters in map. Returns the decoded bytes
|
||||
def decode(data,map):
|
||||
result = ""
|
||||
for i in range (0,len(data)-1,2):
|
||||
high = map.find(data[i])
|
||||
low = map.find(data[i+1])
|
||||
if (high == -1) or (low == -1) :
|
||||
break
|
||||
value = (((high * len(map)) ^ 0x80) & 0xFF) + low
|
||||
result += pack("B",value)
|
||||
return result
|
||||
|
||||
# For K4M 1.6.X and later
|
||||
# generate table of prime number less than or equal to int n
|
||||
def primes(n):
|
||||
if n==2: return [2]
|
||||
elif n<2: return []
|
||||
s=range(3,n+1,2)
|
||||
mroot = n ** 0.5
|
||||
half=(n+1)/2-1
|
||||
i=0
|
||||
m=3
|
||||
while m <= mroot:
|
||||
if s[i]:
|
||||
j=(m*m-3)/2
|
||||
s[j]=0
|
||||
while j<half:
|
||||
s[j]=0
|
||||
j+=m
|
||||
i=i+1
|
||||
m=2*i+3
|
||||
return [2]+[x for x in s if x]
|
||||
|
||||
|
||||
# uses a sub process to get the Hard Drive Serial Number using ioreg
|
||||
# returns with the serial number of drive whose BSD Name is "disk0"
|
||||
def GetVolumeSerialNumber():
|
||||
sernum = os.getenv('MYSERIALNUMBER')
|
||||
if sernum != None:
|
||||
return sernum
|
||||
cmdline = '/usr/sbin/ioreg -l -S -w 0 -r -c AppleAHCIDiskDriver'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p.communicate()
|
||||
reslst = out1.split('\n')
|
||||
cnt = len(reslst)
|
||||
bsdname = None
|
||||
sernum = None
|
||||
foundIt = False
|
||||
for j in xrange(cnt):
|
||||
resline = reslst[j]
|
||||
pp = resline.find('"Serial Number" = "')
|
||||
if pp >= 0:
|
||||
sernum = resline[pp+19:-1]
|
||||
sernum = sernum.strip()
|
||||
bb = resline.find('"BSD Name" = "')
|
||||
if bb >= 0:
|
||||
bsdname = resline[bb+14:-1]
|
||||
bsdname = bsdname.strip()
|
||||
if (bsdname == 'disk0') and (sernum != None):
|
||||
foundIt = True
|
||||
break
|
||||
if not foundIt:
|
||||
sernum = ''
|
||||
return sernum
|
||||
|
||||
def GetUserHomeAppSupKindleDirParitionName():
|
||||
home = os.getenv('HOME')
|
||||
dpath = home + '/Library/Application Support/Kindle'
|
||||
cmdline = '/sbin/mount'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p.communicate()
|
||||
reslst = out1.split('\n')
|
||||
cnt = len(reslst)
|
||||
disk = ''
|
||||
foundIt = False
|
||||
for j in xrange(cnt):
|
||||
resline = reslst[j]
|
||||
if resline.startswith('/dev'):
|
||||
(devpart, mpath) = resline.split(' on ')
|
||||
dpart = devpart[5:]
|
||||
pp = mpath.find('(')
|
||||
if pp >= 0:
|
||||
mpath = mpath[:pp-1]
|
||||
if dpath.startswith(mpath):
|
||||
disk = dpart
|
||||
return disk
|
||||
|
||||
# uses a sub process to get the UUID of the specified disk partition using ioreg
|
||||
def GetDiskPartitionUUID(diskpart):
|
||||
uuidnum = os.getenv('MYUUIDNUMBER')
|
||||
if uuidnum != None:
|
||||
return uuidnum
|
||||
cmdline = '/usr/sbin/ioreg -l -S -w 0 -r -c AppleAHCIDiskDriver'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p.communicate()
|
||||
reslst = out1.split('\n')
|
||||
cnt = len(reslst)
|
||||
bsdname = None
|
||||
uuidnum = None
|
||||
foundIt = False
|
||||
nest = 0
|
||||
uuidnest = -1
|
||||
partnest = -2
|
||||
for j in xrange(cnt):
|
||||
resline = reslst[j]
|
||||
if resline.find('{') >= 0:
|
||||
nest += 1
|
||||
if resline.find('}') >= 0:
|
||||
nest -= 1
|
||||
pp = resline.find('"UUID" = "')
|
||||
if pp >= 0:
|
||||
uuidnum = resline[pp+10:-1]
|
||||
uuidnum = uuidnum.strip()
|
||||
uuidnest = nest
|
||||
if partnest == uuidnest and uuidnest > 0:
|
||||
foundIt = True
|
||||
break
|
||||
bb = resline.find('"BSD Name" = "')
|
||||
if bb >= 0:
|
||||
bsdname = resline[bb+14:-1]
|
||||
bsdname = bsdname.strip()
|
||||
if (bsdname == diskpart):
|
||||
partnest = nest
|
||||
else :
|
||||
partnest = -2
|
||||
if partnest == uuidnest and partnest > 0:
|
||||
foundIt = True
|
||||
break
|
||||
if nest == 0:
|
||||
partnest = -2
|
||||
uuidnest = -1
|
||||
uuidnum = None
|
||||
bsdname = None
|
||||
if not foundIt:
|
||||
uuidnum = ''
|
||||
return uuidnum
|
||||
|
||||
def GetMACAddressMunged():
|
||||
macnum = os.getenv('MYMACNUM')
|
||||
if macnum != None:
|
||||
return macnum
|
||||
cmdline = '/sbin/ifconfig en0'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p.communicate()
|
||||
reslst = out1.split('\n')
|
||||
cnt = len(reslst)
|
||||
macnum = None
|
||||
foundIt = False
|
||||
for j in xrange(cnt):
|
||||
resline = reslst[j]
|
||||
pp = resline.find('ether ')
|
||||
if pp >= 0:
|
||||
macnum = resline[pp+6:-1]
|
||||
macnum = macnum.strip()
|
||||
# print "original mac", macnum
|
||||
# now munge it up the way Kindle app does
|
||||
# by xoring it with 0xa5 and swapping elements 3 and 4
|
||||
maclst = macnum.split(':')
|
||||
n = len(maclst)
|
||||
if n != 6:
|
||||
fountIt = False
|
||||
break
|
||||
for i in range(6):
|
||||
maclst[i] = int('0x' + maclst[i], 0)
|
||||
mlst = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
|
||||
mlst[5] = maclst[5] ^ 0xa5
|
||||
mlst[4] = maclst[3] ^ 0xa5
|
||||
mlst[3] = maclst[4] ^ 0xa5
|
||||
mlst[2] = maclst[2] ^ 0xa5
|
||||
mlst[1] = maclst[1] ^ 0xa5
|
||||
mlst[0] = maclst[0] ^ 0xa5
|
||||
macnum = "%0.2x%0.2x%0.2x%0.2x%0.2x%0.2x" % (mlst[0], mlst[1], mlst[2], mlst[3], mlst[4], mlst[5])
|
||||
foundIt = True
|
||||
break
|
||||
if not foundIt:
|
||||
macnum = ''
|
||||
return macnum
|
||||
|
||||
|
||||
# uses unix env to get username instead of using sysctlbyname
|
||||
def GetUserName():
|
||||
username = os.getenv('USER')
|
||||
return username
|
||||
|
||||
def isNewInstall():
|
||||
home = os.getenv('HOME')
|
||||
# soccer game fan anyone
|
||||
dpath = home + '/Library/Application Support/Kindle/storage/.pes2011'
|
||||
# print dpath, os.path.exists(dpath)
|
||||
if os.path.exists(dpath):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def GetIDString():
|
||||
# K4Mac now has an extensive set of ids strings it uses
|
||||
# in encoding pids and in creating unique passwords
|
||||
# for use in its own version of CryptUnprotectDataV2
|
||||
|
||||
# BUT Amazon has now become nasty enough to detect when its app
|
||||
# is being run under a debugger and actually changes code paths
|
||||
# including which one of these strings is chosen, all to try
|
||||
# to prevent reverse engineering
|
||||
|
||||
# Sad really ... they will only hurt their own sales ...
|
||||
# true book lovers really want to keep their books forever
|
||||
# and move them to their devices and DRM prevents that so they
|
||||
# will just buy from someplace else that they can remove
|
||||
# the DRM from
|
||||
|
||||
# Amazon should know by now that true book lover's are not like
|
||||
# penniless kids that pirate music, we do not pirate books
|
||||
|
||||
if isNewInstall():
|
||||
mungedmac = GetMACAddressMunged()
|
||||
if len(mungedmac) > 7:
|
||||
return mungedmac
|
||||
sernum = GetVolumeSerialNumber()
|
||||
if len(sernum) > 7:
|
||||
return sernum
|
||||
diskpart = GetUserHomeAppSupKindleDirParitionName()
|
||||
uuidnum = GetDiskPartitionUUID(diskpart)
|
||||
if len(uuidnum) > 7:
|
||||
return uuidnum
|
||||
mungedmac = GetMACAddressMunged()
|
||||
if len(mungedmac) > 7:
|
||||
return mungedmac
|
||||
return '9999999999'
|
||||
|
||||
|
||||
# implements an Pseudo Mac Version of Windows built-in Crypto routine
|
||||
# used by Kindle for Mac versions < 1.6.0
|
||||
class CryptUnprotectData(object):
|
||||
def __init__(self):
|
||||
sernum = GetVolumeSerialNumber()
|
||||
if sernum == '':
|
||||
sernum = '9999999999'
|
||||
sp = sernum + '!@#' + GetUserName()
|
||||
passwdData = encode(SHA256(sp),charMap1)
|
||||
salt = '16743'
|
||||
self.crp = LibCrypto()
|
||||
iter = 0x3e8
|
||||
keylen = 0x80
|
||||
key_iv = self.crp.keyivgen(passwdData, salt, iter, keylen)
|
||||
self.key = key_iv[0:32]
|
||||
self.iv = key_iv[32:48]
|
||||
self.crp.set_decrypt_key(self.key, self.iv)
|
||||
|
||||
def decrypt(self, encryptedData):
|
||||
cleartext = self.crp.decrypt(encryptedData)
|
||||
cleartext = decode(cleartext,charMap1)
|
||||
return cleartext
|
||||
|
||||
|
||||
# implements an Pseudo Mac Version of Windows built-in Crypto routine
|
||||
# used for Kindle for Mac Versions >= 1.6.0
|
||||
class CryptUnprotectDataV2(object):
|
||||
def __init__(self):
|
||||
sp = GetUserName() + ':&%:' + GetIDString()
|
||||
passwdData = encode(SHA256(sp),charMap5)
|
||||
# salt generation as per the code
|
||||
salt = 0x0512981d * 2 * 1 * 1
|
||||
salt = str(salt) + GetUserName()
|
||||
salt = encode(salt,charMap5)
|
||||
self.crp = LibCrypto()
|
||||
iter = 0x800
|
||||
keylen = 0x400
|
||||
key_iv = self.crp.keyivgen(passwdData, salt, iter, keylen)
|
||||
self.key = key_iv[0:32]
|
||||
self.iv = key_iv[32:48]
|
||||
self.crp.set_decrypt_key(self.key, self.iv)
|
||||
|
||||
def decrypt(self, encryptedData):
|
||||
cleartext = self.crp.decrypt(encryptedData)
|
||||
cleartext = decode(cleartext, charMap5)
|
||||
return cleartext
|
||||
|
||||
|
||||
# unprotect the new header blob in .kinf2011
|
||||
# used in Kindle for Mac Version >= 1.9.0
|
||||
def UnprotectHeaderData(encryptedData):
|
||||
passwdData = 'header_key_data'
|
||||
salt = 'HEADER.2011'
|
||||
iter = 0x80
|
||||
keylen = 0x100
|
||||
crp = LibCrypto()
|
||||
key_iv = crp.keyivgen(passwdData, salt, iter, keylen)
|
||||
key = key_iv[0:32]
|
||||
iv = key_iv[32:48]
|
||||
crp.set_decrypt_key(key,iv)
|
||||
cleartext = crp.decrypt(encryptedData)
|
||||
return cleartext
|
||||
|
||||
|
||||
# implements an Pseudo Mac Version of Windows built-in Crypto routine
|
||||
# used for Kindle for Mac Versions >= 1.9.0
|
||||
class CryptUnprotectDataV3(object):
|
||||
def __init__(self, entropy):
|
||||
sp = GetUserName() + '+@#$%+' + GetIDString()
|
||||
passwdData = encode(SHA256(sp),charMap2)
|
||||
salt = entropy
|
||||
self.crp = LibCrypto()
|
||||
iter = 0x800
|
||||
keylen = 0x400
|
||||
key_iv = self.crp.keyivgen(passwdData, salt, iter, keylen)
|
||||
self.key = key_iv[0:32]
|
||||
self.iv = key_iv[32:48]
|
||||
self.crp.set_decrypt_key(self.key, self.iv)
|
||||
|
||||
def decrypt(self, encryptedData):
|
||||
cleartext = self.crp.decrypt(encryptedData)
|
||||
cleartext = decode(cleartext, charMap2)
|
||||
return cleartext
|
||||
|
||||
|
||||
# Locate the .kindle-info files
|
||||
def getKindleInfoFiles(kInfoFiles):
|
||||
# first search for current .kindle-info files
|
||||
home = os.getenv('HOME')
|
||||
cmdline = 'find "' + home + '/Library/Application Support" -name ".kindle-info"'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p1 = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p1.communicate()
|
||||
reslst = out1.split('\n')
|
||||
kinfopath = 'NONE'
|
||||
found = False
|
||||
for resline in reslst:
|
||||
if os.path.isfile(resline):
|
||||
kInfoFiles.append(resline)
|
||||
found = True
|
||||
# add any .rainier*-kinf files
|
||||
cmdline = 'find "' + home + '/Library/Application Support" -name ".rainier*-kinf"'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p1 = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p1.communicate()
|
||||
reslst = out1.split('\n')
|
||||
for resline in reslst:
|
||||
if os.path.isfile(resline):
|
||||
kInfoFiles.append(resline)
|
||||
found = True
|
||||
# add any .kinf2011 files
|
||||
cmdline = 'find "' + home + '/Library/Application Support" -name ".kinf2011"'
|
||||
cmdline = cmdline.encode(sys.getfilesystemencoding())
|
||||
p1 = subprocess.Popen(cmdline, shell=True, stdin=None, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=False)
|
||||
out1, out2 = p1.communicate()
|
||||
reslst = out1.split('\n')
|
||||
for resline in reslst:
|
||||
if os.path.isfile(resline):
|
||||
kInfoFiles.append(resline)
|
||||
found = True
|
||||
if not found:
|
||||
print('No kindle-info files have been found.')
|
||||
return kInfoFiles
|
||||
|
||||
# determine type of kindle info provided and return a
|
||||
# database of keynames and values
|
||||
def getDBfromFile(kInfoFile):
|
||||
names = ["kindle.account.tokens","kindle.cookie.item","eulaVersionAccepted","login_date","kindle.token.item","login","kindle.key.item","kindle.name.info","kindle.device.info", "MazamaRandomNumber", "max_date", "SIGVERIF"]
|
||||
DB = {}
|
||||
cnt = 0
|
||||
infoReader = open(kInfoFile, 'r')
|
||||
hdr = infoReader.read(1)
|
||||
data = infoReader.read()
|
||||
|
||||
if data.find('[') != -1 :
|
||||
|
||||
# older style kindle-info file
|
||||
cud = CryptUnprotectData()
|
||||
items = data.split('[')
|
||||
for item in items:
|
||||
if item != '':
|
||||
keyhash, rawdata = item.split(':')
|
||||
keyname = "unknown"
|
||||
for name in names:
|
||||
if encodeHash(name,charMap2) == keyhash:
|
||||
keyname = name
|
||||
break
|
||||
if keyname == "unknown":
|
||||
keyname = keyhash
|
||||
encryptedValue = decode(rawdata,charMap2)
|
||||
cleartext = cud.decrypt(encryptedValue)
|
||||
DB[keyname] = cleartext
|
||||
cnt = cnt + 1
|
||||
if cnt == 0:
|
||||
DB = None
|
||||
return DB
|
||||
|
||||
if hdr == '/':
|
||||
|
||||
# else newer style .kinf file used by K4Mac >= 1.6.0
|
||||
# the .kinf file uses "/" to separate it into records
|
||||
# so remove the trailing "/" to make it easy to use split
|
||||
data = data[:-1]
|
||||
items = data.split('/')
|
||||
cud = CryptUnprotectDataV2()
|
||||
|
||||
# loop through the item records until all are processed
|
||||
while len(items) > 0:
|
||||
|
||||
# get the first item record
|
||||
item = items.pop(0)
|
||||
|
||||
# the first 32 chars of the first record of a group
|
||||
# is the MD5 hash of the key name encoded by charMap5
|
||||
keyhash = item[0:32]
|
||||
keyname = "unknown"
|
||||
|
||||
# the raw keyhash string is also used to create entropy for the actual
|
||||
# CryptProtectData Blob that represents that keys contents
|
||||
# "entropy" not used for K4Mac only K4PC
|
||||
# entropy = SHA1(keyhash)
|
||||
|
||||
# the remainder of the first record when decoded with charMap5
|
||||
# has the ':' split char followed by the string representation
|
||||
# of the number of records that follow
|
||||
# and make up the contents
|
||||
srcnt = decode(item[34:],charMap5)
|
||||
rcnt = int(srcnt)
|
||||
|
||||
# read and store in rcnt records of data
|
||||
# that make up the contents value
|
||||
edlst = []
|
||||
for i in xrange(rcnt):
|
||||
item = items.pop(0)
|
||||
edlst.append(item)
|
||||
|
||||
keyname = "unknown"
|
||||
for name in names:
|
||||
if encodeHash(name,charMap5) == keyhash:
|
||||
keyname = name
|
||||
break
|
||||
if keyname == "unknown":
|
||||
keyname = keyhash
|
||||
|
||||
# the charMap5 encoded contents data has had a length
|
||||
# of chars (always odd) cut off of the front and moved
|
||||
# to the end to prevent decoding using charMap5 from
|
||||
# working properly, and thereby preventing the ensuing
|
||||
# CryptUnprotectData call from succeeding.
|
||||
|
||||
# The offset into the charMap5 encoded contents seems to be:
|
||||
# len(contents) - largest prime number less than or equal to int(len(content)/3)
|
||||
# (in other words split "about" 2/3rds of the way through)
|
||||
|
||||
# move first offsets chars to end to align for decode by charMap5
|
||||
encdata = "".join(edlst)
|
||||
contlen = len(encdata)
|
||||
|
||||
# now properly split and recombine
|
||||
# by moving noffset chars from the start of the
|
||||
# string to the end of the string
|
||||
noffset = contlen - primes(int(contlen/3))[-1]
|
||||
pfx = encdata[0:noffset]
|
||||
encdata = encdata[noffset:]
|
||||
encdata = encdata + pfx
|
||||
|
||||
# decode using charMap5 to get the CryptProtect Data
|
||||
encryptedValue = decode(encdata,charMap5)
|
||||
cleartext = cud.decrypt(encryptedValue)
|
||||
DB[keyname] = cleartext
|
||||
cnt = cnt + 1
|
||||
|
||||
if cnt == 0:
|
||||
DB = None
|
||||
return DB
|
||||
|
||||
# the latest .kinf2011 version for K4M 1.9.1
|
||||
# put back the hdr char, it is needed
|
||||
data = hdr + data
|
||||
data = data[:-1]
|
||||
items = data.split('/')
|
||||
|
||||
# the headerblob is the encrypted information needed to build the entropy string
|
||||
headerblob = items.pop(0)
|
||||
encryptedValue = decode(headerblob, charMap1)
|
||||
cleartext = UnprotectHeaderData(encryptedValue)
|
||||
|
||||
# now extract the pieces in the same way
|
||||
# this version is different from K4PC it scales the build number by multipying by 735
|
||||
pattern = re.compile(r'''\[Version:(\d+)\]\[Build:(\d+)\]\[Cksum:([^\]]+)\]\[Guid:([\{\}a-z0-9\-]+)\]''', re.IGNORECASE)
|
||||
for m in re.finditer(pattern, cleartext):
|
||||
entropy = str(int(m.group(2)) * 0x2df) + m.group(4)
|
||||
|
||||
cud = CryptUnprotectDataV3(entropy)
|
||||
|
||||
# loop through the item records until all are processed
|
||||
while len(items) > 0:
|
||||
|
||||
# get the first item record
|
||||
item = items.pop(0)
|
||||
|
||||
# the first 32 chars of the first record of a group
|
||||
# is the MD5 hash of the key name encoded by charMap5
|
||||
keyhash = item[0:32]
|
||||
keyname = "unknown"
|
||||
|
||||
# unlike K4PC the keyhash is not used in generating entropy
|
||||
# entropy = SHA1(keyhash) + added_entropy
|
||||
# entropy = added_entropy
|
||||
|
||||
# the remainder of the first record when decoded with charMap5
|
||||
# has the ':' split char followed by the string representation
|
||||
# of the number of records that follow
|
||||
# and make up the contents
|
||||
srcnt = decode(item[34:],charMap5)
|
||||
rcnt = int(srcnt)
|
||||
|
||||
# read and store in rcnt records of data
|
||||
# that make up the contents value
|
||||
edlst = []
|
||||
for i in xrange(rcnt):
|
||||
item = items.pop(0)
|
||||
edlst.append(item)
|
||||
|
||||
keyname = "unknown"
|
||||
for name in names:
|
||||
if encodeHash(name,testMap8) == keyhash:
|
||||
keyname = name
|
||||
break
|
||||
if keyname == "unknown":
|
||||
keyname = keyhash
|
||||
|
||||
# the testMap8 encoded contents data has had a length
|
||||
# of chars (always odd) cut off of the front and moved
|
||||
# to the end to prevent decoding using testMap8 from
|
||||
# working properly, and thereby preventing the ensuing
|
||||
# CryptUnprotectData call from succeeding.
|
||||
|
||||
# The offset into the testMap8 encoded contents seems to be:
|
||||
# len(contents) - largest prime number less than or equal to int(len(content)/3)
|
||||
# (in other words split "about" 2/3rds of the way through)
|
||||
|
||||
# move first offsets chars to end to align for decode by testMap8
|
||||
encdata = "".join(edlst)
|
||||
contlen = len(encdata)
|
||||
|
||||
# now properly split and recombine
|
||||
# by moving noffset chars from the start of the
|
||||
# string to the end of the string
|
||||
noffset = contlen - primes(int(contlen/3))[-1]
|
||||
pfx = encdata[0:noffset]
|
||||
encdata = encdata[noffset:]
|
||||
encdata = encdata + pfx
|
||||
|
||||
# decode using testMap8 to get the CryptProtect Data
|
||||
encryptedValue = decode(encdata,testMap8)
|
||||
cleartext = cud.decrypt(encryptedValue)
|
||||
# print keyname
|
||||
# print cleartext
|
||||
DB[keyname] = cleartext
|
||||
cnt = cnt + 1
|
||||
|
||||
if cnt == 0:
|
||||
DB = None
|
||||
return DB
|
Binary file not shown.
