Implemented proxies to pyca X25519

2022-06-08 17:03:40 +02:00 · 2022-06-08 17:03:40 +02:00 · 94edc8eff3
commit 94edc8eff3
parent e2aeb56c12
6 changed files with 86 additions and 15 deletions
--- a/RNS/Cryptography/AES.py
+++ b/RNS/Cryptography/AES.py
@ -20,14 +20,13 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.

-PROVIDER_INTERNAL = 0x01
-PROVIDER_PYCA     = 0x02
+import RNS.Cryptography.Provider as cp

-provider = PROVIDER_PYCA
-
-if provider == PROVIDER_INTERNAL:
-    pass
-elif provider == PROVIDER_PYCA:
+if cp.PROVIDER == cp.PROVIDER_INTERNAL:
+    # TODO: Use internal AES
+    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+    
+elif cp.PROVIDER == cp.PROVIDER_PYCA:
    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes


@ -35,9 +34,14 @@ class AES_128_CBC:

    @staticmethod
    def encrypt(plaintext, key, iv):
-        if provider == PROVIDER_INTERNAL:
-            pass
-        elif provider == PROVIDER_PYCA:
+        if cp.PROVIDER == cp.PROVIDER_INTERNAL:
+            # TODO: Use internal AES
+            cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+            encryptor = cipher.encryptor()
+            ciphertext = encryptor.update(plaintext) + encryptor.finalize()
+            return ciphertext
+
+        elif cp.PROVIDER == cp.PROVIDER_PYCA:
            cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
            encryptor = cipher.encryptor()
            ciphertext = encryptor.update(plaintext) + encryptor.finalize()
@ -45,9 +49,14 @@ class AES_128_CBC:

    @staticmethod
    def decrypt(ciphertext, key, iv):
-        if provider == PROVIDER_INTERNAL:
-            pass
-        elif provider == PROVIDER_PYCA:
+        if cp.PROVIDER == cp.PROVIDER_INTERNAL:
+            # TODO: Use internal AES
+            cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+            decryptor = cipher.decryptor()
+            plaintext = decryptor.update(ciphertext) + decryptor.finalize()
+            return plaintext
+
+        elif cp.PROVIDER == cp.PROVIDER_PYCA:
            cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
            decryptor = cipher.decryptor()
            plaintext = decryptor.update(ciphertext) + decryptor.finalize()
--- a/RNS/Cryptography/Provider.py
+++ b/RNS/Cryptography/Provider.py
@ -0,0 +1,5 @@
+PROVIDER_INTERNAL = 0x01
+PROVIDER_PYCA     = 0x02
+
+# PROVIDER = PROVIDER_PYCA
+PROVIDER = PROVIDER_INTERNAL
--- a/RNS/Cryptography/Proxies.py
+++ b/RNS/Cryptography/Proxies.py
@ -0,0 +1,43 @@
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey, X25519PublicKey
+
+class X25519PrivateKeyProxy:
+    def __init__(self, real):
+        self.real = real
+
+    @classmethod
+    def generate(cls):
+        return cls(X25519PrivateKey.generate())
+
+    @classmethod
+    def from_private_bytes(cls, data):
+        return cls(X25519PrivateKey.from_private_bytes(data))
+
+    def private_bytes(self):
+        return self.real.private_bytes(
+            encoding=serialization.Encoding.Raw,
+            format=serialization.PrivateFormat.Raw,
+            encryption_algorithm=serialization.NoEncryption(),
+        )
+
+    def public_key(self):
+        return X25519PublicKeyProxy(self.real.public_key())
+
+    def exchange(self, peer_public_key):
+        return self.real.exchange(peer_public_key.real)
+
+
+class X25519PublicKeyProxy:
+    def __init__(self, real):
+        self.real = real
+
+    @classmethod
+    def from_public_bytes(cls, data):
+        return cls(X25519PublicKey.from_public_bytes(data))
+
+    def public_bytes(self):
+        return self.real.public_bytes(
+            encoding=serialization.Encoding.Raw,
+            format=serialization.PublicFormat.Raw
+        )
--- a/RNS/Cryptography/init.py
+++ b/RNS/Cryptography/init.py
@ -6,5 +6,19 @@ from .HKDF import hkdf
 from .PKCS7 import PKCS7
 from .Fernet import Fernet

+import RNS.Cryptography.Provider as cp
+
+if cp.PROVIDER == cp.PROVIDER_INTERNAL:
+    print("INTERNAL")
+    from RNS.Cryptography.X25519 import X25519PrivateKey, X25519PublicKey
+
+    # TODO: Use internal Ed25519
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
+
+elif cp.PROVIDER == cp.PROVIDER_PYCA:
+    print("PYCA")
+    from RNS.Cryptography.Proxies import X25519PrivateKeyProxy as X25519PrivateKey
+    from RNS.Cryptography.Proxies import X25519PublicKeyProxy as X25519PublicKey
+
 modules = glob.glob(os.path.dirname(__file__)+"/*.py")
 __all__ = [ os.path.basename(f)[:-3] for f in modules if not f.endswith('__init__.py')]
--- a/RNS/Identity.py
+++ b/RNS/Identity.py
@ -31,7 +31,7 @@ from .vendor import umsgpack as umsgpack
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey

-from RNS.Cryptography.X25519 import X25519PrivateKey, X25519PublicKey
+from RNS.Cryptography import X25519PrivateKey, X25519PublicKey
 from RNS.Cryptography import Fernet


--- a/RNS/Link.py
+++ b/RNS/Link.py
@ -24,7 +24,7 @@ from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey

-from RNS.Cryptography.X25519 import X25519PrivateKey, X25519PublicKey
+from RNS.Cryptography import X25519PrivateKey, X25519PublicKey
 from RNS.Cryptography import Fernet

 from time import sleep