def random(self, data_len):
"""Generate random bytes.
All RNG implementations must be thread-safe."""
data = Buffer(data_len)
status = self._lib_vscf_key_material_rng.vscf_key_material_rng_random(self.ctx, data_len, data.c_buffer)
VscfStatus.handle_status(status)
return data.get_bytes()
def generate_update_token_oneparty(self):
"""Generates update token for one-party mode"""
update_token = Buffer(Common.PHE_PRIVATE_KEY_LENGTH)
status = self._lib_vsce_uokms_client.vsce_uokms_client_generate_update_token_oneparty(
self.ctx, update_token.c_buffer)
VsceStatus.handle_status(status)
return update_token.get_bytes()
def decrypt(self, message, public_key):
"""Decrypts message"""
plain_text = Buffer(self.decrypt_len(message=message))
status = self._lib_vscf_group_session.vscf_group_session_decrypt(
self.ctx, message.ctx, public_key.c_impl, plain_text.c_buffer)
VscfStatus.handle_status(status)
return plain_text.get_bytes()
def harden(self, identity_secret, blinded_point):
d_identity_secret = Data(identity_secret)
d_blinded_point = Data(blinded_point)
hardened_point = Buffer(self.POINT_LEN)
status = self._lib_vscf_brainkey_server.vscf_brainkey_server_harden(self.ctx, d_identity_secret.data, d_blinded_point.data, hardened_point.c_buffer)
VscfStatus.handle_status(status)
return hardened_point.get_bytes()
def compute_public_key_id(self, public_key):
"""Computes 8 bytes key pair id from Curve25519 (in PKCS8 or raw format) public key"""
d_public_key = Data(public_key)
key_id = Buffer(Common.KEY_ID_LEN)
status = self._lib_vscr_ratchet_key_id.vscr_ratchet_key_id_compute_public_key_id(self.ctx, d_public_key.data, key_id.c_buffer)
VscrStatus.handle_status(status)
return key_id.get_bytes()
def mac(self, key, data):
"""Calculate MAC over given data."""
d_key = Data(key)
d_data = Data(data)
mac = Buffer(self.digest_len())
self._lib_vscf_hmac.vscf_hmac_mac(self.ctx, d_key.data, d_data.data, mac.c_buffer)
return mac.get_bytes()
def process_encryption(self, data):
"""Process encryption of a new portion of data."""
d_data = Data(data)
out = Buffer(self.encryption_out_len(data_len=len(data)))
status = self._lib_vscf_recipient_cipher.vscf_recipient_cipher_process_encryption(self.ctx, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def generate_client_private_key(self):
"""Generates client private key"""
client_private_key = Buffer(Common.PHE_PRIVATE_KEY_LENGTH)
status = self._lib_vsce_uokms_client.vsce_uokms_client_generate_client_private_key(
self.ctx, client_private_key.c_buffer)
VsceStatus.handle_status(status)
return client_private_key.get_bytes()
def decrypt(self, message):
"""Decrypts message"""
plain_text = Buffer(self.decrypt_len(message=message))
status = self._lib_vscr_ratchet_session.vscr_ratchet_session_decrypt(
self.ctx, message.ctx, plain_text.c_buffer)
VscrStatus.handle_status(status)
return plain_text.get_bytes()
def pack(self):
"""Return serialized message info.
Precondition: this method can be called after "apply"."""
message_info = Buffer(self.packed_len())
self._lib_vscf_message_info_editor.vscf_message_info_editor_pack(
self.ctx, message_info.c_buffer)
return message_info.get_bytes()
def unwrap(self, pem):
"""Takes PEM data and extract binary data from it."""
d_pem = Data(pem)
data = Buffer(self.unwrapped_len(pem_len=len(pem)))
status = self._lib_vscf_pem.vscf_pem_unwrap(d_pem.data, data.c_buffer)
VscfStatus.handle_status(status)
return data.get_bytes()
def sign_hash(self, private_key, hash_id, digest):
"""Sign data digest with a given private key."""
d_digest = Data(digest)
signature = Buffer(self.signature_len(private_key=private_key))
status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_sign_hash(self.ctx, private_key.c_impl, hash_id, d_digest.data, signature.c_buffer)
VscfStatus.handle_status(status)
return signature.get_bytes()
def encrypt(self, public_key, data):
"""Encrypt data with a given public key."""
d_data = Data(data)
out = Buffer(self.encrypted_len(public_key=public_key, data_len=len(data)))
status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_encrypt(self.ctx, public_key.c_impl, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def decrypt(self, private_key, data):
"""Decrypt given data."""
d_data = Data(data)
out = Buffer(self.decrypted_len(private_key=private_key, data_len=len(data)))
status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_decrypt(self.ctx, private_key.c_impl, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def finish_padded_data_processing(self):
"""Accomplish padded data processing and return left data without a padding."""
out = Buffer(self.finish_padded_data_processing_out_len())
status = self._lib_vscf_random_padding.vscf_random_padding_finish_padded_data_processing(
self.ctx, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def derive(self, data, key_len):
"""Derive key of the requested length from the given data."""
