In [1]:
from cryptography.hazmat.primitives import cmac, constant_time, hashes, hmac
from cryptography.hazmat.primitives.ciphers import algorithms

import os

In [2]:
def cmac_sign(key, msg):
    c = cmac.CMAC(algorithms.AES(key))
    c.update(msg)
    return c.finalize()

In [3]:
def test_cmac_sign():
    key = bytes.fromhex("e3e62dde91fc699fc6195b9387b97b51")
    msg = b"Hello World!"
    tag = bytes.fromhex("cebba0274a6e91a2918e801765b5c692")
    assert cmac_sign(key, msg) == tag
    
test_cmac_sign()

In [4]:
def cmac_verify(key, msg, tag):
    try:
        c = cmac.CMAC(algorithms.AES(key))
        c.update(msg)
        c.verify(tag)
        return True
    except:
        return False    

In [5]:
def test_cmac_verify():
    key = bytes.fromhex("e3e62dde91fc699fc6195b9387b97b51")
    msg = b"Hello World!"
    tag = bytes.fromhex("cebba0274a6e91a2918e801765b5c692")
    
    assert cmac_verify(key, msg, tag)
    assert not cmac_verify(key, msg, bytes.fromhex("cebba0274a6e91a2918e801765b5c690"))
    assert not cmac_verify(bytes.fromhex("e3e62dde91fc699fc6195b9387b97b50"), msg, tag)
    assert not cmac_verify(key, msg + b"a", tag)
    
test_cmac_verify()

## Naloga 2

In [6]:
def hmac_sign(key, msg):
    h = hmac.HMAC(key, hashes.SHA256())
    h.update(msg)
    return h.finalize()

In [7]:
def test_hmac_sign():
    key = bytes.fromhex("9008c42e77571b6615ad7058dc846b44")
    msg = b"Hello World!"
    tag = bytes.fromhex("8958bcd856b90d35ec4fe83e5cfb01224ceaf0040787f0535d7c97b383765d4f")
    
    assert hmac_sign(key, msg) == tag
    
test_hmac_sign()    

In [8]:
def hmac_verify(key, msg, tag):
    try:
        h = hmac.HMAC(key, hashes.SHA256())
        h.update(msg)
        h.verify(tag)
        return True
    except:
        return False    

In [9]:
def test_hmac_verify():
    key = bytes.fromhex("ac77bc30018022de3ecee0c3226c7c7d")
    msg = b"Hello World!"
    tag = bytes.fromhex("a2276626e56ae4138f865f0998a4abe9940dbf564a8882d85af951e299811fbb")
    
    assert hmac_verify(key, msg, tag)
    assert not hmac_verify(key, msg, bytes.fromhex("a2276626e56ae4138f865f0998a4abe9940dbf564a8882d85af951e299811fb0"))
    assert not hmac_verify(bytes.fromhex("ac77bc30018022de3ecee0c3226c7c70"), msg, tag)
    assert not hmac_verify(key, msg + b"a", tag)
    
test_hmac_verify()

## Naloga 3

V Javi:
- Z vam ljubim urejevalnikom besedil, ali še boljše IDE, odprite projekt **java-integrity**; [sam uporabljam Intellij IDEAD Community Edition in ga priporočam.](https://www.jetbrains.com/idea/download/download-thanks.html) Če uporabljate IDE, potem odprite datoteko `pom.xml`. Tako boste povečali, da se projekt naloži pravilno.
-

## Naloga 4

V Javi smo ustvarili sporočilo, iz njega izračunali overitveno kodo sporočila, kjer smo uporabili algoritem MAC HMAC-SHA256.

- Ključ smo shranili v datoteko `../data/msg.bin.key`
- Konkatenacijo značke in sporočilap pa v `../data/msg.bin`

Preberite ključ, značko in sporočilo. Preverite, ali je značka veljavna (tj. prepričajte se, da se sporočilo ni spremenilo), in le v varnem primeru, izpišite sporočilo.

In [15]:
def open_java_msg():
    with open("../data/msg.bin", "rb") as h:
        data = h.read()
        tag, msg = data[:32], data[32:]

    with open("../data/msg.bin.key", "rb") as h:
        key = h.read()
        
    if hmac_verify(key, msg, tag):
        print(msg.decode("utf8"), tag.hex())
    else:
        print("Invalid tag")
        
open_java_msg()

Sporočilo, ki bo zapisano na disk in zavarovano pred spremembami. bdc9a03c5910c8970d80aeb767200c4d27f3da3417d3dd8b4f65b32aee820b59
