# ECE 443/518 Fall 2019 - Project 1
# Cryptographic Hash Functions and Ciphers


## Cryptographic Hash Functions

### SHA-256 Validation

In [3]:
from cryptography.hazmat.backends import default_backend # importing backend for the hashing algorithms
from cryptography.hazmat.primitives import hashes # importing hashing functions


def SHA_256(message):
    digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    plaintext = input("Enter Plaintext here:") # Enter the plaintext to be hashed 
    byte_plaintext = plaintext.encode() # Converting the string datatype to bytes datatype for hashing 
    digest = SHA_256(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print ("Plaintext entered:{}".format(plaintext))
    print("Expected Messsage Digest: \n 7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069")
    print("Computed Message digest after SHA256 hashing:\n {} ".format(digest_hex))
    

Enter Plaintext here:Hello World!
Plaintext entered:Hello World!
Expected Messsage Digest: 
 7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069
Computed Message digest after SHA256 hashing:
 7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069 


### Performance Evaluation of SHA 256

In [11]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
import timeit

setup_code = '''
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
'''

evaluation_code = '''
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest.update(bytes(256*1000*1000))
digest.finalize()
'''

def SHA_256(message):
    digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    byte_plaintext = bytes(256*1000*100)
    digest = SHA_256(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print("SHA 256 of 256MB 0x00")
    print("Message digest after SHA256 hashing is: \n{} ".format(digest_hex))
    total_time = timeit.timeit(setup=setup_code, stmt=evaluation_code, number=10) # running the hash function 10 times and obtaining total time elapsed 
    execution_time = total_time/10
    print("Average Time taken for Hashing the plaintext: {} seconds".format(execution_time))
    performance = 256/execution_time
    print("The performance of the hashing function is {} MB/s".format(performance))


SHA 256 of 256MB 0x00
Message digest after SHA256 hashing is: 
f9f426e77227823de210deeeb3c5f258532937b4dfd40af797e572f44a3a9b9e 
Average Time taken for Hashing the plaintext: 0.751880889999984 seconds
The performance of the hashing function is 340.4794607826852 MB/s


### SHA 512 Validation

In [7]:
from cryptography.hazmat.backends import default_backend # importing backend for the hashing algorithms
from cryptography.hazmat.primitives import hashes # importing hashing functions


def SHA_512(message):
    digest = hashes.Hash(hashes.SHA512(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    plaintext = input("Enter Plaintext here:") # Enter the plaintext to be hashed 
    byte_plaintext = plaintext.encode() # Converting the string datatype to bytes datatype for hashing 
    digest = SHA_512(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print ("Plaintext entered:{}".format(plaintext))
    print("Expected Messsage Digest: \n 861844d6704e8573fec34d967e20bcfef3d424cf48be04e6dc08f2bd58c729743371015ead891cc3cf1c9d34b49264b510751b1ff9e537937bc46b5d6ff4ecc8")
    print("Computed Message digest after SHA512 hashing:\n {} ".format(digest_hex))

Enter Plaintext here:Hello World!
Plaintext entered:Hello World!
Expected Messsage Digest: 
 861844d6704e8573fec34d967e20bcfef3d424cf48be04e6dc08f2bd58c729743371015ead891cc3cf1c9d34b49264b510751b1ff9e537937bc46b5d6ff4ecc8
Computed Message digest after SHA512 hashing:
 861844d6704e8573fec34d967e20bcfef3d424cf48be04e6dc08f2bd58c729743371015ead891cc3cf1c9d34b49264b510751b1ff9e537937bc46b5d6ff4ecc8 


### Performance Evaluation Of SHA512

In [9]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
import timeit

setup_code = '''
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
'''

evaluation_code = '''
digest = hashes.Hash(hashes.SHA512(), backend=default_backend())
digest.update(bytes(256*1000*1000))
digest.finalize()
'''

def SHA_512(message):
    digest = hashes.Hash(hashes.SHA512(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    byte_plaintext = bytes(256*1000*100)
    digest = SHA_512(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print("SHA 512 of 256MB 0x00")
    print("Message digest after SHA512 hashing is: \n{} ".format(digest_hex))
    total_time = timeit.timeit(setup=setup_code, stmt=evaluation_code, number=10) # running the hash function 10 times and obtaining total time elapsed 
    execution_time = total_time/10
    print("Average Time taken for Hashing the plaintext: {} seconds".format(execution_time))
    performance = 256/execution_time
    print("The performance of the hashing function is: {} MB/s".format(performance))

