AES CTR mode encryption with HMAC





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1












$begingroup$


I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



Questions




  • Is it safe to append IV or nonce to the encrypted messages?

  • Is it safe to append HMAC digest to append to the messages?

  • Can you review it for best security coding practices?


Code



def encrypt(full_key, plaintext):

if len(full_key) != 64:
raise Exception("FULL key length shall be equal to 64")
key = full_key[:len(full_key) //2]

# Use the last half as the HMAC key
hmac_key = full_key[len(full_key) // 2:]


if isinstance(plaintext, str):
plaintext = plaintext.encode()

compressed = zlib.compress(plaintext, 5)
print (f"compressed plaintext {compressed}")



# Choose a random, 16-byte IV.
iv = os.urandom(16)
# Convert the IV to a Python integer.
iv_int = int(binascii.hexlify(iv), 16)
# Create a new Counter object with IV = iv_int.
ctr = Counter.new(128, initial_value=iv_int)
# Create AES-CTR cipher.
aes = AES.new(key, AES.MODE_CTR, counter=ctr)
# Encrypt and return IV and ciphertext.
ciphertext = aes.encrypt(compressed)


hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
mac = hmac_obj.digest()

return iv+ciphertext+mac


def decrypt(key, ciphertext):
# Initialize counter for decryption. iv should be the same as the output of
# encrypt().


if len(full_key) != 64:
raise Exception("FULL key length shall be equal to 64")

key = full_key[:len(full_key) //2]

# Use the last half as the HMAC key
hmac_key = full_key[len(full_key) // 2:]

mac_length = 32
iv_length = 16
iv = ciphertext[:16]
mac = ciphertext[-mac_length:]

_ciphertext = ciphertext[iv_length:-mac_length]


iv_int = int(iv.hex(), 16)
ctr = Counter.new(128, initial_value=iv_int)
# Create AES-CTR cipher.
aes = AES.new(key, AES.MODE_CTR, counter=ctr)

ciphertext = aes.decrypt(_ciphertext)

# Extract the MAC from the end of the file
hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
computed_mac = hmac_obj.digest()

if computed_mac != mac:
raise Exception("Messege integrity violated")





plaintext= zlib.decompress(ciphertext)

# Decrypt and return the plaintext.


return plaintext









share|improve this question









New contributor




saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$



















    1












    $begingroup$


    I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



    It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



    Questions




    • Is it safe to append IV or nonce to the encrypted messages?

    • Is it safe to append HMAC digest to append to the messages?

    • Can you review it for best security coding practices?


    Code



    def encrypt(full_key, plaintext):

    if len(full_key) != 64:
    raise Exception("FULL key length shall be equal to 64")
    key = full_key[:len(full_key) //2]

    # Use the last half as the HMAC key
    hmac_key = full_key[len(full_key) // 2:]


    if isinstance(plaintext, str):
    plaintext = plaintext.encode()

    compressed = zlib.compress(plaintext, 5)
    print (f"compressed plaintext {compressed}")



    # Choose a random, 16-byte IV.
    iv = os.urandom(16)
    # Convert the IV to a Python integer.
    iv_int = int(binascii.hexlify(iv), 16)
    # Create a new Counter object with IV = iv_int.
    ctr = Counter.new(128, initial_value=iv_int)
    # Create AES-CTR cipher.
    aes = AES.new(key, AES.MODE_CTR, counter=ctr)
    # Encrypt and return IV and ciphertext.
    ciphertext = aes.encrypt(compressed)


    hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
    mac = hmac_obj.digest()

    return iv+ciphertext+mac


    def decrypt(key, ciphertext):
    # Initialize counter for decryption. iv should be the same as the output of
    # encrypt().


    if len(full_key) != 64:
    raise Exception("FULL key length shall be equal to 64")

    key = full_key[:len(full_key) //2]

    # Use the last half as the HMAC key
    hmac_key = full_key[len(full_key) // 2:]

    mac_length = 32
    iv_length = 16
    iv = ciphertext[:16]
    mac = ciphertext[-mac_length:]

    _ciphertext = ciphertext[iv_length:-mac_length]


    iv_int = int(iv.hex(), 16)
    ctr = Counter.new(128, initial_value=iv_int)
    # Create AES-CTR cipher.
    aes = AES.new(key, AES.MODE_CTR, counter=ctr)

    ciphertext = aes.decrypt(_ciphertext)

    # Extract the MAC from the end of the file
    hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
    computed_mac = hmac_obj.digest()

    if computed_mac != mac:
    raise Exception("Messege integrity violated")





    plaintext= zlib.decompress(ciphertext)

    # Decrypt and return the plaintext.


    return plaintext









    share|improve this question









    New contributor




    saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.







    $endgroup$















      1












      1








      1





      $begingroup$


      I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



      It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



      Questions




      • Is it safe to append IV or nonce to the encrypted messages?

      • Is it safe to append HMAC digest to append to the messages?

      • Can you review it for best security coding practices?


