All Or Nothing Transform - Fernet with hash xor as padding!

Today, I messed around with some OAEP/AONT style crypto. Specifically, a hash of the encrypted content, xored with the key. Then, you must retrieve all of the content and key to hash out the xor of the key.

That said, this is a pretty good padding method, where you need to pull all of the packets to retrieve the content itself. I’ve probably weakened it by simply joining the url-safe fernet output with my xor creation, where you know you’d be on the right track if the first len(message)-32 bits are decodable in base64.

Anyway, here’s the code below:

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
from cryptography.fernet import Fernet
import base64, os
def make_hash(message):
	"""make hash, print base64, return 32 bits"""
	digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
	result = digest.finalize()
	print('32 hash: ' + base64.urlsafe_b64encode(result))
	return result

def AONTencrypt(content,password):
	generate a key using deriviation,
	although you won't need to remember
	that password if you have all the
	salt = os.urandom(16)
	kdf = PBKDF2HMAC(
	key_raw = kdf.derive(password)
	key = base64.urlsafe_b64encode(key_raw)
	token = Fernet(key).encrypt(content)
	print("32 key: {}".format(key))
	hash the token, then xor with the 32 bit key.
	concattenate token with xor'd key.
	chard = "".join(
		[chr(a) for a in
			[ord(a) ^ ord(b) for a, b in
				zip(make_hash(token), key_raw)]])
	return token + chard
def AONTdecrypt(cyphertext):
	The last 32 bits of the cyphertext are the xor of
	the hash of the preceeding cypher, and the 32 bit key.
	pulling that together into a base64 string allows
	fernet to decrypt the content.
	key2 = base64.urlsafe_b64encode(
			[chr(a) for a in
				[ord(a) ^ ord(b) for a, b in
	print('32 key was: {}'.format(key2))
	return Fernet(key2).decrypt(cyphertext[:-32])

cyphertext = AONTencrypt(b"Secret Message!",b"password")
print("cyphertext is {}".format(cyphertext))
plaintext = AONTdecrypt(cyphertext)
print("plaintext is: " + plaintext)