Tools related to symmetric ciphers¶

Tools for Symmetric ciphers common to all the backends.

class pyflocker.ciphers.backends.symmetric.FileCipherWrapper(cipher: base.BaseAEADCipher, file: io.BufferedIOBase, offset: int = 0)[source]¶

Bases: object

Wraps AEAD ciphers and provides file encryption and decryption facility.

authenticate(data: bytes) → None[source]¶

is_encrypting() → bool[source]¶

update(blocksize: int = 16384) → bytes | None[source]¶

Reads at most blocksize bytes from file, passes through the cipher and returns the cipher’s output.

Parameters:: blocksize – Maximum amount of data to read in a single call.
Returns:: Encrypted or decrypted data.
Return type:: bytes
Raises:: AlreadyFinalized – if the cipher has been finalized.

update_into(file: IO[bytes], tag: bytes | None = None, blocksize: int = 16384) → None[source]¶

Read from infile, pass through cipher and write the output of the cipher to file. Use this method if you want to encrypt/decrypt the infile and write its output to outfile.

This method is very fast (compared to FileCipherWrapper.update()) because no intermediate copies of data are made during the entire operation.

Parameters:

file – File to write the output of the cipher into.
tag – The tag to verify decryption. If the file is being decrypted, this must be passed.
blocksize – Maximum amount of data to read in a single call.

Raises:

AlreadyFinalized – if the cipher has been finalized.
ValueError – if the file is being decrypted and tag is not supplied.

finalize(tag: bytes | None = None) → None[source]¶

calculate_tag() → bytes | None[source]¶

pyflocker.ciphers.backends.symmetric.StreamCipherWrapper¶: alias of FileCipherWrapper

class pyflocker.ciphers.backends.symmetric.HMACWrapper(cipher: BaseNonAEADCipher, hmac_key: bytes, hmac_random: bytes, hashfunc: str | BaseHash = 'sha256', offset: int = 0, tag_length: int | None = 16)[source]¶

Bases: BaseAEADCipher

Wraps a cipher that supports BaseNonAEADCipher cipher interface and provides authentication capability using HMAC.

is_encrypting() → bool[source]¶

Whether the cipher is encrypting or not.

Returns:: True if encrypting, else False.

authenticate(data: bytes) → None[source]¶

Authenticates part of the message that get delivered as is, without any encryption.

Parameters:: data – The bytes-like object that must be authenticated.
Raises:: TypeError – if this method is called after calling update().

update(data: bytes) → bytes[source]¶

Takes bytes-like object and returns encrypted/decrypted bytes object.

Parameters:: data – The bytes-like object to pass to the cipher.
Returns:: Encrypted/decrypted data as bytes.

update_into(data: bytes, out: bytearray | memoryview) → None[source]¶

Encrypt or decrypt the data and store it in a preallocated buffer out.

Parameters:

data – The bytes-like object to pass to the cipher.
out – The buffer interface where the encrypted/decrypted data must be written into.

finalize(tag: bytes | None = None) → None[source]¶

Finalizes and ends the cipher state.

Parameters:

tag – The associated tag that authenticates the decryption. Tag is required for decryption only.

Raises:

ValueError – If cipher is decrypting and tag is not supplied.
DecryptionError – If the decryption was incorrect.

calculate_tag() → bytes | None[source]¶

Calculates and returns the associated tag.

Returns:: Returns None if decrypting, otherwise the associated authentication tag.