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,444 +1,249 @@
|
||||
#!/usr/bin/python
|
||||
#
|
||||
# This is a python script. You need a Python interpreter to run it.
|
||||
# For example, ActiveState Python, which exists for windows.
|
||||
#
|
||||
# Changelog
|
||||
# 0.01 - Initial version
|
||||
# 0.02 - Huffdic compressed books were not properly decrypted
|
||||
# 0.03 - Wasn't checking MOBI header length
|
||||
# 0.04 - Wasn't sanity checking size of data record
|
||||
# 0.05 - It seems that the extra data flags take two bytes not four
|
||||
# 0.06 - And that low bit does mean something after all :-)
|
||||
# 0.07 - The extra data flags aren't present in MOBI header < 0xE8 in size
|
||||
# 0.08 - ...and also not in Mobi header version < 6
|
||||
# 0.09 - ...but they are there with Mobi header version 6, header size 0xE4!
|
||||
# 0.10 - Outputs unencrypted files as-is, so that when run as a Calibre
|
||||
# import filter it works when importing unencrypted files.
|
||||
# Also now handles encrypted files that don't need a specific PID.
|
||||
# 0.11 - use autoflushed stdout and proper return values
|
||||
# 0.12 - Fix for problems with metadata import as Calibre plugin, report errors
|
||||
# 0.13 - Formatting fixes: retabbed file, removed trailing whitespace
|
||||
# and extra blank lines, converted CR/LF pairs at ends of each line,
|
||||
# and other cosmetic fixes.
|
||||
# 0.14 - Working out when the extra data flags are present has been problematic
|
||||
# Versions 7 through 9 have tried to tweak the conditions, but have been
|
||||
# only partially successful. Closer examination of lots of sample
|
||||
# files reveals that a confusion has arisen because trailing data entries
|
||||
# are not encrypted, but it turns out that the multibyte entries
|
||||
# in utf8 file are encrypted. (Although neither kind gets compressed.)
|
||||
# This knowledge leads to a simplification of the test for the
|
||||
# trailing data byte flags - version 5 and higher AND header size >= 0xE4.
|
||||
# 0.15 - Now outputs 'heartbeat', and is also quicker for long files.
|
||||
# 0.16 - And reverts to 'done' not 'done.' at the end for unswindle compatibility.
|
||||
# 0.17 - added modifications to support its use as an imported python module
|
||||
# both inside calibre and also in other places (ie K4DeDRM tools)
|
||||
# 0.17a- disabled the standalone plugin feature since a plugin can not import
|
||||
# a plugin
|
||||
# 0.18 - It seems that multibyte entries aren't encrypted in a v7 file...
|
||||
# Removed the disabled Calibre plug-in code
|
||||
# Permit use of 8-digit PIDs
|
||||
# 0.19 - It seems that multibyte entries aren't encrypted in a v6 file either.
|
||||
# 0.20 - Correction: It seems that multibyte entries are encrypted in a v6 file.
|
||||
# 0.21 - Added support for multiple pids
|
||||
# 0.22 - revised structure to hold MobiBook as a class to allow an extended interface
|
||||
# 0.23 - fixed problem with older files with no EXTH section
|
||||
# 0.24 - add support for type 1 encryption and 'TEXtREAd' books as well
|
||||
# 0.25 - Fixed support for 'BOOKMOBI' type 1 encryption
|
||||
# 0.26 - Now enables Text-To-Speech flag and sets clipping limit to 100%
|
||||
# 0.27 - Correct pid metadata token generation to match that used by skindle (Thank You Bart!)
|
||||
# 0.28 - slight additional changes to metadata token generation (None -> '')
|
||||
# 0.29 - It seems that the ideas about when multibyte trailing characters were
|
||||
# included in the encryption were wrong. They are for DOC compressed
|
||||
# files, but they are not for HUFF/CDIC compress files!
|
||||
# 0.30 - Modified interface slightly to work better with new calibre plugin style
|
||||
# 0.31 - The multibyte encrytion info is true for version 7 files too.
|
||||
# 0.32 - Added support for "Print Replica" Kindle ebooks
|
||||
|
||||
__version__ = '0.32'
|
||||
#! /usr/bin/python
|
||||
# vim:ts=4:sw=4:softtabstop=4:smarttab:expandtab
|
||||
|
||||
import sys
|
||||
|
||||
class Unbuffered:
|
||||
def __init__(self, stream):
|
||||
self.stream = stream
|
||||
def write(self, data):
|
||||
self.stream.write(data)
|
||||
self.stream.flush()
|
||||
def __getattr__(self, attr):
|
||||
return getattr(self.stream, attr)
|
||||
sys.stdout=Unbuffered(sys.stdout)
|
||||
|
||||
import csv
|
||||
import os
|
||||
import struct
|
||||
import binascii
|
||||
|
||||
class DrmException(Exception):
|
||||
pass
|
||||
|
||||
|
||||
#
|
||||
# MobiBook Utility Routines
|
||||
#
|
||||
|
||||
# Implementation of Pukall Cipher 1
|
||||
def PC1(key, src, decryption=True):
|
||||
sum1 = 0;
|
||||
sum2 = 0;
|
||||
keyXorVal = 0;
|
||||
if len(key)!=16:
|
||||
print "Bad key length!"
|
||||
return None
|
||||
wkey = []
|
||||
for i in xrange(8):
|
||||
wkey.append(ord(key[i*2])<<8 | ord(key[i*2+1]))
|
||||
dst = ""
|
||||
for i in xrange(len(src)):
|
||||
temp1 = 0;
|
||||
byteXorVal = 0;
|
||||
for j in xrange(8):
|
||||
temp1 ^= wkey[j]
|
||||
sum2 = (sum2+j)*20021 + sum1
|
||||
sum1 = (temp1*346)&0xFFFF
|
||||
sum2 = (sum2+sum1)&0xFFFF
|
||||
temp1 = (temp1*20021+1)&0xFFFF
|
||||
byteXorVal ^= temp1 ^ sum2
|
||||
curByte = ord(src[i])
|
||||
if not decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF
|
||||
if decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
for j in xrange(8):
|
||||
wkey[j] ^= keyXorVal;
|
||||
dst+=chr(curByte)
|
||||
return dst
|
||||
|
||||
def checksumPid(s):
|
||||
letters = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789"
|
||||
crc = (~binascii.crc32(s,-1))&0xFFFFFFFF
|
||||
crc = crc ^ (crc >> 16)
|
||||
res = s
|
||||
l = len(letters)
|
||||
for i in (0,1):
|
||||
b = crc & 0xff
|
||||
pos = (b // l) ^ (b % l)
|
||||
res += letters[pos%l]
|
||||
crc >>= 8
|
||||
return res
|
||||
|
||||
def getSizeOfTrailingDataEntries(ptr, size, flags):
|
||||
def getSizeOfTrailingDataEntry(ptr, size):
|
||||
bitpos, result = 0, 0
|
||||
if size <= 0:
|
||||
return result
|
||||
while True:
|
||||
v = ord(ptr[size-1])
|
||||
result |= (v & 0x7F) << bitpos
|
||||
bitpos += 7
|
||||
size -= 1
|
||||
if (v & 0x80) != 0 or (bitpos >= 28) or (size == 0):
|
||||
return result
|
||||
num = 0
|
||||
testflags = flags >> 1
|
||||
while testflags:
|
||||
if testflags & 1:
|
||||
num += getSizeOfTrailingDataEntry(ptr, size - num)
|
||||
testflags >>= 1
|
||||
# Check the low bit to see if there's multibyte data present.
|
||||
# if multibyte data is included in the encryped data, we'll
|
||||
# have already cleared this flag.
|
||||
if flags & 1:
|
||||
num += (ord(ptr[size - num - 1]) & 0x3) + 1
|
||||
return num
|
||||
|
||||
|
||||
|
||||
class MobiBook:
|
||||
def loadSection(self, section):
|
||||
if (section + 1 == self.num_sections):
|
||||
endoff = len(self.data_file)
|
||||
import getopt
|
||||
from struct import pack
|
||||
from struct import unpack
|
||||
|
||||
|
||||
class PParser(object):
|
||||
def __init__(self, gd, flatxml, meta_array):
|
||||
self.gd = gd
|
||||
self.flatdoc = flatxml.split('\n')
|
||||
self.docSize = len(self.flatdoc)
|
||||
self.temp = []
|
||||
|
||||
self.ph = -1
|
||||
self.pw = -1
|
||||
startpos = self.posinDoc('page.h') or self.posinDoc('book.h')
|
||||
for p in startpos:
|
||||
(name, argres) = self.lineinDoc(p)
|
||||
self.ph = max(self.ph, int(argres))
|
||||
startpos = self.posinDoc('page.w') or self.posinDoc('book.w')
|
||||
for p in startpos:
|
||||
(name, argres) = self.lineinDoc(p)
|
||||
self.pw = max(self.pw, int(argres))
|
||||
|
||||
if self.ph <= 0:
|
||||
self.ph = int(meta_array.get('pageHeight', '11000'))
|
||||
if self.pw <= 0:
|
||||
self.pw = int(meta_array.get('pageWidth', '8500'))
|
||||
|
||||
res = []
|
||||
startpos = self.posinDoc('info.glyph.x')
|
||||
for p in startpos:
|
||||
argres = self.getDataatPos('info.glyph.x', p)
|
||||
res.extend(argres)
|
||||
self.gx = res
|
||||
|
||||
res = []
|
||||
startpos = self.posinDoc('info.glyph.y')
|
||||
for p in startpos:
|
||||
argres = self.getDataatPos('info.glyph.y', p)
|
||||
res.extend(argres)
|
||||
self.gy = res
|
||||
|
||||
res = []
|
||||
startpos = self.posinDoc('info.glyph.glyphID')
|
||||
for p in startpos:
|
||||
argres = self.getDataatPos('info.glyph.glyphID', p)
|
||||
res.extend(argres)
|
||||
self.gid = res
|
||||
|
||||
|
||||
# return tag at line pos in document
|
||||
def lineinDoc(self, pos) :
|
||||
if (pos >= 0) and (pos < self.docSize) :
|
||||
item = self.flatdoc[pos]
|
||||
if item.find('=') >= 0:
|
||||
(name, argres) = item.split('=',1)
|
||||
else :
|
||||
name = item
|
||||
argres = ''
|
||||
return name, argres
|
||||
|
||||
# find tag in doc if within pos to end inclusive
|
||||
def findinDoc(self, tagpath, pos, end) :
|
||||
result = None
|
||||
if end == -1 :
|
||||
end = self.docSize
|
||||
else:
|
||||
endoff = self.sections[section + 1][0]
|
||||
off = self.sections[section][0]
|
||||
return self.data_file[off:endoff]
|
||||
|
||||
def __init__(self, infile):
|
||||
print ('MobiDeDrm v%(__version__)s. '
|
||||
'Copyright 2008-2011 The Dark Reverser et al.' % globals())
|
||||
|
||||
# initial sanity check on file
|
||||
self.data_file = file(infile, 'rb').read()
|
||||
self.mobi_data = ''
|
||||
self.header = self.data_file[0:78]
|
||||
if self.header[0x3C:0x3C+8] != 'BOOKMOBI' and self.header[0x3C:0x3C+8] != 'TEXtREAd':
|
||||
raise DrmException("invalid file format")
|
||||
self.magic = self.header[0x3C:0x3C+8]
|
||||
self.crypto_type = -1
|
||||
|
||||
# build up section offset and flag info
|
||||
self.num_sections, = struct.unpack('>H', self.header[76:78])
|
||||
self.sections = []
|
||||
for i in xrange(self.num_sections):
|
||||
offset, a1,a2,a3,a4 = struct.unpack('>LBBBB', self.data_file[78+i*8:78+i*8+8])
|
||||
flags, val = a1, a2<<16|a3<<8|a4
|
||||
self.sections.append( (offset, flags, val) )
|
||||
|
||||
# parse information from section 0
|
||||
self.sect = self.loadSection(0)
|
||||
self.records, = struct.unpack('>H', self.sect[0x8:0x8+2])
|
||||
self.compression, = struct.unpack('>H', self.sect[0x0:0x0+2])
|
||||
|
||||
if self.magic == 'TEXtREAd':
|
||||
print "Book has format: ", self.magic
|
||||
self.extra_data_flags = 0
|
||||
self.mobi_length = 0
|
||||
self.mobi_version = -1
|
||||
self.meta_array = {}
|
||||
return
|
||||
self.mobi_length, = struct.unpack('>L',self.sect[0x14:0x18])
|
||||
self.mobi_codepage, = struct.unpack('>L',self.sect[0x1c:0x20])
|
||||
self.mobi_version, = struct.unpack('>L',self.sect[0x68:0x6C])
|
||||
print "MOBI header version = %d, length = %d" %(self.mobi_version, self.mobi_length)
|
||||
self.extra_data_flags = 0
|
||||
if (self.mobi_length >= 0xE4) and (self.mobi_version >= 5):
|
||||
self.extra_data_flags, = struct.unpack('>H', self.sect[0xF2:0xF4])
|
||||
print "Extra Data Flags = %d" % self.extra_data_flags
|
||||
if (self.compression != 17480):
|
||||
# multibyte utf8 data is included in the encryption for PalmDoc compression
|
||||
# so clear that byte so that we leave it to be decrypted.
|
||||
self.extra_data_flags &= 0xFFFE
|
||||
|
||||
# if exth region exists parse it for metadata array
|
||||
self.meta_array = {}
|
||||
try:
|
||||
exth_flag, = struct.unpack('>L', self.sect[0x80:0x84])
|
||||
exth = 'NONE'
|
||||
if exth_flag & 0x40:
|
||||
exth = self.sect[16 + self.mobi_length:]
|
||||
if (len(exth) >= 4) and (exth[:4] == 'EXTH'):
|
||||
nitems, = struct.unpack('>I', exth[8:12])
|
||||
pos = 12
|
||||
for i in xrange(nitems):
|
||||
type, size = struct.unpack('>II', exth[pos: pos + 8])
|
||||
content = exth[pos + 8: pos + size]
|
||||
self.meta_array[type] = content
|
||||
# reset the text to speech flag and clipping limit, if present
|
||||
if type == 401 and size == 9:
|
||||
# set clipping limit to 100%
|
||||
self.patchSection(0, "\144", 16 + self.mobi_length + pos + 8)
|
||||
elif type == 404 and size == 9:
|
||||
# make sure text to speech is enabled
|
||||
self.patchSection(0, "\0", 16 + self.mobi_length + pos + 8)
|
||||
# print type, size, content, content.encode('hex')
|
||||
pos += size
|
||||
except:
|
||||
self.meta_array = {}
|
||||
pass
|
||||
self.print_replica = False
|
||||
|
||||
def getBookTitle(self):
|
||||
codec_map = {
|
||||
1252 : 'windows-1252',
|
||||
65001 : 'utf-8',
|
||||
}
|
||||
title = ''
|
||||
if 503 in self.meta_array:
|
||||
title = self.meta_array[503]
|
||||
else :
|
||||
toff, tlen = struct.unpack('>II', self.sect[0x54:0x5c])
|
||||
tend = toff + tlen
|
||||
title = self.sect[toff:tend]
|
||||
if title == '':
|
||||
title = self.header[:32]
|
||||
title = title.split("\0")[0]
|
||||
codec = 'windows-1252'
|
||||
if self.mobi_codepage in codec_map.keys():
|
||||
codec = codec_map[self.mobi_codepage]
|
||||
return unicode(title, codec).encode('utf-8')
|
||||
|
||||
def getPIDMetaInfo(self):
|
||||
rec209 = ''
|
||||
token = ''
|
||||
if 209 in self.meta_array:
|
||||
rec209 = self.meta_array[209]
|
||||
data = rec209
|
||||
# The 209 data comes in five byte groups. Interpret the last four bytes
|
||||
# of each group as a big endian unsigned integer to get a key value
|
||||
# if that key exists in the meta_array, append its contents to the token
|
||||
for i in xrange(0,len(data),5):
|
||||
val, = struct.unpack('>I',data[i+1:i+5])
|
||||
sval = self.meta_array.get(val,'')
|
||||
token += sval
|
||||
return rec209, token
|
||||
|
||||
def patch(self, off, new):
|
||||
self.data_file = self.data_file[:off] + new + self.data_file[off+len(new):]
|
||||
|
||||
def patchSection(self, section, new, in_off = 0):
|
||||
if (section + 1 == self.num_sections):
|
||||
endoff = len(self.data_file)
|
||||
else:
|
||||
endoff = self.sections[section + 1][0]
|
||||
off = self.sections[section][0]
|
||||
assert off + in_off + len(new) <= endoff
|
||||
self.patch(off + in_off, new)
|
||||
|
||||
def parseDRM(self, data, count, pidlist):
|
||||
found_key = None
|
||||
keyvec1 = "\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\xE2\xE0\x3F\x96"
|
||||
for pid in pidlist:
|
||||
bigpid = pid.ljust(16,'\0')
|
||||
temp_key = PC1(keyvec1, bigpid, False)
|
||||
temp_key_sum = sum(map(ord,temp_key)) & 0xff
|
||||
found_key = None
|
||||
for i in xrange(count):
|
||||
verification, size, type, cksum, cookie = struct.unpack('>LLLBxxx32s', data[i*0x30:i*0x30+0x30])
|
||||
if cksum == temp_key_sum:
|
||||
cookie = PC1(temp_key, cookie)
|
||||
ver,flags,finalkey,expiry,expiry2 = struct.unpack('>LL16sLL', cookie)
|
||||
if verification == ver and (flags & 0x1F) == 1:
|
||||
found_key = finalkey
|
||||
break
|
||||
if found_key != None:
|
||||
end = min(self.docSize, end)
|
||||
foundat = -1
|
||||
for j in xrange(pos, end):
|
||||
item = self.flatdoc[j]
|
||||
if item.find('=') >= 0:
|
||||
(name, argres) = item.split('=',1)
|
||||
else :
|
||||
name = item
|
||||
argres = ''
|
||||
if name.endswith(tagpath) :
|
||||
result = argres
|
||||
foundat = j
|
||||
break
|
||||
if not found_key:
|
||||
# Then try the default encoding that doesn't require a PID
|
||||
pid = "00000000"
|
||||
temp_key = keyvec1
|
||||
temp_key_sum = sum(map(ord,temp_key)) & 0xff
|
||||
for i in xrange(count):
|
||||
verification, size, type, cksum, cookie = struct.unpack('>LLLBxxx32s', data[i*0x30:i*0x30+0x30])
|
||||
if cksum == temp_key_sum:
|
||||
cookie = PC1(temp_key, cookie)
|
||||
ver,flags,finalkey,expiry,expiry2 = struct.unpack('>LL16sLL', cookie)
|
||||
if verification == ver:
|
||||
found_key = finalkey
|
||||
break
|
||||
return [found_key,pid]
|
||||
|
||||
def getMobiFile(self, outpath):
|
||||
file(outpath,'wb').write(self.mobi_data)
|
||||
|
||||
def getPrintReplica(self):
|
||||
return self.print_replica
|
||||
|
||||
def processBook(self, pidlist):
|
||||
crypto_type, = struct.unpack('>H', self.sect[0xC:0xC+2])
|
||||
print 'Crypto Type is: ', crypto_type
|
||||
self.crypto_type = crypto_type
|
||||
if crypto_type == 0:
|
||||
print "This book is not encrypted."
|
||||
# we must still check for Print Replica
|
||||
self.print_replica = (self.loadSection(1)[0:4] == '%MOP')
|
||||
self.mobi_data = self.data_file
|
||||
return
|
||||
if crypto_type != 2 and crypto_type != 1:
|
||||
raise DrmException("Cannot decode unknown Mobipocket encryption type %d" % crypto_type)
|
||||
if 406 in self.meta_array:
|
||||
data406 = self.meta_array[406]
|
||||
val406, = struct.unpack('>Q',data406)
|
||||
if val406 != 0:
|
||||
raise DrmException("Cannot decode library or rented ebooks.")
|
||||
|
||||
goodpids = []
|
||||
for pid in pidlist:
|
||||
if len(pid)==10:
|
||||
if checksumPid(pid[0:-2]) != pid:
|
||||
print "Warning: PID " + pid + " has incorrect checksum, should have been "+checksumPid(pid[0:-2])
|
||||
goodpids.append(pid[0:-2])
|
||||
elif len(pid)==8:
|
||||
goodpids.append(pid)
|
||||
|
||||
if self.crypto_type == 1:
|
||||
t1_keyvec = "QDCVEPMU675RUBSZ"
|
||||
if self.magic == 'TEXtREAd':
|
||||
bookkey_data = self.sect[0x0E:0x0E+16]
|
||||
elif self.mobi_version < 0:
|
||||
bookkey_data = self.sect[0x90:0x90+16]
|
||||
return foundat, result
|
||||
|
||||
# return list of start positions for the tagpath
|
||||
def posinDoc(self, tagpath):
|
||||
startpos = []
|
||||
pos = 0
|
||||
res = ""
|
||||
while res != None :
|
||||
(foundpos, res) = self.findinDoc(tagpath, pos, -1)
|
||||
if res != None :
|
||||
startpos.append(foundpos)
|
||||
pos = foundpos + 1
|
||||
return startpos
|
||||
|
||||
def getData(self, path):
|
||||
result = None
|
||||
cnt = len(self.flatdoc)
|
||||
for j in xrange(cnt):
|
||||
item = self.flatdoc[j]
|
||||
if item.find('=') >= 0:
|
||||
(name, argt) = item.split('=')
|
||||
argres = argt.split('|')
|
||||
else:
|
||||
bookkey_data = self.sect[self.mobi_length+16:self.mobi_length+32]
|
||||
pid = "00000000"
|
||||
found_key = PC1(t1_keyvec, bookkey_data)
|
||||
else :
|
||||
# calculate the keys
|
||||
drm_ptr, drm_count, drm_size, drm_flags = struct.unpack('>LLLL', self.sect[0xA8:0xA8+16])
|
||||
if drm_count == 0:
|
||||
raise DrmException("Not yet initialised with PID. Must be opened with Mobipocket Reader first.")
|
||||
found_key, pid = self.parseDRM(self.sect[drm_ptr:drm_ptr+drm_size], drm_count, goodpids)
|
||||
if not found_key:
|
||||
raise DrmException("No key found. Most likely the correct PID has not been given.")
|
||||
# kill the drm keys
|
||||
self.patchSection(0, "\0" * drm_size, drm_ptr)
|
||||
# kill the drm pointers
|
||||
self.patchSection(0, "\xff" * 4 + "\0" * 12, 0xA8)
|
||||
|
||||
if pid=="00000000":
|
||||
print "File has default encryption, no specific PID."
|
||||
name = item
|
||||
argres = []
|
||||
if (name.endswith(path)):
|
||||
result = argres
|
||||
break
|
||||
if (len(argres) > 0) :
|
||||
for j in xrange(0,len(argres)):
|
||||
argres[j] = int(argres[j])
|
||||
return result
|
||||
|
||||
def getDataatPos(self, path, pos):
|
||||
result = None
|
||||
item = self.flatdoc[pos]
|
||||
if item.find('=') >= 0:
|
||||
(name, argt) = item.split('=')
|
||||
argres = argt.split('|')
|
||||
else:
|
||||
print "File is encoded with PID "+checksumPid(pid)+"."
