def kem_encapsulate(self, public_key): """Generate a shared key and a key encapsulated message.""" shared_key = Buffer(self.kem_shared_key_len(key=public_key)) encapsulated_key = Buffer(self.kem_encapsulated_key_len(public_key=public_key)) status = self._lib_vscf_ecc.vscf_ecc_kem_encapsulate(self.ctx, public_key.c_impl, shared_key.c_buffer, encapsulated_key.c_buffer) VscfStatus.handle_status(status) return shared_key.get_bytes(), encapsulated_key.get_bytes()
def generate_server_key_pair(self): """Generates new NIST P-256 server key pair for some client""" server_private_key = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) server_public_key = Buffer(Common.PHE_PUBLIC_KEY_LENGTH) status = self._lib_vsce_uokms_server.vsce_uokms_server_generate_server_key_pair(self.ctx, server_private_key.c_buffer, server_public_key.c_buffer) VsceStatus.handle_status(status) return server_private_key.get_bytes(), server_public_key.get_bytes()
def blind(self, password): d_password = Data(password) deblind_factor = Buffer(self.MPI_LEN) blinded_point = Buffer(self.POINT_LEN) status = self._lib_vscf_brainkey_client.vscf_brainkey_client_blind( self.ctx, d_password.data, deblind_factor.c_buffer, blinded_point.c_buffer) VscfStatus.handle_status(status) return deblind_factor.get_bytes(), blinded_point.get_bytes()
def rotate_keys(self, server_private_key): """Updates server's private and public keys and issues an update token for use on client's side""" d_server_private_key = Data(server_private_key) new_server_private_key = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) new_server_public_key = Buffer(Common.PHE_PUBLIC_KEY_LENGTH) update_token = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) status = self._lib_vsce_uokms_server.vsce_uokms_server_rotate_keys(self.ctx, d_server_private_key.data, new_server_private_key.c_buffer, new_server_public_key.c_buffer, update_token.c_buffer) VsceStatus.handle_status(status) return new_server_private_key.get_bytes(), new_server_public_key.get_bytes(), update_token.get_bytes()
def generate_encrypt_wrap(self, encryption_key_len): """Generates new encrypt wrap (which should be stored and then used for decryption) + encryption key of "encryption key len" that can be used for symmetric encryption""" wrap = Buffer(Common.PHE_PUBLIC_KEY_LENGTH) encryption_key = Buffer(encryption_key_len) status = self._lib_vsce_uokms_client.vsce_uokms_client_generate_encrypt_wrap( self.ctx, encryption_key_len, wrap.c_buffer, encryption_key.c_buffer) VsceStatus.handle_status(status) return wrap.get_bytes(), encryption_key.get_bytes()
def generate_decrypt_request(self, wrap): """Generates request to decrypt data, this request should be sent to the server. Server response is then passed to "process decrypt response" where encryption key can be decapsulated""" d_wrap = Data(wrap) deblind_factor = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) decrypt_request = Buffer(Common.PHE_PUBLIC_KEY_LENGTH) status = self._lib_vsce_uokms_client.vsce_uokms_client_generate_decrypt_request( self.ctx, d_wrap.data, deblind_factor.c_buffer, decrypt_request.c_buffer) VsceStatus.handle_status(status) return deblind_factor.get_bytes(), decrypt_request.get_bytes()
def finish_auth_encryption(self): """Accomplish an authenticated encryption and place tag separately. Note, if authentication tag should be added to an encrypted data, method "finish" can be used.""" out = Buffer(self.out_len(data_len=0)) tag = Buffer(self.AUTH_TAG_LEN) status = self._lib_vscf_aes256_gcm.vscf_aes256_gcm_finish_auth_encryption( self.ctx, out.c_buffer, tag.c_buffer) VscfStatus.handle_status(status) return out.get_bytes(), tag.get_bytes()
def blind(self, password): """Blinds password. Turns password into a pseudo-random string. This step is necessary to prevent 3rd-parties from knowledge of end user's password.""" d_password = Data(password) blinded_password = Buffer(self.blinded_password_buf_len()) blinding_secret = Buffer(self.blinding_secret_buf_len()) status = self._lib_vscp_pythia.vscp_pythia_blind( d_password.data, blinded_password.c_buffer, blinding_secret.c_buffer) VscpStatus.handle_status(status) return blinded_password.get_bytes(), blinding_secret.get_bytes()
