win32 platform

Lib/site-packages/cryptography/hazmat/primitives/ciphers/__init__.py

@@ -0,0 +1,20 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography.hazmat.primitives.ciphers.base import (
+    AEADCipherContext, AEADEncryptionContext, BlockCipherAlgorithm, Cipher,
+    CipherAlgorithm, CipherContext
+)
+
+
+__all__ = [
+    "Cipher",
+    "CipherAlgorithm",
+    "BlockCipherAlgorithm",
+    "CipherContext",
+    "AEADCipherContext",
+    "AEADEncryptionContext",
+]

Lib/site-packages/cryptography/hazmat/primitives/ciphers/algorithms.py

@@ -0,0 +1,140 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from cryptography import utils
+from cryptography.hazmat.primitives.ciphers import (
+    BlockCipherAlgorithm, CipherAlgorithm
+)
+
+
+def _verify_key_size(algorithm, key):
+    # Verify that the key size matches the expected key size
+    if len(key) * 8 not in algorithm.key_sizes:
+        raise ValueError("Invalid key size ({0}) for {1}.".format(
+            len(key) * 8, algorithm.name
+        ))
+    return key
+
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class AES(object):
+    name = "AES"
+    block_size = 128
+    key_sizes = frozenset([128, 192, 256])
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class Camellia(object):
+    name = "camellia"
+    block_size = 128
+    key_sizes = frozenset([128, 192, 256])
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class TripleDES(object):
+    name = "3DES"
+    block_size = 64
+    key_sizes = frozenset([64, 128, 192])
+
+    def __init__(self, key):
+        if len(key) == 8:
+            key += key + key
+        elif len(key) == 16:
+            key += key[:8]
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class Blowfish(object):
+    name = "Blowfish"
+    block_size = 64
+    key_sizes = frozenset(range(32, 449, 8))
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class CAST5(object):
+    name = "CAST5"
+    block_size = 64
+    key_sizes = frozenset(range(40, 129, 8))
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(CipherAlgorithm)
+class ARC4(object):
+    name = "RC4"
+    key_sizes = frozenset([40, 56, 64, 80, 128, 160, 192, 256])
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(CipherAlgorithm)
+class IDEA(object):
+    name = "IDEA"
+    block_size = 64
+    key_sizes = frozenset([128])
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8
+
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class SEED(object):
+    name = "SEED"
+    block_size = 128
+    key_sizes = frozenset([128])
+
+    def __init__(self, key):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self):
+        return len(self.key) * 8

