def _update(self, assoc_data_pt=b("")):
"""Update the MAC with associated data or plaintext
(without FSM checks)"""
if self._mac_status == MacStatus.NOT_STARTED:
self._cache.append(assoc_data_pt)
return
assert (byte_string(self._cache))
assert (len(self._cache) < self.block_size)
if len(self._cache) > 0:
filler = min(self.block_size - len(self._cache),
len(assoc_data_pt))
self._cache += assoc_data_pt[:filler]
assoc_data_pt = assoc_data_pt[filler:]
if len(self._cache) < self.block_size:
return
# The cache is exactly one block
self._t = self._mac.encrypt(self._cache)
self._cache = b("")
update_len = len(assoc_data_pt) // self.block_size * self.block_size
self._cache = assoc_data_pt[update_len:]
if update_len > 0:
self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:]
def _update(self, assoc_data_pt=b("")):
"""Update the MAC with associated data or plaintext
(without FSM checks)"""
if self._mac_status == MacStatus.NOT_STARTED:
self._cache.append(assoc_data_pt)
return
assert(byte_string(self._cache))
assert(len(self._cache) < self.block_size)
if len(self._cache) > 0:
filler = min(self.block_size - len(self._cache),
len(assoc_data_pt))
self._cache += assoc_data_pt[:filler]
assoc_data_pt = assoc_data_pt[filler:]
if len(self._cache) < self.block_size:
return
# The cache is exactly one block
self._t = self._mac.encrypt(self._cache)
self._cache = b("")
update_len = len(assoc_data_pt) // self.block_size * self.block_size
self._cache = assoc_data_pt[update_len:]
if update_len > 0:
self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:]
def c_uint8_ptr(data):
if isinstance(data, _buffer_type):
# This only works for cffi >= 1.7
return ffi.cast(uint8_t_type, ffi.from_buffer(data))
elif byte_string(data) or isinstance(data, _Array):
return data
else:
raise TypeError("Object type %s cannot be passed to C code" % type(data))
def c_uint8_ptr(data):
if isinstance(data, _buffer_type):
# This only works for cffi >= 1.7
return ffi.cast(uint8_t_type, ffi.from_buffer(data))
elif byte_string(data) or isinstance(data, _Array):
return data
else:
raise TypeError("Object type %s cannot be passed to C code" % type(data))
def c_uint8_ptr(data):
if byte_string(data) or isinstance(data, Array):
return data
elif isinstance(data, bytearray):
local_type = c_ubyte * len(data)
return local_type.from_buffer(data)
else:
raise TypeError("Object type %s cannot be passed to C code" %
type(data))
def c_uint8_ptr(data):
if byte_string(data) or isinstance(data, _Array):
return data
elif isinstance(data, _buffer_type):
obj = _py_object(data)
buf = _Py_buffer()
_PyObject_GetBuffer(obj, byref(buf), _PyBUF_SIMPLE)
buffer_type = c_ubyte * buf.len
return buffer_type.from_address(buf.buf)
else:
raise TypeError("Object type %s cannot be passed to C code" % type(data))
def c_uint8_ptr(data):
if byte_string(data) or isinstance(data, _Array):
return data
elif isinstance(data, _buffer_type):
obj = _py_object(data)
buf = _Py_buffer()
_PyObject_GetBuffer(obj, byref(buf), _PyBUF_SIMPLE)
buffer_type = c_ubyte * buf.len
return buffer_type.from_address(buf.buf)
else:
raise TypeError("Object type %s cannot be passed to C code" %
type(data))
def _pad_cache_and_update(self):
assert(self._mac_status != MacStatus.NOT_STARTED)
assert(byte_string(self._cache))
assert(len(self._cache) < self.block_size)
# Associated data is concatenated with the least number
# of zero bytes (possibly none) to reach alignment to
# the 16 byte boundary (A.2.3)
len_cache = len(self._cache)
if len_cache > 0:
self._update(bchr(0) * (self.block_size - len_cache))
def _pad_cache_and_update(self):
assert (self._mac_status != MacStatus.NOT_STARTED)
assert (byte_string(self._cache))
assert (len(self._cache) < self.block_size)
# Associated data is concatenated with the least number
# of zero bytes (possibly none) to reach alignment to
# the 16 byte boundary (A.2.3)
len_cache = len(self._cache)
if len_cache > 0:
self._update(bchr(0) * (self.block_size - len_cache))
def __init__(self, factory, key, nonce, mac_len, cipher_params):
"""EAX cipher mode"""
self.block_size = factory.block_size
"""The block size of the underlying cipher, in bytes."""
