def start_decryption_with_key(self, recipient_id, private_key, message_info):
"""Initiate decryption process with a recipient private key.
Message Info can be empty if it was embedded to encrypted data."""
d_recipient_id = Data(recipient_id)
d_message_info = Data(message_info)
status = self._lib_vscf_recipient_cipher.vscf_recipient_cipher_start_decryption_with_key(self.ctx, d_recipient_id.data, private_key.c_impl, d_message_info.data)
VscfStatus.handle_status(status)
def mac(self, key, data):
"""Calculate MAC over given data."""
d_key = Data(key)
d_data = Data(data)
mac = Buffer(self.digest_len())
self._lib_vscf_hmac.vscf_hmac_mac(self.ctx, d_key.data, d_data.data, mac.c_buffer)
return mac.get_bytes()
def harden(self, identity_secret, blinded_point):
d_identity_secret = Data(identity_secret)
d_blinded_point = Data(blinded_point)
hardened_point = Buffer(self.POINT_LEN)
status = self._lib_vscf_brainkey_server.vscf_brainkey_server_harden(self.ctx, d_identity_secret.data, d_blinded_point.data, hardened_point.c_buffer)
VscfStatus.handle_status(status)
return hardened_point.get_bytes()
def title(self, pem):
"""Returns PEM title if PEM data is valid, otherwise - empty data."""
d_pem = Data(pem)
result = self._lib_vscf_pem.vscf_pem_title(d_pem.data)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def verify_hash(self, public_key, hash_id, digest, signature):
"""Verify data digest with a given public key and signature."""
d_digest = Data(digest)
d_signature = Data(signature)
result = self._lib_vscf_falcon.vscf_falcon_verify_hash(
self.ctx, public_key.c_impl, hash_id, d_digest.data,
d_signature.data)
return result
def process_decrypt_request(self, server_private_key, decrypt_request):
"""Processed client's decrypt request"""
d_server_private_key = Data(server_private_key)
d_decrypt_request = Data(decrypt_request)
decrypt_response = Buffer(self.decrypt_response_len())
status = self._lib_vsce_uokms_server.vsce_uokms_server_process_decrypt_request(self.ctx, d_server_private_key.data, d_decrypt_request.data, decrypt_response.c_buffer)
VsceStatus.handle_status(status)
return decrypt_response.get_bytes()
def decrypt(self, cipher_text, account_key):
"""Decrypts data using account key"""
d_cipher_text = Data(cipher_text)
d_account_key = Data(account_key)
plain_text = Buffer(self.decrypt_len(cipher_text_len=len(cipher_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_decrypt(self.ctx, d_cipher_text.data, d_account_key.data, plain_text.c_buffer)
VsceStatus.handle_status(status)
return plain_text.get_bytes()
def auth_encrypt(self, plain_text, additional_data, account_key):
"""Encrypts data (and authenticates additional data) using account key"""
d_plain_text = Data(plain_text)
d_additional_data = Data(additional_data)
d_account_key = Data(account_key)
cipher_text = Buffer(self.encrypt_len(plain_text_len=len(plain_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_auth_encrypt(self.ctx, d_plain_text.data, d_additional_data.data, d_account_key.data, cipher_text.c_buffer)
VsceStatus.handle_status(status)
return cipher_text.get_bytes()
def find_data(self, key):
"""Return custom parameter with octet string value."""
d_key = Data(key)
error = vscf_error_t()
result = self._lib_vscf_message_info_custom_params.vscf_message_info_custom_params_find_data(self.ctx, d_key.data, error)
VscfStatus.handle_status(error.status)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def process_data(self, data):
"""Only data length is needed to produce padding later.
Return data that should be further proceeded."""
d_data = Data(data)
result = self._lib_vscf_random_padding.vscf_random_padding_process_data(
self.ctx, d_data.data)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def auth_decrypt(self, cipher_text, additional_data, account_key):
"""Decrypts data (and verifies additional data) using account key"""
d_cipher_text = Data(cipher_text)
d_additional_data = Data(additional_data)
d_account_key = Data(account_key)
plain_text = Buffer(self.decrypt_len(cipher_text_len=len(cipher_text)))
status = self._lib_vsce_phe_cipher.vsce_phe_cipher_auth_decrypt(self.ctx, d_cipher_text.data, d_additional_data.data, d_account_key.data, plain_text.c_buffer)
VsceStatus.handle_status(status)
return plain_text.get_bytes()
def set_keys(self, client_private_key, server_public_key):
"""Sets client private and server public key
Call this method before any other methods
This function should be called only once"""
d_client_private_key = Data(client_private_key)
d_server_public_key = Data(server_public_key)
status = self._lib_vsce_uokms_client.vsce_uokms_client_set_keys(
self.ctx, d_client_private_key.data, d_server_public_key.data)
VsceStatus.handle_status(status)
def with_data(cls, recipient_id, key_encryption_algorithm, encrypted_key):
"""Create object and define all properties."""