|
||||
|
||||
# clear the crypto type
|
||||
self.patchSection(0, "\0" * 2, 0xC)
|
||||
|
||||
# decrypt sections
|
||||
print "Decrypting. Please wait . . .",
|
||||
self.mobi_data = self.data_file[:self.sections[1][0]]
|
||||
for i in xrange(1, self.records+1):
|
||||
data = self.loadSection(i)
|
||||
extra_size = getSizeOfTrailingDataEntries(data, len(data), self.extra_data_flags)
|
||||
if i%100 == 0:
|
||||
print ".",
|
||||
# print "record %d, extra_size %d" %(i,extra_size)
|
||||
decoded_data = PC1(found_key, data[0:len(data) - extra_size])
|
||||
if i==1:
|
||||
self.print_replica = (decoded_data[0:4] == '%MOP')
|
||||
self.mobi_data += decoded_data
|
||||
if extra_size > 0:
|
||||
self.mobi_data += data[-extra_size:]
|
||||
if self.num_sections > self.records+1:
|
||||
self.mobi_data += self.data_file[self.sections[self.records+1][0]:]
|
||||
print "done"
|
||||
return
|
||||
|
||||
def getUnencryptedBook(infile,pid):
|
||||
if not os.path.isfile(infile):
|
||||
raise DrmException('Input File Not Found')
|
||||
book = MobiBook(infile)
|
||||
book.processBook([pid])
|
||||
return book.mobi_data
|
||||
|
||||
def getUnencryptedBookWithList(infile,pidlist):
|
||||
if not os.path.isfile(infile):
|
||||
raise DrmException('Input File Not Found')
|
||||
book = MobiBook(infile)
|
||||
book.processBook(pidlist)
|
||||
return book.mobi_data
|
||||
|
||||
|
||||
def main(argv=sys.argv):
|
||||
print ('MobiDeDrm v%(__version__)s. '
|
||||
'Copyright 2008-2011 The Dark Reverser et al.' % globals())
|
||||
if len(argv)<3 or len(argv)>4:
|
||||
print "Removes protection from Kindle/Mobipocket and Kindle/Print Replica ebooks"
|
||||
print "Usage:"
|
||||
print " %s <infile> <outfile> [<Comma separated list of PIDs to try>]" % sys.argv[0]
|
||||
return 1
|
||||
name = item
|
||||
argres = []
|
||||
if (len(argres) > 0) :
|
||||
for j in xrange(0,len(argres)):
|
||||
argres[j] = int(argres[j])
|
||||
if (name.endswith(path)):
|
||||
result = argres
|
||||
return result
|
||||
|
||||
def getDataTemp(self, path):
|
||||
result = None
|
||||
cnt = len(self.temp)
|
||||
for j in xrange(cnt):
|
||||
item = self.temp[j]
|
||||
if item.find('=') >= 0:
|
||||
(name, argt) = item.split('=')
|
||||
argres = argt.split('|')
|
||||
else:
|
||||
name = item
|
||||
argres = []
|
||||
if (name.endswith(path)):
|
||||
result = argres
|
||||
self.temp.pop(j)
|
||||
break
|
||||
if (len(argres) > 0) :
|
||||
for j in xrange(0,len(argres)):
|
||||
argres[j] = int(argres[j])
|
||||
return result
|
||||
|
||||
def getImages(self):
|
||||
result = []
|
||||
self.temp = self.flatdoc
|
||||
while (self.getDataTemp('img') != None):
|
||||
h = self.getDataTemp('img.h')[0]
|
||||
w = self.getDataTemp('img.w')[0]
|
||||
x = self.getDataTemp('img.x')[0]
|
||||
y = self.getDataTemp('img.y')[0]
|
||||
src = self.getDataTemp('img.src')[0]
|
||||
result.append('<image xlink:href="../img/img%04d.jpg" x="%d" y="%d" width="%d" height="%d" />\n' % (src, x, y, w, h))
|
||||
return result
|
||||
|
||||
def getGlyphs(self):
|
||||
result = []
|
||||
if (self.gid != None) and (len(self.gid) > 0):
|
||||
glyphs = []
|
||||
for j in set(self.gid):
|
||||
glyphs.append(j)
|
||||
glyphs.sort()
|
||||
for gid in glyphs:
|
||||
id='id="gl%d"' % gid
|
||||
path = self.gd.lookup(id)
|
||||
if path:
|
||||
result.append(id + ' ' + path)
|
||||
return result
|
||||
|
||||
|
||||
def convert2SVG(gdict, flat_xml, pageid, previd, nextid, svgDir, raw, meta_array, scaledpi):
|
||||
mlst = []
|
||||
pp = PParser(gdict, flat_xml, meta_array)
|
||||
mlst.append('<?xml version="1.0" standalone="no"?>\n')
|
||||
if (raw):
|
||||
mlst.append('<!DOCTYPE svg PUBLIC "-//W3C/DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">\n')
|
||||
mlst.append('<svg width="%fin" height="%fin" viewBox="0 0 %d %d" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">\n' % (pp.pw / scaledpi, pp.ph / scaledpi, pp.pw -1, pp.ph -1))
|
||||
mlst.append('<title>Page %d - %s by %s</title>\n' % (pageid, meta_array['Title'],meta_array['Authors']))
|
||||
else:
|
||||
infile = argv[1]
|
||||
outfile = argv[2]
|
||||
if len(argv) is 4:
|
||||
pidlist = argv[3].split(',')
|
||||
mlst.append('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">\n')
|
||||
mlst.append('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" ><head>\n')
|
||||
mlst.append('<title>Page %d - %s by %s</title>\n' % (pageid, meta_array['Title'],meta_array['Authors']))
|
||||
mlst.append('<script><![CDATA[\n')
|
||||
mlst.append('function gd(){var p=window.location.href.replace(/^.*\?dpi=(\d+).*$/i,"$1");return p;}\n')
|
||||
mlst.append('var dpi=%d;\n' % scaledpi)
|
||||
if (previd) :
|
||||
mlst.append('var prevpage="page%04d.xhtml";\n' % (previd))
|
||||
if (nextid) :
|
||||
mlst.append('var nextpage="page%04d.xhtml";\n' % (nextid))
|
||||
mlst.append('var pw=%d;var ph=%d;' % (pp.pw, pp.ph))
|
||||
mlst.append('function zoomin(){dpi=dpi*(0.8);setsize();}\n')
|
||||
mlst.append('function zoomout(){dpi=dpi*1.25;setsize();}\n')
|
||||
mlst.append('function setsize(){var svg=document.getElementById("svgimg");var prev=document.getElementById("prevsvg");var next=document.getElementById("nextsvg");var width=(pw/dpi)+"in";var height=(ph/dpi)+"in";svg.setAttribute("width",width);svg.setAttribute("height",height);prev.setAttribute("height",height);prev.setAttribute("width","50px");next.setAttribute("height",height);next.setAttribute("width","50px");}\n')
|
||||
mlst.append('function ppage(){window.location.href=prevpage+"?dpi="+Math.round(dpi);}\n')
|
||||
mlst.append('function npage(){window.location.href=nextpage+"?dpi="+Math.round(dpi);}\n')
|
||||
mlst.append('var gt=gd();if(gt>0){dpi=gt;}\n')
|
||||
mlst.append('window.onload=setsize;\n')
|
||||
mlst.append(']]></script>\n')
|
||||
mlst.append('</head>\n')
|
||||
mlst.append('<body onLoad="setsize();" style="background-color:#777;text-align:center;">\n')
|
||||
mlst.append('<div style="white-space:nowrap;">\n')
|
||||
if previd == None:
|
||||
mlst.append('<a href="javascript:ppage();"><svg id="prevsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"></svg></a>\n')
|
||||
else:
|
||||
pidlist = {}
|
||||
try:
|
||||
stripped_file = getUnencryptedBookWithList(infile, pidlist)
|
||||
file(outfile, 'wb').write(stripped_file)
|
||||
except DrmException, e:
|
||||
print "Error: %s" % e
|
||||
return 1
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
mlst.append('<a href="javascript:ppage();"><svg id="prevsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"><polygon points="5,150,95,5,95,295" fill="#AAAAAA" /></svg></a>\n')
|
||||
|
||||
mlst.append('<a href="javascript:npage();"><svg id="svgimg" viewBox="0 0 %d %d" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" style="background-color:#FFF;border:1px solid black;">' % (pp.pw, pp.ph))
|
||||
if (pp.gid != None):
|
||||
mlst.append('<defs>\n')
|
||||
gdefs = pp.getGlyphs()
|
||||
for j in xrange(0,len(gdefs)):
|
||||
mlst.append(gdefs[j])
|
||||
mlst.append('</defs>\n')
|
||||
img = pp.getImages()
|
||||
if (img != None):
|
||||
for j in xrange(0,len(img)):
|
||||
mlst.append(img[j])
|
||||
if (pp.gid != None):
|
||||
for j in xrange(0,len(pp.gid)):
|
||||
mlst.append('<use xlink:href="#gl%d" x="%d" y="%d" />\n' % (pp.gid[j], pp.gx[j], pp.gy[j]))
|
||||
if (img == None or len(img) == 0) and (pp.gid == None or len(pp.gid) == 0):
|
||||
xpos = "%d" % (pp.pw // 3)
|
||||
ypos = "%d" % (pp.ph // 3)
|
||||
mlst.append('<text x="' + xpos + '" y="' + ypos + '" font-size="' + meta_array['fontSize'] + '" font-family="Helvetica" stroke="black">This page intentionally left blank.</text>\n')
|
||||
if (raw) :
|
||||
mlst.append('</svg>')
|
||||
else :
|
||||
mlst.append('</svg></a>\n')
|
||||
if nextid == None:
|
||||
mlst.append('<a href="javascript:npage();"><svg id="nextsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"></svg></a>\n')
|
||||
else :
|
||||
mlst.append('<a href="javascript:npage();"><svg id="nextsvg" viewBox="0 0 100 300" xmlns="http://www.w3.org/2000/svg" version="1.1" style="background-color:#777"><polygon points="5,5,5,295,95,150" fill="#AAAAAA" /></svg></a>\n')
|
||||
mlst.append('</div>\n')
|
||||
mlst.append('<div><a href="javascript:zoomin();">zoom in</a> - <a href="javascript:zoomout();">zoom out</a></div>\n')
|
||||
mlst.append('</body>\n')
|
||||
mlst.append('</html>\n')
|
||||
return "".join(mlst)
|
||||
|
Binary file not shown.
@ -0,0 +1,568 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
"""
|
||||
Routines for doing AES CBC in one file
|
||||
|
||||
Modified by some_updates to extract
|
||||
and combine only those parts needed for AES CBC
|
||||
into one simple to add python file
|
||||
|
||||
Original Version
|
||||
Copyright (c) 2002 by Paul A. Lambert
|
||||
Under:
|
||||
CryptoPy Artisitic License Version 1.0
|
||||
See the wonderful pure python package cryptopy-1.2.5
|
||||
and read its LICENSE.txt for complete license details.
|
||||
"""
|
||||
|
||||
class CryptoError(Exception):
|
||||
""" Base class for crypto exceptions """
|
||||
def __init__(self,errorMessage='Error!'):
|
||||
self.message = errorMessage
|
||||
def __str__(self):
|
||||
return self.message
|
||||
|
||||
class InitCryptoError(CryptoError):
|
||||
""" Crypto errors during algorithm initialization """
|
||||
class BadKeySizeError(InitCryptoError):
|
||||
""" Bad key size error """
|
||||
class EncryptError(CryptoError):
|
||||
""" Error in encryption processing """
|
||||
class DecryptError(CryptoError):
|
||||
""" Error in decryption processing """
|
||||
class DecryptNotBlockAlignedError(DecryptError):
|
||||
""" Error in decryption processing """
|
||||
|
||||
def xorS(a,b):
|
||||
""" XOR two strings """
|
||||
assert len(a)==len(b)
|
||||
x = []
|
||||
for i in range(len(a)):
|
||||
x.append( chr(ord(a[i])^ord(b[i])))
|
||||
return ''.join(x)
|
||||
|
||||
def xor(a,b):
|
||||
""" XOR two strings """
|
||||
x = []
|
||||
for i in range(min(len(a),len(b))):
|
||||
x.append( chr(ord(a[i])^ord(b[i])))
|
||||
return ''.join(x)
|
||||
|
||||
"""
|
||||
Base 'BlockCipher' and Pad classes for cipher instances.
|
||||
BlockCipher supports automatic padding and type conversion. The BlockCipher
|
||||
class was written to make the actual algorithm code more readable and
|
||||
not for performance.
|
||||
"""
|
||||
|
||||
class BlockCipher:
|
||||
""" Block ciphers """
|
||||
def __init__(self):
|
||||
self.reset()
|
||||
|
||||
def reset(self):
|
||||
self.resetEncrypt()
|
||||
self.resetDecrypt()
|
||||
def resetEncrypt(self):
|
||||
self.encryptBlockCount = 0
|
||||
self.bytesToEncrypt = ''
|
||||
def resetDecrypt(self):
|
||||
self.decryptBlockCount = 0
|
||||
self.bytesToDecrypt = ''
|
||||
|
||||
def encrypt(self, plainText, more = None):
|
||||
""" Encrypt a string and return a binary string """
|
||||
self.bytesToEncrypt += plainText # append plainText to any bytes from prior encrypt
|
||||
numBlocks, numExtraBytes = divmod(len(self.bytesToEncrypt), self.blockSize)
|
||||
cipherText = ''
|
||||
for i in range(numBlocks):
|
||||
bStart = i*self.blockSize
|
||||
ctBlock = self.encryptBlock(self.bytesToEncrypt[bStart:bStart+self.blockSize])
|
||||
self.encryptBlockCount += 1
|
||||
cipherText += ctBlock
|
||||
if numExtraBytes > 0: # save any bytes that are not block aligned
|
||||
self.bytesToEncrypt = self.bytesToEncrypt[-numExtraBytes:]
|
||||
else:
|
||||
self.bytesToEncrypt = ''
|
||||
|
||||
if more == None: # no more data expected from caller
|
||||
finalBytes = self.padding.addPad(self.bytesToEncrypt,self.blockSize)
|
||||
if len(finalBytes) > 0:
|
||||
ctBlock = self.encryptBlock(finalBytes)
|
||||
self.encryptBlockCount += 1
|
||||
cipherText += ctBlock
|
||||
self.resetEncrypt()
|
||||
return cipherText
|
||||
|
||||
def decrypt(self, cipherText, more = None):
|
||||
""" Decrypt a string and return a string """
|
||||
self.bytesToDecrypt += cipherText # append to any bytes from prior decrypt
|
||||
|
||||
numBlocks, numExtraBytes = divmod(len(self.bytesToDecrypt), self.blockSize)
|
||||
if more == None: # no more calls to decrypt, should have all the data
|
||||
if numExtraBytes != 0:
|
||||
raise DecryptNotBlockAlignedError, 'Data not block aligned on decrypt'
|
||||
|
||||
# hold back some bytes in case last decrypt has zero len
|
||||
if (more != None) and (numExtraBytes == 0) and (numBlocks >0) :
|
||||
numBlocks -= 1
|
||||
numExtraBytes = self.blockSize
|
||||
|
||||
plainText = ''
|
||||
for i in range(numBlocks):
|
||||
bStart = i*self.blockSize
|
||||
ptBlock = self.decryptBlock(self.bytesToDecrypt[bStart : bStart+self.blockSize])
|
||||
self.decryptBlockCount += 1
|
||||
plainText += ptBlock
|
||||
|
||||
if numExtraBytes > 0: # save any bytes that are not block aligned
|
||||
self.bytesToEncrypt = self.bytesToEncrypt[-numExtraBytes:]
|
||||
else:
|
||||
self.bytesToEncrypt = ''
|
||||
|
||||
if more == None: # last decrypt remove padding
|
||||
plainText = self.padding.removePad(plainText, self.blockSize)
|
||||
self.resetDecrypt()
|
||||
return plainText
|
||||
|
||||
|
||||
class Pad:
|
||||
def __init__(self):
|
||||
pass # eventually could put in calculation of min and max size extension
|
||||
|
||||
class padWithPadLen(Pad):
|
||||
""" Pad a binary string with the length of the padding """
|
||||
|
||||
def addPad(self, extraBytes, blockSize):
|
||||
""" Add padding to a binary string to make it an even multiple
|
||||
of the block size """
|
||||
blocks, numExtraBytes = divmod(len(extraBytes), blockSize)
|
||||
padLength = blockSize - numExtraBytes
|
||||
return extraBytes + padLength*chr(padLength)
|
||||
|
||||
def removePad(self, paddedBinaryString, blockSize):
|
||||
""" Remove padding from a binary string """
|
||||
if not(0<len(paddedBinaryString)):
|
||||
raise DecryptNotBlockAlignedError, 'Expected More Data'
|
||||
return paddedBinaryString[:-ord(paddedBinaryString[-1])]
|
||||
|
||||
class noPadding(Pad):
|
||||
""" No padding. Use this to get ECB behavior from encrypt/decrypt """
|
||||
|
||||
def addPad(self, extraBytes, blockSize):
|
||||
""" Add no padding """
|
||||
return extraBytes
|
||||
|
||||
def removePad(self, paddedBinaryString, blockSize):
|
||||
""" Remove no padding """
|
||||
return paddedBinaryString
|
||||
|
||||
"""
|
||||
Rijndael encryption algorithm
|
||||
This byte oriented implementation is intended to closely
|
||||
match FIPS specification for readability. It is not implemented
|
||||
for performance.
|
||||
"""
|
||||
|
||||
class Rijndael(BlockCipher):
|
||||
""" Rijndael encryption algorithm """
|
||||
def __init__(self, key = None, padding = padWithPadLen(), keySize=16, blockSize=16 ):
|
||||
self.name = 'RIJNDAEL'
|
||||
self.keySize = keySize
|
||||
self.strength = keySize*8
|
||||
self.blockSize = blockSize # blockSize is in bytes
|
||||
self.padding = padding # change default to noPadding() to get normal ECB behavior
|
||||
|
||||
assert( keySize%4==0 and NrTable[4].has_key(keySize/4)),'key size must be 16,20,24,29 or 32 bytes'
|
||||
assert( blockSize%4==0 and NrTable.has_key(blockSize/4)), 'block size must be 16,20,24,29 or 32 bytes'
|
||||
|
||||
self.Nb = self.blockSize/4 # Nb is number of columns of 32 bit words
|
||||
self.Nk = keySize/4 # Nk is the key length in 32-bit words
|
||||
self.Nr = NrTable[self.Nb][self.Nk] # The number of rounds (Nr) is a function of
|
||||
# the block (Nb) and key (Nk) sizes.
|
||||
if key != None:
|
||||
self.setKey(key)
|
||||
|
||||
def setKey(self, key):
|
||||
""" Set a key and generate the expanded key """
|
||||
assert( len(key) == (self.Nk*4) ), 'Key length must be same as keySize parameter'
|
||||
self.__expandedKey = keyExpansion(self, key)
|
||||
self.reset() # BlockCipher.reset()
|
||||
|
||||
def encryptBlock(self, plainTextBlock):
|
||||
""" Encrypt a block, plainTextBlock must be a array of bytes [Nb by 4] """
|
||||
self.state = self._toBlock(plainTextBlock)
|
||||
AddRoundKey(self, self.__expandedKey[0:self.Nb])
|
||||
for round in range(1,self.Nr): #for round = 1 step 1 to Nr
|
||||
SubBytes(self)
|
||||
ShiftRows(self)
|
||||
MixColumns(self)
|
||||
AddRoundKey(self, self.__expandedKey[round*self.Nb:(round+1)*self.Nb])
|
||||
SubBytes(self)
|
||||
ShiftRows(self)
|
||||
AddRoundKey(self, self.__expandedKey[self.Nr*self.Nb:(self.Nr+1)*self.Nb])
|
||||
return self._toBString(self.state)
|
||||
|
||||
|
||||
def decryptBlock(self, encryptedBlock):
|
||||
""" decrypt a block (array of bytes) """
|
||||
self.state = self._toBlock(encryptedBlock)
|
||||
AddRoundKey(self, self.__expandedKey[self.Nr*self.Nb:(self.Nr+1)*self.Nb])
|
||||
for round in range(self.Nr-1,0,-1):
|
||||
InvShiftRows(self)
|
||||
InvSubBytes(self)
|
||||
AddRoundKey(self, self.__expandedKey[round*self.Nb:(round+1)*self.Nb])
|
||||
InvMixColumns(self)
|
||||
InvShiftRows(self)
|
||||
InvSubBytes(self)
|
||||
AddRoundKey(self, self.__expandedKey[0:self.Nb])
|
||||
return self._toBString(self.state)
|
||||
|
||||
def _toBlock(self, bs):
|
||||
""" Convert binary string to array of bytes, state[col][row]"""
|
||||
assert ( len(bs) == 4*self.Nb ), 'Rijndarl blocks must be of size blockSize'
|
||||
return [[ord(bs[4*i]),ord(bs[4*i+1]),ord(bs[4*i+2]),ord(bs[4*i+3])] for i in range(self.Nb)]
|
||||
|
||||
def _toBString(self, block):
|
||||
""" Convert block (array of bytes) to binary string """
|
||||
l = []
|
||||
for col in block:
|
||||
for rowElement in col:
|
||||
l.append(chr(rowElement))
|
||||
return ''.join(l)
|
||||
#-------------------------------------
|
||||
""" Number of rounds Nr = NrTable[Nb][Nk]
|
||||
|
||||
Nb Nk=4 Nk=5 Nk=6 Nk=7 Nk=8
|
||||
------------------------------------- """
|
||||
NrTable = {4: {4:10, 5:11, 6:12, 7:13, 8:14},
|
||||
5: {4:11, 5:11, 6:12, 7:13, 8:14},
|
||||
6: {4:12, 5:12, 6:12, 7:13, 8:14},
|
||||
7: {4:13, 5:13, 6:13, 7:13, 8:14},
|
||||
8: {4:14, 5:14, 6:14, 7:14, 8:14}}
|
||||
#-------------------------------------
|
||||
def keyExpansion(algInstance, keyString):
|
||||
""" Expand a string of size keySize into a larger array """
|
||||
Nk, Nb, Nr = algInstance.Nk, algInstance.Nb, algInstance.Nr # for readability
|
||||
key = [ord(byte) for byte in keyString] # convert string to list
|
||||
w = [[key[4*i],key[4*i+1],key[4*i+2],key[4*i+3]] for i in range(Nk)]
|
||||
for i in range(Nk,Nb*(Nr+1)):
|
||||
temp = w[i-1] # a four byte column
|
||||
if (i%Nk) == 0 :
|
||||
temp = temp[1:]+[temp[0]] # RotWord(temp)
|
||||
temp = [ Sbox[byte] for byte in temp ]
|
||||
temp[0] ^= Rcon[i/Nk]
|
||||
elif Nk > 6 and i%Nk == 4 :
|
||||
temp = [ Sbox[byte] for byte in temp ] # SubWord(temp)
|
||||
w.append( [ w[i-Nk][byte]^temp[byte] for byte in range(4) ] )
|
||||
return w
|
||||
|
||||
Rcon = (0,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36, # note extra '0' !!!
|
||||
0x6c,0xd8,0xab,0x4d,0x9a,0x2f,0x5e,0xbc,0x63,0xc6,
|
||||
0x97,0x35,0x6a,0xd4,0xb3,0x7d,0xfa,0xef,0xc5,0x91)
|
||||
|
||||
#-------------------------------------
|
||||
def AddRoundKey(algInstance, keyBlock):
|
||||
""" XOR the algorithm state with a block of key material """
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] ^= keyBlock[column][row]
|
||||
#-------------------------------------
|
||||
|
||||
def SubBytes(algInstance):
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] = Sbox[algInstance.state[column][row]]
|
||||
|
||||
def InvSubBytes(algInstance):
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] = InvSbox[algInstance.state[column][row]]
|
||||
|
||||
Sbox = (0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,
|
||||
0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
|
||||
0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,
|
||||
0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
|
||||
0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,
|
||||
0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
|
||||
0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,
|
||||
0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
|
||||
0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,
|
||||
0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
|
||||
0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,
|
||||
0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
|
||||
0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,
|
||||
0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
|
||||
0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,
|
||||
0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
|
||||
0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,
|
||||
0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
|
||||
0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,
|
||||
0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
|
||||
0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,
|
||||
0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
|
||||
0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,
|
||||
0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
|
||||
0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,
|
||||
0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
|
||||
0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,
|
||||
0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
|
||||
0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,
|
||||
0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
|
||||
0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,
|
||||
0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16)
|
||||
|
||||
InvSbox = (0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
|
||||
0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
|
||||
0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
|
||||
0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
|
||||
0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
|
||||
0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
|
||||
0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
|
||||
0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
|
||||
0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
|
||||
0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
|
||||
0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
|
||||
0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
|
||||
0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
|
||||
0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
|
||||
0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
|
||||
0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
|
||||
0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
|
||||
0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
|
||||
0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
|
||||
0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
|
||||
0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
|
||||
0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
|
||||
0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
|
||||
0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
|
||||
0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
|
||||
0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
|
||||
0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
|
||||
0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
|
||||
0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
|
||||
0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
|
||||
0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
|
||||
0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d)
|
||||
|
||||
#-------------------------------------
|
||||
""" For each block size (Nb), the ShiftRow operation shifts row i
|
||||
by the amount Ci. Note that row 0 is not shifted.
