From 94edc8eff34bf28dee49216f202c8d58f75b125c Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Wed, 8 Jun 2022 17:03:40 +0200 Subject: [PATCH] Implemented proxies to pyca X25519 --- RNS/Cryptography/AES.py | 35 ++++++++++++++++++----------- RNS/Cryptography/Provider.py | 5 +++++ RNS/Cryptography/Proxies.py | 43 ++++++++++++++++++++++++++++++++++++ RNS/Cryptography/__init__.py | 14 ++++++++++++ RNS/Identity.py | 2 +- RNS/Link.py | 2 +- 6 files changed, 86 insertions(+), 15 deletions(-) create mode 100644 RNS/Cryptography/Provider.py create mode 100644 RNS/Cryptography/Proxies.py diff --git a/RNS/Cryptography/AES.py b/RNS/Cryptography/AES.py index 88d35ce..f4ee30d 100644 --- a/RNS/Cryptography/AES.py +++ b/RNS/Cryptography/AES.py @@ -20,14 +20,13 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. -PROVIDER_INTERNAL = 0x01 -PROVIDER_PYCA = 0x02 +import RNS.Cryptography.Provider as cp -provider = PROVIDER_PYCA - -if provider == PROVIDER_INTERNAL: - pass -elif provider == PROVIDER_PYCA: +if cp.PROVIDER == cp.PROVIDER_INTERNAL: + # TODO: Use internal AES + from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes + +elif cp.PROVIDER == cp.PROVIDER_PYCA: from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes @@ -35,9 +34,14 @@ class AES_128_CBC: @staticmethod def encrypt(plaintext, key, iv): - if provider == PROVIDER_INTERNAL: - pass - elif provider == PROVIDER_PYCA: + if cp.PROVIDER == cp.PROVIDER_INTERNAL: + # TODO: Use internal AES + cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) + encryptor = cipher.encryptor() + ciphertext = encryptor.update(plaintext) + encryptor.finalize() + return ciphertext + + elif cp.PROVIDER == cp.PROVIDER_PYCA: cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) encryptor = cipher.encryptor() ciphertext = encryptor.update(plaintext) + encryptor.finalize() @@ -45,9 +49,14 @@ class AES_128_CBC: @staticmethod def decrypt(ciphertext, key, iv): - if provider == PROVIDER_INTERNAL: - pass - elif provider == PROVIDER_PYCA: + if cp.PROVIDER == cp.PROVIDER_INTERNAL: + # TODO: Use internal AES + cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) + decryptor = cipher.decryptor() + plaintext = decryptor.update(ciphertext) + decryptor.finalize() + return plaintext + + elif cp.PROVIDER == cp.PROVIDER_PYCA: cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) decryptor = cipher.decryptor() plaintext = decryptor.update(ciphertext) + decryptor.finalize() diff --git a/RNS/Cryptography/Provider.py b/RNS/Cryptography/Provider.py new file mode 100644 index 0000000..994f9e2 --- /dev/null +++ b/RNS/Cryptography/Provider.py @@ -0,0 +1,5 @@ +PROVIDER_INTERNAL = 0x01 +PROVIDER_PYCA = 0x02 + +# PROVIDER = PROVIDER_PYCA +PROVIDER = PROVIDER_INTERNAL \ No newline at end of file diff --git a/RNS/Cryptography/Proxies.py b/RNS/Cryptography/Proxies.py new file mode 100644 index 0000000..08b6959 --- /dev/null +++ b/RNS/Cryptography/Proxies.py @@ -0,0 +1,43 @@ +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey +from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey, X25519PublicKey + +class X25519PrivateKeyProxy: + def __init__(self, real): + self.real = real + + @classmethod + def generate(cls): + return cls(X25519PrivateKey.generate()) + + @classmethod + def from_private_bytes(cls, data): + return cls(X25519PrivateKey.from_private_bytes(data)) + + def private_bytes(self): + return self.real.private_bytes( + encoding=serialization.Encoding.Raw, + format=serialization.PrivateFormat.Raw, + encryption_algorithm=serialization.NoEncryption(), + ) + + def public_key(self): + return X25519PublicKeyProxy(self.real.public_key()) + + def exchange(self, peer_public_key): + return self.real.exchange(peer_public_key.real) + + +class X25519PublicKeyProxy: + def __init__(self, real): + self.real = real + + @classmethod + def from_public_bytes(cls, data): + return cls(X25519PublicKey.from_public_bytes(data)) + + def public_bytes(self): + return self.real.public_bytes( + encoding=serialization.Encoding.Raw, + format=serialization.PublicFormat.Raw + ) \ No newline at end of file diff --git a/RNS/Cryptography/__init__.py b/RNS/Cryptography/__init__.py index 450ad95..f4d9f11 100644 --- a/RNS/Cryptography/__init__.py +++ b/RNS/Cryptography/__init__.py @@ -6,5 +6,19 @@ from .HKDF import hkdf from .PKCS7 import PKCS7 from .Fernet import Fernet +import RNS.Cryptography.Provider as cp + +if cp.PROVIDER == cp.PROVIDER_INTERNAL: + print("INTERNAL") + from RNS.Cryptography.X25519 import X25519PrivateKey, X25519PublicKey + + # TODO: Use internal Ed25519 + from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey + +elif cp.PROVIDER == cp.PROVIDER_PYCA: + print("PYCA") + from RNS.Cryptography.Proxies import X25519PrivateKeyProxy as X25519PrivateKey + from RNS.Cryptography.Proxies import X25519PublicKeyProxy as X25519PublicKey + modules = glob.glob(os.path.dirname(__file__)+"/*.py") __all__ = [ os.path.basename(f)[:-3] for f in modules if not f.endswith('__init__.py')] diff --git a/RNS/Identity.py b/RNS/Identity.py index 73e34e3..34ee943 100644 --- a/RNS/Identity.py +++ b/RNS/Identity.py @@ -31,7 +31,7 @@ from .vendor import umsgpack as umsgpack from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey -from RNS.Cryptography.X25519 import X25519PrivateKey, X25519PublicKey +from RNS.Cryptography import X25519PrivateKey, X25519PublicKey from RNS.Cryptography import Fernet diff --git a/RNS/Link.py b/RNS/Link.py index 4add45f..eecffb1 100644 --- a/RNS/Link.py +++ b/RNS/Link.py @@ -24,7 +24,7 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey -from RNS.Cryptography.X25519 import X25519PrivateKey, X25519PublicKey +from RNS.Cryptography import X25519PrivateKey, X25519PublicKey from RNS.Cryptography import Fernet from time import sleep