Tools related to symmetric ciphers¶
Tools for Symmetric ciphers common to all the backends.
- class pyflocker.ciphers.backends.symmetric.FileCipherWrapper(cipher: base.BaseAEADCipher, file: io.BufferedIOBase, offset: int = 0)[source]¶
Bases:
object
Wraps AEAD ciphers and provides file encryption and decryption facility.
- update(blocksize: int = 16384) bytes | None [source]¶
Reads at most
blocksize
bytes fromfile
, passes through the cipher and returns the cipher’s output.- Parameters:
blocksize – Maximum amount of data to read in a single call.
- Returns:
Encrypted or decrypted data.
- Return type:
- Raises:
AlreadyFinalized – if the cipher has been finalized.
- update_into(file: IO[bytes], tag: bytes | None = None, blocksize: int = 16384) None [source]¶
Read from
infile
, pass through cipher and write the output of the cipher tofile
. Use this method if you want to encrypt/decrypt theinfile
and write its output tooutfile
.This method is very fast (compared to
FileCipherWrapper.update()
) because no intermediate copies of data are made during the entire operation.- Parameters:
file – File to write the output of the cipher into.
tag – The tag to verify decryption. If the file is being decrypted, this must be passed.
blocksize – Maximum amount of data to read in a single call.
- Raises:
AlreadyFinalized – if the cipher has been finalized.
ValueError – if the file is being decrypted and tag is not supplied.
- pyflocker.ciphers.backends.symmetric.StreamCipherWrapper¶
alias of
FileCipherWrapper
- class pyflocker.ciphers.backends.symmetric.HMACWrapper(cipher: BaseNonAEADCipher, hmac_key: bytes, hmac_random: bytes, hashfunc: str | BaseHash = 'sha256', offset: int = 0, tag_length: int | None = 16)[source]¶
Bases:
BaseAEADCipher
Wraps a cipher that supports BaseNonAEADCipher cipher interface and provides authentication capability using HMAC.
- is_encrypting() bool [source]¶
Whether the cipher is encrypting or not.
- Returns:
True
if encrypting, elseFalse
.
- authenticate(data: bytes) None [source]¶
Authenticates part of the message that get delivered as is, without any encryption.
- Parameters:
data – The bytes-like object that must be authenticated.
- Raises:
TypeError – if this method is called after calling
update()
.
- update(data: bytes) bytes [source]¶
Takes bytes-like object and returns encrypted/decrypted bytes object.
- Parameters:
data – The bytes-like object to pass to the cipher.
- Returns:
Encrypted/decrypted data as bytes.
- update_into(data: bytes, out: bytearray | memoryview) None [source]¶
Encrypt or decrypt the
data
and store it in a preallocated bufferout
.- Parameters:
data – The bytes-like object to pass to the cipher.
out – The buffer interface where the encrypted/decrypted data must be written into.
- finalize(tag: bytes | None = None) None [source]¶
Finalizes and ends the cipher state.
- Parameters:
tag – The associated tag that authenticates the decryption. Tag is required for decryption only.
- Raises:
ValueError – If cipher is decrypting and tag is not supplied.
DecryptionError – If the decryption was incorrect.