|
||||
Nb C1 C2 C3
|
||||
------------------- """
|
||||
shiftOffset = { 4 : ( 0, 1, 2, 3),
|
||||
5 : ( 0, 1, 2, 3),
|
||||
6 : ( 0, 1, 2, 3),
|
||||
7 : ( 0, 1, 2, 4),
|
||||
8 : ( 0, 1, 3, 4) }
|
||||
def ShiftRows(algInstance):
|
||||
tmp = [0]*algInstance.Nb # list of size Nb
|
||||
for r in range(1,4): # row 0 reamains unchanged and can be skipped
|
||||
for c in range(algInstance.Nb):
|
||||
tmp[c] = algInstance.state[(c+shiftOffset[algInstance.Nb][r]) % algInstance.Nb][r]
|
||||
for c in range(algInstance.Nb):
|
||||
algInstance.state[c][r] = tmp[c]
|
||||
def InvShiftRows(algInstance):
|
||||
tmp = [0]*algInstance.Nb # list of size Nb
|
||||
for r in range(1,4): # row 0 reamains unchanged and can be skipped
|
||||
for c in range(algInstance.Nb):
|
||||
tmp[c] = algInstance.state[(c+algInstance.Nb-shiftOffset[algInstance.Nb][r]) % algInstance.Nb][r]
|
||||
for c in range(algInstance.Nb):
|
||||
algInstance.state[c][r] = tmp[c]
|
||||
#-------------------------------------
|
||||
def MixColumns(a):
|
||||
Sprime = [0,0,0,0]
|
||||
for j in range(a.Nb): # for each column
|
||||
Sprime[0] = mul(2,a.state[j][0])^mul(3,a.state[j][1])^mul(1,a.state[j][2])^mul(1,a.state[j][3])
|
||||
Sprime[1] = mul(1,a.state[j][0])^mul(2,a.state[j][1])^mul(3,a.state[j][2])^mul(1,a.state[j][3])
|
||||
Sprime[2] = mul(1,a.state[j][0])^mul(1,a.state[j][1])^mul(2,a.state[j][2])^mul(3,a.state[j][3])
|
||||
Sprime[3] = mul(3,a.state[j][0])^mul(1,a.state[j][1])^mul(1,a.state[j][2])^mul(2,a.state[j][3])
|
||||
for i in range(4):
|
||||
a.state[j][i] = Sprime[i]
|
||||
|
||||
def InvMixColumns(a):
|
||||
""" Mix the four bytes of every column in a linear way
|
||||
This is the opposite operation of Mixcolumn """
|
||||
Sprime = [0,0,0,0]
|
||||
for j in range(a.Nb): # for each column
|
||||
Sprime[0] = mul(0x0E,a.state[j][0])^mul(0x0B,a.state[j][1])^mul(0x0D,a.state[j][2])^mul(0x09,a.state[j][3])
|
||||
Sprime[1] = mul(0x09,a.state[j][0])^mul(0x0E,a.state[j][1])^mul(0x0B,a.state[j][2])^mul(0x0D,a.state[j][3])
|
||||
Sprime[2] = mul(0x0D,a.state[j][0])^mul(0x09,a.state[j][1])^mul(0x0E,a.state[j][2])^mul(0x0B,a.state[j][3])
|
||||
Sprime[3] = mul(0x0B,a.state[j][0])^mul(0x0D,a.state[j][1])^mul(0x09,a.state[j][2])^mul(0x0E,a.state[j][3])
|
||||
for i in range(4):
|
||||
a.state[j][i] = Sprime[i]
|
||||
|
||||
#-------------------------------------
|
||||
def mul(a, b):
|
||||
""" Multiply two elements of GF(2^m)
|
||||
needed for MixColumn and InvMixColumn """
|
||||
if (a !=0 and b!=0):
|
||||
return Alogtable[(Logtable[a] + Logtable[b])%255]
|
||||
else:
|
||||
return 0
|
||||
|
||||
Logtable = ( 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
|
||||
100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
|
||||
125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
|
||||
101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
|
||||
150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
|
||||
102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
|
||||
126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
|
||||
43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
|
||||
175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
|
||||
44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
|
||||
127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
|
||||
204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
|
||||
151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
|
||||
83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
|
||||
68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
|
||||
103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7)
|
||||
|
||||
Alogtable= ( 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
|
||||
95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
|
||||
229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
|
||||
83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
|
||||
76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
|
||||
131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
|
||||
181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
|
||||
254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
|
||||
251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
|
||||
195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
|
||||
159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
|
||||
155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
|
||||
252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
|
||||
69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
|
||||
18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
|
||||
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1)
|
||||
|
||||
|
||||
|
||||
|
||||
"""
|
||||
AES Encryption Algorithm
|
||||
The AES algorithm is just Rijndael algorithm restricted to the default
|
||||
blockSize of 128 bits.
|
||||
"""
|
||||
|
||||
class AES(Rijndael):
|
||||
""" The AES algorithm is the Rijndael block cipher restricted to block
|
||||
sizes of 128 bits and key sizes of 128, 192 or 256 bits
|
||||
"""
|
||||
def __init__(self, key = None, padding = padWithPadLen(), keySize=16):
|
||||
""" Initialize AES, keySize is in bytes """
|
||||
if not (keySize == 16 or keySize == 24 or keySize == 32) :
|
||||
raise BadKeySizeError, 'Illegal AES key size, must be 16, 24, or 32 bytes'
|
||||
|
||||
Rijndael.__init__( self, key, padding=padding, keySize=keySize, blockSize=16 )
|
||||
|
||||
self.name = 'AES'
|
||||
|
||||
|
||||
"""
|
||||
CBC mode of encryption for block ciphers.
|
||||
This algorithm mode wraps any BlockCipher to make a
|
||||
Cipher Block Chaining mode.
|
||||
"""
|
||||
from random import Random # should change to crypto.random!!!
|
||||
|
||||
|
||||
class CBC(BlockCipher):
|
||||
""" The CBC class wraps block ciphers to make cipher block chaining (CBC) mode
|
||||
algorithms. The initialization (IV) is automatic if set to None. Padding
|
||||
is also automatic based on the Pad class used to initialize the algorithm
|
||||
"""
|
||||
def __init__(self, blockCipherInstance, padding = padWithPadLen()):
|
||||
""" CBC algorithms are created by initializing with a BlockCipher instance """
|
||||
self.baseCipher = blockCipherInstance
|
||||
self.name = self.baseCipher.name + '_CBC'
|
||||
self.blockSize = self.baseCipher.blockSize
|
||||
self.keySize = self.baseCipher.keySize
|
||||
self.padding = padding
|
||||
self.baseCipher.padding = noPadding() # baseCipher should NOT pad!!
|
||||
self.r = Random() # for IV generation, currently uses
|
||||
# mediocre standard distro version <----------------
|
||||
import time
|
||||
newSeed = time.ctime()+str(self.r) # seed with instance location
|
||||
self.r.seed(newSeed) # to make unique
|
||||
self.reset()
|
||||
|
||||
def setKey(self, key):
|
||||
self.baseCipher.setKey(key)
|
||||
|
||||
# Overload to reset both CBC state and the wrapped baseCipher
|
||||
def resetEncrypt(self):
|
||||
BlockCipher.resetEncrypt(self) # reset CBC encrypt state (super class)
|
||||
self.baseCipher.resetEncrypt() # reset base cipher encrypt state
|
||||
|
||||
def resetDecrypt(self):
|
||||
BlockCipher.resetDecrypt(self) # reset CBC state (super class)
|
||||
self.baseCipher.resetDecrypt() # reset base cipher decrypt state
|
||||
|
||||
def encrypt(self, plainText, iv=None, more=None):
|
||||
""" CBC encryption - overloads baseCipher to allow optional explicit IV
|
||||
when iv=None, iv is auto generated!
|
||||
"""
|
||||
if self.encryptBlockCount == 0:
|
||||
self.iv = iv
|
||||
else:
|
||||
assert(iv==None), 'IV used only on first call to encrypt'
|
||||
|
||||
return BlockCipher.encrypt(self,plainText, more=more)
|
||||
|
||||
def decrypt(self, cipherText, iv=None, more=None):
|
||||
""" CBC decryption - overloads baseCipher to allow optional explicit IV
|
||||
when iv=None, iv is auto generated!
|
||||
"""
|
||||
if self.decryptBlockCount == 0:
|
||||
self.iv = iv
|
||||
else:
|
||||
assert(iv==None), 'IV used only on first call to decrypt'
|
||||
|
||||
return BlockCipher.decrypt(self, cipherText, more=more)
|
||||
|
||||
def encryptBlock(self, plainTextBlock):
|
||||
""" CBC block encryption, IV is set with 'encrypt' """
|
||||
auto_IV = ''
|
||||
if self.encryptBlockCount == 0:
|
||||
if self.iv == None:
|
||||
# generate IV and use
|
||||
self.iv = ''.join([chr(self.r.randrange(256)) for i in range(self.blockSize)])
|
||||
self.prior_encr_CT_block = self.iv
|
||||
auto_IV = self.prior_encr_CT_block # prepend IV if it's automatic
|
||||
else: # application provided IV
|
||||
assert(len(self.iv) == self.blockSize ),'IV must be same length as block'
|
||||
self.prior_encr_CT_block = self.iv
|
||||
""" encrypt the prior CT XORed with the PT """
|
||||
ct = self.baseCipher.encryptBlock( xor(self.prior_encr_CT_block, plainTextBlock) )
|
||||
self.prior_encr_CT_block = ct
|
||||
return auto_IV+ct
|
||||
|
||||
def decryptBlock(self, encryptedBlock):
|
||||
""" Decrypt a single block """
|
||||
|
||||
if self.decryptBlockCount == 0: # first call, process IV
|
||||
if self.iv == None: # auto decrypt IV?
|
||||
self.prior_CT_block = encryptedBlock
|
||||
return ''
|
||||
else:
|
||||
assert(len(self.iv)==self.blockSize),"Bad IV size on CBC decryption"
|
||||
self.prior_CT_block = self.iv
|
||||
|
||||
dct = self.baseCipher.decryptBlock(encryptedBlock)
|
||||
""" XOR the prior decrypted CT with the prior CT """
|
||||
dct_XOR_priorCT = xor( self.prior_CT_block, dct )
|
||||
|
||||
self.prior_CT_block = encryptedBlock
|
||||
|
||||
return dct_XOR_priorCT
|
||||
|
||||
|
||||
"""
|
||||
AES_CBC Encryption Algorithm
|
||||
"""
|
||||
|
||||
class AES_CBC(CBC):
|
||||
""" AES encryption in CBC feedback mode """
|
||||
def __init__(self, key=None, padding=padWithPadLen(), keySize=16):
|
||||
CBC.__init__( self, AES(key, noPadding(), keySize), padding)
|
||||
self.name = 'AES_CBC'
|
@ -0,0 +1,290 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
import sys, os
|
||||
import hmac
|
||||
from struct import pack
|
||||
import hashlib
|
||||
|
||||
|
||||
# interface to needed routines libalfcrypto
|
||||
def _load_libalfcrypto():
|
||||
import ctypes
|
||||
from ctypes import CDLL, byref, POINTER, c_void_p, c_char_p, c_int, c_long, \
|
||||
Structure, c_ulong, create_string_buffer, addressof, string_at, cast, sizeof
|
||||
|
||||
pointer_size = ctypes.sizeof(ctypes.c_voidp)
|
||||
name_of_lib = None
|
||||
if sys.platform.startswith('darwin'):
|
||||
name_of_lib = 'libalfcrypto.dylib'
|
||||
elif sys.platform.startswith('win'):
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'alfcrypto.dll'
|
||||
else:
|
||||
name_of_lib = 'alfcrypto64.dll'
|
||||
else:
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'libalfcrypto32.so'
|
||||
else:
|
||||
name_of_lib = 'libalfcrypto64.so'
|
||||
|
||||
libalfcrypto = sys.path[0] + os.sep + name_of_lib
|
||||
|
||||
if not os.path.isfile(libalfcrypto):
|
||||
raise Exception('libalfcrypto not found')
|
||||
|
||||
libalfcrypto = CDLL(libalfcrypto)
|
||||
|
||||
c_char_pp = POINTER(c_char_p)
|
||||
c_int_p = POINTER(c_int)
|
||||
|
||||
|
||||
def F(restype, name, argtypes):
|
||||
func = getattr(libalfcrypto, name)
|
||||
func.restype = restype
|
||||
func.argtypes = argtypes
|
||||
return func
|
||||
|
||||
# aes cbc decryption
|
||||
#
|
||||
# struct aes_key_st {
|
||||
# unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
# int rounds;
|
||||
# };
|
||||
#
|
||||
# typedef struct aes_key_st AES_KEY;
|
||||
#
|
||||
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);
|
||||
#
|
||||
#
|
||||
# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
# const unsigned long length, const AES_KEY *key,
|
||||
# unsigned char *ivec, const int enc);
|
||||
|
||||
AES_MAXNR = 14
|
||||
|
||||
class AES_KEY(Structure):
|
||||
_fields_ = [('rd_key', c_long * (4 * (AES_MAXNR + 1))), ('rounds', c_int)]
|
||||
|
||||
AES_KEY_p = POINTER(AES_KEY)
|
||||
AES_cbc_encrypt = F(None, 'AES_cbc_encrypt',[c_char_p, c_char_p, c_ulong, AES_KEY_p, c_char_p, c_int])
|
||||
AES_set_decrypt_key = F(c_int, 'AES_set_decrypt_key',[c_char_p, c_int, AES_KEY_p])
|
||||
|
||||
|
||||
|
||||
# Pukall 1 Cipher
|
||||
# unsigned char *PC1(const unsigned char *key, unsigned int klen, const unsigned char *src,
|
||||
# unsigned char *dest, unsigned int len, int decryption);
|
||||
|
||||
PC1 = F(c_char_p, 'PC1', [c_char_p, c_ulong, c_char_p, c_char_p, c_ulong, c_ulong])
|
||||
|
||||
# Topaz Encryption
|
||||
# typedef struct _TpzCtx {
|
||||
# unsigned int v[2];
|
||||
# } TpzCtx;
|
||||
#
|
||||
# void topazCryptoInit(TpzCtx *ctx, const unsigned char *key, int klen);
|
||||
# void topazCryptoDecrypt(const TpzCtx *ctx, const unsigned char *in, unsigned char *out, int len);
|
||||
|
||||
class TPZ_CTX(Structure):
|
||||
_fields_ = [('v', c_long * 2)]
|
||||
|
||||
TPZ_CTX_p = POINTER(TPZ_CTX)
|
||||
topazCryptoInit = F(None, 'topazCryptoInit', [TPZ_CTX_p, c_char_p, c_ulong])
|
||||
topazCryptoDecrypt = F(None, 'topazCryptoDecrypt', [TPZ_CTX_p, c_char_p, c_char_p, c_ulong])
|
||||
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._blocksize = 0
|
||||
self._keyctx = None
|
||||
self._iv = 0
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._blocksize = len(userkey)
|
||||
if (self._blocksize != 16) and (self._blocksize != 24) and (self._blocksize != 32) :
|
||||
raise Exception('AES CBC improper key used')
|
||||
return
|
||||
keyctx = self._keyctx = AES_KEY()
|
||||
self._iv = iv
|
||||
rv = AES_set_decrypt_key(userkey, len(userkey) * 8, keyctx)
|
||||
if rv < 0:
|
||||
raise Exception('Failed to initialize AES CBC key')
|
||||
|
||||
def decrypt(self, data):
|
||||
out = create_string_buffer(len(data))
|
||||
mutable_iv = create_string_buffer(self._iv, len(self._iv))
|
||||
rv = AES_cbc_encrypt(data, out, len(data), self._keyctx, mutable_iv, 0)
|
||||
if rv == 0:
|
||||
raise Exception('AES CBC decryption failed')
|
||||
return out.raw
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
self.key = key
|
||||
out = create_string_buffer(len(src))
|
||||
de = 0
|
||||
if decryption:
|
||||
de = 1
|
||||
rv = PC1(key, len(key), src, out, len(src), de)
|
||||
return out.raw
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
tpz_ctx = self._ctx = TPZ_CTX()
|
||||
topazCryptoInit(tpz_ctx, key, len(key))
|
||||
return tpz_ctx
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
out = create_string_buffer(len(data))
|
||||
topazCryptoDecrypt(ctx, data, out, len(data))
|
||||
return out.raw
|
||||
|
||||
print "Using Library AlfCrypto DLL/DYLIB/SO"
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_python_alfcrypto():
|
||||
|
||||
import aescbc
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
sum1 = 0;
|
||||
sum2 = 0;
|
||||
keyXorVal = 0;
|
||||
if len(key)!=16:
|
||||
print "Bad key length!"
|
||||
return None
|
||||
wkey = []
|
||||
for i in xrange(8):
|
||||
wkey.append(ord(key[i*2])<<8 | ord(key[i*2+1]))
|
||||
dst = ""
|
||||
for i in xrange(len(src)):
|
||||
temp1 = 0;
|
||||
byteXorVal = 0;
|
||||
for j in xrange(8):
|
||||
temp1 ^= wkey[j]
|
||||
sum2 = (sum2+j)*20021 + sum1
|
||||
sum1 = (temp1*346)&0xFFFF
|
||||
sum2 = (sum2+sum1)&0xFFFF
|
||||
temp1 = (temp1*20021+1)&0xFFFF
|
||||
byteXorVal ^= temp1 ^ sum2
|
||||
curByte = ord(src[i])
|
||||
if not decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF
|
||||
if decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
for j in xrange(8):
|
||||
wkey[j] ^= keyXorVal;
|
||||
dst+=chr(curByte)
|
||||
return dst
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
ctx1 = 0x0CAFFE19E
|
||||
for keyChar in key:
|
||||
keyByte = ord(keyChar)
|
||||
ctx2 = ctx1
|
||||
ctx1 = ((((ctx1 >>2) * (ctx1 >>7))&0xFFFFFFFF) ^ (keyByte * keyByte * 0x0F902007)& 0xFFFFFFFF )
|
||||
self._ctx = [ctx1, ctx2]
|
||||
return [ctx1,ctx2]
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
ctx1 = ctx[0]
|
||||
ctx2 = ctx[1]
|
||||
plainText = ""
|
||||
for dataChar in data:
|
||||
dataByte = ord(dataChar)
|
||||
m = (dataByte ^ ((ctx1 >> 3) &0xFF) ^ ((ctx2<<3) & 0xFF)) &0xFF
|
||||
ctx2 = ctx1
|
||||
ctx1 = (((ctx1 >> 2) * (ctx1 >> 7)) &0xFFFFFFFF) ^((m * m * 0x0F902007) &0xFFFFFFFF)
|
||||
plainText += chr(m)
|
||||
return plainText
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._key = None
|
||||
self._iv = None
|
||||
self.aes = None
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._key = userkey
|
||||
self._iv = iv
|
||||
self.aes = aescbc.AES_CBC(userkey, aescbc.noPadding(), len(userkey))
|
||||
|
||||
def decrypt(self, data):
|
||||
iv = self._iv
|
||||
cleartext = self.aes.decrypt(iv + data)
|
||||
return cleartext
|
||||
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_crypto():
|
||||
AES_CBC = Pukall_Cipher = Topaz_Cipher = None
|
||||
cryptolist = (_load_libalfcrypto, _load_python_alfcrypto)
|
||||
for loader in cryptolist:
|
||||
try:
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = loader()
|
||||
break
|
||||
except (ImportError, Exception):
|
||||
pass
|
||||
return AES_CBC, Pukall_Cipher, Topaz_Cipher
|
||||
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = _load_crypto()
|
||||
|
||||
|
||||
class KeyIVGen(object):
|
||||
# this only exists in openssl so we will use pure python implementation instead
|
||||
# PKCS5_PBKDF2_HMAC_SHA1 = F(c_int, 'PKCS5_PBKDF2_HMAC_SHA1',
|
||||
# [c_char_p, c_ulong, c_char_p, c_ulong, c_ulong, c_ulong, c_char_p])
|
||||
def pbkdf2(self, passwd, salt, iter, keylen):
|
||||
|
||||
def xorstr( a, b ):
|
||||
if len(a) != len(b):
|
||||
raise Exception("xorstr(): lengths differ")
|
||||
return ''.join((chr(ord(x)^ord(y)) for x, y in zip(a, b)))
|
||||
|
||||
def prf( h, data ):
|
||||
hm = h.copy()
|
||||
hm.update( data )
|
||||
return hm.digest()
|
||||
|
||||
def pbkdf2_F( h, salt, itercount, blocknum ):
|
||||
U = prf( h, salt + pack('>i',blocknum ) )
|
||||
T = U
|
||||
for i in range(2, itercount+1):
|
||||
U = prf( h, U )
|
||||
T = xorstr( T, U )
|
||||
return T
|
||||
|
||||
sha = hashlib.sha1
|
||||
digest_size = sha().digest_size
|
||||
# l - number of output blocks to produce
|
||||
l = keylen / digest_size
|
||||
if keylen % digest_size != 0:
|
||||
l += 1
|
||||
h = hmac.new( passwd, None, sha )
|
||||
T = ""
|
||||
for i in range(1, l+1):
|
||||
T += pbkdf2_F( h, salt, iter, i )
|
||||
return T[0: keylen]
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,444 @@
|
||||
#!/usr/bin/python
|
||||
#
|
||||
# This is a python script. You need a Python interpreter to run it.
|
||||
# For example, ActiveState Python, which exists for windows.
|
||||
#
|
||||
# Changelog
|
||||
# 0.01 - Initial version
|
||||
# 0.02 - Huffdic compressed books were not properly decrypted
|
||||
# 0.03 - Wasn't checking MOBI header length
|
||||
# 0.04 - Wasn't sanity checking size of data record
|
||||
# 0.05 - It seems that the extra data flags take two bytes not four
|
||||
# 0.06 - And that low bit does mean something after all :-)
|
||||
# 0.07 - The extra data flags aren't present in MOBI header < 0xE8 in size
|
||||
# 0.08 - ...and also not in Mobi header version < 6
|
||||
# 0.09 - ...but they are there with Mobi header version 6, header size 0xE4!
|
||||
# 0.10 - Outputs unencrypted files as-is, so that when run as a Calibre
|
||||
# import filter it works when importing unencrypted files.
|
||||
# Also now handles encrypted files that don't need a specific PID.
|
||||
# 0.11 - use autoflushed stdout and proper return values
|
||||
# 0.12 - Fix for problems with metadata import as Calibre plugin, report errors
|
||||
# 0.13 - Formatting fixes: retabbed file, removed trailing whitespace
|
||||
# and extra blank lines, converted CR/LF pairs at ends of each line,
|
||||
# and other cosmetic fixes.
|
||||
# 0.14 - Working out when the extra data flags are present has been problematic
|
||||
# Versions 7 through 9 have tried to tweak the conditions, but have been
|
||||
# only partially successful. Closer examination of lots of sample
|
||||
# files reveals that a confusion has arisen because trailing data entries
|
||||
# are not encrypted, but it turns out that the multibyte entries
|
||||
# in utf8 file are encrypted. (Although neither kind gets compressed.)
|
||||
# This knowledge leads to a simplification of the test for the
|
||||
# trailing data byte flags - version 5 and higher AND header size >= 0xE4.
|
||||
# 0.15 - Now outputs 'heartbeat', and is also quicker for long files.
|
||||
# 0.16 - And reverts to 'done' not 'done.' at the end for unswindle compatibility.
|
||||
# 0.17 - added modifications to support its use as an imported python module
|
||||
# both inside calibre and also in other places (ie K4DeDRM tools)
|
||||
# 0.17a- disabled the standalone plugin feature since a plugin can not import
|
||||
# a plugin
|
||||
# 0.18 - It seems that multibyte entries aren't encrypted in a v7 file...
|
||||
# Removed the disabled Calibre plug-in code
|
||||
# Permit use of 8-digit PIDs
|
||||
# 0.19 - It seems that multibyte entries aren't encrypted in a v6 file either.
|
||||
# 0.20 - Correction: It seems that multibyte entries are encrypted in a v6 file.
|
||||
# 0.21 - Added support for multiple pids
|
||||
# 0.22 - revised structure to hold MobiBook as a class to allow an extended interface
|
||||
# 0.23 - fixed problem with older files with no EXTH section
|
||||
# 0.24 - add support for type 1 encryption and 'TEXtREAd' books as well
|
||||
# 0.25 - Fixed support for 'BOOKMOBI' type 1 encryption
|
||||
# 0.26 - Now enables Text-To-Speech flag and sets clipping limit to 100%
|
||||
# 0.27 - Correct pid metadata token generation to match that used by skindle (Thank You Bart!)
|
||||
# 0.28 - slight additional changes to metadata token generation (None -> '')
|
||||
# 0.29 - It seems that the ideas about when multibyte trailing characters were
|
||||
# included in the encryption were wrong. They are for DOC compressed
|
||||
# files, but they are not for HUFF/CDIC compress files!
|
||||
# 0.30 - Modified interface slightly to work better with new calibre plugin style
|
||||
# 0.31 - The multibyte encrytion info is true for version 7 files too.
|
||||
# 0.32 - Added support for "Print Replica" Kindle ebooks
|
||||
|
||||
__version__ = '0.32'
|
||||
|
||||
import sys
|
||||
|
||||
class Unbuffered:
|
||||
def __init__(self, stream):
|
||||
self.stream = stream
|
||||
def write(self, data):
|
||||
self.stream.write(data)
|
||||
self.stream.flush()
|
||||
def __getattr__(self, attr):
|
||||
return getattr(self.stream, attr)
|
||||
sys.stdout=Unbuffered(sys.stdout)
|
||||
|
||||
import os
|
||||
import struct
|
||||
import binascii
|
||||
|
||||
class DrmException(Exception):
|
||||
pass
|
||||
|
||||
|
||||
#
|
||||
# MobiBook Utility Routines
|
||||
#
|
||||
|
||||
# Implementation of Pukall Cipher 1
|
||||
def PC1(key, src, decryption=True):
|
||||
sum1 = 0;
|
||||
sum2 = 0;
|
||||
keyXorVal = 0;
|
||||
if len(key)!=16:
|
||||
print "Bad key length!"
