Zentry/crypto.py at main · AryaD-ece/Zentry · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File: crypto.py
"""
crypto.py
Cryptographic utilities for Zentry.
- PBKDF2-HMAC-SHA256 for key derivation
- AES-256-GCM for encryption/decryption
- CEK (Content Encryption Key) generation and wrapping/unwrapping
- Base64 urlsafe encoding of binary fields for JSON storage

Important notes for graders/students:
- PBKDF2 iterations set to 200_000 (adjust for CPU when needed).
- Nonces are 12 bytes for AESGCM.
- CEK is 32 bytes (AES-256).
- This module is intentionally simple & well-commented.
"""
import os
import json
from base64 import urlsafe_b64encode, urlsafe_b64decode
from typing import Tuple, Dict, Any

from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.ciphers.aead import AESGCM

# === Crypto constants ===
KDF_ITERATIONS = 200_000    # PBKDF2 iterations (good default for project)
SALT_SIZE = 16              # bytes
NONCE_SIZE = 12             # AESGCM nonce size
CEK_SIZE = 32               # 256-bit CEK

AAD_HEADER = b"zentry-v1"   # additional authenticated data (optional)

# === Helpers ===
def _b64encode(b: bytes) -> str:
    return urlsafe_b64encode(b).decode('ascii')

def _b64decode(s: str) -> bytes:
    return urlsafe_b64decode(s.encode('ascii'))

# === Key derivation ===
def derive_key(password: str, salt: bytes, iterations: int = KDF_ITERATIONS, length: int = 32) -> bytes:
    """
    Derive a symmetric key from a password using PBKDF2-HMAC-SHA256.
    Returns `length` bytes.
    """
    if isinstance(password, str):
        password = password.encode('utf-8')
    kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=length, salt=salt, iterations=iterations)
    return kdf.derive(password)

# === AES-GCM encrypt/decrypt helpers ===
def aesgcm_encrypt(key: bytes, plaintext: bytes, aad: bytes = AAD_HEADER) -> Tuple[bytes, bytes]:
    """
    Encrypt plaintext using AESGCM.
    Returns (nonce, ciphertext).
    """
    aes = AESGCM(key)
    nonce = os.urandom(NONCE_SIZE)
    ct = aes.encrypt(nonce, plaintext, aad)
    return nonce, ct

def aesgcm_decrypt(key: bytes, nonce: bytes, ciphertext: bytes, aad: bytes = AAD_HEADER) -> bytes:
    """
    Decrypt AES-GCM ciphertext.
    Returns plaintext (bytes).
    """
    aes = AESGCM(key)
    return aes.decrypt(nonce, ciphertext, aad)

# === CEK creation & wrapping ===
def create_cek() -> bytes:
    """Generate a random CEK (Content Encryption Key)."""
    return os.urandom(CEK_SIZE)

def wrap_cek_with_password(cek: bytes, password: str) -> Dict[str, str]:
    """
    Wrap (encrypt) CEK with a password-derived key.
    Returns JSON-serializable dict with salt, nonce and ct (all base64).
    """
    salt = os.urandom(SALT_SIZE)
    kek = derive_key(password, salt)
    nonce, ct = aesgcm_encrypt(kek, cek)
    return {"salt": _b64encode(salt), "nonce": _b64encode(nonce), "ct": _b64encode(ct)}

def unwrap_cek_with_password(wrapped: Dict[str, str], password: str) -> bytes:
    """Unwrap CEK previously wrapped with wrap_cek_with_password."""
    salt = _b64decode(wrapped["salt"])
    nonce = _b64decode(wrapped["nonce"])
    ct = _b64decode(wrapped["ct"])
    kek = derive_key(password, salt)
    return aesgcm_decrypt(kek, nonce, ct)

# === Envelope encryption ===
def encrypt_payload_with_cek(cek: bytes, payload: bytes) -> Dict[str, str]:
    """
    Encrypt an arbitrary payload (bytes) with CEK using AES-GCM.
    Returns dict with nonce & ct (base64).
    """
    nonce, ct = aesgcm_encrypt(cek, payload)
    return {"nonce": _b64encode(nonce), "ct": _b64encode(ct)}

def decrypt_payload_with_cek(cek: bytes, enc: Dict[str, str]) -> bytes:
    nonce = _b64decode(enc["nonce"])
    ct = _b64decode(enc["ct"])
    return aesgcm_decrypt(cek, nonce, ct)

# === Convenience: create encrypted vault blob ===
def create_vault_blob(cek: bytes, items_json_bytes: bytes) -> Dict[str, Any]:
    """
    Encrypt the vault body (items_json_bytes) with CEK and return
    a minimal JSON-ready structure {file_ct:..., aad:...}
    """
    enc = encrypt_payload_with_cek(cek, items_json_bytes)
    return {
        "version": 1,
        "aad": _b64encode(AAD_HEADER),
        "file_ct": enc["ct"],
        "file_nonce": enc["nonce"]
    }

def decrypt_vault_blob(cek: bytes, blob: Dict[str, Any]) -> bytes:
    enc = {"nonce": blob["file_nonce"], "ct": blob["file_ct"]}
    return decrypt_payload_with_cek(cek, enc)