def New(): """ Constructs and returns a new _Session instance, containing a newly-generated AES key and random nonce. """ return _Session.__Create(keys.AesKey.Generate(), util.RandBytes(SESSION_NONCE_SIZE))
def Generate(size=keyinfo.HMAC_SHA1.default_size): """ Return a newly generated HMAC-SHA1 key. @param size: length of key in bits to generate @type size: integer @return: an HMAC-SHA1 key @rtype: L{HmacKey} """ key_bytes = util.RandBytes(size / 8) key_string = util.Base64WSEncode(key_bytes) return HmacKey(key_string, size)
def Generate(size=keyinfo.AES.default_size): """ Return a newly generated AES key. @param size: length of key in bits to generate @type size: integer @return: an AES key @rtype: L{AesKey} """ key_bytes = util.RandBytes(size / 8) key_string = util.Base64WSEncode(key_bytes) hmac_key = HmacKey.Generate() # use default HMAC-SHA1 key size return AesKey(key_string, hmac_key, size)
def Encrypt(self, data): """ Return ciphertext byte string containing Header|IV|Ciph|Sig. @param data: plaintext to be encrypted. @type data: string @return: raw byte string ciphertext formatted to have Header|IV|Ciph|Sig. @rtype: string """ data = self.__Pad(data) iv_bytes = util.RandBytes(self.block_size) ciph_bytes = AES.new(self.key_bytes, AES.MODE_CBC, iv_bytes).encrypt(data) msg_bytes = self.Header() + iv_bytes + ciph_bytes sig_bytes = self.hmac_key.Sign(msg_bytes) # Sign bytes return msg_bytes + sig_bytes
def __init__(self, key, output_stream): """ Constructor @param key: Keyczar Key to perform the padding, verification, cipher creation needed by this stream @type key: Key @param output_stream: stream for encrypted output @type output_stream: 'file-like' object """ self.__key = key self.__output_stream = output_stream self.__data = '' self.__closed = False self.__hmac_stream = key.hmac_key.CreateStreamable() iv_bytes = util.RandBytes(key.block_size) self.__cipher = AES.new(key.key_bytes, AES.MODE_CBC, iv_bytes) hdr = key.Header() self.__hmac_stream.Update(hdr + iv_bytes) self.__output_stream.write(hdr + iv_bytes)
def __Encode(self, msg, label=""): if len(label) >= 2**61: # the input limit for SHA-1 raise errors.KeyczarError("OAEP parameter string too long.") k = int(math.floor(math.log(self.key.n, 256)) + 1) # num bytes in n if len(msg) > k - 2 * util.HLEN - 2: raise errors.KeyczarError("Message too long to OAEP encode.") label_hash = util.Hash(label) pad_octets = (k - len(msg) - 2 * util.HLEN - 2) # Number of zeros to pad if pad_octets < 0: raise errors.KeyczarError("Message is too long: %d" % len(msg)) datablock = label_hash + ('\x00' * pad_octets) + '\x01' + msg seed = util.RandBytes(util.HLEN) # Steps 2e, f datablock_mask = util.MGF(seed, k - util.HLEN - 1) masked_datablock = util.Xor(datablock, datablock_mask) # Steps 2g, h seed_mask = util.MGF(masked_datablock, util.HLEN) masked_seed = util.Xor(seed, seed_mask) # Step 2i: Construct the encoded message return '\x00' + masked_seed + masked_datablock