# ECE 443/518 Fall 2019 - Project 1
# Cryptographic Hash Functions and Ciphers


## Cryptographic Hash Functions

### SHA-256 Validation

In [2]:
from cryptography.hazmat.backends import default_backend # importing backend for the hashing algorithms
from cryptography.hazmat.primitives import hashes # importing hashing functions


def SHA_256(message):
    digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    plaintext = input("Enter Plaintext here:") # Enter the plaintext to be hashed 
    byte_plaintext = plaintext.encode() # Converting the string datatype to bytes datatype for hashing 
    digest = SHA_256(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print ("Plaintext entered:{}".format(plaintext))
    print("Expected Messsage Digest: \n c0535e4be2b79ffd93291305436bf889314e4a3faec05ecffcbb7df31ad9e51a")
    print("Computed Message digest after SHA256 hashing:\n {} ".format(digest_hex))
    

Enter Plaintext here:Hello world!
Plaintext entered:Hello world!
Expected Messsage Digest: 
 c0535e4be2b79ffd93291305436bf889314e4a3faec05ecffcbb7df31ad9e51a
Computed Message digest after SHA256 hashing:
 c0535e4be2b79ffd93291305436bf889314e4a3faec05ecffcbb7df31ad9e51a 


### Performance Evaluation of SHA 256

In [1]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
import timeit

setup_code = '''
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
'''

evaluation_code = '''
digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
digest.update(bytes(256*1000*1000))
digest.finalize()
'''

def SHA_256(message):
    digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    byte_plaintext = bytes(256*1000*1000 - 33) # 256 MB message subract by 33 to remove the bytes header data 
    digest = SHA_256(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print("SHA 256 of 256MB 0x00")
    print("Message digest after SHA256 hashing is: \n{} ".format(digest_hex))
    total_time = timeit.timeit(setup=setup_code, stmt=evaluation_code, number=10) # running the hash function 10 times and obtaining total time elapsed 
    execution_time = total_time/10
    print("Average Time taken for Hashing the plaintext: {} seconds".format(execution_time))
    performance = 256/execution_time
    print("The performance of the hashing function is {} MB/s".format(performance))


SHA 256 of 256MB 0x00
Message digest after SHA256 hashing is: 
84cb76f21fc59352a3a1f4a33e35842b07b524aa6b7c80a92441a80a41e9646d 
Average Time taken for Hashing the plaintext: 0.7482836700000007 seconds
The performance of the hashing function is 342.11624583495154 MB/s


### SHA 512 Validation

In [4]:
from cryptography.hazmat.backends import default_backend # importing backend for the hashing algorithms
from cryptography.hazmat.primitives import hashes # importing hashing functions


def SHA_512(message):
    digest = hashes.Hash(hashes.SHA512(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    plaintext = input("Enter Plaintext here:") # Enter the plaintext to be hashed 
    byte_plaintext = plaintext.encode() # Converting the string datatype to bytes datatype for hashing 
    digest = SHA_512(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print ("Plaintext entered:{}".format(plaintext))
    print("Expected Messsage Digest: \n f6cde2a0f819314cdde55fc227d8d7dae3d28cc556222a0a8ad66d91ccad4aad6094f517a2182360c9aacf6a3dc323162cb6fd8cdffedb0fe038f55e85ffb5b6")
    print("Computed Message digest after SHA512 hashing:\n {} ".format(digest_hex))

Enter Plaintext here:Hello world!
Plaintext entered:Hello world!
Expected Messsage Digest: 
 f6cde2a0f819314cdde55fc227d8d7dae3d28cc556222a0a8ad66d91ccad4aad6094f517a2182360c9aacf6a3dc323162cb6fd8cdffedb0fe038f55e85ffb5b6
Computed Message digest after SHA512 hashing:
 f6cde2a0f819314cdde55fc227d8d7dae3d28cc556222a0a8ad66d91ccad4aad6094f517a2182360c9aacf6a3dc323162cb6fd8cdffedb0fe038f55e85ffb5b6 