Lib/site-packages/cryptography/hazmat/primitives/ciphers/base.py

@@ -0,0 +1,203 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import abc
+
+import six
+
+from cryptography import utils
+from cryptography.exceptions import (
+    AlreadyFinalized, AlreadyUpdated, NotYetFinalized, UnsupportedAlgorithm,
+    _Reasons
+)
+from cryptography.hazmat.backends.interfaces import CipherBackend
+from cryptography.hazmat.primitives.ciphers import modes
+
+
+@six.add_metaclass(abc.ABCMeta)
+class CipherAlgorithm(object):
+    @abc.abstractproperty
+    def name(self):
+        """
+        A string naming this mode (e.g. "AES", "Camellia").
+        """
+
+    @abc.abstractproperty
+    def key_size(self):
+        """
+        The size of the key being used as an integer in bits (e.g. 128, 256).
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class BlockCipherAlgorithm(object):
+    @abc.abstractproperty
+    def block_size(self):
+        """
+        The size of a block as an integer in bits (e.g. 64, 128).
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class CipherContext(object):
+    @abc.abstractmethod
+    def update(self, data):
+        """
+        Processes the provided bytes through the cipher and returns the results
+        as bytes.
+        """
+
+    @abc.abstractmethod
+    def finalize(self):
+        """
+        Returns the results of processing the final block as bytes.
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class AEADCipherContext(object):
+    @abc.abstractmethod
+    def authenticate_additional_data(self, data):
+        """
+        Authenticates the provided bytes.
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class AEADEncryptionContext(object):
+    @abc.abstractproperty
+    def tag(self):
+        """
+        Returns tag bytes. This is only available after encryption is
+        finalized.
+        """
+
+
+class Cipher(object):
+    def __init__(self, algorithm, mode, backend):
+        if not isinstance(backend, CipherBackend):
+            raise UnsupportedAlgorithm(
+                "Backend object does not implement CipherBackend.",
+                _Reasons.BACKEND_MISSING_INTERFACE
+            )
+
+        if not isinstance(algorithm, CipherAlgorithm):
+            raise TypeError("Expected interface of CipherAlgorithm.")
+
+        if mode is not None:
+            mode.validate_for_algorithm(algorithm)
+
+        self.algorithm = algorithm
+        self.mode = mode
+        self._backend = backend
+
+    def encryptor(self):
+        if isinstance(self.mode, modes.ModeWithAuthenticationTag):
+            if self.mode.tag is not None:
+                raise ValueError(
+                    "Authentication tag must be None when encrypting."
+                )
+        ctx = self._backend.create_symmetric_encryption_ctx(
+            self.algorithm, self.mode
+        )
+        return self._wrap_ctx(ctx, encrypt=True)
+
+    def decryptor(self):
+        if isinstance(self.mode, modes.ModeWithAuthenticationTag):
+            if self.mode.tag is None:
+                raise ValueError(
+                    "Authentication tag must be provided when decrypting."
+                )
+        ctx = self._backend.create_symmetric_decryption_ctx(
+            self.algorithm, self.mode
+        )
+        return self._wrap_ctx(ctx, encrypt=False)
+
+    def _wrap_ctx(self, ctx, encrypt):
+        if isinstance(self.mode, modes.ModeWithAuthenticationTag):
+            if encrypt:
+                return _AEADEncryptionContext(ctx)
+            else:
+                return _AEADCipherContext(ctx)
+        else:
+            return _CipherContext(ctx)
+
+
+@utils.register_interface(CipherContext)
+class _CipherContext(object):
+    def __init__(self, ctx):
+        self._ctx = ctx
+
+    def update(self, data):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        return self._ctx.update(data)
+
+    def finalize(self):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        data = self._ctx.finalize()
+        self._ctx = None
+        return data
+
+
+@utils.register_interface(AEADCipherContext)
+@utils.register_interface(CipherContext)
+class _AEADCipherContext(object):
+    def __init__(self, ctx):
+        self._ctx = ctx
+        self._bytes_processed = 0
+        self._aad_bytes_processed = 0
+        self._tag = None
+        self._updated = False
+
+    def update(self, data):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        self._updated = True
+        self._bytes_processed += len(data)
+        if self._bytes_processed > self._ctx._mode._MAX_ENCRYPTED_BYTES:
+            raise ValueError(
+                "{0} has a maximum encrypted byte limit of {1}".format(
+                    self._ctx._mode.name, self._ctx._mode._MAX_ENCRYPTED_BYTES
+                )
+            )
+
+        return self._ctx.update(data)
+
+    def finalize(self):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        data = self._ctx.finalize()
+        self._tag = self._ctx.tag
+        self._ctx = None
+        return data
+
+    def authenticate_additional_data(self, data):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        if self._updated:
+            raise AlreadyUpdated("Update has been called on this context.")
+
+        self._aad_bytes_processed += len(data)
+        if self._aad_bytes_processed > self._ctx._mode._MAX_AAD_BYTES:
+            raise ValueError(
+                "{0} has a maximum AAD byte limit of {0}".format(
+                    self._ctx._mode.name, self._ctx._mode._MAX_AAD_BYTES
+                )
+            )
+
+        self._ctx.authenticate_additional_data(data)
+
+
+@utils.register_interface(AEADEncryptionContext)
+class _AEADEncryptionContext(_AEADCipherContext):
+    @property
+    def tag(self):
+        if self._ctx is not None:
+            raise NotYetFinalized("You must finalize encryption before "
+                                  "getting the tag.")
+        return self._tag

