In [1]:
# Nielson, Seth James; Monson, Christopher K..
# Practical Cryptography in Python: Learning Correct Cryptography by Example (p. 23).
# Apress. Edição do Kindle.
# KATs from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/KAT_AES.zip.
# ECB - Not Secure
# KAT - Known answer tests

In [28]:
# NEVER USE: ECB is not secure!
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
# NIST AES ECBGFSbox128.rsp ENCRYPT Kats
# First value of each pair is plaintext
# Second value of each pair is ciphertext
nist_kats = [
    ('f34481ec3cc627bacd5dc3fb08f273e6', '0336763e966d92595a567cc9ce537f5e'),
    ('9798c4640bad75c7c3227db910174e72', 'a9a1631bf4996954ebc093957b234589'),
    ('96ab5c2ff612d9dfaae8c31f30c42168', 'ff4f8391a6a40ca5b25d23bedd44a597'),
    ('6a118a874519e64e9963798a503f1d35 ', 'dc43be40be0e53712f7e2bf5ca707209')
    ]

# 16–byte test key of all zeros.
test_key = bytes.fromhex('00000000000000000000000000000000')
aesCipher = Cipher(algorithms.AES(test_key),
                   modes.ECB(),
                   backend=default_backend())
aesEncryptor = aesCipher.encryptor()
aesDecryptor = aesCipher.decryptor()
# test each input
for index, kat in enumerate(nist_kats):
    plaintext, want_ciphertext = kat
    plaintext_bytes = bytes.fromhex(plaintext)
    ciphertext_bytes = aesEncryptor.update(plaintext_bytes)
    got_ciphertext = ciphertext_bytes.hex()
    result = "[PASS]" if got_ciphertext == want_ciphertext else "[FAIL]"
    print("Test {}. Expected {}, got {}. Result {}.".format(
            index, want_ciphertext, got_ciphertext, result))



Test 0. Expected 0336763e966d92595a567cc9ce537f5e, got 0336763e966d92595a567cc9ce537f5e. Result [PASS].
Test 1. Expected a9a1631bf4996954ebc093957b234589, got a9a1631bf4996954ebc093957b234589. Result [PASS].
Test 2. Expected ff4f8391a6a40ca5b25d23bedd44a597, got ff4f8391a6a40ca5b25d23bedd44a597. Result [PASS].
Test 3. Expected dc43be40be0e53712f7e2bf5ca707209, got dc43be40be0e53712f7e2bf5ca707209. Result [PASS].


In [29]:
# 16–byte test key of all zeros.
test_key = bytes.fromhex('00000000000000000000000000000011')
aesCipher = Cipher(algorithms.AES(test_key),
                   modes.ECB(),
                   backend=default_backend())
aesEncryptor = aesCipher.encryptor()
aesDecryptor = aesCipher.decryptor()
# test each input
for index, kat in enumerate(nist_kats):
    plaintext, want_ciphertext = kat
    plaintext_bytes = bytes.fromhex(plaintext)
    ciphertext_bytes = aesEncryptor.update(plaintext_bytes)
    got_ciphertext = ciphertext_bytes.hex()
    result = "[PASS]" if got_ciphertext == want_ciphertext else "[FAIL]"
    print("Test {}. Expected {}, got {}. Result {}.".format(
            index, want_ciphertext, got_ciphertext, result))



Test 0. Expected 0336763e966d92595a567cc9ce537f5e, got ab34bef1bdb4e2c98e3759929c067f79. Result [FAIL].
Test 1. Expected a9a1631bf4996954ebc093957b234589, got b0ae09b3892a958c12148ebb8ddcb379. Result [FAIL].
Test 2. Expected ff4f8391a6a40ca5b25d23bedd44a597, got f228a59f5702ed6bb4caba9ee34a030b. Result [FAIL].
Test 3. Expected dc43be40be0e53712f7e2bf5ca707209, got be2c431ddd3743e5df17a3d40ee1300a. Result [FAIL].
