def decrypt(self, encrypted_data, account_key):
decrypted_buffer = Buffer(
self._lib_vsc_phe_cipher.vsce_phe_cipher_decrypt_len(
self._cipher, len(encrypted_data)))
d_encrypted_data = Data(encrypted_data)
d_account_key = Data(account_key)
self._lib_vsc_phe_cipher.vsce_phe_cipher_decrypt(
self._cipher, d_encrypted_data.data, d_account_key.data,
decrypted_buffer.c_buffer)
return decrypted_buffer.get_bytes()
def verify_server_response(self, client_private_key, server_public_key,
password, record, response):
# type: (bytearray, bytearray, bytearray, bytearray, bytearray) -> bytearray
client = self.__initiate_client(client_private_key, server_public_key)
pwd = Data(password)
rec = Data(record)
resp = Data(response)
key_buffer = Buffer(self.constants.PHE_ACCOUNT_KEY_LENGTH)
err = self._lib_vsce_phe_client.vsce_phe_client_check_response_and_decrypt(
client, pwd.data, rec.data, resp.data, key_buffer.c_buffer)
if err:
raise RuntimeError("Could not validate server response")
self._lib_vsce_phe_client.vsce_phe_client_destroy(client)
return key_buffer.get_bytes()
def password_verify_request(self, client_private_key, server_public_key,
record, password):
# type: (bytearray, bytearray, bytearray, bytearray) -> bytearray
client = self.__initiate_client(client_private_key, server_public_key)
pwd = Data(password)
rec = Data(record)
req = Buffer(
self._lib_vsce_phe_client.
vsce_phe_client_verify_password_request_len(client))
err = self._lib_vsce_phe_client.vsce_phe_client_create_verify_password_request(
client, pwd.data, rec.data, req.c_buffer)
if err:
raise RuntimeError("Could not create password verify request")
self._lib_vsce_phe_client.vsce_phe_client_destroy(client)
return req.get_bytes()
def get_enrollment(self, private_key, public_key):
# type: (bytearray, bytearray) -> bytearray
enrollment_buffer_size = self._lib_vsce_phe_server.vsce_phe_server_enrollment_response_len(self.server)
enrollment_response = Buffer(int(enrollment_buffer_size))
server_key = Data(private_key)
pub_key = Data(public_key)
err = self._lib_vsce_phe_server.vsce_phe_server_get_enrollment(
self.server,
server_key.data,
pub_key.data,
enrollment_response.c_buffer
)
if err:
raise RuntimeError("Could not get enrollment")
return enrollment_response.get_bytes()
def verify_password(self, private_key, public_key, request):
# type: (bytearray, bytearray, bytearray) -> bytearray
server_key = Data(private_key)
pub_key = Data(public_key)
req = Data(request)
verify_password_response = Buffer(
self._lib_vsce_phe_server.vsce_phe_server_verify_password_response_len(self.server)
)
err = self._lib_vsce_phe_server.vsce_phe_server_verify_password(
self.server,
server_key.data,
pub_key.data,
req.data,
verify_password_response.c_buffer
)
if err:
raise RuntimeError("Unable to make verify password response")
return verify_password_response.get_bytes()
def generate_server_keypair(self):
# type: () -> [bytearray, bytearray]
server_private_key = Buffer(self.constants.PHE_PRIVATE_KEY_LENGTH)
server_public_key = Buffer(self.constants.PHE_PUBLIC_KEY_LENGTH)
err = self._lib_vsce_phe_server.vsce_phe_server_generate_server_key_pair(
self.server,
server_private_key.c_buffer,
server_public_key.c_buffer
)
if err:
raise RuntimeError("Could not generate Key Pair")
return server_private_key.get_bytes(), server_public_key.get_bytes()
def enroll_account(self, client_private_key, server_public_key, response,
password):
# type: (bytearray, bytearray, bytearray, bytearray) -> (bytearray, bytearray)
client = self.__initiate_client(client_private_key, server_public_key)
resp = Data(response)
pwd = Data(password)
enrollment_record = Buffer(
self._lib_vsce_phe_client.vsce_phe_client_enrollment_record_len(
client))
key_buffer = Buffer(self.constants.PHE_ACCOUNT_KEY_LENGTH)
err = self._lib_vsce_phe_client.vsce_phe_client_enroll_account(
client, resp.data, pwd.data, enrollment_record.c_buffer,
key_buffer.c_buffer)
if err:
raise RuntimeError("Could not create enrollment record")
self._lib_vsce_phe_client.vsce_phe_client_destroy(client)
return enrollment_record.get_bytes(), key_buffer.get_bytes()
def finish(self):
digest = Buffer(self.constants.DIGEST_LEN)
self._lib_vscf_sha256.vscf_sha256_finish(self._sha, digest.c_buffer)
return digest.get_bytes()
def hash(self, data):
digest = Buffer(self.constants.DIGEST_LEN)
d_data = Data(data)
self._lib_vscf_sha256.vscf_sha256_hash(d_data.data, digest.c_buffer)
return digest.get_bytes()
def derive(self, data, key_len):
d_data = Data(data)
key = Buffer(key_len)
self._lib_vscf_kdf1.vscf_kdf1_derive(self._kdf1, d_data.data, key_len,
key.c_buffer)
return key.get_bytes()