d_recipient_id = Data(recipient_id)
d_encrypted_key = Data(encrypted_key)
inst = cls.__new__(cls)
inst._lib_vscf_key_recipient_info = VscfKeyRecipientInfo()
inst.ctx = inst._lib_vscf_key_recipient_info.vscf_key_recipient_info_new_with_data(
d_recipient_id.data, key_encryption_algorithm.c_impl,
d_encrypted_key.data)
return inst
def get_enrollment(self, server_private_key, server_public_key):
"""Generates a new random enrollment and proof for a new user"""
d_server_private_key = Data(server_private_key)
d_server_public_key = Data(server_public_key)
enrollment_response = Buffer(self.enrollment_response_len())
status = self._lib_vsce_phe_server.vsce_phe_server_get_enrollment(
self.ctx, d_server_private_key.data, d_server_public_key.data,
enrollment_response.c_buffer)
VsceStatus.handle_status(status)
return enrollment_response.get_bytes()
def deblind(self, transformed_password, blinding_secret):
"""Deblinds 'transformed password' value with previously returned 'blinding secret' from blind()."""
d_transformed_password = Data(transformed_password)
d_blinding_secret = Data(blinding_secret)
deblinded_password = Buffer(self.deblinded_password_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_deblind(
d_transformed_password.data, d_blinding_secret.data,
deblinded_password.c_buffer)
VscpStatus.handle_status(status)
return deblinded_password.get_bytes()
def start_verified_decryption_with_key(self, recipient_id, private_key, message_info, message_info_footer):
"""Initiate decryption process with a recipient private key.
Message Info can be empty if it was embedded to encrypted data.
Message Info footer can be empty if it was embedded to encrypted data.
If footer was embedded, method "start decryption with key" can be used."""
d_recipient_id = Data(recipient_id)
d_message_info = Data(message_info)
d_message_info_footer = Data(message_info_footer)
status = self._lib_vscf_recipient_cipher.vscf_recipient_cipher_start_verified_decryption_with_key(self.ctx, d_recipient_id.data, private_key.c_impl, d_message_info.data, d_message_info_footer.data)
VscfStatus.handle_status(status)
def deblind(self, password, hardened_point, deblind_factor, key_name):
d_password = Data(password)
d_hardened_point = Data(hardened_point)
d_deblind_factor = Data(deblind_factor)
d_key_name = Data(key_name)
seed = Buffer(self.POINT_LEN)
status = self._lib_vscf_brainkey_client.vscf_brainkey_client_deblind(
self.ctx, d_password.data, d_hardened_point.data,
d_deblind_factor.data, d_key_name.data, seed.c_buffer)
VscfStatus.handle_status(status)
return seed.get_bytes()
def auth_decrypt(self, data, auth_data, tag):
"""Decrypt given data.
If 'tag' is not given, then it will be taken from the 'enc'."""
d_data = Data(data)
d_auth_data = Data(auth_data)
d_tag = Data(tag)
out = Buffer(self.auth_decrypted_len(data_len=len(data)))
status = self._lib_vscf_aes256_gcm.vscf_aes256_gcm_auth_decrypt(
self.ctx, d_data.data, d_auth_data.data, d_tag.data, out.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes()
def verify_password(self, server_private_key, server_public_key,
verify_password_request):
"""Verifies existing user's password and generates response with proof"""
d_server_private_key = Data(server_private_key)
d_server_public_key = Data(server_public_key)
d_verify_password_request = Data(verify_password_request)
verify_password_response = Buffer(self.verify_password_response_len())
status = self._lib_vsce_phe_server.vsce_phe_server_verify_password(
self.ctx, d_server_private_key.data, d_server_public_key.data,
d_verify_password_request.data, verify_password_response.c_buffer)
VsceStatus.handle_status(status)
return verify_password_response.get_bytes()
def auth_encrypt(self, data, auth_data):
"""Encrypt given data.
If 'tag' is not given, then it will written to the 'enc'."""
d_data = Data(data)
d_auth_data = Data(auth_data)
out = Buffer(self.auth_encrypted_len(data_len=len(data)))
tag = Buffer(self.AUTH_TAG_LEN)
status = self._lib_vscf_aes256_gcm.vscf_aes256_gcm_auth_encrypt(
self.ctx, d_data.data, d_auth_data.data, out.c_buffer,
tag.c_buffer)
VscfStatus.handle_status(status)
return out.get_bytes(), tag.get_bytes()
def update_deblinded_with_token(self, deblinded_password,
password_update_token):
"""Updates previously stored 'deblinded password' with 'password update token'.