### Performance Evaluation Of SHA512

In [2]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
import timeit

setup_code = '''
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
'''

evaluation_code = '''
digest = hashes.Hash(hashes.SHA512(), backend=default_backend())
digest.update(bytes(256*1000*1000))
digest.finalize()
'''

def SHA_512(message):
    digest = hashes.Hash(hashes.SHA512(), backend=default_backend()) # Initializing the hashing function to be used 
    digest.update(message) # Hashing of the message is done
    msg_digest = digest.finalize() # Finalizing the current context and returning the digest in bytes
    return msg_digest

if __name__ == "__main__":
    byte_plaintext = bytes(256*1000*1000 - 33) # 256 MB message subract by 33 to remove the bytes header data
    digest = SHA_512(byte_plaintext) 
    digest_hex = digest.hex() # Converting the digest returned in bytes format to hexadecimal format 
    print("SHA 512 of 256MB 0x00")
    print("Message digest after SHA512 hashing is: \n{} ".format(digest_hex))
    total_time = timeit.timeit(setup=setup_code, stmt=evaluation_code, number=10) # running the hash function 10 times and obtaining total time elapsed 
    execution_time = total_time/10
    print("Average Time taken for Hashing the plaintext: {} seconds".format(execution_time))
    performance = 256/execution_time
    print("The performance of the hashing function is: {} MB/s".format(performance))

SHA 512 of 256MB 0x00
Message digest after SHA512 hashing is: 
4718791f9cbb4c07f4dee5b43dee1f1918ba5263f75dcfd084926011c8d093565a9b88209d1188ad9573884d492a236e5e4dfb9d3249401342d2774d7e80ff11 
Average Time taken for Hashing the plaintext: 0.5674813999999998 seconds
The performance of the hashing function is: 451.1161070653595 MB/s


## Ciphers 

## AES in GCM mode Validation

In [2]:
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes
)

def encrypt(key, pt, aad):
    '''AES in GCM Mode encrytion function
        parameters:
            key: 128 bit random key
            pt: plaintext for encryption 
                type: bytes 
            aad: authenticated associated data
                type: bytes '''
    iv = os.urandom(12) # 96 bit initialization vector

    encryptor = Cipher(
        algorithms.AES(key), # using AES block cipher
        modes.GCM(iv), # in GCM mode
        backend=default_backend()
    ).encryptor() # creating a AESGCM cipher object 

    encryptor.authenticate_additional_data(aad) # authenticated associate data will be authenticated but not encrypted
    ct = encryptor.update(pt) + encryptor.finalize() # getting cipher text after encryption

    return (iv, ct, encryptor.tag) 

def decrypt(key, aad, iv, ct, tag):
    '''AES in GCM Mode decrytion function
        parameters:
            key: 128 bit random key
            aad: authenticated associated data
                type: bytes 
            iv: 96 bit initialization vector 
            ct: ciphertext for decryption 
                type: bytes'''
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
        backend=default_backend()
    ).decryptor()

    # Put aad back in or the tag will fail to verify 
    decryptor.authenticate_additional_data(aad)

    # decryptor provides the authenticated plaintext. 
    # if the tag does not match an InvalidTag exception will be raised 
    return decryptor.update(ct) + decryptor.finalize()

if __name__ == "__main__":
    plaintext = b'Hello World!'
    plaintext_str = plaintext.decode('utf-8')
    aad = b"Data that is authenticated but not encrypted" # authenticated associated data
    aad_str = aad.decode("utf-8")
    key = os.urandom(32) # 128 bit key generation for AES 
    iv, ciphertext, tag = encrypt(key, plaintext, aad) 
    # the initialization vector, cipher text and MAC tag 
    # is returned after encryption 
    decryted_msg = decrypt(key, aad, iv, ciphertext, tag)
    print("AES in GCM mode of plaintext: {}".format(plaintext_str))
    print("Authenticated Associated data: {}".format(aad_str))
    print("Initialization Vector: {}".format(iv.hex()))
    print("MAC tag: {}".format(tag.hex()))
    print("Ciphertext: {}".format(ciphertext.hex())) 
    print("Decrypted message: {}".format(decryted_msg.decode('utf-8')))

AES in GCM mode of plaintext: Hello World!
Authenticated Associated data: Data that is authenticated but not encrypted
Initialization Vector: df5032b3714f21a672856cf5
MAC tag: f619ae0e71051fea50469de1c7c506f0
Ciphertext: 84e36186a34fdb53dfb46656
Decrypted message: Hello World!