|
||||
return None
|
||||
wkey = []
|
||||
for i in xrange(8):
|
||||
wkey.append(ord(key[i*2])<<8 | ord(key[i*2+1]))
|
||||
dst = ""
|
||||
for i in xrange(len(src)):
|
||||
temp1 = 0;
|
||||
byteXorVal = 0;
|
||||
for j in xrange(8):
|
||||
temp1 ^= wkey[j]
|
||||
sum2 = (sum2+j)*20021 + sum1
|
||||
sum1 = (temp1*346)&0xFFFF
|
||||
sum2 = (sum2+sum1)&0xFFFF
|
||||
temp1 = (temp1*20021+1)&0xFFFF
|
||||
byteXorVal ^= temp1 ^ sum2
|
||||
curByte = ord(src[i])
|
||||
if not decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF
|
||||
if decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
for j in xrange(8):
|
||||
wkey[j] ^= keyXorVal;
|
||||
dst+=chr(curByte)
|
||||
return dst
|
||||
|
||||
def checksumPid(s):
|
||||
letters = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789"
|
||||
crc = (~binascii.crc32(s,-1))&0xFFFFFFFF
|
||||
crc = crc ^ (crc >> 16)
|
||||
res = s
|
||||
l = len(letters)
|
||||
for i in (0,1):
|
||||
b = crc & 0xff
|
||||
pos = (b // l) ^ (b % l)
|
||||
res += letters[pos%l]
|
||||
crc >>= 8
|
||||
return res
|
||||
|
||||
def getSizeOfTrailingDataEntries(ptr, size, flags):
|
||||
def getSizeOfTrailingDataEntry(ptr, size):
|
||||
bitpos, result = 0, 0
|
||||
if size <= 0:
|
||||
return result
|
||||
while True:
|
||||
v = ord(ptr[size-1])
|
||||
result |= (v & 0x7F) << bitpos
|
||||
bitpos += 7
|
||||
size -= 1
|
||||
if (v & 0x80) != 0 or (bitpos >= 28) or (size == 0):
|
||||
return result
|
||||
num = 0
|
||||
testflags = flags >> 1
|
||||
while testflags:
|
||||
if testflags & 1:
|
||||
num += getSizeOfTrailingDataEntry(ptr, size - num)
|
||||
testflags >>= 1
|
||||
# Check the low bit to see if there's multibyte data present.
|
||||
# if multibyte data is included in the encryped data, we'll
|
||||
# have already cleared this flag.
|
||||
if flags & 1:
|
||||
num += (ord(ptr[size - num - 1]) & 0x3) + 1
|
||||
return num
|
||||
|
||||
|
||||
|
||||
class MobiBook:
|
||||
def loadSection(self, section):
|
||||
if (section + 1 == self.num_sections):
|
||||
endoff = len(self.data_file)
|
||||
else:
|
||||
endoff = self.sections[section + 1][0]
|
||||
off = self.sections[section][0]
|
||||
return self.data_file[off:endoff]
|
||||
|
||||
def __init__(self, infile):
|
||||
print ('MobiDeDrm v%(__version__)s. '
|
||||
'Copyright 2008-2011 The Dark Reverser et al.' % globals())
|
||||
|
||||
# initial sanity check on file
|
||||
self.data_file = file(infile, 'rb').read()
|
||||
self.mobi_data = ''
|
||||
self.header = self.data_file[0:78]
|
||||
if self.header[0x3C:0x3C+8] != 'BOOKMOBI' and self.header[0x3C:0x3C+8] != 'TEXtREAd':
|
||||
raise DrmException("invalid file format")
|
||||
self.magic = self.header[0x3C:0x3C+8]
|
||||
self.crypto_type = -1
|
||||
|
||||
# build up section offset and flag info
|
||||
self.num_sections, = struct.unpack('>H', self.header[76:78])
|
||||
self.sections = []
|
||||
for i in xrange(self.num_sections):
|
||||
offset, a1,a2,a3,a4 = struct.unpack('>LBBBB', self.data_file[78+i*8:78+i*8+8])
|
||||
flags, val = a1, a2<<16|a3<<8|a4
|
||||
self.sections.append( (offset, flags, val) )
|
||||
|
||||
# parse information from section 0
|
||||
self.sect = self.loadSection(0)
|
||||
self.records, = struct.unpack('>H', self.sect[0x8:0x8+2])
|
||||
self.compression, = struct.unpack('>H', self.sect[0x0:0x0+2])
|
||||
|
||||
if self.magic == 'TEXtREAd':
|
||||
print "Book has format: ", self.magic
|
||||
self.extra_data_flags = 0
|
||||
self.mobi_length = 0
|
||||
self.mobi_version = -1
|
||||
self.meta_array = {}
|
||||
return
|
||||
self.mobi_length, = struct.unpack('>L',self.sect[0x14:0x18])
|
||||
self.mobi_codepage, = struct.unpack('>L',self.sect[0x1c:0x20])
|
||||
self.mobi_version, = struct.unpack('>L',self.sect[0x68:0x6C])
|
||||
print "MOBI header version = %d, length = %d" %(self.mobi_version, self.mobi_length)
|
||||
self.extra_data_flags = 0
|
||||
if (self.mobi_length >= 0xE4) and (self.mobi_version >= 5):
|
||||
self.extra_data_flags, = struct.unpack('>H', self.sect[0xF2:0xF4])
|
||||
print "Extra Data Flags = %d" % self.extra_data_flags
|
||||
if (self.compression != 17480):
|
||||
# multibyte utf8 data is included in the encryption for PalmDoc compression
|
||||
# so clear that byte so that we leave it to be decrypted.
|
||||
self.extra_data_flags &= 0xFFFE
|
||||
|
||||
# if exth region exists parse it for metadata array
|
||||
self.meta_array = {}
|
||||
try:
|
||||
exth_flag, = struct.unpack('>L', self.sect[0x80:0x84])
|
||||
exth = 'NONE'
|
||||
if exth_flag & 0x40:
|
||||
exth = self.sect[16 + self.mobi_length:]
|
||||
if (len(exth) >= 4) and (exth[:4] == 'EXTH'):
|
||||
nitems, = struct.unpack('>I', exth[8:12])
|
||||
pos = 12
|
||||
for i in xrange(nitems):
|
||||
type, size = struct.unpack('>II', exth[pos: pos + 8])
|
||||
content = exth[pos + 8: pos + size]
|
||||
self.meta_array[type] = content
|
||||
# reset the text to speech flag and clipping limit, if present
|
||||
if type == 401 and size == 9:
|
||||
# set clipping limit to 100%
|
||||
self.patchSection(0, "\144", 16 + self.mobi_length + pos + 8)
|
||||
elif type == 404 and size == 9:
|
||||
# make sure text to speech is enabled
|
||||
self.patchSection(0, "\0", 16 + self.mobi_length + pos + 8)
|
||||
# print type, size, content, content.encode('hex')
|
||||
pos += size
|
||||
except:
|
||||
self.meta_array = {}
|
||||
pass
|
||||
self.print_replica = False
|
||||
|
||||
def getBookTitle(self):
|
||||
codec_map = {
|
||||
1252 : 'windows-1252',
|
||||
65001 : 'utf-8',
|
||||
}
|
||||
title = ''
|
||||
if 503 in self.meta_array:
|
||||
title = self.meta_array[503]
|
||||
else :
|
||||
toff, tlen = struct.unpack('>II', self.sect[0x54:0x5c])
|
||||
tend = toff + tlen
|
||||
title = self.sect[toff:tend]
|
||||
if title == '':
|
||||
title = self.header[:32]
|
||||
title = title.split("\0")[0]
|
||||
codec = 'windows-1252'
|
||||
if self.mobi_codepage in codec_map.keys():
|
||||
codec = codec_map[self.mobi_codepage]
|
||||
return unicode(title, codec).encode('utf-8')
|
||||
|
||||
def getPIDMetaInfo(self):
|
||||
rec209 = ''
|
||||
token = ''
|
||||
if 209 in self.meta_array:
|
||||
rec209 = self.meta_array[209]
|
||||
data = rec209
|
||||
# The 209 data comes in five byte groups. Interpret the last four bytes
|
||||
# of each group as a big endian unsigned integer to get a key value
|
||||
# if that key exists in the meta_array, append its contents to the token
|
||||
for i in xrange(0,len(data),5):
|
||||
val, = struct.unpack('>I',data[i+1:i+5])
|
||||
sval = self.meta_array.get(val,'')
|
||||
token += sval
|
||||
return rec209, token
|
||||
|
||||
def patch(self, off, new):
|
||||
self.data_file = self.data_file[:off] + new + self.data_file[off+len(new):]
|
||||
|
||||
def patchSection(self, section, new, in_off = 0):
|
||||
if (section + 1 == self.num_sections):
|
||||
endoff = len(self.data_file)
|
||||
else:
|
||||
endoff = self.sections[section + 1][0]
|
||||
off = self.sections[section][0]
|
||||
assert off + in_off + len(new) <= endoff
|
||||
self.patch(off + in_off, new)
|
||||
|
||||
def parseDRM(self, data, count, pidlist):
|
||||
found_key = None
|
||||
keyvec1 = "\x72\x38\x33\xB0\xB4\xF2\xE3\xCA\xDF\x09\x01\xD6\xE2\xE0\x3F\x96"
|
||||
for pid in pidlist:
|
||||
bigpid = pid.ljust(16,'\0')
|
||||
temp_key = PC1(keyvec1, bigpid, False)
|
||||
temp_key_sum = sum(map(ord,temp_key)) & 0xff
|
||||
found_key = None
|
||||
for i in xrange(count):
|
||||
verification, size, type, cksum, cookie = struct.unpack('>LLLBxxx32s', data[i*0x30:i*0x30+0x30])
|
||||
if cksum == temp_key_sum:
|
||||
cookie = PC1(temp_key, cookie)
|
||||
ver,flags,finalkey,expiry,expiry2 = struct.unpack('>LL16sLL', cookie)
|
||||
if verification == ver and (flags & 0x1F) == 1:
|
||||
found_key = finalkey
|
||||
break
|
||||
if found_key != None:
|
||||
break
|
||||
if not found_key:
|
||||
# Then try the default encoding that doesn't require a PID
|
||||
pid = "00000000"
|
||||
temp_key = keyvec1
|
||||
temp_key_sum = sum(map(ord,temp_key)) & 0xff
|
||||
for i in xrange(count):
|
||||
verification, size, type, cksum, cookie = struct.unpack('>LLLBxxx32s', data[i*0x30:i*0x30+0x30])
|
||||
if cksum == temp_key_sum:
|
||||
cookie = PC1(temp_key, cookie)
|
||||
ver,flags,finalkey,expiry,expiry2 = struct.unpack('>LL16sLL', cookie)
|
||||
if verification == ver:
|
||||
found_key = finalkey
|
||||
break
|
||||
return [found_key,pid]
|
||||
|
||||
def getMobiFile(self, outpath):
|
||||
file(outpath,'wb').write(self.mobi_data)
|
||||
|
||||
def getPrintReplica(self):
|
||||
return self.print_replica
|
||||
|
||||
def processBook(self, pidlist):
|
||||
crypto_type, = struct.unpack('>H', self.sect[0xC:0xC+2])
|
||||
print 'Crypto Type is: ', crypto_type
|
||||
self.crypto_type = crypto_type
|
||||
if crypto_type == 0:
|
||||
print "This book is not encrypted."
|
||||
# we must still check for Print Replica
|
||||
self.print_replica = (self.loadSection(1)[0:4] == '%MOP')
|
||||
self.mobi_data = self.data_file
|
||||
return
|
||||
if crypto_type != 2 and crypto_type != 1:
|
||||
raise DrmException("Cannot decode unknown Mobipocket encryption type %d" % crypto_type)
|
||||
if 406 in self.meta_array:
|
||||
data406 = self.meta_array[406]
|
||||
val406, = struct.unpack('>Q',data406)
|
||||
if val406 != 0:
|
||||
raise DrmException("Cannot decode library or rented ebooks.")
|
||||
|
||||
goodpids = []
|
||||
for pid in pidlist:
|
||||
if len(pid)==10:
|
||||
if checksumPid(pid[0:-2]) != pid:
|
||||
print "Warning: PID " + pid + " has incorrect checksum, should have been "+checksumPid(pid[0:-2])
|
||||
goodpids.append(pid[0:-2])
|
||||
elif len(pid)==8:
|
||||
goodpids.append(pid)
|
||||
|
||||
if self.crypto_type == 1:
|
||||
t1_keyvec = "QDCVEPMU675RUBSZ"
|
||||
if self.magic == 'TEXtREAd':
|
||||
bookkey_data = self.sect[0x0E:0x0E+16]
|
||||
elif self.mobi_version < 0:
|
||||
bookkey_data = self.sect[0x90:0x90+16]
|
||||
else:
|
||||
bookkey_data = self.sect[self.mobi_length+16:self.mobi_length+32]
|
||||
pid = "00000000"
|
||||
found_key = PC1(t1_keyvec, bookkey_data)
|
||||
else :
|
||||
# calculate the keys
|
||||
drm_ptr, drm_count, drm_size, drm_flags = struct.unpack('>LLLL', self.sect[0xA8:0xA8+16])
|
||||
if drm_count == 0:
|
||||
raise DrmException("Not yet initialised with PID. Must be opened with Mobipocket Reader first.")
|
||||
found_key, pid = self.parseDRM(self.sect[drm_ptr:drm_ptr+drm_size], drm_count, goodpids)
|
||||
if not found_key:
|
||||
raise DrmException("No key found. Most likely the correct PID has not been given.")
|
||||
# kill the drm keys
|
||||
self.patchSection(0, "\0" * drm_size, drm_ptr)
|
||||
# kill the drm pointers
|
||||
self.patchSection(0, "\xff" * 4 + "\0" * 12, 0xA8)
|
||||
|
||||
if pid=="00000000":
|
||||
print "File has default encryption, no specific PID."
|
||||
else:
|
||||
print "File is encoded with PID "+checksumPid(pid)+"."
|
||||
|
||||
# clear the crypto type
|
||||
self.patchSection(0, "\0" * 2, 0xC)
|
||||
|
||||
# decrypt sections
|
||||
print "Decrypting. Please wait . . .",
|
||||
self.mobi_data = self.data_file[:self.sections[1][0]]
|
||||
for i in xrange(1, self.records+1):
|
||||
data = self.loadSection(i)
|
||||
extra_size = getSizeOfTrailingDataEntries(data, len(data), self.extra_data_flags)
|
||||
if i%100 == 0:
|
||||
print ".",
|
||||
# print "record %d, extra_size %d" %(i,extra_size)
|
||||
decoded_data = PC1(found_key, data[0:len(data) - extra_size])
|
||||
if i==1:
|
||||
self.print_replica = (decoded_data[0:4] == '%MOP')
|
||||
self.mobi_data += decoded_data
|
||||
if extra_size > 0:
|
||||
self.mobi_data += data[-extra_size:]
|
||||
if self.num_sections > self.records+1:
|
||||
self.mobi_data += self.data_file[self.sections[self.records+1][0]:]
|
||||
print "done"
|
||||
return
|
||||
|
||||
def getUnencryptedBook(infile,pid):
|
||||
if not os.path.isfile(infile):
|
||||
raise DrmException('Input File Not Found')
|
||||
book = MobiBook(infile)
|
||||
book.processBook([pid])
|
||||
return book.mobi_data
|
||||
|
||||
def getUnencryptedBookWithList(infile,pidlist):
|
||||
if not os.path.isfile(infile):
|
||||
raise DrmException('Input File Not Found')
|
||||
book = MobiBook(infile)
|
||||
book.processBook(pidlist)
|
||||
return book.mobi_data
|
||||
|
||||
|
||||
def main(argv=sys.argv):
|
||||
print ('MobiDeDrm v%(__version__)s. '
|
||||
'Copyright 2008-2011 The Dark Reverser et al.' % globals())
|
||||
if len(argv)<3 or len(argv)>4:
|
||||
print "Removes protection from Kindle/Mobipocket and Kindle/Print Replica ebooks"
|
||||
print "Usage:"
|
||||
print " %s <infile> <outfile> [<Comma separated list of PIDs to try>]" % sys.argv[0]
|
||||
return 1
|
||||
else:
|
||||
infile = argv[1]
|
||||
outfile = argv[2]
|
||||
if len(argv) is 4:
|
||||
pidlist = argv[3].split(',')
|
||||
else:
|
||||
pidlist = {}
|
||||
try:
|
||||
stripped_file = getUnencryptedBookWithList(infile, pidlist)
|
||||
file(outfile, 'wb').write(stripped_file)
|
||||
except DrmException, e:
|
||||
print "Error: %s" % e
|
||||
return 1
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
@ -0,0 +1,68 @@
|
||||
# A simple implementation of pbkdf2 using stock python modules. See RFC2898
|
||||
# for details. Basically, it derives a key from a password and salt.
|
||||
|
||||
# Copyright 2004 Matt Johnston <matt @ ucc asn au>
|
||||
# Copyright 2009 Daniel Holth <dholth@fastmail.fm>
|
||||
# This code may be freely used and modified for any purpose.
|
||||
|
||||
# Revision history
|
||||
# v0.1 October 2004 - Initial release
|
||||
# v0.2 8 March 2007 - Make usable with hashlib in Python 2.5 and use
|
||||
# v0.3 "" the correct digest_size rather than always 20
|
||||
# v0.4 Oct 2009 - Rescue from chandler svn, test and optimize.
|
||||
|
||||
import sys
|
||||
import hmac
|
||||
from struct import pack
|
||||
try:
|
||||
# only in python 2.5
|
||||
import hashlib
|
||||
sha = hashlib.sha1
|
||||
md5 = hashlib.md5
|
||||
sha256 = hashlib.sha256
|
||||
except ImportError: # pragma: NO COVERAGE
|
||||
# fallback
|
||||
import sha
|
||||
import md5
|
||||
|
||||
# this is what you want to call.
|
||||
def pbkdf2( password, salt, itercount, keylen, hashfn = sha ):
|
||||
try:
|
||||
# depending whether the hashfn is from hashlib or sha/md5
|
||||
digest_size = hashfn().digest_size
|
||||
except TypeError: # pragma: NO COVERAGE
|
||||
digest_size = hashfn.digest_size
|
||||
# l - number of output blocks to produce
|
||||
l = keylen / digest_size
|
||||
if keylen % digest_size != 0:
|
||||
l += 1
|
||||
|
||||
h = hmac.new( password, None, hashfn )
|
||||
|
||||
T = ""
|
||||
for i in range(1, l+1):
|
||||
T += pbkdf2_F( h, salt, itercount, i )
|
||||
|
||||
return T[0: keylen]
|
||||
|
||||
def xorstr( a, b ):
|
||||
if len(a) != len(b):
|
||||
raise ValueError("xorstr(): lengths differ")
|
||||
return ''.join((chr(ord(x)^ord(y)) for x, y in zip(a, b)))
|
||||
|
||||
def prf( h, data ):
|
||||
hm = h.copy()
|
||||
hm.update( data )
|
||||
return hm.digest()
|
||||
|
||||
# Helper as per the spec. h is a hmac which has been created seeded with the
|
||||
# password, it will be copy()ed and not modified.
|
||||
def pbkdf2_F( h, salt, itercount, blocknum ):
|
||||
U = prf( h, salt + pack('>i',blocknum ) )
|
||||
T = U
|
||||
|
||||
for i in range(2, itercount+1):
|
||||
U = prf( h, U )
|
||||
T = xorstr( T, U )
|
||||
|
||||
return T
|
@ -0,0 +1,48 @@
|
||||
{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf360
|
||||
{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
|
||||
{\colortbl;\red255\green255\blue255;}
|
||||
\paperw11900\paperh16840\margl1440\margr1440\vieww10320\viewh9840\viewkind0
|
||||
\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural
|
||||
|
||||
\f0\b\fs24 \cf0 ReadMe_DeDRM_X.X
|
||||
\b0 \
|
||||
\
|
||||
\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\qj\pardirnatural
|
||||
\cf0 DeDRM_X.X is an AppleScript droplet that allows users to drag and drop ebooks or folders of ebooks onto the DeDRM droplet to have the DRM removed. It repackages the all the "tools" DeDRM python software in one easy to use program that remembers preferences and settings.\
|
||||
\
|
||||
It should work without manual configuration with Kindle for Mac ebooks and Adobe Adept epub and pdf ebooks.\
|
||||
\
|
||||
To remove the DRM from standalone Kindle ebooks, eReader pdb ebooks, Barnes and Noble epubs, and Mobipocket ebooks requires the user to double-click the DeDRM droplet and set some additional Preferences including:\
|
||||
\
|
||||
Kindle 16 digit Serial Number\
|
||||
Barnes & Noble key files (bnepubkey.b64)\
|
||||
eReader Social DRM: (Name:Last 8 digits of CC number)\
|
||||
MobiPocket, Kindle for iPhone/iPad/iPodTouch 10 digit PID\
|
||||
Location for DRM-free ebooks.\
|
||||
\
|
||||
Once these preferences have been set, the user can simply drag and drop ebooks onto the DeDRM droplet to remove the DRM.\
|
||||
\
|
||||
This program requires Mac OS X 10.5, 10.5 or 10.7 (Leopard, Snow Leopard or Lion)
\
|
||||
\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural
|
||||
\cf0 \
|
||||
\
|
||||
\
|
||||
|
||||
\b Installation\
|
||||
|
||||
\b0 \
|
||||
1. From tools_vX.X\\DeDRM_Applications\\, double click on DeDRM_X.X.zip to extract its contents. \
|
||||
\
|
||||
2. Move the resulting DeDRM X.X.app AppleScript droplet to whereever you keep you other applications. (Typically your Applications folder.)\
|
||||
\
|
||||
3. Optionally drag it into your dock, to make it easily available.\
|
||||
\
|
||||
\
|
||||
\
|
||||
|
||||
\b Use\
|
||||
|
||||
\b0 \
|
||||
1. To set the preferences simply double-click the Applescript droplet in your Applications folder or click on its icon in your dock, and follow the instructions in the dialogs.\
|
||||
\
|
||||
2. Drag & Drop DRMed ebooks or folders containing DRMed ebooks onto the Application, either in your Applications folder, or the icon in your dock.}
|
@ -0,0 +1,568 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
"""
|
||||
Routines for doing AES CBC in one file
|
||||
|
||||
Modified by some_updates to extract
|
||||
and combine only those parts needed for AES CBC
|
||||
into one simple to add python file
|
||||
|
||||
Original Version
|
||||
Copyright (c) 2002 by Paul A. Lambert
|
||||
Under:
|
||||
CryptoPy Artisitic License Version 1.0
|
||||
See the wonderful pure python package cryptopy-1.2.5
|
||||
and read its LICENSE.txt for complete license details.
|
||||
"""
|
||||
|
||||
class CryptoError(Exception):
|
||||
""" Base class for crypto exceptions """
|
||||
def __init__(self,errorMessage='Error!'):
|
||||
self.message = errorMessage
|
||||
def __str__(self):
|
||||
return self.message
|
||||
|
||||
class InitCryptoError(CryptoError):
|
||||
""" Crypto errors during algorithm initialization """
|
||||
class BadKeySizeError(InitCryptoError):
|
||||
""" Bad key size error """
|
||||
class EncryptError(CryptoError):
|
||||
""" Error in encryption processing """
|
||||
class DecryptError(CryptoError):
|
||||
""" Error in decryption processing """
|
||||
class DecryptNotBlockAlignedError(DecryptError):
|
||||
""" Error in decryption processing """
|
||||
|
||||
def xorS(a,b):
|
||||
""" XOR two strings """
|
||||
assert len(a)==len(b)
|
||||
x = []
|
||||
for i in range(len(a)):
|
||||
x.append( chr(ord(a[i])^ord(b[i])))
|
||||
return ''.join(x)
|
||||
|
||||
def xor(a,b):
|
||||
""" XOR two strings """
|
||||
x = []
|
||||
for i in range(min(len(a),len(b))):
|
||||
x.append( chr(ord(a[i])^ord(b[i])))
|
||||
return ''.join(x)
|
||||
|
||||
"""
|
||||
Base 'BlockCipher' and Pad classes for cipher instances.
|
||||
BlockCipher supports automatic padding and type conversion. The BlockCipher
|
||||
class was written to make the actual algorithm code more readable and
|
||||
not for performance.