After this call, 'transform()' called with new arguments will return corresponding values."""
d_deblinded_password = Data(deblinded_password)
d_password_update_token = Data(password_update_token)
updated_deblinded_password = Buffer(self.deblinded_password_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_update_deblinded_with_token(
d_deblinded_password.data, d_password_update_token.data,
updated_deblinded_password.c_buffer)
VscpStatus.handle_status(status)
return updated_deblinded_password.get_bytes()
def transform(self, blinded_password, tweak, transformation_private_key):
"""Transforms blinded password using transformation private key."""
d_blinded_password = Data(blinded_password)
d_tweak = Data(tweak)
d_transformation_private_key = Data(transformation_private_key)
transformed_password = Buffer(self.transformed_password_buf_len())
transformed_tweak = Buffer(self.transformed_tweak_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_transform(
d_blinded_password.data, d_tweak.data,
d_transformation_private_key.data, transformed_password.c_buffer,
transformed_tweak.c_buffer)
VscpStatus.handle_status(status)
return transformed_password.get_bytes(), transformed_tweak.get_bytes()
def process_decrypt_response(self, wrap, decrypt_request, decrypt_response,
deblind_factor, encryption_key_len):
"""Processed server response, checks server proof and decapsulates encryption key"""
d_wrap = Data(wrap)
d_decrypt_request = Data(decrypt_request)
d_decrypt_response = Data(decrypt_response)
d_deblind_factor = Data(deblind_factor)
encryption_key = Buffer(encryption_key_len)
status = self._lib_vsce_uokms_client.vsce_uokms_client_process_decrypt_response(
self.ctx, d_wrap.data, d_decrypt_request.data,
d_decrypt_response.data, d_deblind_factor.data, encryption_key_len,
encryption_key.c_buffer)
VsceStatus.handle_status(status)
return encryption_key.get_bytes()
def initiate(self, sender_identity_private_key,
receiver_identity_public_key, receiver_long_term_public_key,
receiver_one_time_public_key):
"""Initiates session"""
d_sender_identity_private_key = Data(sender_identity_private_key)
d_receiver_identity_public_key = Data(receiver_identity_public_key)
d_receiver_long_term_public_key = Data(receiver_long_term_public_key)
d_receiver_one_time_public_key = Data(receiver_one_time_public_key)
status = self._lib_vscr_ratchet_session.vscr_ratchet_session_initiate(
self.ctx, d_sender_identity_private_key.data,
d_receiver_identity_public_key.data,
d_receiver_long_term_public_key.data,
d_receiver_one_time_public_key.data)
VscrStatus.handle_status(status)
def respond(self, sender_identity_public_key,
receiver_identity_private_key, receiver_long_term_private_key,
receiver_one_time_private_key, message):
"""Responds to session initiation"""
d_sender_identity_public_key = Data(sender_identity_public_key)
d_receiver_identity_private_key = Data(receiver_identity_private_key)
d_receiver_long_term_private_key = Data(receiver_long_term_private_key)
d_receiver_one_time_private_key = Data(receiver_one_time_private_key)
status = self._lib_vscr_ratchet_session.vscr_ratchet_session_respond(
self.ctx, d_sender_identity_public_key.data,
d_receiver_identity_private_key.data,
d_receiver_long_term_private_key.data,
d_receiver_one_time_private_key.data, message.ctx)
VscrStatus.handle_status(status)
def get_long_term_public_key(self):
"""Returns long-term public key, if message is prekey message."""
result = self._lib_vscr_ratchet_message.vscr_ratchet_message_get_long_term_public_key(
self.ctx)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def get_session_id(self):
"""Returns session id."""
result = self._lib_vscr_ratchet_group_session.vscr_ratchet_group_session_get_session_id(
self.ctx)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def salt(self):
"""Return KDF salt."""
result = self._lib_vscf_salted_kdf_alg_info.vscf_salted_kdf_alg_info_salt(
self.ctx)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes
def get_password_update_token(self, previous_transformation_private_key,
new_transformation_private_key):
"""Rotates old transformation key to new transformation key and generates 'password update token',
that can update 'deblinded password'(s).
This action should increment version of the 'pythia scope secret'."""
d_previous_transformation_private_key = Data(
previous_transformation_private_key)
d_new_transformation_private_key = Data(new_transformation_private_key)
password_update_token = Buffer(self.password_update_token_buf_len())
status = self._lib_vscp_pythia.vscp_pythia_get_password_update_token(
d_previous_transformation_private_key.data,
d_new_transformation_private_key.data,
password_update_token.c_buffer)
VscpStatus.handle_status(status)
return password_update_token.get_bytes()
def get_one_time_public_key(self):
"""Returns one-time public key, if message is prekey message and if one-time key is present, empty result otherwise."""
result = self._lib_vscr_ratchet_message.vscr_ratchet_message_get_one_time_public_key(
self.ctx)
instance = Data.take_c_ctx(result)
cleaned_bytes = bytearray(instance)
return cleaned_bytes