## Attacking 

In [1]:
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes
)

def encrypt(key, pt, aad):
    '''AES in GCM Mode encrytion function
        parameters:
            key: 128 bit random key
            pt: plaintext for encryption 
                type: bytes 
            aad: authenticated associated data
                type: bytes '''
    iv = os.urandom(12) # 96 bit initialization vector

    encryptor = Cipher(
        algorithms.AES(key), # using AES block cipher
        modes.GCM(iv), # in GCM mode
        backend=default_backend()
    ).encryptor() # creating a AESGCM cipher object 

    encryptor.authenticate_additional_data(aad) # authenticated associate data will be authenticated but not encrypted
    ct = encryptor.update(pt) + encryptor.finalize() # getting cipher text after encryption

    return (iv, ct, encryptor.tag) 

def decrypt(key, aad, iv, ct, tag):
    '''AES in GCM Mode decrytion function
        parameters:
            key: 128 bit random key
            aad: authenticated associated data
                type: bytes 
            iv: 96 bit initialization vector 
            ct: ciphertext for decryption 
                type: bytes'''
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
        backend=default_backend()
    ).decryptor()

    # Put aad back in or the tag will fail to verify 
    decryptor.authenticate_additional_data(aad)

    # decryptor provides the authenticated plaintext. 
    # if the tag does not match an InvalidTag exception will be raised 
    return decryptor.update(ct) + decryptor.finalize()

if __name__ == "__main__":
    plaintext = b'Hello World!'
    plaintext_str = plaintext.decode('utf-8')
    aad = b"Data that is authenticated but not encrypted" # authenticated associated data
    aad_str = aad.decode("utf-8")
    key = os.urandom(32) # 128 bit key generation for AES 
    iv, ciphertext, tag = encrypt(key, plaintext, aad) 
    # the initialization vector, cipher text and MAC tag 
    # is returned after encryption 
    attacking_tag = bytes(16) # adversary entering an different MAC tag of 0s of 16 bytes
    decryted_msg = decrypt(key, aad, iv, ciphertext, attacking_tag) # decrypt function will raise a InvalidTag EXCEPTION as the tags do not match
    print("InvalidTag! The MAC tags of encryption and decryption donot match")    
    print("AES in GCM mode of plaintext: {}".format(plaintext_str))
    print("Authenticated Associated data: {}".format(aad_str))
    print("Initialization Vector: {}".format(iv.hex()))
    print("MAC tag: {}".format(tag.hex()))
    print("Ciphertext: {}".format(ciphertext.hex())) 
    print("Decrypted message: {}".format(decryted_msg.decode('utf-8')))

InvalidTag: 

## Performance Evaluation of AES in GCM mode 

In [3]:
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes
)
import time
def encrypt(key, pt, aad):
    '''AES in GCM Mode encrytion function
        parameters:
            key: 128 bit random key
            pt: plaintext for encryption 
                type: bytes 
            aad: authenticated associated data
                type: bytes '''
    iv = os.urandom(12) # 96 bit initialization vector

    encryptor = Cipher(
        algorithms.AES(key), # using AES block cipher
        modes.GCM(iv), # in GCM mode
        backend=default_backend()
    ).encryptor() # creating a AESGCM cipher object 

    encryptor.authenticate_additional_data(aad) # authenticated associate data will be authenticated but not encrypted
    ct = encryptor.update(pt) + encryptor.finalize() # getting cipher text after encryption

    return (iv, ct, encryptor.tag) 

def decrypt(key, aad, iv, ct, tag):
    '''AES in GCM Mode decrytion function
        parameters:
            key: 128 bit random key
            aad: authenticated associated data
                type: bytes 
            iv: 96 bit initialization vector 
            ct: ciphertext for decryption 
                type: bytes'''
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
        backend=default_backend()
    ).decryptor()

    # Put aad back in or the tag will fail to verify 
    decryptor.authenticate_additional_data(aad)

    # decryptor provides the authenticated plaintext. 
    # if the tag does not match an InvalidTag exception will be raised 
    return decryptor.update(ct) + decryptor.finalize()

