AES¶
Implementation of AES cipher.
- class pyflocker.ciphers.backends.cryptography_.AES.AEAD(encrypting: bool, key: bytes, mode: Modes, nonce: bytes)[source]¶
Bases:
AEADCipherTemplate
- class pyflocker.ciphers.backends.cryptography_.AES.NonAEAD(encrypting: bool, key: bytes, mode: Modes, nonce: bytes)[source]¶
Bases:
NonAEADCipherTemplate
- class pyflocker.ciphers.backends.cryptography_.AES.AEADOneShot(encrypting: bool, key: bytes, mode: Modes, nonce: bytes)[source]¶
Bases:
BaseAEADOneShotCipher
- authenticate(data: bytes) None [source]¶
Authenticates part of the message that get delivered as is, without any encryption.
- Parameters:
data – The bytes-like object that must be authenticated.
- Raises:
TypeError – if this method is called after calling
update()
.
- is_encrypting() bool [source]¶
Whether the cipher is encrypting or not.
- Returns:
True
if encrypting, elseFalse
.
- update(data: bytes, tag: bytes | None = None) bytes [source]¶
Encrypt or decrypt
data
.Tag is required only for decryption. The cipher is finalized after calling this method.
- Parameters:
data – A bytes-like object to pass to the cipher.
tag – The associated tag that authenticates the decryption. Tag is required for decryption only.
- Returns:
Encrypted/decrypted data as bytes object.
- update_into(data: bytes, out: bytearray | memoryview, tag: bytes | None = None) None [source]¶
Encrypt or decrypt
data
and write it toout
.If decrypting, the MAC tag must be provided. The cipher is finalized after calling this method.
- Parameters:
data – The bytes-like oject to pass to the cipher.
out – The buffer interface where the encrypted/decrypted data must be written into.
tag – The associated tag that authenticates the decryption. Tag is required for decryption only.
- finalize(tag: bytes | None = None) None [source]¶
Finalizes and ends the cipher state.
- Parameters:
tag – The associated tag that authenticates the decryption. Tag is required for decryption only.
- Raises:
ValueError – If cipher is decrypting and tag is not supplied.
DecryptionError – If the decryption was incorrect.
- pyflocker.ciphers.backends.cryptography_.AES.strxor(x: bytes, y: bytes) bytes [source]¶
XOR two byte strings
- pyflocker.ciphers.backends.cryptography_.AES.new(encrypting: bool, key: bytes, mode: Modes, iv_or_nonce: bytes, *, use_hmac: bool = False, tag_length: int | None = 16, digestmod: None | base.BaseHash = None, file: io.BufferedReader | None = None) AEAD | NonAEAD | AEADOneShot | FileCipherWrapper | HMACWrapper [source]¶
Create a new backend specific AES cipher.
- Parameters:
encrypting – True is encryption and False is decryption.
key – The key for the cipher.
mode – The mode to use for AES cipher.
iv_or_nonce – The Initialization Vector or Nonce for the cipher. It must not be repeated with the same key.
- Keyword Arguments:
use_hmac – Should the cipher use HMAC as authentication or not, if it does not support AEAD. (Default: False)
tag_length – Length of HMAC tag. By default, a 16 byte tag is generated. If
tag_length
isNone
, a non-truncated tag is generated. Length of non-truncated tag depends on the digest size of the underlying hash algorithm used by HMAC.digestmod – The algorithm to use for HMAC. If
None
, Defaults tosha256
. Specifying this value without settinguse_hmac
to True has no effect.file – The source file to read from. If file is specified and the mode is not an AEAD mode, HMAC is always used.
Important
The following arguments are ignored if the mode is an AEAD mode:
use_hmac
tag_length
digestmod
- Returns:
AES cipher.
- Raises:
NotImplementedError – if the
mode
does not support encryption/decryption of files.
Note
Any other error that is raised is from the backend itself.