SHA 512 of 256MB 0x00
Message digest after SHA512 hashing is: 
d40f36e95eff70d65a54356fba8f8388043ebd2520f98b14a2c962fec6ae403f06f77a46b40f354822e9901c9616e7714311a10d708fe47867cb29d914cd726e 
Average Time taken for Hashing the plaintext: 0.561877410000011 seconds
The performance of the hashing function is: 455.6153983837773 MB/s


## Ciphers 

## AES in GCM mode Validation

In [2]:
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes
)

def encrypt(key, pt, aad):
    '''AES in GCM Mode encrytion function
        parameters:
            key: 128 bit random key
            pt: plaintext for encryption 
                type: bytes 
            aad: authenticated associated data
                type: bytes '''
    iv = os.urandom(12) # 96 bit initialization vector

    encryptor = Cipher(
        algorithms.AES(key), # using AES block cipher
        modes.GCM(iv), # in GCM mode
        backend=default_backend()
    ).encryptor() # creating a AESGCM cipher object 

    encryptor.authenticate_additional_data(aad) # authenticated associate data will be authenticated but not encrypted
    ct = encryptor.update(pt) + encryptor.finalize() # getting cipher text after encryption

    return (iv, ct, encryptor.tag) 

def decrypt(key, aad, iv, ct, tag):
    '''AES in GCM Mode decrytion function
        parameters:
            key: 128 bit random key
            aad: authenticated associated data
                type: bytes 
            iv: 96 bit initialization vector 
            ct: ciphertext for decryption 
                type: bytes'''
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
        backend=default_backend()
    ).decryptor()

    # Put aad back in or the tag will fail to verify 
    decryptor.authenticate_additional_data(aad)

    # decryptor provides the authenticated plaintext. 
    # if the tag does not match an InvalidTag exception will be raised 
    return decryptor.update(ct) + decryptor.finalize()

if __name__ == "__main__":
    plaintext = b'Hello World!'
    plaintext_str = plaintext.decode('utf-8')
    aad = b"Data that is authenticated but not encrypted" # authenticated associated data
    aad_str = aad.decode("utf-8")
    key = os.urandom(32) # 128 bit key generation for AES 
    iv, ciphertext, tag = encrypt(key, plaintext, aad) 
    # the initialization vector, cipher text and MAC tag 
    # is returned after encryption 
    decryted_msg = decrypt(key, aad, iv, ciphertext, tag)
    print("AES in GCM mode of plaintext: {}".format(plaintext_str))
    print("Authenticated Associated data: {}".format(aad_str))
    print("Initialization Vector: {}".format(iv.hex()))
    print("MAC tag: {}".format(tag.hex()))
    print("Ciphertext: {}".format(ciphertext.hex())) 
    print("Decrypted message: {}".format(decryted_msg.decode('utf-8')))

AES in GCM mode of plaintext: Hello World!
Authenticated Associated data: Data that is authenticated but not encrypted
Initialization Vector: df5032b3714f21a672856cf5
MAC tag: f619ae0e71051fea50469de1c7c506f0
Ciphertext: 84e36186a34fdb53dfb46656
Decrypted message: Hello World!


## Attacking 

In [7]:
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes
)

def encrypt(key, pt, aad):
    '''AES in GCM Mode encrytion function
        parameters:
            key: 128 bit random key
            pt: plaintext for encryption 
                type: bytes 
            aad: authenticated associated data
                type: bytes '''
    iv = os.urandom(12) # 96 bit initialization vector

    encryptor = Cipher(
        algorithms.AES(key), # using AES block cipher
        modes.GCM(iv), # in GCM mode
        backend=default_backend()
    ).encryptor() # creating a AESGCM cipher object 

    encryptor.authenticate_additional_data(aad) # authenticated associate data will be authenticated but not encrypted
    ct = encryptor.update(pt) + encryptor.finalize() # getting cipher text after encryption

    return (iv, ct, encryptor.tag) 

def decrypt(key, aad, iv, ct, tag):
    '''AES in GCM Mode decrytion function
        parameters:
            key: 128 bit random key
            aad: authenticated associated data
                type: bytes 
            iv: 96 bit initialization vector 
            ct: ciphertext for decryption 
                type: bytes'''
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
        backend=default_backend()
    ).decryptor()