if __name__ == "__main__":
    plaintext = bytes(64*1000*1000 - 33) # 64 MB message subract by 33 to remove the bytes header data
    aad = b"Data that is authenticated but not encrypted" # authenticated associated data
    aad_str = aad.decode("utf-8")
    encrypt_start = time.time()
    for i in  range(0, 10): # doing 10 iterations of encryption
        key = os.urandom(32) # 128 bit key generation for AES 
        iv, ciphertext, tag = encrypt(key, plaintext, aad)
        # the initialization vector, cipher text and MAC tag 
        # is returned after encryption
    encrypt_end = time.time()
    encrypt_elapsed_time = encrypt_end - encrypt_start
    avg_encrypt_elapsed_time = encrypt_elapsed_time/10
    encrypt_perf = 64/avg_encrypt_elapsed_time
    decrypt_start = time.time()
    for i in range(0, 10): # doing 10 iterations of decryption
        decryted_msg = decrypt(key, aad, iv, ciphertext, tag)
    decrypt_end = time.time()
    decrypt_elapsed_time = decrypt_end - decrypt_start
    avg_decrypt_elapsed_time = decrypt_elapsed_time/10
    decrypt_perf = 64/avg_decrypt_elapsed_time
    print("AES in GCM mode of 64MB 0x0")
    print("Elapsed time for encryption of 64MB 0x0: {} sec".format(round(avg_encrypt_elapsed_time, 4)))
    print("Performance of Encryption is: {} MB/s".format(round(encrypt_perf, 4)))
    print("Elapsed time for decryption of 64MB 0x0: {} sec".format(round(avg_decrypt_elapsed_time, 4)))
    print("Performance of Decryption is: {} MB/s".format(round(decrypt_perf, 4)))
   
  

AES in GCM mode of 64MB 0x0
Elapsed time for encryption of 64MB 0x0: 0.1525 sec
Performance of Encryption is: 419.7914 MB/s
Elapsed time for decryption of 64MB 0x0: 0.1564 sec
Performance of Decryption is: 409.0933 MB/s


## AES IN CBC Mode Validation

In [11]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend


if __name__ == "__main__":
    backend = default_backend()
    key = os.urandom(16) # 128 bit key
    iv = os.urandom(16) # 128 bit IV 
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
    encryptor = cipher.encryptor()
    # the buffer needs to be at leasr lenght of data + n - 1 where n is cipher/mode block size in bytes
    buf = bytearray(31)
    plaintext = b'a secret message'
    len_encrypted = encryptor.update_into(plaintext, buf)
    ciphertext = bytes(buf[:len_encrypted]) + encryptor.finalize()
    decryptor = cipher.decryptor()
    len_decrypted = decryptor.update_into(ciphertext, buf)
    decrypted_msg = bytes(buf[:len_decrypted]) + decryptor.finalize()
    print("AES in CBC mode with padding of [a secret message]")
    print("Plaintext: {}".format(plaintext.hex()))
    print("CipherText: {}".format(ciphertext.hex()))
    print("Decrypted Message: {}".format(decrypted_msg.decode('utf-8')))

AES in CBC mode with padding of [a secret message]
Plaintext: 6120736563726574206d657373616765
CipherText: 56fbf2030b8de568625f62e78e4e7459
Decrypted Message: a secret message


## AES in CBC Mode Performance Evaluation

In [1]:
import os
import time
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend


if __name__ == "__main__":
    backend = default_backend()
    key = os.urandom(16) # 128 bit key
    iv = os.urandom(16) # 128 bit IV 
    cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
    encryptor = cipher.encryptor()
    # the buffer needs to be at leasr lenght of data + n - 1 where n is cipher/mode block size in bytes
    buf = bytearray(64000160)
    plaintext = bytes(64*1000*1000) # 64 MB message subract by 33 to remove the bytes header data
    en_start = time.time()
    len_encrypted = encryptor.update_into(plaintext, buf)
    ciphertext = bytes(buf[:len_encrypted]) + encryptor.finalize()
    en_end = time.time()
    total_time = en_end - en_start
    en_perf = 64/total_time
    de_start = time.time()
    decryptor = cipher.decryptor()
    len_decrypted = decryptor.update_into(ciphertext, buf)
    decrypted_msg = bytes(buf[:len_decrypted]) + decryptor.finalize()
    de_end = time.time()
    tt = de_end - de_start
    de_perf = 64/tt
    print("AES in CBC mode with padding of 64MB 0x0!")
    print("Time taken for encryption: {} secs".format(total_time))
    print("Performance of encryption: {} MB/s".format(en_perf))
    print("Time taken for decryption: {} secs".format(tt))
    print("Performance of decryption: {} MB/s".format(de_perf))

AES in CBC mode with padding of 64MB 0x0!
Time taken for encryption: 0.15306973457336426 secs
Performance of encryption: 418.1100867417109 MB/s
Time taken for decryption: 0.09505033493041992 secs
Performance of decryption: 673.3274537838313 MB/s