|
||||
"""
|
||||
|
||||
class BlockCipher:
|
||||
""" Block ciphers """
|
||||
def __init__(self):
|
||||
self.reset()
|
||||
|
||||
def reset(self):
|
||||
self.resetEncrypt()
|
||||
self.resetDecrypt()
|
||||
def resetEncrypt(self):
|
||||
self.encryptBlockCount = 0
|
||||
self.bytesToEncrypt = ''
|
||||
def resetDecrypt(self):
|
||||
self.decryptBlockCount = 0
|
||||
self.bytesToDecrypt = ''
|
||||
|
||||
def encrypt(self, plainText, more = None):
|
||||
""" Encrypt a string and return a binary string """
|
||||
self.bytesToEncrypt += plainText # append plainText to any bytes from prior encrypt
|
||||
numBlocks, numExtraBytes = divmod(len(self.bytesToEncrypt), self.blockSize)
|
||||
cipherText = ''
|
||||
for i in range(numBlocks):
|
||||
bStart = i*self.blockSize
|
||||
ctBlock = self.encryptBlock(self.bytesToEncrypt[bStart:bStart+self.blockSize])
|
||||
self.encryptBlockCount += 1
|
||||
cipherText += ctBlock
|
||||
if numExtraBytes > 0: # save any bytes that are not block aligned
|
||||
self.bytesToEncrypt = self.bytesToEncrypt[-numExtraBytes:]
|
||||
else:
|
||||
self.bytesToEncrypt = ''
|
||||
|
||||
if more == None: # no more data expected from caller
|
||||
finalBytes = self.padding.addPad(self.bytesToEncrypt,self.blockSize)
|
||||
if len(finalBytes) > 0:
|
||||
ctBlock = self.encryptBlock(finalBytes)
|
||||
self.encryptBlockCount += 1
|
||||
cipherText += ctBlock
|
||||
self.resetEncrypt()
|
||||
return cipherText
|
||||
|
||||
def decrypt(self, cipherText, more = None):
|
||||
""" Decrypt a string and return a string """
|
||||
self.bytesToDecrypt += cipherText # append to any bytes from prior decrypt
|
||||
|
||||
numBlocks, numExtraBytes = divmod(len(self.bytesToDecrypt), self.blockSize)
|
||||
if more == None: # no more calls to decrypt, should have all the data
|
||||
if numExtraBytes != 0:
|
||||
raise DecryptNotBlockAlignedError, 'Data not block aligned on decrypt'
|
||||
|
||||
# hold back some bytes in case last decrypt has zero len
|
||||
if (more != None) and (numExtraBytes == 0) and (numBlocks >0) :
|
||||
numBlocks -= 1
|
||||
numExtraBytes = self.blockSize
|
||||
|
||||
plainText = ''
|
||||
for i in range(numBlocks):
|
||||
bStart = i*self.blockSize
|
||||
ptBlock = self.decryptBlock(self.bytesToDecrypt[bStart : bStart+self.blockSize])
|
||||
self.decryptBlockCount += 1
|
||||
plainText += ptBlock
|
||||
|
||||
if numExtraBytes > 0: # save any bytes that are not block aligned
|
||||
self.bytesToEncrypt = self.bytesToEncrypt[-numExtraBytes:]
|
||||
else:
|
||||
self.bytesToEncrypt = ''
|
||||
|
||||
if more == None: # last decrypt remove padding
|
||||
plainText = self.padding.removePad(plainText, self.blockSize)
|
||||
self.resetDecrypt()
|
||||
return plainText
|
||||
|
||||
|
||||
class Pad:
|
||||
def __init__(self):
|
||||
pass # eventually could put in calculation of min and max size extension
|
||||
|
||||
class padWithPadLen(Pad):
|
||||
""" Pad a binary string with the length of the padding """
|
||||
|
||||
def addPad(self, extraBytes, blockSize):
|
||||
""" Add padding to a binary string to make it an even multiple
|
||||
of the block size """
|
||||
blocks, numExtraBytes = divmod(len(extraBytes), blockSize)
|
||||
padLength = blockSize - numExtraBytes
|
||||
return extraBytes + padLength*chr(padLength)
|
||||
|
||||
def removePad(self, paddedBinaryString, blockSize):
|
||||
""" Remove padding from a binary string """
|
||||
if not(0<len(paddedBinaryString)):
|
||||
raise DecryptNotBlockAlignedError, 'Expected More Data'
|
||||
return paddedBinaryString[:-ord(paddedBinaryString[-1])]
|
||||
|
||||
class noPadding(Pad):
|
||||
""" No padding. Use this to get ECB behavior from encrypt/decrypt """
|
||||
|
||||
def addPad(self, extraBytes, blockSize):
|
||||
""" Add no padding """
|
||||
return extraBytes
|
||||
|
||||
def removePad(self, paddedBinaryString, blockSize):
|
||||
""" Remove no padding """
|
||||
return paddedBinaryString
|
||||
|
||||
"""
|
||||
Rijndael encryption algorithm
|
||||
This byte oriented implementation is intended to closely
|
||||
match FIPS specification for readability. It is not implemented
|
||||
for performance.
|
||||
"""
|
||||
|
||||
class Rijndael(BlockCipher):
|
||||
""" Rijndael encryption algorithm """
|
||||
def __init__(self, key = None, padding = padWithPadLen(), keySize=16, blockSize=16 ):
|
||||
self.name = 'RIJNDAEL'
|
||||
self.keySize = keySize
|
||||
self.strength = keySize*8
|
||||
self.blockSize = blockSize # blockSize is in bytes
|
||||
self.padding = padding # change default to noPadding() to get normal ECB behavior
|
||||
|
||||
assert( keySize%4==0 and NrTable[4].has_key(keySize/4)),'key size must be 16,20,24,29 or 32 bytes'
|
||||
assert( blockSize%4==0 and NrTable.has_key(blockSize/4)), 'block size must be 16,20,24,29 or 32 bytes'
|
||||
|
||||
self.Nb = self.blockSize/4 # Nb is number of columns of 32 bit words
|
||||
self.Nk = keySize/4 # Nk is the key length in 32-bit words
|
||||
self.Nr = NrTable[self.Nb][self.Nk] # The number of rounds (Nr) is a function of
|
||||
# the block (Nb) and key (Nk) sizes.
|
||||
if key != None:
|
||||
self.setKey(key)
|
||||
|
||||
def setKey(self, key):
|
||||
""" Set a key and generate the expanded key """
|
||||
assert( len(key) == (self.Nk*4) ), 'Key length must be same as keySize parameter'
|
||||
self.__expandedKey = keyExpansion(self, key)
|
||||
self.reset() # BlockCipher.reset()
|
||||
|
||||
def encryptBlock(self, plainTextBlock):
|
||||
""" Encrypt a block, plainTextBlock must be a array of bytes [Nb by 4] """
|
||||
self.state = self._toBlock(plainTextBlock)
|
||||
AddRoundKey(self, self.__expandedKey[0:self.Nb])
|
||||
for round in range(1,self.Nr): #for round = 1 step 1 to Nr
|
||||
SubBytes(self)
|
||||
ShiftRows(self)
|
||||
MixColumns(self)
|
||||
AddRoundKey(self, self.__expandedKey[round*self.Nb:(round+1)*self.Nb])
|
||||
SubBytes(self)
|
||||
ShiftRows(self)
|
||||
AddRoundKey(self, self.__expandedKey[self.Nr*self.Nb:(self.Nr+1)*self.Nb])
|
||||
return self._toBString(self.state)
|
||||
|
||||
|
||||
def decryptBlock(self, encryptedBlock):
|
||||
""" decrypt a block (array of bytes) """
|
||||
self.state = self._toBlock(encryptedBlock)
|
||||
AddRoundKey(self, self.__expandedKey[self.Nr*self.Nb:(self.Nr+1)*self.Nb])
|
||||
for round in range(self.Nr-1,0,-1):
|
||||
InvShiftRows(self)
|
||||
InvSubBytes(self)
|
||||
AddRoundKey(self, self.__expandedKey[round*self.Nb:(round+1)*self.Nb])
|
||||
InvMixColumns(self)
|
||||
InvShiftRows(self)
|
||||
InvSubBytes(self)
|
||||
AddRoundKey(self, self.__expandedKey[0:self.Nb])
|
||||
return self._toBString(self.state)
|
||||
|
||||
def _toBlock(self, bs):
|
||||
""" Convert binary string to array of bytes, state[col][row]"""
|
||||
assert ( len(bs) == 4*self.Nb ), 'Rijndarl blocks must be of size blockSize'
|
||||
return [[ord(bs[4*i]),ord(bs[4*i+1]),ord(bs[4*i+2]),ord(bs[4*i+3])] for i in range(self.Nb)]
|
||||
|
||||
def _toBString(self, block):
|
||||
""" Convert block (array of bytes) to binary string """
|
||||
l = []
|
||||
for col in block:
|
||||
for rowElement in col:
|
||||
l.append(chr(rowElement))
|
||||
return ''.join(l)
|
||||
#-------------------------------------
|
||||
""" Number of rounds Nr = NrTable[Nb][Nk]
|
||||
|
||||
Nb Nk=4 Nk=5 Nk=6 Nk=7 Nk=8
|
||||
------------------------------------- """
|
||||
NrTable = {4: {4:10, 5:11, 6:12, 7:13, 8:14},
|
||||
5: {4:11, 5:11, 6:12, 7:13, 8:14},
|
||||
6: {4:12, 5:12, 6:12, 7:13, 8:14},
|
||||
7: {4:13, 5:13, 6:13, 7:13, 8:14},
|
||||
8: {4:14, 5:14, 6:14, 7:14, 8:14}}
|
||||
#-------------------------------------
|
||||
def keyExpansion(algInstance, keyString):
|
||||
""" Expand a string of size keySize into a larger array """
|
||||
Nk, Nb, Nr = algInstance.Nk, algInstance.Nb, algInstance.Nr # for readability
|
||||
key = [ord(byte) for byte in keyString] # convert string to list
|
||||
w = [[key[4*i],key[4*i+1],key[4*i+2],key[4*i+3]] for i in range(Nk)]
|
||||
for i in range(Nk,Nb*(Nr+1)):
|
||||
temp = w[i-1] # a four byte column
|
||||
if (i%Nk) == 0 :
|
||||
temp = temp[1:]+[temp[0]] # RotWord(temp)
|
||||
temp = [ Sbox[byte] for byte in temp ]
|
||||
temp[0] ^= Rcon[i/Nk]
|
||||
elif Nk > 6 and i%Nk == 4 :
|
||||
temp = [ Sbox[byte] for byte in temp ] # SubWord(temp)
|
||||
w.append( [ w[i-Nk][byte]^temp[byte] for byte in range(4) ] )
|
||||
return w
|
||||
|
||||
Rcon = (0,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36, # note extra '0' !!!
|
||||
0x6c,0xd8,0xab,0x4d,0x9a,0x2f,0x5e,0xbc,0x63,0xc6,
|
||||
0x97,0x35,0x6a,0xd4,0xb3,0x7d,0xfa,0xef,0xc5,0x91)
|
||||
|
||||
#-------------------------------------
|
||||
def AddRoundKey(algInstance, keyBlock):
|
||||
""" XOR the algorithm state with a block of key material """
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] ^= keyBlock[column][row]
|
||||
#-------------------------------------
|
||||
|
||||
def SubBytes(algInstance):
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] = Sbox[algInstance.state[column][row]]
|
||||
|
||||
def InvSubBytes(algInstance):
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] = InvSbox[algInstance.state[column][row]]
|
||||
|
||||
Sbox = (0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,
|
||||
0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
|
||||
0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,
|
||||
0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
|
||||
0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,
|
||||
0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
|
||||
0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,
|
||||
0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
|
||||
0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,
|
||||
0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
|
||||
0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,
|
||||
0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
|
||||
0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,
|
||||
0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
|
||||
0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,
|
||||
0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
|
||||
0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,
|
||||
0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
|
||||
0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,
|
||||
0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
|
||||
0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,
|
||||
0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
|
||||
0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,
|
||||
0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
|
||||
0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,
|
||||
0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
|
||||
0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,
|
||||
0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
|
||||
0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,
|
||||
0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
|
||||
0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,
|
||||
0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16)
|
||||
|
||||
InvSbox = (0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
|
||||
0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
|
||||
0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
|
||||
0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
|
||||
0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
|
||||
0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
|
||||
0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
|
||||
0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
|
||||
0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
|
||||
0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
|
||||
0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
|
||||
0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
|
||||
0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
|
||||
0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
|
||||
0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
|
||||
0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
|
||||
0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
|
||||
0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
|
||||
0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
|
||||
0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
|
||||
0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
|
||||
0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
|
||||
0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
|
||||
0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
|
||||
0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
|
||||
0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
|
||||
0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
|
||||
0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
|
||||
0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
|
||||
0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
|
||||
0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
|
||||
0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d)
|
||||
|
||||
#-------------------------------------
|
||||
""" For each block size (Nb), the ShiftRow operation shifts row i
|
||||
by the amount Ci. Note that row 0 is not shifted.
|
||||
Nb C1 C2 C3
|
||||
------------------- """
|
||||
shiftOffset = { 4 : ( 0, 1, 2, 3),
|
||||
5 : ( 0, 1, 2, 3),
|
||||
6 : ( 0, 1, 2, 3),
|
||||
7 : ( 0, 1, 2, 4),
|
||||
8 : ( 0, 1, 3, 4) }
|
||||
def ShiftRows(algInstance):
|
||||
tmp = [0]*algInstance.Nb # list of size Nb
|
||||
for r in range(1,4): # row 0 reamains unchanged and can be skipped
|
||||
for c in range(algInstance.Nb):
|
||||
tmp[c] = algInstance.state[(c+shiftOffset[algInstance.Nb][r]) % algInstance.Nb][r]
|
||||
for c in range(algInstance.Nb):
|
||||
algInstance.state[c][r] = tmp[c]
|
||||
def InvShiftRows(algInstance):
|
||||
tmp = [0]*algInstance.Nb # list of size Nb
|
||||
for r in range(1,4): # row 0 reamains unchanged and can be skipped
|
||||
for c in range(algInstance.Nb):
|
||||
tmp[c] = algInstance.state[(c+algInstance.Nb-shiftOffset[algInstance.Nb][r]) % algInstance.Nb][r]
|
||||
for c in range(algInstance.Nb):
|
||||
algInstance.state[c][r] = tmp[c]
|
||||
#-------------------------------------
|
||||
def MixColumns(a):
|
||||
Sprime = [0,0,0,0]
|
||||
for j in range(a.Nb): # for each column
|
||||
Sprime[0] = mul(2,a.state[j][0])^mul(3,a.state[j][1])^mul(1,a.state[j][2])^mul(1,a.state[j][3])
|
||||
Sprime[1] = mul(1,a.state[j][0])^mul(2,a.state[j][1])^mul(3,a.state[j][2])^mul(1,a.state[j][3])
|
||||
Sprime[2] = mul(1,a.state[j][0])^mul(1,a.state[j][1])^mul(2,a.state[j][2])^mul(3,a.state[j][3])
|
||||
Sprime[3] = mul(3,a.state[j][0])^mul(1,a.state[j][1])^mul(1,a.state[j][2])^mul(2,a.state[j][3])
|
||||
for i in range(4):
|
||||
a.state[j][i] = Sprime[i]
|
||||
|
||||
def InvMixColumns(a):
|
||||
""" Mix the four bytes of every column in a linear way
|
||||
This is the opposite operation of Mixcolumn """
|
||||
Sprime = [0,0,0,0]
|
||||
for j in range(a.Nb): # for each column
|
||||
Sprime[0] = mul(0x0E,a.state[j][0])^mul(0x0B,a.state[j][1])^mul(0x0D,a.state[j][2])^mul(0x09,a.state[j][3])
|
||||
Sprime[1] = mul(0x09,a.state[j][0])^mul(0x0E,a.state[j][1])^mul(0x0B,a.state[j][2])^mul(0x0D,a.state[j][3])
|
||||
Sprime[2] = mul(0x0D,a.state[j][0])^mul(0x09,a.state[j][1])^mul(0x0E,a.state[j][2])^mul(0x0B,a.state[j][3])
|
||||
Sprime[3] = mul(0x0B,a.state[j][0])^mul(0x0D,a.state[j][1])^mul(0x09,a.state[j][2])^mul(0x0E,a.state[j][3])
|
||||
for i in range(4):
|
||||
a.state[j][i] = Sprime[i]
|
||||
|
||||
#-------------------------------------
|
||||
def mul(a, b):
|
||||
""" Multiply two elements of GF(2^m)
|
||||
needed for MixColumn and InvMixColumn """
|
||||
if (a !=0 and b!=0):
|
||||
return Alogtable[(Logtable[a] + Logtable[b])%255]
|
||||
else:
|
||||
return 0
|
||||
|
||||
Logtable = ( 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
|
||||
100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
|
||||
125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
|
||||
101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
|
||||
150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
|
||||
102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
|
||||
126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
|
||||
43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
|
||||
175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
|
||||
44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
|
||||
127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
|
||||
204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
|
||||
151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
|
||||
83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
|
||||
68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
|
||||
103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7)
|
||||
|
||||
Alogtable= ( 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
|
||||
95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
|
||||
229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
|
||||
83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
|
||||
76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
|
||||
131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
|
||||
181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
|
||||
254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
|
||||
251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
|
||||
195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
|
||||
159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
|
||||
155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
|
||||
252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
|
||||
69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
|
||||
18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
|
||||
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1)
|
||||
|
||||
|
||||
|
||||
|
||||
"""
|
||||
AES Encryption Algorithm
|
||||
The AES algorithm is just Rijndael algorithm restricted to the default
|
||||
blockSize of 128 bits.
|
||||
"""
|
||||
|
||||
class AES(Rijndael):
|
||||
""" The AES algorithm is the Rijndael block cipher restricted to block
|
||||
sizes of 128 bits and key sizes of 128, 192 or 256 bits
|
||||
"""
|
||||
def __init__(self, key = None, padding = padWithPadLen(), keySize=16):
|
||||
""" Initialize AES, keySize is in bytes """
|
||||
if not (keySize == 16 or keySize == 24 or keySize == 32) :
|
||||
raise BadKeySizeError, 'Illegal AES key size, must be 16, 24, or 32 bytes'
|
||||
|
||||
Rijndael.__init__( self, key, padding=padding, keySize=keySize, blockSize=16 )
|
||||
|
||||
self.name = 'AES'
|
||||
|
||||
|
||||
"""
|
||||
CBC mode of encryption for block ciphers.
|
||||
This algorithm mode wraps any BlockCipher to make a
|
||||
Cipher Block Chaining mode.
|
||||
"""
|
||||
from random import Random # should change to crypto.random!!!
|
||||
|
||||
|
||||
class CBC(BlockCipher):
|
||||
""" The CBC class wraps block ciphers to make cipher block chaining (CBC) mode
|
||||
algorithms. The initialization (IV) is automatic if set to None. Padding
|
||||
is also automatic based on the Pad class used to initialize the algorithm
|
||||
"""
|
||||
def __init__(self, blockCipherInstance, padding = padWithPadLen()):
|
||||
""" CBC algorithms are created by initializing with a BlockCipher instance """
|
||||
self.baseCipher = blockCipherInstance
|
||||
self.name = self.baseCipher.name + '_CBC'
|
||||
self.blockSize = self.baseCipher.blockSize
|
||||
self.keySize = self.baseCipher.keySize
|
||||
self.padding = padding
|
||||
self.baseCipher.padding = noPadding() # baseCipher should NOT pad!!
|
||||
self.r = Random() # for IV generation, currently uses
|
||||
# mediocre standard distro version <----------------
|
||||
import time
|
||||
newSeed = time.ctime()+str(self.r) # seed with instance location
|
||||
self.r.seed(newSeed) # to make unique
|
||||
self.reset()
|
||||
|
||||
def setKey(self, key):
|
||||
self.baseCipher.setKey(key)
|
||||
|
||||
# Overload to reset both CBC state and the wrapped baseCipher
|
||||
def resetEncrypt(self):
|
||||
BlockCipher.resetEncrypt(self) # reset CBC encrypt state (super class)
|
||||
self.baseCipher.resetEncrypt() # reset base cipher encrypt state
|
||||
|
||||
def resetDecrypt(self):
|
||||
BlockCipher.resetDecrypt(self) # reset CBC state (super class)
|
||||
self.baseCipher.resetDecrypt() # reset base cipher decrypt state
|
||||
|
||||
def encrypt(self, plainText, iv=None, more=None):
|
||||
""" CBC encryption - overloads baseCipher to allow optional explicit IV
|
||||
when iv=None, iv is auto generated!
|
||||
"""
|
||||
if self.encryptBlockCount == 0:
|
||||
self.iv = iv
|
||||
else:
|
||||
assert(iv==None), 'IV used only on first call to encrypt'
|
||||
|
||||
return BlockCipher.encrypt(self,plainText, more=more)
|
||||
|
||||
def decrypt(self, cipherText, iv=None, more=None):
|
||||
""" CBC decryption - overloads baseCipher to allow optional explicit IV
|
||||
when iv=None, iv is auto generated!
|
||||
"""
|
||||
if self.decryptBlockCount == 0:
|
||||
self.iv = iv
|
||||
else:
|
||||
assert(iv==None), 'IV used only on first call to decrypt'
|
||||
|
||||
return BlockCipher.decrypt(self, cipherText, more=more)
|
||||
|
||||
def encryptBlock(self, plainTextBlock):
|
||||
""" CBC block encryption, IV is set with 'encrypt' """
|
||||
auto_IV = ''
|
||||
if self.encryptBlockCount == 0:
|
||||
if self.iv == None:
|
||||
# generate IV and use
|
||||
self.iv = ''.join([chr(self.r.randrange(256)) for i in range(self.blockSize)])
|
||||
self.prior_encr_CT_block = self.iv
|
||||
auto_IV = self.prior_encr_CT_block # prepend IV if it's automatic
|
||||
else: # application provided IV
|
||||
assert(len(self.iv) == self.blockSize ),'IV must be same length as block'
|
||||
self.prior_encr_CT_block = self.iv
|
||||
""" encrypt the prior CT XORed with the PT """
|
||||
ct = self.baseCipher.encryptBlock( xor(self.prior_encr_CT_block, plainTextBlock) )
|
||||
self.prior_encr_CT_block = ct
|
||||
return auto_IV+ct
|
||||
|
||||
def decryptBlock(self, encryptedBlock):
|
||||
""" Decrypt a single block """
|
||||
|
||||
if self.decryptBlockCount == 0: # first call, process IV
|
||||
if self.iv == None: # auto decrypt IV?
