def mac(self, key, data):
"""Calculate MAC over given data."""
d_key = Data(key)
d_data = Data(data)
mac = Buffer(self.digest_len())
self._lib_vscf_hmac.vscf_hmac_mac(self.ctx, d_key.data, d_data.data, mac.c_buffer)
return mac.get_bytes()
def harden(self, identity_secret, blinded_point):
d_identity_secret = Data(identity_secret)
d_blinded_point = Data(blinded_point)
hardened_point = Buffer(self.POINT_LEN)
status = self._lib_vscf_brainkey_server.vscf_brainkey_server_harden(self.ctx, d_identity_secret.data, d_blinded_point.data, hardened_point.c_buffer)
VscfStatus.handle_status(status)
return hardened_point.get_bytes()
def start_decryption_with_key(self, recipient_id, private_key, message_info):
"""Initiate decryption process with a recipient private key.
Message Info can be empty if it was embedded to encrypted data."""
d_recipient_id = Data(recipient_id)
d_message_info = Data(message_info)
status = self._lib_vscf_recipient_cipher.vscf_recipient_cipher_start_decryption_with_key(self.ctx, d_recipient_id.data, private_key.c_impl, d_message_info.data)
VscfStatus.handle_status(status)
def verify_hash(self, public_key, hash_id, digest, signature):
"""Verify data digest with a given public key and signature."""
d_digest = Data(digest)
d_signature = Data(signature)
result = self._lib_vscf_falcon.vscf_falcon_verify_hash(
self.ctx, public_key.c_impl, hash_id, d_digest.data,
d_signature.data)
return result
def process_decrypt_request(self, server_private_key, decrypt_request):
"""Processed client's decrypt request"""
d_server_private_key = Data(server_private_key)
d_decrypt_request = Data(decrypt_request)
decrypt_response = Buffer(self.decrypt_response_len())
status = self._lib_vsce_uokms_server.vsce_uokms_server_process_decrypt_request(self.ctx, d_server_private_key.data, d_decrypt_request.data, decrypt_response.c_buffer)
VsceStatus.handle_status(status)
return decrypt_response.get_bytes()
def decrypt(self, cipher_text, account_key):
"""Decrypts data using account key"""
d_cipher_text = Data(cipher_text)
d_account_key = Data(account_key)
plain_text = Buffer(self.decrypt_len(cipher_text_len=len(cipher_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_decrypt(self.ctx, d_cipher_text.data, d_account_key.data, plain_text.c_buffer)
VsceStatus.handle_status(status)
return plain_text.get_bytes()
def auth_encrypt(self, plain_text, additional_data, account_key):
"""Encrypts data (and authenticates additional data) using account key"""
d_plain_text = Data(plain_text)
d_additional_data = Data(additional_data)
d_account_key = Data(account_key)
cipher_text = Buffer(self.encrypt_len(plain_text_len=len(plain_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_auth_encrypt(self.ctx, d_plain_text.data, d_additional_data.data, d_account_key.data, cipher_text.c_buffer)
VsceStatus.handle_status(status)
return cipher_text.get_bytes()
def auth_decrypt(self, cipher_text, additional_data, account_key):
"""Decrypts data (and verifies additional data) using account key"""
d_cipher_text = Data(cipher_text)
d_additional_data = Data(additional_data)
d_account_key = Data(account_key)
plain_text = Buffer(self.decrypt_len(cipher_text_len=len(cipher_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_auth_decrypt(self.ctx, d_cipher_text.data, d_additional_data.data, d_account_key.data, plain_text.c_buffer)
VsceStatus.handle_status(status)
return plain_text.get_bytes()
def set_keys(self, client_private_key, server_public_key):
"""Sets client private and server public key
Call this method before any other methods
This function should be called only once"""
d_client_private_key = Data(client_private_key)
d_server_public_key = Data(server_public_key)
status = self._lib_vsce_uokms_client.vsce_uokms_client_set_keys(
self.ctx, d_client_private_key.data, d_server_public_key.data)
VsceStatus.handle_status(status)
def deblind(self, transformed_password, blinding_secret):
"""Deblinds 'transformed password' value with previously returned 'blinding secret' from blind()."""
d_transformed_password = Data(transformed_password)
d_blinding_secret = Data(blinding_secret)
deblinded_password = Buffer(self.deblinded_password_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_deblind(
d_transformed_password.data, d_blinding_secret.data,
deblinded_password.c_buffer)
VscpStatus.handle_status(status)
return deblinded_password.get_bytes()
def start_verified_decryption_with_key(self, recipient_id, private_key, message_info, message_info_footer):
"""Initiate decryption process with a recipient private key.
Message Info can be empty if it was embedded to encrypted data.
Message Info footer can be empty if it was embedded to encrypted data.