Lib/site-packages/cryptography/hazmat/primitives/ciphers/modes.py

@@ -0,0 +1,164 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import abc
+
+import six
+
+from cryptography import utils
+
+
+@six.add_metaclass(abc.ABCMeta)
+class Mode(object):
+    @abc.abstractproperty
+    def name(self):
+        """
+        A string naming this mode (e.g. "ECB", "CBC").
+        """
+
+    @abc.abstractmethod
+    def validate_for_algorithm(self, algorithm):
+        """
+        Checks that all the necessary invariants of this (mode, algorithm)
+        combination are met.
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class ModeWithInitializationVector(object):
+    @abc.abstractproperty
+    def initialization_vector(self):
+        """
+        The value of the initialization vector for this mode as bytes.
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class ModeWithNonce(object):
+    @abc.abstractproperty
+    def nonce(self):
+        """
+        The value of the nonce for this mode as bytes.
+        """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class ModeWithAuthenticationTag(object):
+    @abc.abstractproperty
+    def tag(self):
+        """
+        The value of the tag supplied to the constructor of this mode.
+        """
+
+
+def _check_iv_length(self, algorithm):
+    if len(self.initialization_vector) * 8 != algorithm.block_size:
+        raise ValueError("Invalid IV size ({0}) for {1}.".format(
+            len(self.initialization_vector), self.name
+        ))
+
+
+@utils.register_interface(Mode)
+@utils.register_interface(ModeWithInitializationVector)
+class CBC(object):
+    name = "CBC"
+
+    def __init__(self, initialization_vector):
+        self._initialization_vector = initialization_vector
+
+    initialization_vector = utils.read_only_property("_initialization_vector")
+    validate_for_algorithm = _check_iv_length
+
+
+@utils.register_interface(Mode)
+class ECB(object):
+    name = "ECB"
+
+    def validate_for_algorithm(self, algorithm):
+        pass
+
+
+@utils.register_interface(Mode)
+@utils.register_interface(ModeWithInitializationVector)
+class OFB(object):
+    name = "OFB"
+
+    def __init__(self, initialization_vector):
+        self._initialization_vector = initialization_vector
+
+    initialization_vector = utils.read_only_property("_initialization_vector")
+    validate_for_algorithm = _check_iv_length
+
+
+@utils.register_interface(Mode)
+@utils.register_interface(ModeWithInitializationVector)
+class CFB(object):
+    name = "CFB"
+
+    def __init__(self, initialization_vector):
+        self._initialization_vector = initialization_vector
+
+    initialization_vector = utils.read_only_property("_initialization_vector")
+    validate_for_algorithm = _check_iv_length
+
+
+@utils.register_interface(Mode)
+@utils.register_interface(ModeWithInitializationVector)
+class CFB8(object):
+    name = "CFB8"
+
+    def __init__(self, initialization_vector):
+        self._initialization_vector = initialization_vector
+
+    initialization_vector = utils.read_only_property("_initialization_vector")
+    validate_for_algorithm = _check_iv_length
+
+
+@utils.register_interface(Mode)
+@utils.register_interface(ModeWithNonce)
+class CTR(object):
+    name = "CTR"
+
+    def __init__(self, nonce):
+        self._nonce = nonce
+
+    nonce = utils.read_only_property("_nonce")
+
+    def validate_for_algorithm(self, algorithm):
+        if len(self.nonce) * 8 != algorithm.block_size:
+            raise ValueError("Invalid nonce size ({0}) for {1}.".format(
+                len(self.nonce), self.name
+            ))
+
+
+@utils.register_interface(Mode)
+@utils.register_interface(ModeWithInitializationVector)
+@utils.register_interface(ModeWithAuthenticationTag)
+class GCM(object):
+    name = "GCM"
+    _MAX_ENCRYPTED_BYTES = (2 ** 39 - 256) // 8
+    _MAX_AAD_BYTES = (2 ** 64) // 8
+
+    def __init__(self, initialization_vector, tag=None, min_tag_length=16):
+        # len(initialization_vector) must in [1, 2 ** 64), but it's impossible
+        # to actually construct a bytes object that large, so we don't check
+        # for it
+        if min_tag_length < 4:
+            raise ValueError("min_tag_length must be >= 4")
+        if tag is not None and len(tag) < min_tag_length:
+            raise ValueError(
+                "Authentication tag must be {0} bytes or longer.".format(
+                    min_tag_length)
+            )
+
+        self._initialization_vector = initialization_vector
+        self._tag = tag
+
+    tag = utils.read_only_property("_tag")
+    initialization_vector = utils.read_only_property("_initialization_vector")
+
+    def validate_for_algorithm(self, algorithm):
+        pass