AES¶

Implementation of AES cipher.

class pyflocker.ciphers.backends.cryptography_.AES.AEAD(encrypting: bool, key: bytes, mode: Modes, nonce: bytes)[source]¶

Bases: AEADCipherTemplate

property mode: Modes¶: The AES mode.

class pyflocker.ciphers.backends.cryptography_.AES.NonAEAD(encrypting: bool, key: bytes, mode: Modes, nonce: bytes)[source]¶

Bases: NonAEADCipherTemplate

property mode: Modes¶: The AES mode.

class pyflocker.ciphers.backends.cryptography_.AES.AEADOneShot(encrypting: bool, key: bytes, mode: Modes, nonce: bytes)[source]¶

Bases: BaseAEADOneShotCipher

property mode: Modes¶: The AES mode.

authenticate(data: bytes) → None[source]¶

Authenticates part of the message that get delivered as is, without any encryption.

Parameters:: data – The bytes-like object that must be authenticated.
Raises:: TypeError – if this method is called after calling update().

is_encrypting() → bool[source]¶

Whether the cipher is encrypting or not.

Returns:: True if encrypting, else False.

update(data: bytes, tag: bytes | None = None) → bytes[source]¶

Encrypt or decrypt data.

Tag is required only for decryption. The cipher is finalized after calling this method.

Parameters:

data – A bytes-like object to pass to the cipher.
tag – The associated tag that authenticates the decryption. Tag is required for decryption only.

Returns:

Encrypted/decrypted data as bytes object.

update_into(data: bytes, out: bytearray | memoryview, tag: bytes | None = None) → None[source]¶

Encrypt or decrypt data and write it to out.

If decrypting, the MAC tag must be provided. The cipher is finalized after calling this method.

Parameters:

data – The bytes-like oject to pass to the cipher.
out – The buffer interface where the encrypted/decrypted data must be written into.
tag – The associated tag that authenticates the decryption. Tag is required for decryption only.

finalize(tag: bytes | None = None) → None[source]¶

Finalizes and ends the cipher state.

Parameters:

tag – The associated tag that authenticates the decryption. Tag is required for decryption only.

Raises:

ValueError – If cipher is decrypting and tag is not supplied.
DecryptionError – If the decryption was incorrect.

calculate_tag() → bytes | None[source]¶

Calculates and returns the associated tag.

Returns:: Returns None if decrypting, otherwise the associated authentication tag.

pyflocker.ciphers.backends.cryptography_.AES.strxor(x: bytes, y: bytes) → bytes[source]¶: XOR two byte strings

Create a new backend specific AES cipher.

Parameters:

encrypting – True is encryption and False is decryption.
key – The key for the cipher.
mode – The mode to use for AES cipher.
iv_or_nonce – The Initialization Vector or Nonce for the cipher. It must not be repeated with the same key.

Keyword Arguments:

use_hmac – Should the cipher use HMAC as authentication or not, if it does not support AEAD. (Default: False)
tag_length – Length of HMAC tag. By default, a 16 byte tag is generated. If tag_length is None, a non-truncated tag is generated. Length of non-truncated tag depends on the digest size of the underlying hash algorithm used by HMAC.
digestmod – The algorithm to use for HMAC. If None, Defaults to sha256. Specifying this value without setting use_hmac to True has no effect.
file – The source file to read from. If file is specified and the mode is not an AEAD mode, HMAC is always used.

Important

The following arguments are ignored if the mode is an AEAD mode:

use_hmac
tag_length
digestmod

Returns:: AES cipher.
Raises:: NotImplementedError – if the mode does not support encryption/decryption of files.

Note

Any other error that is raised is from the backend itself.

pyflocker.ciphers.backends.cryptography_.AES.supported_modes() → set[Modes][source]¶

Lists all modes supported by AES cipher of this backend.

Returns:: set of Modes object supported by backend.