If footer was embedded, method "start decryption with key" can be used."""
d_recipient_id = Data(recipient_id)
d_message_info = Data(message_info)
d_message_info_footer = Data(message_info_footer)
status = self._lib_vscf_recipient_cipher.vscf_recipient_cipher_start_verified_decryption_with_key(self.ctx, d_recipient_id.data, private_key.c_impl, d_message_info.data, d_message_info_footer.data)
VscfStatus.handle_status(status)
def get_enrollment(self, server_private_key, server_public_key):
"""Generates a new random enrollment and proof for a new user"""
d_server_private_key = Data(server_private_key)
d_server_public_key = Data(server_public_key)
enrollment_response = Buffer(self.enrollment_response_len())
status = self._lib_vsce_phe_server.vsce_phe_server_get_enrollment(
self.ctx, d_server_private_key.data, d_server_public_key.data,
enrollment_response.c_buffer)
VsceStatus.handle_status(status)
return enrollment_response.get_bytes()
def with_data(cls, recipient_id, key_encryption_algorithm, encrypted_key):
"""Create object and define all properties."""
d_recipient_id = Data(recipient_id)
d_encrypted_key = Data(encrypted_key)
inst = cls.__new__(cls)
inst._lib_vscf_key_recipient_info = VscfKeyRecipientInfo()
inst.ctx = inst._lib_vscf_key_recipient_info.vscf_key_recipient_info_new_with_data(
d_recipient_id.data, key_encryption_algorithm.c_impl,
d_encrypted_key.data)
return inst
def auth_decrypt(self, data, auth_data, tag):
"""Decrypt given data.
If 'tag' is not given, then it will be taken from the 'enc'."""
d_data = Data(data)
d_auth_data = Data(auth_data)
d_tag = Data(tag)
out = Buffer(self.auth_decrypted_len(data_len=len(data)))
status = self._lib_vscf_aes256_gcm.vscf_aes256_gcm_auth_decrypt(
self.ctx, d_data.data, d_auth_data.data, d_tag.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def deblind(self, password, hardened_point, deblind_factor, key_name):
d_password = Data(password)
d_hardened_point = Data(hardened_point)
d_deblind_factor = Data(deblind_factor)
d_key_name = Data(key_name)
seed = Buffer(self.POINT_LEN)
status = self._lib_vscf_brainkey_client.vscf_brainkey_client_deblind(
self.ctx, d_password.data, d_hardened_point.data,
d_deblind_factor.data, d_key_name.data, seed.c_buffer)
VscfStatus.handle_status(status)
return seed.get_bytes()
def update_deblinded_with_token(self, deblinded_password,
password_update_token):
"""Updates previously stored 'deblinded password' with 'password update token'.
After this call, 'transform()' called with new arguments will return corresponding values."""
d_deblinded_password = Data(deblinded_password)
d_password_update_token = Data(password_update_token)
updated_deblinded_password = Buffer(self.deblinded_password_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_update_deblinded_with_token(
d_deblinded_password.data, d_password_update_token.data,
updated_deblinded_password.c_buffer)
VscpStatus.handle_status(status)
return updated_deblinded_password.get_bytes()
def verify_password(self, server_private_key, server_public_key,
verify_password_request):
"""Verifies existing user's password and generates response with proof"""
d_server_private_key = Data(server_private_key)
d_server_public_key = Data(server_public_key)
d_verify_password_request = Data(verify_password_request)
verify_password_response = Buffer(self.verify_password_response_len())
status = self._lib_vsce_phe_server.vsce_phe_server_verify_password(
self.ctx, d_server_private_key.data, d_server_public_key.data,
d_verify_password_request.data, verify_password_response.c_buffer)
VsceStatus.handle_status(status)
return verify_password_response.get_bytes()
def auth_encrypt(self, data, auth_data):
"""Encrypt given data.
If 'tag' is not given, then it will written to the 'enc'."""
d_data = Data(data)
d_auth_data = Data(auth_data)
out = Buffer(self.auth_encrypted_len(data_len=len(data)))
tag = Buffer(self.AUTH_TAG_LEN)
status = self._lib_vscf_aes256_gcm.vscf_aes256_gcm_auth_encrypt(
self.ctx, d_data.data, d_auth_data.data, out.c_buffer,
tag.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes(), tag.get_bytes()
def transform(self, blinded_password, tweak, transformation_private_key):
"""Transforms blinded password using transformation private key."""