      Code



      def encrypt(full_key, plaintext):

      if len(full_key) != 64:
      raise Exception("FULL key length shall be equal to 64")
      key = full_key[:len(full_key) //2]

      # Use the last half as the HMAC key
      hmac_key = full_key[len(full_key) // 2:]


      if isinstance(plaintext, str):
      plaintext = plaintext.encode()

      compressed = zlib.compress(plaintext, 5)
      print (f"compressed plaintext {compressed}")



      # Choose a random, 16-byte IV.
      iv = os.urandom(16)
      # Convert the IV to a Python integer.
      iv_int = int(binascii.hexlify(iv), 16)
      # Create a new Counter object with IV = iv_int.
      ctr = Counter.new(128, initial_value=iv_int)
      # Create AES-CTR cipher.
      aes = AES.new(key, AES.MODE_CTR, counter=ctr)
      # Encrypt and return IV and ciphertext.
      ciphertext = aes.encrypt(compressed)


      hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
      mac = hmac_obj.digest()

      return iv+ciphertext+mac


      def decrypt(key, ciphertext):
      # Initialize counter for decryption. iv should be the same as the output of
      # encrypt().


      if len(full_key) != 64:
      raise Exception("FULL key length shall be equal to 64")

      key = full_key[:len(full_key) //2]

      # Use the last half as the HMAC key
      hmac_key = full_key[len(full_key) // 2:]

      mac_length = 32
      iv_length = 16
      iv = ciphertext[:16]
      mac = ciphertext[-mac_length:]

      _ciphertext = ciphertext[iv_length:-mac_length]


      iv_int = int(iv.hex(), 16)
      ctr = Counter.new(128, initial_value=iv_int)
      # Create AES-CTR cipher.
      aes = AES.new(key, AES.MODE_CTR, counter=ctr)

      ciphertext = aes.decrypt(_ciphertext)

      # Extract the MAC from the end of the file
      hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
      computed_mac = hmac_obj.digest()

      if computed_mac != mac:
      raise Exception("Messege integrity violated")





      plaintext= zlib.decompress(ciphertext)

      # Decrypt and return the plaintext.


      return plaintext









      share|improve this question









      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.







      $endgroup$




      I am trying to implement AES CTR encryption mode with HMAC authentication for messages.



      It's encrypting and decrypting fine as long as the key length is 64 bytes, since AES key and HMAC key are being derived from this key.



      Questions




      • Is it safe to append IV or nonce to the encrypted messages?

      • Is it safe to append HMAC digest to append to the messages?

      • Can you review it for best security coding practices?


      Code



      def encrypt(full_key, plaintext):

      if len(full_key) != 64:
      raise Exception("FULL key length shall be equal to 64")
      key = full_key[:len(full_key) //2]

      # Use the last half as the HMAC key
      hmac_key = full_key[len(full_key) // 2:]


      if isinstance(plaintext, str):
      plaintext = plaintext.encode()

      compressed = zlib.compress(plaintext, 5)
      print (f"compressed plaintext {compressed}")



      # Choose a random, 16-byte IV.
      iv = os.urandom(16)
      # Convert the IV to a Python integer.
      iv_int = int(binascii.hexlify(iv), 16)
      # Create a new Counter object with IV = iv_int.
      ctr = Counter.new(128, initial_value=iv_int)
      # Create AES-CTR cipher.
      aes = AES.new(key, AES.MODE_CTR, counter=ctr)
      # Encrypt and return IV and ciphertext.
      ciphertext = aes.encrypt(compressed)


      hmac_obj = HMAC.new(hmac_key, compressed, SHA256)
      mac = hmac_obj.digest()

      return iv+ciphertext+mac


      def decrypt(key, ciphertext):
      # Initialize counter for decryption. iv should be the same as the output of
      # encrypt().


      if len(full_key) != 64:
      raise Exception("FULL key length shall be equal to 64")

      key = full_key[:len(full_key) //2]

      # Use the last half as the HMAC key
      hmac_key = full_key[len(full_key) // 2:]

      mac_length = 32
      iv_length = 16
      iv = ciphertext[:16]
      mac = ciphertext[-mac_length:]

      _ciphertext = ciphertext[iv_length:-mac_length]


      iv_int = int(iv.hex(), 16)
      ctr = Counter.new(128, initial_value=iv_int)
      # Create AES-CTR cipher.
      aes = AES.new(key, AES.MODE_CTR, counter=ctr)

      ciphertext = aes.decrypt(_ciphertext)

      # Extract the MAC from the end of the file
      hmac_obj = HMAC.new(hmac_key, ciphertext, SHA256)
      computed_mac = hmac_obj.digest()

      if computed_mac != mac:
      raise Exception("Messege integrity violated")





      plaintext= zlib.decompress(ciphertext)

      # Decrypt and return the plaintext.


      return plaintext






      python python-3.x security authentication aes






      share|improve this question









      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 30 mins ago









      200_success

      131k17157422




      131k17157422






      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 11 hours ago









      saurav vermasaurav verma

      1065




      1065




      New contributor




      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      saurav verma is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes












          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "196"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f217014%2faes-ctr-mode-encryption-with-hmac%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.













          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.












          saurav verma is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Code Review Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f217014%2faes-ctr-mode-encryption-with-hmac%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Сан-Квентин

          8-я гвардейская общевойсковая армия

          Алькесар