self.nonce = nonce
"""The nonce originally used to create the object."""
self._mac_len = mac_len
self._mac_tag = None # Cache for MAC tag
# Allowed transitions after initialization
self._next = [
self.update, self.encrypt, self.decrypt, self.digest, self.verify
]
# MAC tag length
if not (4 <= self._mac_len <= self.block_size):
raise ValueError("Parameter 'mac_len' must not be larger than %d" %
self.block_size)
# Nonce cannot be empty and must be a byte string
if len(nonce) == 0:
raise ValueError("Nonce cannot be empty in EAX mode")
if not byte_string(nonce):
raise TypeError("Nonce must be a byte string")
self._omac = [
CMAC.new(key,
bchr(0) * (self.block_size - 1) + bchr(i),
ciphermod=factory,
cipher_params=cipher_params) for i in xrange(0, 3)
]
# Compute MAC of nonce
self._omac[0].update(nonce)
self._signer = self._omac[1]
# MAC of the nonce is also the initial counter for CTR encryption
counter_int = bytes_to_long(self._omac[0].digest())
self._cipher = factory.new(key,
factory.MODE_CTR,
initial_value=counter_int,
nonce=b(""),
**cipher_params)
def encode(self):
"""Return this DER SEQUENCE, fully encoded as a
binary string.
Raises:
ValueError: if some elements in the sequence are neither integers
nor byte strings.
"""
self.payload = b''
for item in self._seq:
if byte_string(item):
self.payload += item
elif _is_number(item):
self.payload += DerInteger(item).encode()
else:
self.payload += item.encode()
return DerObject.encode(self)
def encode(self):
"""Return this DER SEQUENCE, fully encoded as a
binary string.
:Raises ValueError:
If some elements in the sequence are neither integers
nor byte strings.
"""
self.payload = b('')
for item in self._seq:
if byte_string(item):
self.payload += item
elif _is_number(item):
self.payload += DerInteger(item).encode()
else:
self.payload += item.encode()
return DerObject.encode(self)
def __init__(self, factory, key, nonce, kwargs):
self.block_size = factory.block_size
"""The block size of the underlying cipher, in bytes."""
self._factory = factory
self._nonce = nonce
self._cipher_params = kwargs
if len(key) not in (32, 48, 64):
raise ValueError("Incorrect key length (%d bytes)" % len(key))
if nonce is not None:
if not byte_string(nonce):
raise TypeError(
"When provided, the nonce must be a byte string")
if len(nonce) == 0:
raise ValueError("When provided, the nonce must be non-empty")
self.nonce = nonce
"""Public attribute is only available in case of non-deterministic
encryption."""
subkey_size = len(key) // 2
self._mac_tag = None # Cache for MAC tag
self._kdf = _S2V(key[:subkey_size],
ciphermod=factory,
cipher_params=self._cipher_params)
self._subkey_cipher = key[subkey_size:]
# Purely for the purpose of verifying that cipher_params are OK
factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs)
# Allowed transitions after initialization
self._next = [
self.update, self.encrypt, self.decrypt, self.digest, self.verify
]
def decode(self, der_encoded, strict=False):
"""Decode a complete DER element, and re-initializes this
object with it.
Args:
der_encoded (byte string): A complete DER element.
Raises:
ValueError: in case of parsing errors.
"""
if not byte_string(der_encoded):
raise ValueError("Input is not a byte string")
s = BytesIO_EOF(der_encoded)
self._decodeFromStream(s, strict)
# There shouldn't be other bytes left
if s.remaining_data() > 0:
raise ValueError("Unexpected extra data after the DER structure")
return self
def decode(self, der_encoded, strict=False):
"""Decode a complete DER element, and re-initializes this
object with it.
Args:
der_encoded (byte string): A complete DER element.
Raises:
ValueError: in case of parsing errors.