|
||||
self.prior_CT_block = encryptedBlock
|
||||
return ''
|
||||
else:
|
||||
assert(len(self.iv)==self.blockSize),"Bad IV size on CBC decryption"
|
||||
self.prior_CT_block = self.iv
|
||||
|
||||
dct = self.baseCipher.decryptBlock(encryptedBlock)
|
||||
""" XOR the prior decrypted CT with the prior CT """
|
||||
dct_XOR_priorCT = xor( self.prior_CT_block, dct )
|
||||
|
||||
self.prior_CT_block = encryptedBlock
|
||||
|
||||
return dct_XOR_priorCT
|
||||
|
||||
|
||||
"""
|
||||
AES_CBC Encryption Algorithm
|
||||
"""
|
||||
|
||||
class AES_CBC(CBC):
|
||||
""" AES encryption in CBC feedback mode """
|
||||
def __init__(self, key=None, padding=padWithPadLen(), keySize=16):
|
||||
CBC.__init__( self, AES(key, noPadding(), keySize), padding)
|
||||
self.name = 'AES_CBC'
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,290 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
import sys, os
|
||||
import hmac
|
||||
from struct import pack
|
||||
import hashlib
|
||||
|
||||
|
||||
# interface to needed routines libalfcrypto
|
||||
def _load_libalfcrypto():
|
||||
import ctypes
|
||||
from ctypes import CDLL, byref, POINTER, c_void_p, c_char_p, c_int, c_long, \
|
||||
Structure, c_ulong, create_string_buffer, addressof, string_at, cast, sizeof
|
||||
|
||||
pointer_size = ctypes.sizeof(ctypes.c_voidp)
|
||||
name_of_lib = None
|
||||
if sys.platform.startswith('darwin'):
|
||||
name_of_lib = 'libalfcrypto.dylib'
|
||||
elif sys.platform.startswith('win'):
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'alfcrypto.dll'
|
||||
else:
|
||||
name_of_lib = 'alfcrypto64.dll'
|
||||
else:
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'libalfcrypto32.so'
|
||||
else:
|
||||
name_of_lib = 'libalfcrypto64.so'
|
||||
|
||||
libalfcrypto = sys.path[0] + os.sep + name_of_lib
|
||||
|
||||
if not os.path.isfile(libalfcrypto):
|
||||
raise Exception('libalfcrypto not found')
|
||||
|
||||
libalfcrypto = CDLL(libalfcrypto)
|
||||
|
||||
c_char_pp = POINTER(c_char_p)
|
||||
c_int_p = POINTER(c_int)
|
||||
|
||||
|
||||
def F(restype, name, argtypes):
|
||||
func = getattr(libalfcrypto, name)
|
||||
func.restype = restype
|
||||
func.argtypes = argtypes
|
||||
return func
|
||||
|
||||
# aes cbc decryption
|
||||
#
|
||||
# struct aes_key_st {
|
||||
# unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
# int rounds;
|
||||
# };
|
||||
#
|
||||
# typedef struct aes_key_st AES_KEY;
|
||||
#
|
||||
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);
|
||||
#
|
||||
#
|
||||
# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
# const unsigned long length, const AES_KEY *key,
|
||||
# unsigned char *ivec, const int enc);
|
||||
|
||||
AES_MAXNR = 14
|
||||
|
||||
class AES_KEY(Structure):
|
||||
_fields_ = [('rd_key', c_long * (4 * (AES_MAXNR + 1))), ('rounds', c_int)]
|
||||
|
||||
AES_KEY_p = POINTER(AES_KEY)
|
||||
AES_cbc_encrypt = F(None, 'AES_cbc_encrypt',[c_char_p, c_char_p, c_ulong, AES_KEY_p, c_char_p, c_int])
|
||||
AES_set_decrypt_key = F(c_int, 'AES_set_decrypt_key',[c_char_p, c_int, AES_KEY_p])
|
||||
|
||||
|
||||
|
||||
# Pukall 1 Cipher
|
||||
# unsigned char *PC1(const unsigned char *key, unsigned int klen, const unsigned char *src,
|
||||
# unsigned char *dest, unsigned int len, int decryption);
|
||||
|
||||
PC1 = F(c_char_p, 'PC1', [c_char_p, c_ulong, c_char_p, c_char_p, c_ulong, c_ulong])
|
||||
|
||||
# Topaz Encryption
|
||||
# typedef struct _TpzCtx {
|
||||
# unsigned int v[2];
|
||||
# } TpzCtx;
|
||||
#
|
||||
# void topazCryptoInit(TpzCtx *ctx, const unsigned char *key, int klen);
|
||||
# void topazCryptoDecrypt(const TpzCtx *ctx, const unsigned char *in, unsigned char *out, int len);
|
||||
|
||||
class TPZ_CTX(Structure):
|
||||
_fields_ = [('v', c_long * 2)]
|
||||
|
||||
TPZ_CTX_p = POINTER(TPZ_CTX)
|
||||
topazCryptoInit = F(None, 'topazCryptoInit', [TPZ_CTX_p, c_char_p, c_ulong])
|
||||
topazCryptoDecrypt = F(None, 'topazCryptoDecrypt', [TPZ_CTX_p, c_char_p, c_char_p, c_ulong])
|
||||
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._blocksize = 0
|
||||
self._keyctx = None
|
||||
self._iv = 0
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._blocksize = len(userkey)
|
||||
if (self._blocksize != 16) and (self._blocksize != 24) and (self._blocksize != 32) :
|
||||
raise Exception('AES CBC improper key used')
|
||||
return
|
||||
keyctx = self._keyctx = AES_KEY()
|
||||
self._iv = iv
|
||||
rv = AES_set_decrypt_key(userkey, len(userkey) * 8, keyctx)
|
||||
if rv < 0:
|
||||
raise Exception('Failed to initialize AES CBC key')
|
||||
|
||||
def decrypt(self, data):
|
||||
out = create_string_buffer(len(data))
|
||||
mutable_iv = create_string_buffer(self._iv, len(self._iv))
|
||||
rv = AES_cbc_encrypt(data, out, len(data), self._keyctx, mutable_iv, 0)
|
||||
if rv == 0:
|
||||
raise Exception('AES CBC decryption failed')
|
||||
return out.raw
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
self.key = key
|
||||
out = create_string_buffer(len(src))
|
||||
de = 0
|
||||
if decryption:
|
||||
de = 1
|
||||
rv = PC1(key, len(key), src, out, len(src), de)
|
||||
return out.raw
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
tpz_ctx = self._ctx = TPZ_CTX()
|
||||
topazCryptoInit(tpz_ctx, key, len(key))
|
||||
return tpz_ctx
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
out = create_string_buffer(len(data))
|
||||
topazCryptoDecrypt(ctx, data, out, len(data))
|
||||
return out.raw
|
||||
|
||||
print "Using Library AlfCrypto DLL/DYLIB/SO"
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_python_alfcrypto():
|
||||
|
||||
import aescbc
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
sum1 = 0;
|
||||
sum2 = 0;
|
||||
keyXorVal = 0;
|
||||
if len(key)!=16:
|
||||
print "Bad key length!"
|
||||
return None
|
||||
wkey = []
|
||||
for i in xrange(8):
|
||||
wkey.append(ord(key[i*2])<<8 | ord(key[i*2+1]))
|
||||
dst = ""
|
||||
for i in xrange(len(src)):
|
||||
temp1 = 0;
|
||||
byteXorVal = 0;
|
||||
for j in xrange(8):
|
||||
temp1 ^= wkey[j]
|
||||
sum2 = (sum2+j)*20021 + sum1
|
||||
sum1 = (temp1*346)&0xFFFF
|
||||
sum2 = (sum2+sum1)&0xFFFF
|
||||
temp1 = (temp1*20021+1)&0xFFFF
|
||||
byteXorVal ^= temp1 ^ sum2
|
||||
curByte = ord(src[i])
|
||||
if not decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF
|
||||
if decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
for j in xrange(8):
|
||||
wkey[j] ^= keyXorVal;
|
||||
dst+=chr(curByte)
|
||||
return dst
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
ctx1 = 0x0CAFFE19E
|
||||
for keyChar in key:
|
||||
keyByte = ord(keyChar)
|
||||
ctx2 = ctx1
|
||||
ctx1 = ((((ctx1 >>2) * (ctx1 >>7))&0xFFFFFFFF) ^ (keyByte * keyByte * 0x0F902007)& 0xFFFFFFFF )
|
||||
self._ctx = [ctx1, ctx2]
|
||||
return [ctx1,ctx2]
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
ctx1 = ctx[0]
|
||||
ctx2 = ctx[1]
|
||||
plainText = ""
|
||||
for dataChar in data:
|
||||
dataByte = ord(dataChar)
|
||||
m = (dataByte ^ ((ctx1 >> 3) &0xFF) ^ ((ctx2<<3) & 0xFF)) &0xFF
|
||||
ctx2 = ctx1
|
||||
ctx1 = (((ctx1 >> 2) * (ctx1 >> 7)) &0xFFFFFFFF) ^((m * m * 0x0F902007) &0xFFFFFFFF)
|
||||
plainText += chr(m)
|
||||
return plainText
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._key = None
|
||||
self._iv = None
|
||||
self.aes = None
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._key = userkey
|
||||
self._iv = iv
|
||||
self.aes = aescbc.AES_CBC(userkey, aescbc.noPadding(), len(userkey))
|
||||
|
||||
def decrypt(self, data):
|
||||
iv = self._iv
|
||||
cleartext = self.aes.decrypt(iv + data)
|
||||
return cleartext
|
||||
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_crypto():
|
||||
AES_CBC = Pukall_Cipher = Topaz_Cipher = None
|
||||
cryptolist = (_load_libalfcrypto, _load_python_alfcrypto)
|
||||
for loader in cryptolist:
|
||||
try:
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = loader()
|
||||
break
|
||||
except (ImportError, Exception):
|
||||
pass
|
||||
return AES_CBC, Pukall_Cipher, Topaz_Cipher
|
||||
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = _load_crypto()
|
||||
|
||||
|
||||
class KeyIVGen(object):
|
||||
# this only exists in openssl so we will use pure python implementation instead
|
||||
# PKCS5_PBKDF2_HMAC_SHA1 = F(c_int, 'PKCS5_PBKDF2_HMAC_SHA1',
|
||||
# [c_char_p, c_ulong, c_char_p, c_ulong, c_ulong, c_ulong, c_char_p])
|
||||
def pbkdf2(self, passwd, salt, iter, keylen):
|
||||
|
||||
def xorstr( a, b ):
|
||||
if len(a) != len(b):
|
||||
raise Exception("xorstr(): lengths differ")
|
||||
return ''.join((chr(ord(x)^ord(y)) for x, y in zip(a, b)))
|
||||
|
||||
def prf( h, data ):
|
||||
hm = h.copy()
|
||||
hm.update( data )
|
||||
return hm.digest()
|
||||
|
||||
def pbkdf2_F( h, salt, itercount, blocknum ):
|
||||
U = prf( h, salt + pack('>i',blocknum ) )
|
||||
T = U
|
||||
for i in range(2, itercount+1):
|
||||
U = prf( h, U )
|
||||
T = xorstr( T, U )
|
||||
return T
|
||||
|
||||
sha = hashlib.sha1
|
||||
digest_size = sha().digest_size
|
||||
# l - number of output blocks to produce
|
||||
l = keylen / digest_size
|
||||
if keylen % digest_size != 0:
|
||||
l += 1
|
||||
h = hmac.new( passwd, None, sha )
|
||||
T = ""
|
||||
for i in range(1, l+1):
|
||||
T += pbkdf2_F( h, salt, iter, i )
|
||||
return T[0: keylen]
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,68 @@
|
||||
# A simple implementation of pbkdf2 using stock python modules. See RFC2898
|
||||
# for details. Basically, it derives a key from a password and salt.
|
||||
|
||||
# Copyright 2004 Matt Johnston <matt @ ucc asn au>
|
||||
# Copyright 2009 Daniel Holth <dholth@fastmail.fm>
|
||||
# This code may be freely used and modified for any purpose.
|
||||
|
||||
# Revision history
|
||||
# v0.1 October 2004 - Initial release
|
||||
# v0.2 8 March 2007 - Make usable with hashlib in Python 2.5 and use
|
||||
# v0.3 "" the correct digest_size rather than always 20
|
||||
# v0.4 Oct 2009 - Rescue from chandler svn, test and optimize.
|
||||
|
||||
import sys
|
||||
import hmac
|
||||
from struct import pack
|
||||
try:
|
||||
# only in python 2.5
|
||||
import hashlib
|
||||
sha = hashlib.sha1
|
||||
md5 = hashlib.md5
|
||||
sha256 = hashlib.sha256
|
||||
except ImportError: # pragma: NO COVERAGE
|
||||
# fallback
|
||||
import sha
|
||||
import md5
|
||||
|
||||
# this is what you want to call.
|
||||
def pbkdf2( password, salt, itercount, keylen, hashfn = sha ):
|
||||
try:
|
||||
# depending whether the hashfn is from hashlib or sha/md5
|
||||
digest_size = hashfn().digest_size
|
||||
except TypeError: # pragma: NO COVERAGE
|
||||
digest_size = hashfn.digest_size
|
||||
# l - number of output blocks to produce
|
||||
l = keylen / digest_size
|
||||
if keylen % digest_size != 0:
|
||||
l += 1
|
||||
|
||||
h = hmac.new( password, None, hashfn )
|
||||
|
||||
T = ""
|
||||
for i in range(1, l+1):
|
||||
T += pbkdf2_F( h, salt, itercount, i )
|
||||
|
||||
return T[0: keylen]
|
||||
|
||||
def xorstr( a, b ):
|
||||
if len(a) != len(b):
|
||||
raise ValueError("xorstr(): lengths differ")
|
||||
return ''.join((chr(ord(x)^ord(y)) for x, y in zip(a, b)))
|
||||
|
||||
def prf( h, data ):
|
||||
hm = h.copy()
|
||||
hm.update( data )
|
||||
return hm.digest()
|
||||
|
||||
# Helper as per the spec. h is a hmac which has been created seeded with the
|
||||
# password, it will be copy()ed and not modified.
|
||||
def pbkdf2_F( h, salt, itercount, blocknum ):
|
||||
U = prf( h, salt + pack('>i',blocknum ) )
|
||||
T = U
|
||||
|
||||
for i in range(2, itercount+1):
|
||||
U = prf( h, U )
|
||||
T = xorstr( T, U )
|
||||
|
||||
return T
|
@ -0,0 +1,568 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
"""
|
||||
Routines for doing AES CBC in one file
|
||||
|
||||
Modified by some_updates to extract
|
||||
and combine only those parts needed for AES CBC
|
||||
into one simple to add python file
|
||||
|
||||
Original Version
|
||||
Copyright (c) 2002 by Paul A. Lambert
|
||||
Under:
|
||||
CryptoPy Artisitic License Version 1.0
|
||||
See the wonderful pure python package cryptopy-1.2.5
|
||||
and read its LICENSE.txt for complete license details.
|
||||
"""
|
||||
|
||||
class CryptoError(Exception):
|
||||
""" Base class for crypto exceptions """
|
||||
def __init__(self,errorMessage='Error!'):
|
||||
self.message = errorMessage
|
||||
def __str__(self):
|
||||
return self.message
|
||||
|
||||
class InitCryptoError(CryptoError):
|
||||
""" Crypto errors during algorithm initialization """
|
||||
class BadKeySizeError(InitCryptoError):
|
||||
""" Bad key size error """
|
||||
class EncryptError(CryptoError):
|
||||
""" Error in encryption processing """
|
||||
class DecryptError(CryptoError):
|
||||
""" Error in decryption processing """
|
||||
class DecryptNotBlockAlignedError(DecryptError):
|
||||
""" Error in decryption processing """
|
||||
|
||||
def xorS(a,b):
|
||||
""" XOR two strings """
|
||||
assert len(a)==len(b)
|
||||
x = []
|
||||
for i in range(len(a)):
|
||||
x.append( chr(ord(a[i])^ord(b[i])))
|
||||
return ''.join(x)
|
||||
|
||||
def xor(a,b):
|
||||
""" XOR two strings """
|
||||
x = []
|
||||
for i in range(min(len(a),len(b))):
|
||||
x.append( chr(ord(a[i])^ord(b[i])))
|
||||
return ''.join(x)
|
||||
|
||||
"""
|
||||
Base 'BlockCipher' and Pad classes for cipher instances.
|
||||
BlockCipher supports automatic padding and type conversion. The BlockCipher
|
||||
class was written to make the actual algorithm code more readable and
|
||||
not for performance.
|
||||
"""
|
||||
|
||||
class BlockCipher:
|
||||
""" Block ciphers """
|
||||
def __init__(self):
|
||||
self.reset()
|
||||
|
||||
def reset(self):
|
||||
self.resetEncrypt()
|
||||
self.resetDecrypt()
|
||||
def resetEncrypt(self):
|
||||
self.encryptBlockCount = 0
|
||||
self.bytesToEncrypt = ''
|
||||
def resetDecrypt(self):
|
||||
self.decryptBlockCount = 0
|
||||
self.bytesToDecrypt = ''
|
||||
|
||||
def encrypt(self, plainText, more = None):
|
||||
""" Encrypt a string and return a binary string """
|
||||
self.bytesToEncrypt += plainText # append plainText to any bytes from prior encrypt
|
||||
numBlocks, numExtraBytes = divmod(len(self.bytesToEncrypt), self.blockSize)
|
||||
cipherText = ''
|
||||
for i in range(numBlocks):
|
||||
bStart = i*self.blockSize
|
||||
ctBlock = self.encryptBlock(self.bytesToEncrypt[bStart:bStart+self.blockSize])
|
||||
self.encryptBlockCount += 1
|
||||
cipherText += ctBlock
|
||||
if numExtraBytes > 0: # save any bytes that are not block aligned
|
||||
self.bytesToEncrypt = self.bytesToEncrypt[-numExtraBytes:]
|
||||
else:
|
||||
self.bytesToEncrypt = ''
|
||||
|
||||
if more == None: # no more data expected from caller
|
||||
finalBytes = self.padding.addPad(self.bytesToEncrypt,self.blockSize)
|
||||
if len(finalBytes) > 0:
|
||||
ctBlock = self.encryptBlock(finalBytes)
|
||||
self.encryptBlockCount += 1
|
||||
cipherText += ctBlock
|
||||
self.resetEncrypt()
|
||||
return cipherText
|
||||
|
||||
def decrypt(self, cipherText, more = None):
|
||||
""" Decrypt a string and return a string """
|
||||
self.bytesToDecrypt += cipherText # append to any bytes from prior decrypt
|
||||
|
||||
numBlocks, numExtraBytes = divmod(len(self.bytesToDecrypt), self.blockSize)
|
||||
if more == None: # no more calls to decrypt, should have all the data
|
||||
if numExtraBytes != 0:
|
||||
raise DecryptNotBlockAlignedError, 'Data not block aligned on decrypt'
|
||||
|
||||
# hold back some bytes in case last decrypt has zero len
|
||||
if (more != None) and (numExtraBytes == 0) and (numBlocks >0) :
|
||||
numBlocks -= 1
|
||||
numExtraBytes = self.blockSize
|
||||
|
||||
plainText = ''
|
||||
for i in range(numBlocks):
|
||||
bStart = i*self.blockSize
|
||||
ptBlock = self.decryptBlock(self.bytesToDecrypt[bStart : bStart+self.blockSize])
|
||||
self.decryptBlockCount += 1
|
||||
plainText += ptBlock
|
||||
|
||||
if numExtraBytes > 0: # save any bytes that are not block aligned
|
||||
self.bytesToEncrypt = self.bytesToEncrypt[-numExtraBytes:]
|
||||
else:
|
||||
self.bytesToEncrypt = ''
|
||||
|
||||
if more == None: # last decrypt remove padding
|
||||
plainText = self.padding.removePad(plainText, self.blockSize)
|
||||
self.resetDecrypt()
|
||||
return plainText
|
||||
|
||||
|
||||
class Pad:
|
||||
def __init__(self):
|
||||
pass # eventually could put in calculation of min and max size extension
|
||||
|
||||
class padWithPadLen(Pad):
|
||||
""" Pad a binary string with the length of the padding """
|
||||
|
||||
def addPad(self, extraBytes, blockSize):
|
||||
""" Add padding to a binary string to make it an even multiple
|
||||
of the block size """
|
||||
blocks, numExtraBytes = divmod(len(extraBytes), blockSize)
|
||||
padLength = blockSize - numExtraBytes
|
||||
return extraBytes + padLength*chr(padLength)
|
||||
|
||||
def removePad(self, paddedBinaryString, blockSize):
|
||||
""" Remove padding from a binary string """
|
||||
if not(0<len(paddedBinaryString)):
|
||||
raise DecryptNotBlockAlignedError, 'Expected More Data'
|
||||
return paddedBinaryString[:-ord(paddedBinaryString[-1])]
|
||||
|
||||
class noPadding(Pad):
|
||||
""" No padding. Use this to get ECB behavior from encrypt/decrypt """
|
||||
|
||||
def addPad(self, extraBytes, blockSize):
|
||||
""" Add no padding """
|
||||
return extraBytes
|
||||
|
||||
def removePad(self, paddedBinaryString, blockSize):
|
||||
""" Remove no padding """
|
||||
return paddedBinaryString
|
||||
|
||||
"""
|
||||
Rijndael encryption algorithm
|
||||
This byte oriented implementation is intended to closely
|
||||
match FIPS specification for readability. It is not implemented
|
||||
for performance.
|
||||
"""
|
||||
|
||||
class Rijndael(BlockCipher):
|
||||
""" Rijndael encryption algorithm """
|
||||
def __init__(self, key = None, padding = padWithPadLen(), keySize=16, blockSize=16 ):
|
||||
self.name = 'RIJNDAEL'
|
||||
self.keySize = keySize
|
||||
self.strength = keySize*8
|
||||
self.blockSize = blockSize # blockSize is in bytes
|
||||
self.padding = padding # change default to noPadding() to get normal ECB behavior
|
||||
|
||||
assert( keySize%4==0 and NrTable[4].has_key(keySize/4)),'key size must be 16,20,24,29 or 32 bytes'
|
||||
assert( blockSize%4==0 and NrTable.has_key(blockSize/4)), 'block size must be 16,20,24,29 or 32 bytes'
|
||||
|
||||
self.Nb = self.blockSize/4 # Nb is number of columns of 32 bit words
|
||||
self.Nk = keySize/4 # Nk is the key length in 32-bit words
|
||||
self.Nr = NrTable[self.Nb][self.Nk] # The number of rounds (Nr) is a function of
|
||||
# the block (Nb) and key (Nk) sizes.
|
||||
if key != None:
|
||||
self.setKey(key)
|
||||
|
||||
def setKey(self, key):
|
||||
""" Set a key and generate the expanded key """
|
||||
assert( len(key) == (self.Nk*4) ), 'Key length must be same as keySize parameter'
|
||||
self.__expandedKey = keyExpansion(self, key)
|
||||
self.reset() # BlockCipher.reset()
|
||||
|
||||
def encryptBlock(self, plainTextBlock):
|
||||
""" Encrypt a block, plainTextBlock must be a array of bytes [Nb by 4] """
|
||||
self.state = self._toBlock(plainTextBlock)
|
||||
AddRoundKey(self, self.__expandedKey[0:self.Nb])
|
||||
for round in range(1,self.Nr): #for round = 1 step 1 to Nr
|
||||
SubBytes(self)
|
||||
ShiftRows(self)
|
||||
MixColumns(self)
|
||||
AddRoundKey(self, self.__expandedKey[round*self.Nb:(round+1)*self.Nb])
|
||||
SubBytes(self)
|
||||
ShiftRows(self)
|
||||
AddRoundKey(self, self.__expandedKey[self.Nr*self.Nb:(self.Nr+1)*self.Nb])
|
||||
return self._toBString(self.state)
|
||||
|
||||
|
||||
def decryptBlock(self, encryptedBlock):
|
||||
""" decrypt a block (array of bytes) """
|
||||
self.state = self._toBlock(encryptedBlock)
|
||||
AddRoundKey(self, self.__expandedKey[self.Nr*self.Nb:(self.Nr+1)*self.Nb])
|
||||
for round in range(self.Nr-1,0,-1):
|
||||
InvShiftRows(self)
|
||||
InvSubBytes(self)
|
||||
AddRoundKey(self, self.__expandedKey[round*self.Nb:(round+1)*self.Nb])
|
||||
InvMixColumns(self)
|
||||
InvShiftRows(self)
|
||||
InvSubBytes(self)
|
||||
AddRoundKey(self, self.__expandedKey[0:self.Nb])
|
||||
return self._toBString(self.state)
|
||||
|
||||
def _toBlock(self, bs):
|
||||
""" Convert binary string to array of bytes, state[col][row]"""
|
||||
assert ( len(bs) == 4*self.Nb ), 'Rijndarl blocks must be of size blockSize'
|
||||
return [[ord(bs[4*i]),ord(bs[4*i+1]),ord(bs[4*i+2]),ord(bs[4*i+3])] for i in range(self.Nb)]
|
||||
|
||||
def _toBString(self, block):
|
||||
""" Convert block (array of bytes) to binary string """
|
||||
l = []
|
||||
for col in block:
|
||||
for rowElement in col:
|
||||
l.append(chr(rowElement))
|
||||
return ''.join(l)
|
||||
#-------------------------------------
|
||||
""" Number of rounds Nr = NrTable[Nb][Nk]
|
||||
|
||||
Nb Nk=4 Nk=5 Nk=6 Nk=7 Nk=8
|
||||
------------------------------------- """
|
||||
NrTable = {4: {4:10, 5:11, 6:12, 7:13, 8:14},
|
||||
5: {4:11, 5:11, 6:12, 7:13, 8:14},
|
||||
6: {4:12, 5:12, 6:12, 7:13, 8:14},
|
||||
7: {4:13, 5:13, 6:13, 7:13, 8:14},
|
||||
8: {4:14, 5:14, 6:14, 7:14, 8:14}}
|
||||
#-------------------------------------
|
||||
def keyExpansion(algInstance, keyString):
|
||||
""" Expand a string of size keySize into a larger array """
|
||||
Nk, Nb, Nr = algInstance.Nk, algInstance.Nb, algInstance.Nr # for readability
|
||||
key = [ord(byte) for byte in keyString] # convert string to list
|
||||
w = [[key[4*i],key[4*i+1],key[4*i+2],key[4*i+3]] for i in range(Nk)]
|
||||
for i in range(Nk,Nb*(Nr+1)):
|
||||
temp = w[i-1] # a four byte column
|
||||
if (i%Nk) == 0 :
|
||||
temp = temp[1:]+[temp[0]] # RotWord(temp)
|
||||
temp = [ Sbox[byte] for byte in temp ]
|
||||
temp[0] ^= Rcon[i/Nk]
|
||||
elif Nk > 6 and i%Nk == 4 :
|
||||
temp = [ Sbox[byte] for byte in temp ] # SubWord(temp)
|
||||
w.append( [ w[i-Nk][byte]^temp[byte] for byte in range(4) ] )
|
||||
return w
|
||||
|
||||
Rcon = (0,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36, # note extra '0' !!!