d_data = Data(data)
key = Buffer(key_len)
self._lib_vscf_kdf2.vscf_kdf2_derive(self.ctx, d_data.data, key_len,
key.c_buffer)
return key.get_bytes()
def finish(self):
"""Accomplish encryption or decryption process."""
out = Buffer(self.out_len(data_len=0))
status = self._lib_vscf_aes256_cbc.vscf_aes256_cbc_finish(
self.ctx, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def sign(self, private_key):
"""Accomplish signing and return signature."""
signature = Buffer(self.signature_len(private_key=private_key))
status = self._lib_vscf_signer.vscf_signer_sign(
self.ctx, private_key.c_impl, signature.c_buffer)
VscfStatus.handle_status(status)
return signature.get_bytes()
def update(self, data):
"""Process encryption or decryption of the given data chunk."""
d_data = Data(data)
out = Buffer(self.out_len(data_len=len(data)))
self._lib_vscf_aes256_cbc.vscf_aes256_cbc_update(
self.ctx, d_data.data, out.c_buffer)
return out.get_bytes()
def kem_decapsulate(self, encapsulated_key, private_key):
"""Decapsulate the shared key."""
d_encapsulated_key = Data(encapsulated_key)
shared_key = Buffer(self.kem_shared_key_len(key=private_key))
status = self._lib_vscf_ecc.vscf_ecc_kem_decapsulate(self.ctx, d_encapsulated_key.data, private_key.c_impl, shared_key.c_buffer)
VscfStatus.handle_status(status)
return shared_key.get_bytes()
def compute_shared_key(self, public_key, private_key):
"""Compute shared key for 2 asymmetric keys.
Note, computed shared key can be used only within symmetric cryptography."""
shared_key = Buffer(self.shared_key_len(key=private_key))
status = self._lib_vscf_ecc.vscf_ecc_compute_shared_key(self.ctx, public_key.c_impl, private_key.c_impl, shared_key.c_buffer)
VscfStatus.handle_status(status)
return shared_key.get_bytes()
def gather(self, len):
"""Gather entropy of the requested length."""
out = Buffer(len)
status = self._lib_vscf_seed_entropy_source.vscf_seed_entropy_source_gather(
self.ctx, len, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def encode(self, data):
"""Encode given data to the base64 format.
Note, written buffer is NOT null-terminated."""
d_data = Data(data)
str = Buffer(self.encoded_len(data_len=len(data)))
self._lib_vscf_base64.vscf_base64_encode(d_data.data, str.c_buffer)
return str.get_bytes()
def wrap(self, title, data):
"""Takes binary data and wraps it to the simple PEM format - no
additional information just header-base64-footer.
Note, written buffer is NOT null-terminated."""
d_data = Data(data)
pem = Buffer(self.wrapped_len(title=title, data_len=len(data)))
self._lib_vscf_pem.vscf_pem_wrap(title, d_data.data, pem.c_buffer)
return pem.get_bytes()
def encrypt(self, data):
"""Encrypt given data."""
d_data = Data(data)
out = Buffer(self.encrypted_len(data_len=len(data)))
status = self._lib_vscf_aes256_cbc.vscf_aes256_cbc_encrypt(
self.ctx, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def decrypt(self, cipher_text, account_key):
"""Decrypts data using account key"""
d_cipher_text = Data(cipher_text)
d_account_key = Data(account_key)
plain_text = Buffer(self.decrypt_len(cipher_text_len=len(cipher_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_decrypt(self.ctx, d_cipher_text.data, d_account_key.data, plain_text.c_buffer)
VsceStatus.handle_status(status)
return plain_text.get_bytes()
def process_padded_data(self, data):
"""Process padded data.
Return filtered data without padding."""
d_data = Data(data)
out = Buffer(len(data))
self._lib_vscf_random_padding.vscf_random_padding_process_padded_data(
self.ctx, d_data.data, out.c_buffer)
return out.get_bytes()
def decode(self, str):
"""Decode given data from the base64 format."""
d_str = Data(str)
data = Buffer(self.decoded_len(str_len=len(str)))
status = self._lib_vscf_base64.vscf_base64_decode(
d_str.data, data.c_buffer)
VscfStatus.handle_status(status)
return data.get_bytes()
def decrypt(self, message, sender_id):
"""Decrypts message"""
d_sender_id = Data(sender_id)
plain_text = Buffer(self.decrypt_len(message=message))
status = self._lib_vscr_ratchet_group_session.vscr_ratchet_group_session_decrypt(
self.ctx, message.ctx, d_sender_id.data, plain_text.c_buffer)
VscrStatus.handle_status(status)
return plain_text.get_bytes()
def decrypt(self, data):
"""Decrypt given data."""
d_data = Data(data)
out = Buffer(self.decrypted_len(data_len=len(data)))
status = self._lib_vscf_pkcs5_pbes2.vscf_pkcs5_pbes2_decrypt(
self.ctx, d_data.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()