d_blinded_password = Data(blinded_password)
d_tweak = Data(tweak)
d_transformation_private_key = Data(transformation_private_key)
transformed_password = Buffer(self.transformed_password_buf_len())
transformed_tweak = Buffer(self.transformed_tweak_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_transform(
d_blinded_password.data, d_tweak.data,
d_transformation_private_key.data, transformed_password.c_buffer,
transformed_tweak.c_buffer)
VscpStatus.handle_status(status)
return transformed_password.get_bytes(), transformed_tweak.get_bytes()
def respond(self, sender_identity_public_key,
receiver_identity_private_key, receiver_long_term_private_key,
receiver_one_time_private_key, message):
"""Responds to session initiation"""
d_sender_identity_public_key = Data(sender_identity_public_key)
d_receiver_identity_private_key = Data(receiver_identity_private_key)
d_receiver_long_term_private_key = Data(receiver_long_term_private_key)
d_receiver_one_time_private_key = Data(receiver_one_time_private_key)
status = self._lib_vscr_ratchet_session.vscr_ratchet_session_respond(
self.ctx, d_sender_identity_public_key.data,
d_receiver_identity_private_key.data,
d_receiver_long_term_private_key.data,
d_receiver_one_time_private_key.data, message.ctx)
VscrStatus.handle_status(status)
def process_decrypt_response(self, wrap, decrypt_request, decrypt_response,
deblind_factor, encryption_key_len):
"""Processed server response, checks server proof and decapsulates encryption key"""
d_wrap = Data(wrap)
d_decrypt_request = Data(decrypt_request)
d_decrypt_response = Data(decrypt_response)
d_deblind_factor = Data(deblind_factor)
encryption_key = Buffer(encryption_key_len)
status = self._lib_vsce_uokms_client.vsce_uokms_client_process_decrypt_response(
self.ctx, d_wrap.data, d_decrypt_request.data,
d_decrypt_response.data, d_deblind_factor.data, encryption_key_len,
encryption_key.c_buffer)
VsceStatus.handle_status(status)
return encryption_key.get_bytes()
def initiate(self, sender_identity_private_key,
receiver_identity_public_key, receiver_long_term_public_key,
receiver_one_time_public_key):
"""Initiates session"""
d_sender_identity_private_key = Data(sender_identity_private_key)
d_receiver_identity_public_key = Data(receiver_identity_public_key)
d_receiver_long_term_public_key = Data(receiver_long_term_public_key)
d_receiver_one_time_public_key = Data(receiver_one_time_public_key)
status = self._lib_vscr_ratchet_session.vscr_ratchet_session_initiate(
self.ctx, d_sender_identity_private_key.data,
d_receiver_identity_public_key.data,
d_receiver_long_term_public_key.data,
d_receiver_one_time_public_key.data)
VscrStatus.handle_status(status)
def update(self, data):
"""Process encryption or decryption of the given data chunk."""
d_data = Data(data)
out = Buffer(self.out_len(data_len=len(data)))
self._lib_vscf_aes256_cbc.vscf_aes256_cbc_update(
self.ctx, d_data.data, out.c_buffer)
return out.get_bytes()
def get_password_update_token(self, previous_transformation_private_key,
new_transformation_private_key):
"""Rotates old transformation key to new transformation key and generates 'password update token',
that can update 'deblinded password'(s).
This action should increment version of the 'pythia scope secret'."""
d_previous_transformation_private_key = Data(
previous_transformation_private_key)
d_new_transformation_private_key = Data(new_transformation_private_key)
password_update_token = Buffer(self.password_update_token_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_get_password_update_token(
d_previous_transformation_private_key.data,
d_new_transformation_private_key.data,
password_update_token.c_buffer)
VscpStatus.handle_status(status)
return password_update_token.get_bytes()
def encode(self, data):
"""Encode given data to the base64 format.
Note, written buffer is NOT null-terminated."""
d_data = Data(data)
str = Buffer(self.encoded_len(data_len=len(data)))
self._lib_vscf_base64.vscf_base64_encode(d_data.data, str.c_buffer)
return str.get_bytes()
def encrypt(self, public_key, data):
"""Encrypt data with a given public key."""
d_data = Data(data)
out = Buffer(self.encrypted_len(public_key=public_key, data_len=len(data)))
status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_encrypt(self.ctx, public_key.c_impl, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def decrypt(self, private_key, data):
"""Decrypt given data."""
d_data = Data(data)
out = Buffer(self.decrypted_len(private_key=private_key, data_len=len(data)))
status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_decrypt(self.ctx, private_key.c_impl, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def sign_hash(self, private_key, hash_id, digest):
"""Sign data digest with a given private key."""
d_digest = Data(digest)
signature = Buffer(self.signature_len(private_key=private_key))
status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_sign_hash(self.ctx, private_key.c_impl, hash_id, d_digest.data, signature.c_buffer)
VscfStatus.handle_status(status)
return signature.get_bytes()
def title(self, pem):
"""Returns PEM title if PEM data is valid, otherwise - empty data."""
d_pem = Data(pem)
result = self._lib_vscf_pem.vscf_pem_title(d_pem.data)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def unwrap(self, pem):
"""Takes PEM data and extract binary data from it."""
d_pem = Data(pem)
data = Buffer(self.unwrapped_len(pem_len=len(pem)))
status = self._lib_vscf_pem.vscf_pem_unwrap(d_pem.data, data.c_buffer)
VscfStatus.handle_status(status)
return data.get_bytes()