def sign_rsaes_pkcs1_v1_5(ctx, key, input, output, status):
rsa_private_key = load_der_private_key(_to_bytes(key),
password=None,
backend=default_backend())
signature = rsa_private_key.sign(_to_bytes(input),
padding=padding.PKCS1v15(),
algorithm=SHA256())
_write_bytes(output, signature)
return True
def aes_256_cbc_decrypt(ctx, key, iv, input, output, bytes_written, status):
# Note that libmongocrypt pads the input before calling this method.
cipher = Cipher(algorithms.AES(_to_bytes(key)),
modes.CBC(_to_bytes(iv)),
backend=default_backend())
decryptor = cipher.decryptor()
data = decryptor.update(_to_bytes(input)) + decryptor.finalize()
_write_bytes(output, data)
bytes_written[0] = len(data)
return True
def hmac_sha_512(ctx, key, input, output, status):
h = HMAC(_to_bytes(key), SHA512(), backend=default_backend())
h.update(_to_bytes(input))
data = h.finalize()
_write_bytes(output, data)
return True
def secure_random(ctx, output, count, status):
data = os.urandom(int(count))
_write_bytes(output, data)
return True
def sha_256(ctx, input, output, status):
digest = Hash(SHA256(), backend=default_backend())
digest.update(_to_bytes(input))
data = digest.finalize()
_write_bytes(output, data)
return True