"""
if not byte_string(der_encoded):
raise ValueError("Input is not a byte string")
s = BytesIO_EOF(der_encoded)
self._decodeFromStream(s, strict)
# There shouldn't be other bytes left
if s.remaining_data() > 0:
raise ValueError("Unexpected extra data after the DER structure")
return self
def __init__(self, factory, key, nonce, kwargs):
self.block_size = factory.block_size
"""The block size of the underlying cipher, in bytes."""
self._factory = factory
self._nonce = nonce
self._cipher_params = kwargs
if len(key) not in (32, 48, 64):
raise ValueError("Incorrect key length (%d bytes)" % len(key))
if nonce is not None:
if not byte_string(nonce):
raise TypeError("When provided, the nonce must be a byte string")
if len(nonce) == 0:
raise ValueError("When provided, the nonce must be non-empty")
self.nonce = nonce
"""Public attribute is only available in case of non-deterministic
encryption."""
subkey_size = len(key) // 2
self._mac_tag = None # Cache for MAC tag
self._kdf = _S2V(key[:subkey_size],
ciphermod=factory,
cipher_params=self._cipher_params)
self._subkey_cipher = key[subkey_size:]
# Purely for the purpose of verifying that cipher_params are OK
factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs)
# Allowed transitions after initialization
self._next = [self.update, self.encrypt, self.decrypt,
self.digest, self.verify]
def decode(self, derEle):
"""Decode a complete DER element, and re-initializes this
object with it.
:Parameters:
derEle : byte string
A complete DER element.
:Raise ValueError:
In case of parsing errors.
"""
if not byte_string(derEle):
raise ValueError("Input is not a byte string")
s = BytesIO_EOF(derEle)
self._decodeFromStream(s)
# There shouldn't be other bytes left
if s.remaining_data() > 0:
raise ValueError("Unexpected extra data after the DER structure")
return self
def decode(self, derEle):
"""Decode a complete DER element, and re-initializes this
object with it.
:Parameters:
derEle : byte string
A complete DER element.
:Raise ValueError:
In case of parsing errors.
"""
if not byte_string(derEle):
raise ValueError("Input is not a byte string")
s = BytesIO_EOF(derEle)
self._decodeFromStream(s)
# There shouldn't be other bytes left
if s.remaining_data() > 0:
raise ValueError("Unexpected extra data after the DER structure")
return self
def __init__(self, factory, key, nonce, mac_len, cipher_params):
"""EAX cipher mode"""
self.block_size = factory.block_size
"""The block size of the underlying cipher, in bytes."""
self.nonce = nonce
"""The nonce originally used to create the object."""
self._mac_len = mac_len
self._mac_tag = None # Cache for MAC tag
# Allowed transitions after initialization
self._next = [self.update, self.encrypt, self.decrypt, self.digest, self.verify]
# MAC tag length
if not (4 <= self._mac_len <= self.block_size):
raise ValueError("Parameter 'mac_len' must not be larger than %d" % self.block_size)
# Nonce cannot be empty and must be a byte string
if len(nonce) == 0:
raise ValueError("Nonce cannot be empty in EAX mode")
if not byte_string(nonce):
raise TypeError("Nonce must be a byte string")
self._omac = [
CMAC.new(key, bchr(0) * (self.block_size - 1) + bchr(i), ciphermod=factory, cipher_params=cipher_params)
for i in xrange(0, 3)
]
# Compute MAC of nonce
self._omac[0].update(nonce)
self._signer = self._omac[1]
# MAC of the nonce is also the initial counter for CTR encryption
counter_int = bytes_to_long(self._omac[0].digest())
self._cipher = factory.new(key, factory.MODE_CTR, initial_value=counter_int, nonce=b(""), **cipher_params)
def expect_byte_string(data):
if not byte_string(data) and not isinstance(data, Array):
raise TypeError("Only byte strings can be passed to C code")
def __init__(self, factory, key, nonce, mac_len, cipher_params):
self.block_size = factory.block_size
if self.block_size != 16:
raise ValueError("GCM mode is only available for ciphers"
" that operate on 128 bits blocks")
if len(nonce) == 0:
raise ValueError("Nonce cannot be empty")
if not byte_string(nonce):
raise TypeError("Nonce must be a byte string")
self.nonce = nonce
"""Nonce"""
self._factory = factory
self._key = key
self._tag = None # Cache for MAC tag
self._mac_len = mac_len
if not (4 <= mac_len <= 16):
raise ValueError("Parameter 'mac_len' must be in the range 4..16")
# Allowed transitions after initialization
self._next = [self.update, self.encrypt, self.decrypt,
self.digest, self.verify]
self._no_more_assoc_data = False
# Length of associated data
self._auth_len = 0
# Length of the ciphertext or plaintext
self._msg_len = 0
# Step 1 in SP800-38D, Algorithm 4 (encryption) - Compute H
# See also Algorithm 5 (decryption)
hash_subkey = factory.new(key,
self._factory.MODE_ECB,
**cipher_params
).encrypt(bchr(0) * 16)