|
||||
0x6c,0xd8,0xab,0x4d,0x9a,0x2f,0x5e,0xbc,0x63,0xc6,
|
||||
0x97,0x35,0x6a,0xd4,0xb3,0x7d,0xfa,0xef,0xc5,0x91)
|
||||
|
||||
#-------------------------------------
|
||||
def AddRoundKey(algInstance, keyBlock):
|
||||
""" XOR the algorithm state with a block of key material """
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] ^= keyBlock[column][row]
|
||||
#-------------------------------------
|
||||
|
||||
def SubBytes(algInstance):
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] = Sbox[algInstance.state[column][row]]
|
||||
|
||||
def InvSubBytes(algInstance):
|
||||
for column in range(algInstance.Nb):
|
||||
for row in range(4):
|
||||
algInstance.state[column][row] = InvSbox[algInstance.state[column][row]]
|
||||
|
||||
Sbox = (0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,
|
||||
0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,
|
||||
0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,
|
||||
0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,
|
||||
0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,
|
||||
0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,
|
||||
0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,
|
||||
0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,
|
||||
0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,
|
||||
0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,
|
||||
0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,
|
||||
0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,
|
||||
0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,
|
||||
0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,
|
||||
0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,
|
||||
0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,
|
||||
0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,
|
||||
0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,
|
||||
0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,
|
||||
0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,
|
||||
0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,
|
||||
0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,
|
||||
0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,
|
||||
0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,
|
||||
0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,
|
||||
0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,
|
||||
0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,
|
||||
0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,
|
||||
0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,
|
||||
0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,
|
||||
0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,
|
||||
0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16)
|
||||
|
||||
InvSbox = (0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
|
||||
0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
|
||||
0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
|
||||
0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
|
||||
0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
|
||||
0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
|
||||
0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
|
||||
0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
|
||||
0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
|
||||
0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
|
||||
0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
|
||||
0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
|
||||
0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
|
||||
0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
|
||||
0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
|
||||
0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
|
||||
0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
|
||||
0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
|
||||
0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
|
||||
0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
|
||||
0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
|
||||
0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
|
||||
0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
|
||||
0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
|
||||
0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
|
||||
0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
|
||||
0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
|
||||
0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
|
||||
0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
|
||||
0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
|
||||
0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
|
||||
0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d)
|
||||
|
||||
#-------------------------------------
|
||||
""" For each block size (Nb), the ShiftRow operation shifts row i
|
||||
by the amount Ci. Note that row 0 is not shifted.
|
||||
Nb C1 C2 C3
|
||||
------------------- """
|
||||
shiftOffset = { 4 : ( 0, 1, 2, 3),
|
||||
5 : ( 0, 1, 2, 3),
|
||||
6 : ( 0, 1, 2, 3),
|
||||
7 : ( 0, 1, 2, 4),
|
||||
8 : ( 0, 1, 3, 4) }
|
||||
def ShiftRows(algInstance):
|
||||
tmp = [0]*algInstance.Nb # list of size Nb
|
||||
for r in range(1,4): # row 0 reamains unchanged and can be skipped
|
||||
for c in range(algInstance.Nb):
|
||||
tmp[c] = algInstance.state[(c+shiftOffset[algInstance.Nb][r]) % algInstance.Nb][r]
|
||||
for c in range(algInstance.Nb):
|
||||
algInstance.state[c][r] = tmp[c]
|
||||
def InvShiftRows(algInstance):
|
||||
tmp = [0]*algInstance.Nb # list of size Nb
|
||||
for r in range(1,4): # row 0 reamains unchanged and can be skipped
|
||||
for c in range(algInstance.Nb):
|
||||
tmp[c] = algInstance.state[(c+algInstance.Nb-shiftOffset[algInstance.Nb][r]) % algInstance.Nb][r]
|
||||
for c in range(algInstance.Nb):
|
||||
algInstance.state[c][r] = tmp[c]
|
||||
#-------------------------------------
|
||||
def MixColumns(a):
|
||||
Sprime = [0,0,0,0]
|
||||
for j in range(a.Nb): # for each column
|
||||
Sprime[0] = mul(2,a.state[j][0])^mul(3,a.state[j][1])^mul(1,a.state[j][2])^mul(1,a.state[j][3])
|
||||
Sprime[1] = mul(1,a.state[j][0])^mul(2,a.state[j][1])^mul(3,a.state[j][2])^mul(1,a.state[j][3])
|
||||
Sprime[2] = mul(1,a.state[j][0])^mul(1,a.state[j][1])^mul(2,a.state[j][2])^mul(3,a.state[j][3])
|
||||
Sprime[3] = mul(3,a.state[j][0])^mul(1,a.state[j][1])^mul(1,a.state[j][2])^mul(2,a.state[j][3])
|
||||
for i in range(4):
|
||||
a.state[j][i] = Sprime[i]
|
||||
|
||||
def InvMixColumns(a):
|
||||
""" Mix the four bytes of every column in a linear way
|
||||
This is the opposite operation of Mixcolumn """
|
||||
Sprime = [0,0,0,0]
|
||||
for j in range(a.Nb): # for each column
|
||||
Sprime[0] = mul(0x0E,a.state[j][0])^mul(0x0B,a.state[j][1])^mul(0x0D,a.state[j][2])^mul(0x09,a.state[j][3])
|
||||
Sprime[1] = mul(0x09,a.state[j][0])^mul(0x0E,a.state[j][1])^mul(0x0B,a.state[j][2])^mul(0x0D,a.state[j][3])
|
||||
Sprime[2] = mul(0x0D,a.state[j][0])^mul(0x09,a.state[j][1])^mul(0x0E,a.state[j][2])^mul(0x0B,a.state[j][3])
|
||||
Sprime[3] = mul(0x0B,a.state[j][0])^mul(0x0D,a.state[j][1])^mul(0x09,a.state[j][2])^mul(0x0E,a.state[j][3])
|
||||
for i in range(4):
|
||||
a.state[j][i] = Sprime[i]
|
||||
|
||||
#-------------------------------------
|
||||
def mul(a, b):
|
||||
""" Multiply two elements of GF(2^m)
|
||||
needed for MixColumn and InvMixColumn """
|
||||
if (a !=0 and b!=0):
|
||||
return Alogtable[(Logtable[a] + Logtable[b])%255]
|
||||
else:
|
||||
return 0
|
||||
|
||||
Logtable = ( 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
|
||||
100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
|
||||
125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
|
||||
101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
|
||||
150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
|
||||
102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
|
||||
126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
|
||||
43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
|
||||
175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
|
||||
44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
|
||||
127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
|
||||
204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
|
||||
151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
|
||||
83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
|
||||
68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
|
||||
103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7)
|
||||
|
||||
Alogtable= ( 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
|
||||
95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
|
||||
229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
|
||||
83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
|
||||
76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
|
||||
131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
|
||||
181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
|
||||
254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
|
||||
251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
|
||||
195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
|
||||
159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
|
||||
155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
|
||||
252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
|
||||
69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
|
||||
18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
|
||||
57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1)
|
||||
|
||||
|
||||
|
||||
|
||||
"""
|
||||
AES Encryption Algorithm
|
||||
The AES algorithm is just Rijndael algorithm restricted to the default
|
||||
blockSize of 128 bits.
|
||||
"""
|
||||
|
||||
class AES(Rijndael):
|
||||
""" The AES algorithm is the Rijndael block cipher restricted to block
|
||||
sizes of 128 bits and key sizes of 128, 192 or 256 bits
|
||||
"""
|
||||
def __init__(self, key = None, padding = padWithPadLen(), keySize=16):
|
||||
""" Initialize AES, keySize is in bytes """
|
||||
if not (keySize == 16 or keySize == 24 or keySize == 32) :
|
||||
raise BadKeySizeError, 'Illegal AES key size, must be 16, 24, or 32 bytes'
|
||||
|
||||
Rijndael.__init__( self, key, padding=padding, keySize=keySize, blockSize=16 )
|
||||
|
||||
self.name = 'AES'
|
||||
|
||||
|
||||
"""
|
||||
CBC mode of encryption for block ciphers.
|
||||
This algorithm mode wraps any BlockCipher to make a
|
||||
Cipher Block Chaining mode.
|
||||
"""
|
||||
from random import Random # should change to crypto.random!!!
|
||||
|
||||
|
||||
class CBC(BlockCipher):
|
||||
""" The CBC class wraps block ciphers to make cipher block chaining (CBC) mode
|
||||
algorithms. The initialization (IV) is automatic if set to None. Padding
|
||||
is also automatic based on the Pad class used to initialize the algorithm
|
||||
"""
|
||||
def __init__(self, blockCipherInstance, padding = padWithPadLen()):
|
||||
""" CBC algorithms are created by initializing with a BlockCipher instance """
|
||||
self.baseCipher = blockCipherInstance
|
||||
self.name = self.baseCipher.name + '_CBC'
|
||||
self.blockSize = self.baseCipher.blockSize
|
||||
self.keySize = self.baseCipher.keySize
|
||||
self.padding = padding
|
||||
self.baseCipher.padding = noPadding() # baseCipher should NOT pad!!
|
||||
self.r = Random() # for IV generation, currently uses
|
||||
# mediocre standard distro version <----------------
|
||||
import time
|
||||
newSeed = time.ctime()+str(self.r) # seed with instance location
|
||||
self.r.seed(newSeed) # to make unique
|
||||
self.reset()
|
||||
|
||||
def setKey(self, key):
|
||||
self.baseCipher.setKey(key)
|
||||
|
||||
# Overload to reset both CBC state and the wrapped baseCipher
|
||||
def resetEncrypt(self):
|
||||
BlockCipher.resetEncrypt(self) # reset CBC encrypt state (super class)
|
||||
self.baseCipher.resetEncrypt() # reset base cipher encrypt state
|
||||
|
||||
def resetDecrypt(self):
|
||||
BlockCipher.resetDecrypt(self) # reset CBC state (super class)
|
||||
self.baseCipher.resetDecrypt() # reset base cipher decrypt state
|
||||
|
||||
def encrypt(self, plainText, iv=None, more=None):
|
||||
""" CBC encryption - overloads baseCipher to allow optional explicit IV
|
||||
when iv=None, iv is auto generated!
|
||||
"""
|
||||
if self.encryptBlockCount == 0:
|
||||
self.iv = iv
|
||||
else:
|
||||
assert(iv==None), 'IV used only on first call to encrypt'
|
||||
|
||||
return BlockCipher.encrypt(self,plainText, more=more)
|
||||
|
||||
def decrypt(self, cipherText, iv=None, more=None):
|
||||
""" CBC decryption - overloads baseCipher to allow optional explicit IV
|
||||
when iv=None, iv is auto generated!
|
||||
"""
|
||||
if self.decryptBlockCount == 0:
|
||||
self.iv = iv
|
||||
else:
|
||||
assert(iv==None), 'IV used only on first call to decrypt'
|
||||
|
||||
return BlockCipher.decrypt(self, cipherText, more=more)
|
||||
|
||||
def encryptBlock(self, plainTextBlock):
|
||||
""" CBC block encryption, IV is set with 'encrypt' """
|
||||
auto_IV = ''
|
||||
if self.encryptBlockCount == 0:
|
||||
if self.iv == None:
|
||||
# generate IV and use
|
||||
self.iv = ''.join([chr(self.r.randrange(256)) for i in range(self.blockSize)])
|
||||
self.prior_encr_CT_block = self.iv
|
||||
auto_IV = self.prior_encr_CT_block # prepend IV if it's automatic
|
||||
else: # application provided IV
|
||||
assert(len(self.iv) == self.blockSize ),'IV must be same length as block'
|
||||
self.prior_encr_CT_block = self.iv
|
||||
""" encrypt the prior CT XORed with the PT """
|
||||
ct = self.baseCipher.encryptBlock( xor(self.prior_encr_CT_block, plainTextBlock) )
|
||||
self.prior_encr_CT_block = ct
|
||||
return auto_IV+ct
|
||||
|
||||
def decryptBlock(self, encryptedBlock):
|
||||
""" Decrypt a single block """
|
||||
|
||||
if self.decryptBlockCount == 0: # first call, process IV
|
||||
if self.iv == None: # auto decrypt IV?
|
||||
self.prior_CT_block = encryptedBlock
|
||||
return ''
|
||||
else:
|
||||
assert(len(self.iv)==self.blockSize),"Bad IV size on CBC decryption"
|
||||
self.prior_CT_block = self.iv
|
||||
|
||||
dct = self.baseCipher.decryptBlock(encryptedBlock)
|
||||
""" XOR the prior decrypted CT with the prior CT """
|
||||
dct_XOR_priorCT = xor( self.prior_CT_block, dct )
|
||||
|
||||
self.prior_CT_block = encryptedBlock
|
||||
|
||||
return dct_XOR_priorCT
|
||||
|
||||
|
||||
"""
|
||||
AES_CBC Encryption Algorithm
|
||||
"""
|
||||
|
||||
class AES_CBC(CBC):
|
||||
""" AES encryption in CBC feedback mode """
|
||||
def __init__(self, key=None, padding=padWithPadLen(), keySize=16):
|
||||
CBC.__init__( self, AES(key, noPadding(), keySize), padding)
|
||||
self.name = 'AES_CBC'
|
Binary file not shown.
@ -0,0 +1,290 @@
|
||||
#! /usr/bin/env python
|
||||
|
||||
import sys, os
|
||||
import hmac
|
||||
from struct import pack
|
||||
import hashlib
|
||||
|
||||
|
||||
# interface to needed routines libalfcrypto
|
||||
def _load_libalfcrypto():
|
||||
import ctypes
|
||||
from ctypes import CDLL, byref, POINTER, c_void_p, c_char_p, c_int, c_long, \
|
||||
Structure, c_ulong, create_string_buffer, addressof, string_at, cast, sizeof
|
||||
|
||||
pointer_size = ctypes.sizeof(ctypes.c_voidp)
|
||||
name_of_lib = None
|
||||
if sys.platform.startswith('darwin'):
|
||||
name_of_lib = 'libalfcrypto.dylib'
|
||||
elif sys.platform.startswith('win'):
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'alfcrypto.dll'
|
||||
else:
|
||||
name_of_lib = 'alfcrypto64.dll'
|
||||
else:
|
||||
if pointer_size == 4:
|
||||
name_of_lib = 'libalfcrypto32.so'
|
||||
else:
|
||||
name_of_lib = 'libalfcrypto64.so'
|
||||
|
||||
libalfcrypto = sys.path[0] + os.sep + name_of_lib
|
||||
|
||||
if not os.path.isfile(libalfcrypto):
|
||||
raise Exception('libalfcrypto not found')
|
||||
|
||||
libalfcrypto = CDLL(libalfcrypto)
|
||||
|
||||
c_char_pp = POINTER(c_char_p)
|
||||
c_int_p = POINTER(c_int)
|
||||
|
||||
|
||||
def F(restype, name, argtypes):
|
||||
func = getattr(libalfcrypto, name)
|
||||
func.restype = restype
|
||||
func.argtypes = argtypes
|
||||
return func
|
||||
|
||||
# aes cbc decryption
|
||||
#
|
||||
# struct aes_key_st {
|
||||
# unsigned long rd_key[4 *(AES_MAXNR + 1)];
|
||||
# int rounds;
|
||||
# };
|
||||
#
|
||||
# typedef struct aes_key_st AES_KEY;
|
||||
#
|
||||
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);
|
||||
#
|
||||
#
|
||||
# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
# const unsigned long length, const AES_KEY *key,
|
||||
# unsigned char *ivec, const int enc);
|
||||
|
||||
AES_MAXNR = 14
|
||||
|
||||
class AES_KEY(Structure):
|
||||
_fields_ = [('rd_key', c_long * (4 * (AES_MAXNR + 1))), ('rounds', c_int)]
|
||||
|
||||
AES_KEY_p = POINTER(AES_KEY)
|
||||
AES_cbc_encrypt = F(None, 'AES_cbc_encrypt',[c_char_p, c_char_p, c_ulong, AES_KEY_p, c_char_p, c_int])
|
||||
AES_set_decrypt_key = F(c_int, 'AES_set_decrypt_key',[c_char_p, c_int, AES_KEY_p])
|
||||
|
||||
|
||||
|
||||
# Pukall 1 Cipher
|
||||
# unsigned char *PC1(const unsigned char *key, unsigned int klen, const unsigned char *src,
|
||||
# unsigned char *dest, unsigned int len, int decryption);
|
||||
|
||||
PC1 = F(c_char_p, 'PC1', [c_char_p, c_ulong, c_char_p, c_char_p, c_ulong, c_ulong])
|
||||
|
||||
# Topaz Encryption
|
||||
# typedef struct _TpzCtx {
|
||||
# unsigned int v[2];
|
||||
# } TpzCtx;
|
||||
#
|
||||
# void topazCryptoInit(TpzCtx *ctx, const unsigned char *key, int klen);
|
||||
# void topazCryptoDecrypt(const TpzCtx *ctx, const unsigned char *in, unsigned char *out, int len);
|
||||
|
||||
class TPZ_CTX(Structure):
|
||||
_fields_ = [('v', c_long * 2)]
|
||||
|
||||
TPZ_CTX_p = POINTER(TPZ_CTX)
|
||||
topazCryptoInit = F(None, 'topazCryptoInit', [TPZ_CTX_p, c_char_p, c_ulong])
|
||||
topazCryptoDecrypt = F(None, 'topazCryptoDecrypt', [TPZ_CTX_p, c_char_p, c_char_p, c_ulong])
|
||||
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._blocksize = 0
|
||||
self._keyctx = None
|
||||
self._iv = 0
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._blocksize = len(userkey)
|
||||
if (self._blocksize != 16) and (self._blocksize != 24) and (self._blocksize != 32) :
|
||||
raise Exception('AES CBC improper key used')
|
||||
return
|
||||
keyctx = self._keyctx = AES_KEY()
|
||||
self._iv = iv
|
||||
rv = AES_set_decrypt_key(userkey, len(userkey) * 8, keyctx)
|
||||
if rv < 0:
|
||||
raise Exception('Failed to initialize AES CBC key')
|
||||
|
||||
def decrypt(self, data):
|
||||
out = create_string_buffer(len(data))
|
||||
mutable_iv = create_string_buffer(self._iv, len(self._iv))
|
||||
rv = AES_cbc_encrypt(data, out, len(data), self._keyctx, mutable_iv, 0)
|
||||
if rv == 0:
|
||||
raise Exception('AES CBC decryption failed')
|
||||
return out.raw
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
self.key = key
|
||||
out = create_string_buffer(len(src))
|
||||
de = 0
|
||||
if decryption:
|
||||
de = 1
|
||||
rv = PC1(key, len(key), src, out, len(src), de)
|
||||
return out.raw
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
tpz_ctx = self._ctx = TPZ_CTX()
|
||||
topazCryptoInit(tpz_ctx, key, len(key))
|
||||
return tpz_ctx
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
out = create_string_buffer(len(data))
|
||||
topazCryptoDecrypt(ctx, data, out, len(data))
|
||||
return out.raw
|
||||
|
||||
print "Using Library AlfCrypto DLL/DYLIB/SO"
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_python_alfcrypto():
|
||||
|
||||
import aescbc
|
||||
|
||||
class Pukall_Cipher(object):
|
||||
def __init__(self):
|
||||
self.key = None
|
||||
|
||||
def PC1(self, key, src, decryption=True):
|
||||
sum1 = 0;
|
||||
sum2 = 0;
|
||||
keyXorVal = 0;
|
||||
if len(key)!=16:
|
||||
print "Bad key length!"
|
||||
return None
|
||||
wkey = []
|
||||
for i in xrange(8):
|
||||
wkey.append(ord(key[i*2])<<8 | ord(key[i*2+1]))
|
||||
dst = ""
|
||||
for i in xrange(len(src)):
|
||||
temp1 = 0;
|
||||
byteXorVal = 0;
|
||||
for j in xrange(8):
|
||||
temp1 ^= wkey[j]
|
||||
sum2 = (sum2+j)*20021 + sum1
|
||||
sum1 = (temp1*346)&0xFFFF
|
||||
sum2 = (sum2+sum1)&0xFFFF
|
||||
temp1 = (temp1*20021+1)&0xFFFF
|
||||
byteXorVal ^= temp1 ^ sum2
|
||||
curByte = ord(src[i])
|
||||
if not decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
curByte = ((curByte ^ (byteXorVal >> 8)) ^ byteXorVal) & 0xFF
|
||||
if decryption:
|
||||
keyXorVal = curByte * 257;
|
||||
for j in xrange(8):
|
||||
wkey[j] ^= keyXorVal;
|
||||
dst+=chr(curByte)
|
||||
return dst
|
||||
|
||||
class Topaz_Cipher(object):
|
||||
def __init__(self):
|
||||
self._ctx = None
|
||||
|
||||
def ctx_init(self, key):
|
||||
ctx1 = 0x0CAFFE19E
|
||||
for keyChar in key:
|
||||
keyByte = ord(keyChar)
|
||||
ctx2 = ctx1
|
||||
ctx1 = ((((ctx1 >>2) * (ctx1 >>7))&0xFFFFFFFF) ^ (keyByte * keyByte * 0x0F902007)& 0xFFFFFFFF )
|
||||
self._ctx = [ctx1, ctx2]
|
||||
return [ctx1,ctx2]
|
||||
|
||||
def decrypt(self, data, ctx=None):
|
||||
if ctx == None:
|
||||
ctx = self._ctx
|
||||
ctx1 = ctx[0]
|
||||
ctx2 = ctx[1]
|
||||
plainText = ""
|
||||
for dataChar in data:
|
||||
dataByte = ord(dataChar)
|
||||
m = (dataByte ^ ((ctx1 >> 3) &0xFF) ^ ((ctx2<<3) & 0xFF)) &0xFF
|
||||
ctx2 = ctx1
|
||||
ctx1 = (((ctx1 >> 2) * (ctx1 >> 7)) &0xFFFFFFFF) ^((m * m * 0x0F902007) &0xFFFFFFFF)
|
||||
plainText += chr(m)
|
||||
return plainText
|
||||
|
||||
class AES_CBC(object):
|
||||
def __init__(self):
|
||||
self._key = None
|
||||
self._iv = None
|
||||
self.aes = None
|
||||
|
||||
def set_decrypt_key(self, userkey, iv):
|
||||
self._key = userkey
|
||||
self._iv = iv
|
||||
self.aes = aescbc.AES_CBC(userkey, aescbc.noPadding(), len(userkey))
|
||||
|
||||
def decrypt(self, data):
|
||||
iv = self._iv
|
||||
cleartext = self.aes.decrypt(iv + data)
|
||||
return cleartext
|
||||
|
||||
return (AES_CBC, Pukall_Cipher, Topaz_Cipher)
|
||||
|
||||
|
||||
def _load_crypto():
|
||||
AES_CBC = Pukall_Cipher = Topaz_Cipher = None
|
||||
cryptolist = (_load_libalfcrypto, _load_python_alfcrypto)
|
||||
for loader in cryptolist:
|
||||
try:
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = loader()
|
||||
break
|
||||
except (ImportError, Exception):
|
||||
pass
|
||||
return AES_CBC, Pukall_Cipher, Topaz_Cipher
|
||||
|
||||
AES_CBC, Pukall_Cipher, Topaz_Cipher = _load_crypto()
|
||||
|
||||
|
||||
class KeyIVGen(object):
|
||||
# this only exists in openssl so we will use pure python implementation instead
|
||||
# PKCS5_PBKDF2_HMAC_SHA1 = F(c_int, 'PKCS5_PBKDF2_HMAC_SHA1',
|
||||
# [c_char_p, c_ulong, c_char_p, c_ulong, c_ulong, c_ulong, c_char_p])
|
||||
def pbkdf2(self, passwd, salt, iter, keylen):
|
||||
|
||||
def xorstr( a, b ):
|
||||
if len(a) != len(b):
|
||||
raise Exception("xorstr(): lengths differ")
|
||||
return ''.join((chr(ord(x)^ord(y)) for x, y in zip(a, b)))
|
||||
|
||||
def prf( h, data ):
|
||||
hm = h.copy()
|
||||
hm.update( data )
|
||||
return hm.digest()
|
||||
|
||||
def pbkdf2_F( h, salt, itercount, blocknum ):
|
||||
U = prf( h, salt + pack('>i',blocknum ) )
|
||||
T = U
|
||||
for i in range(2, itercount+1):
|
||||
U = prf( h, U )
|
||||
T = xorstr( T, U )
|
||||
return T
|
||||
|
||||
sha = hashlib.sha1
|
||||
digest_size = sha().digest_size
|
||||
# l - number of output blocks to produce
|
||||
l = keylen / digest_size
|
||||
if keylen % digest_size != 0:
|
||||
l += 1
|
||||
h = hmac.new( passwd, None, sha )
|
||||
T = ""
|
||||
for i in range(1, l+1):
|
||||
T += pbkdf2_F( h, salt, iter, i )
|
||||
return T[0: keylen]
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue