def _update(self, assoc_data_pt=b""):
"""Update the MAC with associated data or plaintext
(without FSM checks)"""
# If MAC has not started yet, we just park the data into a list.
# If the data is mutable, we create a copy and store that instead.
if self._mac_status == MacStatus.NOT_STARTED:
if is_writeable_buffer(assoc_data_pt):
assoc_data_pt = _copy_bytes(None, None, assoc_data_pt)
self._cache.append(assoc_data_pt)
return
assert (len(self._cache) < self.block_size)
if len(self._cache) > 0:
filler = min(self.block_size - len(self._cache),
len(assoc_data_pt))
self._cache += _copy_bytes(None, filler, assoc_data_pt)
assoc_data_pt = _copy_bytes(filler, None, assoc_data_pt)
if len(self._cache) < self.block_size:
return
# The cache is exactly one block
self._t = self._mac.encrypt(self._cache)
self._cache = b""
update_len = len(assoc_data_pt) // self.block_size * self.block_size
self._cache = _copy_bytes(update_len, None, assoc_data_pt)
if update_len > 0:
self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:]
def _encrypt(self, plaintext, output):
"""Encrypt without FSM checks"""
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = _raw_chacha20_lib.chacha20_encrypt(
self._state.get(),
c_uint8_ptr(plaintext),
c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
raise ValueError("Error %d while encrypting with ChaCha20" % result)
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def _encrypt(self, plaintext, output):
"""Encrypt without FSM checks"""
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError(
"output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = _raw_chacha20_lib.chacha20_encrypt(self._state.get(),
c_uint8_ptr(plaintext),
c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
raise ValueError("Error %d while encrypting with %s" %
(result, self._name))
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def decrypt(self, ciphertext, output=None):
"""Decrypt data with the key and the parameters set at initialization.
A cipher object is stateful: once you have decrypted a message
you cannot decrypt (or encrypt) another message with the same
object.
The data to decrypt can be broken up in two or
more pieces and `decrypt` can be called multiple times.
That is, the statement:
>>> c.decrypt(a) + c.decrypt(b)
is equivalent to:
>>> c.decrypt(a+b)
This function does not remove any padding from the plaintext.
:Parameters:
ciphertext : bytes/bytearray/memoryview
The piece of data to decrypt.
It can be of any length.
:Keywords:
output : bytearray/memoryview
The location where the plaintext is written to.
If ``None``, the plaintext is returned.
:Return:
If ``output`` is ``None``, the plaintext is returned as ``bytes``.
Otherwise, ``None``.
"""
if self.decrypt not in self._next:
raise TypeError("decrypt() cannot be called after encrypt()")
self._next = [self.decrypt]
if output is None:
plaintext = create_string_buffer(len(ciphertext))
else:
plaintext = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(ciphertext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = raw_ofb_lib.OFB_decrypt(self._state.get(),
c_uint8_ptr(ciphertext),
c_uint8_ptr(plaintext),
c_size_t(len(ciphertext)))
if result:
raise ValueError("Error %d while decrypting in OFB mode" % result)
if output is None:
return get_raw_buffer(plaintext)
else:
return None
def _update(self, assoc_data_pt=b""):
"""Update the MAC with associated data or plaintext
(without FSM checks)"""
# If MAC has not started yet, we just park the data into a list.
# If the data is mutable, we create a copy and store that instead.
if self._mac_status == MacStatus.NOT_STARTED:
if is_writeable_buffer(assoc_data_pt):
assoc_data_pt = _copy_bytes(None, None, assoc_data_pt)
self._cache.append(assoc_data_pt)
return
assert(len(self._cache) < self.block_size)
if len(self._cache) > 0:
filler = min(self.block_size - len(self._cache),
len(assoc_data_pt))
self._cache += _copy_bytes(None, filler, assoc_data_pt)
assoc_data_pt = _copy_bytes(filler, None, assoc_data_pt)
if len(self._cache) < self.block_size:
return
# The cache is exactly one block
self._t = self._mac.encrypt(self._cache)
self._cache = b""
update_len = len(assoc_data_pt) // self.block_size * self.block_size
self._cache = _copy_bytes(update_len, None, assoc_data_pt)
if update_len > 0:
self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:]
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key set at initialization.
The data to encrypt can be broken up in two or
more pieces and `encrypt` can be called multiple times.
That is, the statement:
>>> c.encrypt(a) + c.encrypt(b)
is equivalent to:
>>> c.encrypt(a+b)
This function does not add any padding to the plaintext.
:Parameters:
plaintext : bytes/bytearray/memoryview
The piece of data to encrypt.
The length must be multiple of the cipher block length.
:Keywords:
output : bytearray/memoryview
The location where the ciphertext must be written to.
If ``None``, the ciphertext is returned.
:Return:
If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
Otherwise, ``None``.
"""
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError(
"output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = raw_ecb_lib.ECB_encrypt(self._state.get(),
c_uint8_ptr(plaintext),
c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
if result == 3:
raise ValueError(
"Data must be aligned to block boundary in ECB mode")
raise ValueError("Error %d while encrypting in ECB mode" % result)
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key set at initialization.
The data to encrypt can be broken up in two or
more pieces and `encrypt` can be called multiple times.
That is, the statement:
>>> c.encrypt(a) + c.encrypt(b)
is equivalent to:
>>> c.encrypt(a+b)
This function does not add any padding to the plaintext.
:Parameters:
plaintext : bytes/bytearray/memoryview
The piece of data to encrypt.
The length must be multiple of the cipher block length.
:Keywords:
output : bytearray/memoryview
The location where the ciphertext must be written to.
If ``None``, the ciphertext is returned.
:Return:
If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
Otherwise, ``None``.
"""
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = raw_ecb_lib.ECB_encrypt(self._state.get(),
c_uint8_ptr(plaintext),
c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
if result == 3:
raise ValueError("Data must be aligned to block boundary in ECB mode")
raise ValueError("Error %d while encrypting in ECB mode" % result)
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def strxor(term1, term2, output=None):
"""From two byte strings of equal length,
create a third one which is the byte-by-byte XOR of the two.
Args:
term1 (bytes/bytearray/memoryview):
The first byte string to XOR.
term2 (bytes/bytearray/memoryview):
The second byte string to XOR.
output (bytearray/memoryview):
The location where the result will be written to.
It must have the same length as ``term1`` and ``term2``.
If ``None``, the result is returned.
:Return:
If ``output`` is ``None``, a new byte string with the result.
Otherwise ``None``.
.. note::
``term1`` and ``term2`` must have the same length.
"""
if len(term1) != len(term2):
raise ValueError("Only byte strings of equal length can be xored")
if output is None:
result = create_string_buffer(len(term1))
else:
# Note: output may overlap with either input
result = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(term1) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(term1))
_raw_strxor.strxor(c_uint8_ptr(term1), c_uint8_ptr(term2),
c_uint8_ptr(result), c_size_t(len(term1)))
if output is None:
return get_raw_buffer(result)
else:
return None
def strxor_c(term, c, output=None):
"""From a byte string, create a second one of equal length
where each byte is XOR-red with the same value.
Args:
term(bytes/bytearray/memoryview):
The byte string to XOR.
c (int):
Every byte in the string will be XOR-ed with this value.
It must be between 0 and 255 (included).
output (None or bytearray/memoryview):
The location where the result will be written to.
It must have the same length as ``term``.
If ``None``, the result is returned.
Return:
If ``output`` is ``None``, a new ``bytes`` string with the result.
Otherwise ``None``.
"""
if not 0 <= c < 256:
raise ValueError("c must be in range(256)")
if output is None:
result = create_string_buffer(len(term))
else:
# Note: output may overlap with either input
result = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(term) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(term))
_raw_strxor.strxor_c(c_uint8_ptr(term), c, c_uint8_ptr(result),
c_size_t(len(term)))
if output is None:
return get_raw_buffer(result)
else:
return None
def strxor_c(term, c, output=None):
"""XOR a byte string with a repeated sequence of characters.
Args:
term(bytes/bytearray/memoryview):
The first term of the XOR operation.
c (bytes):
The byte that makes up the second term of the XOR operation.
output (None or bytearray/memoryview):
If not ``None``, the location where the result is stored into.
Return:
If ``output`` is ``None``, a new ``bytes`` string with the result.
Otherwise ``None``.
"""
if not 0 <= c < 256:
raise ValueError("c must be in range(256)")
if output is None:
result = create_string_buffer(len(term))
else:
# Note: output may overlap with either input
result = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(term) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(term))
_raw_strxor.strxor_c(c_uint8_ptr(term),
c,
c_uint8_ptr(result),
c_size_t(len(term))
)
if output is None:
return get_raw_buffer(result)
else:
return None
def strxor(term1, term2, output=None):
"""XOR two byte strings.
Args:
term1 (bytes/bytearray/memoryview):
The first term of the XOR operation.
term2 (bytes/bytearray/memoryview):
The second term of the XOR operation.
output (bytearray/memoryview):
The location where the result must be written to.
If ``None``, the result is returned.
:Return:
If ``output`` is ``None``, a new ``bytes`` string with the result.
Otherwise ``None``.
"""
if len(term1) != len(term2):
raise ValueError("Only byte strings of equal length can be xored")
if output is None:
result = create_string_buffer(len(term1))
else:
# Note: output may overlap with either input
result = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(term1) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(term1))
_raw_strxor.strxor(c_uint8_ptr(term1),
c_uint8_ptr(term2),
c_uint8_ptr(result),
c_size_t(len(term1)))
if output is None:
return get_raw_buffer(result)
else:
return None
def strxor_c(term, c, output=None):
"""XOR a byte string with a repeated sequence of characters.
Args:
term(bytes/bytearray/memoryview):
The first term of the XOR operation.
c (bytes):
The byte that makes up the second term of the XOR operation.
output (None or bytearray/memoryview):
If not ``None``, the location where the result is stored into.
Return:
If ``output`` is ``None``, a new ``bytes`` string with the result.
Otherwise ``None``.
"""
if not 0 <= c < 256:
raise ValueError("c must be in range(256)")
if output is None:
result = create_string_buffer(len(term))
else:
# Note: output may overlap with either input
result = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(term) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(term))
_raw_strxor.strxor_c(c_uint8_ptr(term), c, c_uint8_ptr(result),
c_size_t(len(term)))
if output is None:
return get_raw_buffer(result)
else:
return None
def strxor(term1, term2, output=None):
"""XOR two byte strings.
Args:
term1 (bytes/bytearray/memoryview):
The first term of the XOR operation.
term2 (bytes/bytearray/memoryview):
The second term of the XOR operation.
output (bytearray/memoryview):
The location where the result must be written to.
If ``None``, the result is returned.
:Return:
If ``output`` is ``None``, a new ``bytes`` string with the result.
Otherwise ``None``.
"""
if len(term1) != len(term2):
raise ValueError("Only byte strings of equal length can be xored")
if output is None:
result = create_string_buffer(len(term1))
else:
# Note: output may overlap with either input
result = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(term1) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(term1))
_raw_strxor.strxor(c_uint8_ptr(term1), c_uint8_ptr(term2),
c_uint8_ptr(result), c_size_t(len(term1)))
if output is None:
return get_raw_buffer(result)
else:
return None
def encrypt(self, plaintext, output=None):
"""Encrypt a piece of data.
Args:
plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
Keyword Args:
output(bytes/bytearray/memoryview): The location where the ciphertext
is written to. If ``None``, the ciphertext is returned.
Returns:
If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
Otherwise, ``None``.
"""
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError(
"output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError(
"output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = _raw_salsa20_lib.Salsa20_stream_encrypt(
self._state.get(), c_uint8_ptr(plaintext), c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
raise ValueError("Error %d while encrypting with Salsa20" % result)
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def encrypt(self, plaintext, output=None):
"""Encrypt a piece of data.
Args:
plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
Keyword Args:
output(bytes/bytearray/memoryview): The location where the ciphertext
is written to. If ``None``, the ciphertext is returned.
Returns:
If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
Otherwise, ``None``.
"""
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = _raw_salsa20_lib.Salsa20_stream_encrypt(
self._state.get(),
c_uint8_ptr(plaintext),
c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
raise ValueError("Error %d while encrypting with Salsa20" % result)
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key and the parameters set at initialization.
A cipher object is stateful: once you have encrypted a message
you cannot encrypt (or decrypt) another message using the same
object.
The data to encrypt can be broken up in two or
more pieces and `encrypt` can be called multiple times.
That is, the statement:
>>> c.encrypt(a) + c.encrypt(b)
is equivalent to:
>>> c.encrypt(a+b)
This function does not add any padding to the plaintext.
:Parameters:
plaintext : bytes/bytearray/memoryview
The piece of data to encrypt.
It can be of any length.
:Keywords:
output : bytearray/memoryview
The location where the ciphertext must be written to.
If ``None``, the ciphertext is returned.
:Return:
If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
Otherwise, ``None``.
"""
if self.encrypt not in self._next:
raise TypeError("encrypt() cannot be called after decrypt()")
self._next = [self.encrypt]
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = raw_ctr_lib.CTR_encrypt(self._state.get(),
c_uint8_ptr(plaintext),
c_uint8_ptr(ciphertext),
c_size_t(len(plaintext)))
if result:
if result == 0x60002:
raise OverflowError("The counter has wrapped around in"
" CTR mode")
raise ValueError("Error %X while encrypting in CTR mode" % result)
if output is None:
return get_raw_buffer(ciphertext)
else:
return None
def decrypt(self, ciphertext, output=None):
"""Decrypt data with the key and the parameters set at initialization.
A cipher object is stateful: once you have decrypted a message
you cannot decrypt (or encrypt) another message with the same
object.
The data to decrypt can be broken up in two or
more pieces and `decrypt` can be called multiple times.
That is, the statement:
>>> c.decrypt(a) + c.decrypt(b)
is equivalent to:
>>> c.decrypt(a+b)
This function does not remove any padding from the plaintext.
:Parameters:
ciphertext : bytes/bytearray/memoryview
The piece of data to decrypt.
Its length must be multiple of the cipher block size.
:Keywords:
output : bytearray/memoryview
The location where the plaintext must be written to.
If ``None``, the plaintext is returned.
:Return:
If ``output`` is ``None``, the plaintext is returned as ``bytes``.
Otherwise, ``None``.
"""
if self.decrypt not in self._next:
raise TypeError("decrypt() cannot be called after encrypt()")
self._next = [ self.decrypt ]
if output is None:
plaintext = create_string_buffer(len(ciphertext))
else:
plaintext = output
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
if len(ciphertext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
result = raw_cbc_lib.CBC_decrypt(self._state.get(),
c_uint8_ptr(ciphertext),
c_uint8_ptr(plaintext),
c_size_t(len(ciphertext)))
if result:
if result == 3:
raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
raise ValueError("Error %d while decrypting in CBC mode" % result)
if output is None:
return get_raw_buffer(plaintext)
else:
return None
