psihotoxic/RC4_ispravno.py

## RC4_ispravno.py
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
# Version 1.0
# AUTHOR: Ljubo Barac (ljubarac@gmail.com)
# CREDITS:
# Based on the work of Thimo Kramere <thimo.kraemer@joonis.de> and
# Per Tunedal <info@tunedal.nu>
# Availible at: http://www.joonis.de/content/RC4ARC4ARCFOURAlgorithmForPython
#
#
#       This program is free software: you can redistribute it and/or modify
#       it under the terms of the GNU General Public License as published by
#       the Free Software Foundation, either version 3 of the License, or
#       (at your option) any later version.
#
# Made for demonstration purposes @ FOI OSS http://security.foi.hr/wiki/index.php/Glavna_stranica


#RC4 algoritam, KSA i PRGA standardna implementacija (wiki)
def crypt(data, key):

# KSA (wiki)
    j = 0
    S = range(256)
    for i in range(256):
        j = (j + S[i] + ord(key[i % len(key)])) % 256
        S[i], S[j] = S[j], S[i]

# inicijaliziraj
    j = i = 0
    out = [] #gdje se zapisuje output, no sh**

# Drop 1024 (FMS)
    for i in xrange(1024):
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]

# PRGA (wiki)

    for char in data:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))

    return ''.join(out)

import os, base64, hashlib, hmac, sys


def encrypt(data, key, encode=base64.standard_b64encode, salt_length=16):


	# HMAC za provjeru autenticnosti i integriteta podataka
	# moze se i generirati slucajni mackey
	# preporuka: ne koristiti isti kljuc za kriptiranje i mac!
	# ovdje se koristi. neka je.

	mackey = key

	salt = os.urandom(salt_length) #random salt duljine 16

	# Hash SHA512
	key = hashlib.sha512(key + salt).digest() #hashiramo kljuc zajedno sa salt

	# kriptiranje
	data = chr(salt_length) + salt + crypt(data, key) #nisam siguran da je ok

	if encode:
		data = encode(data)

	# HMAC (sha512)
	check = hmac.new(mackey, data, hashlib.sha512).digest()
	check = encode(check)

	# print len(check) #da se sjetim duljine u base64 -.-

	data = data + check

	return data

def decrypt(data, key, decode=base64.standard_b64decode):

	mackey = key

	# 88 bytes za mac provjeru koji smo dodali na kraj (check)
	# base64 encodano je 88 '-.-

	mac = data [(len(data) - 88):] # koji dio podataka je check
	data = data [0: (len(data) - 88)] # a koji zapravo podaci

	# provjera HMAC
	check = hmac.new(mackey, data, hashlib.sha512).digest() #ponovno racunanje provjere
	mac = decode(mac) #dekodiranje iz base64 za provjeru

	if check != mac: # ponovno kreirani mac razlicit od dohvacenog?
	    print 'Manipulirana poruka ili krivi kljuc!'

	elif decode:
	    data = decode(data)

	pos = ord(data[0]) + 1
	salt = data[1:pos]

	key = hashlib.sha512(key + salt).digest()

	clear = crypt(data[pos:], key)

	return clear
	#!/usr/bin/env python
	# -- coding: UTF-8 --
	# Version 1.0
	# AUTHOR: Ljubo Barac (ljubarac@gmail.com)
	# CREDITS:
	# Based on the work of Thimo Kramere <thimo.kraemer@joonis.de> and
	# Per Tunedal <info@tunedal.nu>
	# Availible at: http://www.joonis.de/content/RC4ARC4ARCFOURAlgorithmForPython
	#
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# Made for demonstration purposes @ FOI OSS http://security.foi.hr/wiki/index.php/Glavna_stranica



	#RC4 algoritam, KSA i PRGA standardna implementacija (wiki)
	def crypt(data, key):

	# KSA (wiki)
	j = 0
	S = range(256)
	for i in range(256):
	j = (j + S[i] + ord(key[i % len(key)])) % 256
	S[i], S[j] = S[j], S[i]

	# inicijaliziraj
	j = i = 0
	out = [] #gdje se zapisuje output, no sh**

	# Drop 1024 (FMS)
	for i in xrange(1024):
	i = (i + 1) % 256
	j = (j + S[i]) % 256
	S[i], S[j] = S[j], S[i]

	# PRGA (wiki)

	for char in data:
	i = (i + 1) % 256
	j = (j + S[i]) % 256
	S[i], S[j] = S[j], S[i]
	out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))

	return ''.join(out)

	import os, base64, hashlib, hmac, sys


	def encrypt(data, key, encode=base64.standard_b64encode, salt_length=16):


	# HMAC za provjeru autenticnosti i integriteta podataka
	# moze se i generirati slucajni mackey
	# preporuka: ne koristiti isti kljuc za kriptiranje i mac!
	# ovdje se koristi. neka je.

	mackey = key

	salt = os.urandom(salt_length) #random salt duljine 16

	# Hash SHA512
	key = hashlib.sha512(key + salt).digest() #hashiramo kljuc zajedno sa salt

	# kriptiranje
	data = chr(salt_length) + salt + crypt(data, key) #nisam siguran da je ok

	if encode:
	data = encode(data)

	# HMAC (sha512)
	check = hmac.new(mackey, data, hashlib.sha512).digest()
	check = encode(check)

	# print len(check) #da se sjetim duljine u base64 -.-

	data = data + check

	return data

	def decrypt(data, key, decode=base64.standard_b64decode):

	mackey = key

	# 88 bytes za mac provjeru koji smo dodali na kraj (check)
	# base64 encodano je 88 '-.-

	mac = data [(len(data) - 88):] # koji dio podataka je check
	data = data [0: (len(data) - 88)] # a koji zapravo podaci

	# provjera HMAC
	check = hmac.new(mackey, data, hashlib.sha512).digest() #ponovno racunanje provjere
	mac = decode(mac) #dekodiranje iz base64 za provjeru

	if check != mac: # ponovno kreirani mac razlicit od dohvacenog?
	print 'Manipulirana poruka ili krivi kljuc!'

	elif decode:
	data = decode(data)

	pos = ord(data[0]) + 1
	salt = data[1:pos]

	key = hashlib.sha512(key + salt).digest()

	clear = crypt(data[pos:], key)

	return clear