def rotate_keys(self, update_token): """Rotates client and server keys using given update token obtained from server""" d_update_token = Data(update_token) new_client_private_key = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) new_server_public_key = Buffer(Common.PHE_PUBLIC_KEY_LENGTH) status = self._lib_vsce_uokms_client.vsce_uokms_client_rotate_keys( self.ctx, d_update_token.data, new_client_private_key.c_buffer, new_server_public_key.c_buffer) VsceStatus.handle_status(status) return new_client_private_key.get_bytes( ), new_server_public_key.get_bytes()
def auth_encrypt(self, data, auth_data): """Encrypt given data. If 'tag' is not given, then it will written to the 'enc'.""" d_data = Data(data) d_auth_data = Data(auth_data) out = Buffer(self.auth_encrypted_len(data_len=len(data))) tag = Buffer(self.AUTH_TAG_LEN) status = self._lib_vscf_aes256_gcm.vscf_aes256_gcm_auth_encrypt( self.ctx, d_data.data, d_auth_data.data, out.c_buffer, tag.c_buffer) VscfStatus.handle_status(status) return out.get_bytes(), tag.get_bytes()
def transform(self, blinded_password, tweak, transformation_private_key): """Transforms blinded password using transformation private key.""" d_blinded_password = Data(blinded_password) d_tweak = Data(tweak) d_transformation_private_key = Data(transformation_private_key) transformed_password = Buffer(self.transformed_password_buf_len()) transformed_tweak = Buffer(self.transformed_tweak_buf_len()) status = self._lib_vscp_pythia.vscp_pythia_transform( d_blinded_password.data, d_tweak.data, d_transformation_private_key.data, transformed_password.c_buffer, transformed_tweak.c_buffer) VscpStatus.handle_status(status) return transformed_password.get_bytes(), transformed_tweak.get_bytes()
def unwrap(self, pem): """Takes PEM data and extract binary data from it.""" d_pem = Data(pem) data = Buffer(self.unwrapped_len(pem_len=len(pem))) status = self._lib_vscf_pem.vscf_pem_unwrap(d_pem.data, data.c_buffer) VscfStatus.handle_status(status) return data.get_bytes()
def gather(self, len): """Gather entropy of the requested length.""" out = Buffer(len) status = self._lib_vscf_seed_entropy_source.vscf_seed_entropy_source_gather( self.ctx, len, out.c_buffer) VscfStatus.handle_status(status) return out.get_bytes()
def decrypt(self, private_key, data): """Decrypt given data.""" d_data = Data(data) out = Buffer(self.decrypted_len(private_key=private_key, data_len=len(data))) status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_decrypt(self.ctx, private_key.c_impl, d_data.data, out.c_buffer) VscfStatus.handle_status(status) return out.get_bytes()
def sign_hash(self, private_key, hash_id, digest): """Sign data digest with a given private key.""" d_digest = Data(digest) signature = Buffer(self.signature_len(private_key=private_key)) status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_sign_hash(self.ctx, private_key.c_impl, hash_id, d_digest.data, signature.c_buffer) VscfStatus.handle_status(status) return signature.get_bytes()
def encode(self, data): """Encode given data to the base64 format. Note, written buffer is NOT null-terminated.""" d_data = Data(data) str = Buffer(self.encoded_len(data_len=len(data))) self._lib_vscf_base64.vscf_base64_encode(d_data.data, str.c_buffer) return str.get_bytes()
def encrypt(self, public_key, data): """Encrypt data with a given public key.""" d_data = Data(data) out = Buffer(self.encrypted_len(public_key=public_key, data_len=len(data))) status = self._lib_vscf_hybrid_key_alg.vscf_hybrid_key_alg_encrypt(self.ctx, public_key.c_impl, d_data.data, out.c_buffer) VscfStatus.handle_status(status) return out.get_bytes()
def update(self, data): """Process encryption or decryption of the given data chunk.""" d_data = Data(data) out = Buffer(self.out_len(data_len=len(data))) self._lib_vscf_aes256_cbc.vscf_aes256_cbc_update( self.ctx, d_data.data, out.c_buffer) return out.get_bytes()
