Source code for tlslite.utils.openssl_aes

# Author: Trevor Perrin
# See the LICENSE file for legal information regarding use of this file.

"""OpenSSL/M2Crypto AES implementation."""

from .cryptomath import *
from .aes import *
from .python_aes import Python_AES_CTR

if m2cryptoLoaded:

[docs] def new(key, mode, IV): # IV argument name is a part of the interface # pylint: disable=invalid-name """ Try using AES CTR from m2crpyto, if it is not available fall back to the python implementation. """ if mode == 2: return OpenSSL_AES(key, mode, IV) elif mode == 6: if M2CRYPTO_AES_CTR: return OpenSSL_CTR(key, mode, IV) return Python_AES_CTR(key, mode, IV) else: raise NotImplementedError()
[docs] class OpenSSL_AES(AES):
[docs] def __init__(self, key, mode, IV): # IV argument/field names are a part of the interface # pylint: disable=invalid-name AES.__init__(self, key, mode, IV, "openssl") self._IV, self._key = IV, key self._context = None self._encrypt = None
@property def IV(self): return self._IV @IV.setter def IV(self, iv): if self._context is not None: m2.cipher_ctx_free(self._context) self._IV = iv self._init_context() def _init_context(self, encrypt=True): if len(self._key) == 16: cipherType = m2.aes_128_cbc() if len(self._key) == 24: cipherType = m2.aes_192_cbc() if len(self._key) == 32: cipherType = m2.aes_256_cbc() self._context = m2.cipher_ctx_new() m2.cipher_init(self._context, cipherType, self._key, self._IV, int(encrypt)) m2.cipher_set_padding(self._context, 0) self._encrypt = encrypt
[docs] def encrypt(self, plaintext): if self._context is None: self._init_context(encrypt=True) else: assert self._encrypt, '.encrypt() not allowed after .decrypt()' AES.encrypt(self, plaintext) ciphertext = m2.cipher_update(self._context, plaintext) return bytearray(ciphertext)
[docs] def decrypt(self, ciphertext): if self._context is None: self._init_context(encrypt=False) else: assert not self._encrypt, \ '.decrypt() not allowed after .encrypt()' AES.decrypt(self, ciphertext) plaintext = m2.cipher_update(self._context, ciphertext) return bytearray(plaintext)
[docs] def __del__(self): if self._context is not None: m2.cipher_ctx_free(self._context)
[docs] class OpenSSL_CTR(AES):
[docs] def __init__(self, key, mode, IV): # IV argument/field names are a part of the interface # pylint: disable=invalid-name AES.__init__(self, key, mode, IV, "openssl") self._IV = IV self.key = key self._context = None self._encrypt = None if len(key) not in (16, 24, 32): raise AssertionError()
@property def counter(self): return self._IV @counter.setter def counter(self, ctr): if self._context is not None: m2.cipher_ctx_free(self._context) self._IV = ctr self._init_context() def _init_context(self, encrypt=True): if len(self.key) == 16: cipherType = m2.aes_128_ctr() if len(self.key) == 24: cipherType = m2.aes_192_ctr() if len(self.key) == 32: cipherType = m2.aes_256_ctr() self._context = m2.cipher_ctx_new() m2.cipher_init(self._context, cipherType, self.key, self._IV, int(encrypt)) m2.cipher_set_padding(self._context, 0) self._encrypt = encrypt
[docs] def encrypt(self, plaintext): ciphertext = m2.cipher_update(self._context, plaintext) return bytearray(ciphertext)
[docs] def decrypt(self, ciphertext): plaintext = m2.cipher_update(self._context, ciphertext) return bytearray(plaintext)
[docs] def __del__(self): if self._context is not None: m2.cipher_ctx_free(self._context)