# Step 2 - Compute J0 (integer, not byte string!)
if len(nonce) == 12:
self._j0 = bytes_to_long(nonce + b("\x00\x00\x00\x01"))
else:
fill = (16 - (len(nonce) % 16)) % 16 + 8
ghash_in = (nonce +
bchr(0) * fill +
long_to_bytes(8 * len(nonce), 8))
self._j0 = bytes_to_long(_GHASH(hash_subkey)
.update(ghash_in)
.digest())
# Step 3 - Prepare GCTR cipher for encryption/decryption
self._cipher = factory.new(key,
self._factory.MODE_CTR,
initial_value=self._j0 + 1,
nonce=b(""),
**cipher_params)
# Step 5 - Bootstrat GHASH
self._signer = _GHASH(hash_subkey)
# Step 6 - Prepare GCTR cipher for GMAC
self._tag_cipher = factory.new(key,
self._factory.MODE_CTR,
initial_value=self._j0,
nonce=b(""),
**cipher_params)
# Cache for data to authenticate
self._cache = b("")
self._status = MacStatus.PROCESSING_AUTH_DATA
def __init__(self, factory, key, nonce, mac_len, cipher_params):
self.block_size = factory.block_size
if self.block_size != 16:
raise ValueError("GCM mode is only available for ciphers"
" that operate on 128 bits blocks")
if len(nonce) == 0:
raise ValueError("Nonce cannot be empty")
if not byte_string(nonce):
raise TypeError("Nonce must be a byte string")
self.nonce = nonce
"""Nonce"""
self._factory = factory
self._key = key
self._tag = None # Cache for MAC tag
self._mac_len = mac_len
if not (4 <= mac_len <= 16):
raise ValueError("Parameter 'mac_len' must be in the range 4..16")
# Allowed transitions after initialization
self._next = [self.update, self.encrypt, self.decrypt,
self.digest, self.verify]
self._no_more_assoc_data = False
# Length of associated data
self._auth_len = 0
# Length of the ciphertext or plaintext
self._msg_len = 0
# Step 1 in SP800-38D, Algorithm 4 (encryption) - Compute H
# See also Algorithm 5 (decryption)
hash_subkey = factory.new(key,
self._factory.MODE_ECB,
**cipher_params
).encrypt(bchr(0) * 16)
# Step 2 - Compute J0 (integer, not byte string!)
if len(nonce) == 12:
self._j0 = bytes_to_long(nonce + b("\x00\x00\x00\x01"))
else:
fill = (16 - (len(nonce) % 16)) % 16 + 8
ghash_in = (nonce +
bchr(0) * fill +
long_to_bytes(8 * len(nonce), 8))
self._j0 = bytes_to_long(_GHASH(hash_subkey)
.update(ghash_in)
.digest())
# Step 3 - Prepare GCTR cipher for encryption/decryption
self._cipher = factory.new(key,
self._factory.MODE_CTR,
initial_value=self._j0 + 1,
nonce=b(""),
**cipher_params)
# Step 5 - Bootstrat GHASH
self._signer = _GHASH(hash_subkey)
# Step 6 - Prepare GCTR cipher for GMAC
self._tag_cipher = factory.new(key,
self._factory.MODE_CTR,
initial_value=self._j0,
nonce=b(""),
**cipher_params)
# Cache for data to authenticate
self._cache = b("")
self._status = MacStatus.PROCESSING_AUTH_DATA
def expect_byte_string(data):
if not byte_string(data) and not isinstance(data, Array):
raise TypeError("Only byte strings can be passed to C code")