def generate_update_token_oneparty(self): """Generates update token for one-party mode""" update_token = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) status = self._lib_vsce_uokms_client.vsce_uokms_client_generate_update_token_oneparty( self.ctx, update_token.c_buffer) VsceStatus.handle_status(status) return update_token.get_bytes()
def decrypt(self, message, public_key): """Decrypts message""" plain_text = Buffer(self.decrypt_len(message=message)) status = self._lib_vscf_group_session.vscf_group_session_decrypt( self.ctx, message.ctx, public_key.c_impl, plain_text.c_buffer) VscfStatus.handle_status(status) return plain_text.get_bytes()
def decrypt(self, message): """Decrypts message""" plain_text = Buffer(self.decrypt_len(message=message)) status = self._lib_vscr_ratchet_session.vscr_ratchet_session_decrypt( self.ctx, message.ctx, plain_text.c_buffer) VscrStatus.handle_status(status) return plain_text.get_bytes()
def random(self, data_len): """Generate random bytes. All RNG implementations must be thread-safe.""" data = Buffer(data_len) status = self._lib_vscf_key_material_rng.vscf_key_material_rng_random(self.ctx, data_len, data.c_buffer) VscfStatus.handle_status(status) return data.get_bytes()
def compute_shared_key(self, public_key, private_key): """Compute shared key for 2 asymmetric keys. Note, computed shared key can be used only within symmetric cryptography.""" shared_key = Buffer(self.shared_key_len(key=private_key)) status = self._lib_vscf_ecc.vscf_ecc_compute_shared_key(self.ctx, public_key.c_impl, private_key.c_impl, shared_key.c_buffer) VscfStatus.handle_status(status) return shared_key.get_bytes()
def derive(self, data, key_len): """Derive key of the requested length from the given data.""" d_data = Data(data) key = Buffer(key_len) self._lib_vscf_kdf2.vscf_kdf2_derive(self.ctx, d_data.data, key_len, key.c_buffer) return key.get_bytes()
def harden(self, identity_secret, blinded_point): d_identity_secret = Data(identity_secret) d_blinded_point = Data(blinded_point) hardened_point = Buffer(self.POINT_LEN) status = self._lib_vscf_brainkey_server.vscf_brainkey_server_harden(self.ctx, d_identity_secret.data, d_blinded_point.data, hardened_point.c_buffer) VscfStatus.handle_status(status) return hardened_point.get_bytes()
def finish(self): """Accomplish encryption or decryption process.""" out = Buffer(self.out_len(data_len=0)) status = self._lib_vscf_aes256_cbc.vscf_aes256_cbc_finish( self.ctx, out.c_buffer) VscfStatus.handle_status(status) return out.get_bytes()
def finish_padded_data_processing(self): """Accomplish padded data processing and return left data without a padding.""" out = Buffer(self.finish_padded_data_processing_out_len()) status = self._lib_vscf_random_padding.vscf_random_padding_finish_padded_data_processing( self.ctx, out.c_buffer) VscfStatus.handle_status(status) return out.get_bytes()
def generate_client_private_key(self): """Generates client private key""" client_private_key = Buffer(Common.PHE_PRIVATE_KEY_LENGTH) status = self._lib_vsce_uokms_client.vsce_uokms_client_generate_client_private_key( self.ctx, client_private_key.c_buffer) VsceStatus.handle_status(status) return client_private_key.get_bytes()
def kem_decapsulate(self, encapsulated_key, private_key): """Decapsulate the shared key.""" d_encapsulated_key = Data(encapsulated_key) shared_key = Buffer(self.kem_shared_key_len(key=private_key)) status = self._lib_vscf_ecc.vscf_ecc_kem_decapsulate(self.ctx, d_encapsulated_key.data, private_key.c_impl, shared_key.c_buffer) VscfStatus.handle_status(status) return shared_key.get_bytes()
def compute_public_key_id(self, public_key): """Computes 8 bytes key pair id from Curve25519 (in PKCS8 or raw format) public key""" d_public_key = Data(public_key) key_id = Buffer(Common.KEY_ID_LEN) status = self._lib_vscr_ratchet_key_id.vscr_ratchet_key_id_compute_public_key_id(self.ctx, d_public_key.data, key_id.c_buffer) VscrStatus.handle_status(status) return key_id.get_bytes()