    # Put aad back in or the tag will fail to verify 
    decryptor.authenticate_additional_data(aad)

    # decryptor provides the authenticated plaintext. 
    # if the tag does not match an InvalidTag exception will be raised 
    return decryptor.update(ct) + decryptor.finalize()

if __name__ == "__main__":
    plaintext = b'Hello World!'
    plaintext_str = plaintext.decode('utf-8')
    aad = b"Data that is authenticated but not encrypted" # authenticated associated data
    aad_str = aad.decode("utf-8")
    key = os.urandom(32) # 128 bit key generation for AES 
    iv, ciphertext, tag = encrypt(key, plaintext, aad) 
    # the initialization vector, cipher text and MAC tag 
    # is returned after encryption 
    attacking_tag = bytes(16) # adversary entering an different MAC tag of 0s of 16 bytes
    decryted_msg = decrypt(key, aad, iv, ciphertext, attacking_tag) # decrypt function will raise a InvalidTag EXCEPTION as the tags do not match
    print("InvalidTag! The MAC tags of encryption and decryption donot match")    
    print("AES in GCM mode of plaintext: {}".format(plaintext_str))
    print("Authenticated Associated data: {}".format(aad_str))
    print("Initialization Vector: {}".format(iv.hex()))
    print("MAC tag: {}".format(tag.hex()))
    print("Ciphertext: {}".format(ciphertext.hex())) 
    print("Decrypted message: {}".format(decryted_msg.decode('utf-8')))

InvalidTag: 

## Performance Evaluation of AES in GCM mode 

In [8]:
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes
)
import time
def encrypt(key, pt, aad):
    '''AES in GCM Mode encrytion function
        parameters:
            key: 128 bit random key
            pt: plaintext for encryption 
                type: bytes 
            aad: authenticated associated data
                type: bytes '''
    iv = os.urandom(12) # 96 bit initialization vector

    encryptor = Cipher(
        algorithms.AES(key), # using AES block cipher
        modes.GCM(iv), # in GCM mode
        backend=default_backend()
    ).encryptor() # creating a AESGCM cipher object 

    encryptor.authenticate_additional_data(aad) # authenticated associate data will be authenticated but not encrypted
    ct = encryptor.update(pt) + encryptor.finalize() # getting cipher text after encryption

    return (iv, ct, encryptor.tag) 

def decrypt(key, aad, iv, ct, tag):
    '''AES in GCM Mode decrytion function
        parameters:
            key: 128 bit random key
            aad: authenticated associated data
                type: bytes 
            iv: 96 bit initialization vector 
            ct: ciphertext for decryption 
                type: bytes'''
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
        backend=default_backend()
    ).decryptor()

    # Put aad back in or the tag will fail to verify 
    decryptor.authenticate_additional_data(aad)

    # decryptor provides the authenticated plaintext. 
    # if the tag does not match an InvalidTag exception will be raised 
    return decryptor.update(ct) + decryptor.finalize()

if __name__ == "__main__":
    plaintext = bytes(64*1000*1000)
    aad = b"Data that is authenticated but not encrypted" # authenticated associated data
    aad_str = aad.decode("utf-8")
    encrypt_start = time.time()
    for i in  range(0, 10): # doing 10 iterations of encryption
        key = os.urandom(32) # 128 bit key generation for AES 
        iv, ciphertext, tag = encrypt(key, plaintext, aad)
        # the initialization vector, cipher text and MAC tag 
        # is returned after encryption
    encrypt_end = time.time()
    encrypt_elapsed_time = encrypt_end - encrypt_start
    avg_encrypt_elapsed_time = encrypt_elapsed_time/10
    encrypt_perf = 64/avg_encrypt_elapsed_time
    decrypt_start = time.time()
    for i in range(0, 10): # doing 10 iterations of decryption
        decryted_msg = decrypt(key, aad, iv, ciphertext, tag)
    decrypt_end = time.time()
    decrypt_elapsed_time = decrypt_end - decrypt_start
    avg_decrypt_elapsed_time = decrypt_elapsed_time/10
    decrypt_perf = 64/avg_decrypt_elapsed_time
    print("AES in GCM mode of 64MB 0x0")
    print("Elapsed time for encryption of 64MB 0x0: {} sec".format(round(avg_encrypt_elapsed_time, 4)))
    print("Performance of Encryption is: {} MB/s".format(round(encrypt_perf, 4)))
    print("Elapsed time for decryption of 64MB 0x0: {} sec".format(round(avg_decrypt_elapsed_time, 4)))
    print("Performance of Decryption is: {} MB/s".format(round(decrypt_perf, 4)))
   
  

AES in GCM mode of 64MB 0x0
Elapsed time for encryption of 64MB 0x0: 0.1556 sec
Performance of Encryption is: 411.2501 MB/s
Elapsed time for decryption of 64MB 0x0: 0.1518 sec
Performance of Decryption is: 421.7188 MB/s
