Home | History | Annotate | Download | only in partner-tools 
      1 #
      2 # Copyright 2017 The Android Open Source Project
      3 #
      4 # Licensed under the Apache License, Version 2.0 (the "License");
      5 # you may not use this file except in compliance with the License.
      6 # You may obtain a copy of the License at
      7 #
      8 #      http://www.apache.org/licenses/LICENSE-2.0
      9 #
     10 # Unless required by applicable law or agreed to in writing, software
     11 # distributed under the License is distributed on an "AS IS" BASIS,
     12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 # See the License for the specific language governing permissions and
     14 # limitations under the License.
     15 #
     16 """AES GCM functions.
     17 
     18 Class to organize GCM-related functions
     19 """
     20 
     21 import os
     22 from cryptography.hazmat.backends import default_backend
     23 from cryptography.hazmat.primitives.ciphers import algorithms
     24 from cryptography.hazmat.primitives.ciphers import Cipher
     25 from cryptography.hazmat.primitives.ciphers import modes
     26 
     27 
     28 class AESGCM(object):
     29   """Contains static methods for AES GCM operations.
     30 
     31   Attributes:
     32     None
     33   """
     34 
     35   @staticmethod
     36   def encrypt(plaintext, key, associated_data=''):
     37     """Encrypts provided plaintext using AES-GCM.
     38 
     39     Encrypts plaintext with a provided key and optional associated data.  Uses
     40     a 96 bit IV.
     41 
     42     Args:
     43       plaintext: The plaintext to be encrypted
     44       key: The AES-GCM key
     45       associated_data: Associated data (optional)
     46 
     47     Returns:
     48       iv: The IV
     49       ciphertext: The ciphertext
     50       tag: The GCM TAG
     51 
     52     Raises:
     53       None
     54     """
     55 
     56     iv = os.urandom(12)
     57 
     58     encryptor = Cipher(
     59         algorithms.AES(key), modes.GCM(iv),
     60         backend=default_backend()).encryptor()
     61 
     62     encryptor.authenticate_additional_data(associated_data)
     63 
     64     ciphertext = encryptor.update(plaintext) + encryptor.finalize()
     65 
     66     return (iv, ciphertext, encryptor.tag)
     67 
     68   @staticmethod
     69   def decrypt(ciphertext, key, iv, tag, associated_data=''):
     70     """Decrypts provided plaintext using AES-GCM.
     71 
     72     Decrypts ciphertext with a provided key, iv, tag, and optional associated
     73     data.
     74 
     75     Args:
     76       ciphertext: The ciphertext
     77       key: An AES-128 key
     78       iv: The IV
     79       tag: The GCM Tag
     80       associated_data: Associated data (optional)
     81 
     82     Returns:
     83       The plaintext
     84 
     85     Raises:
     86       cryptography.exceptions.InvalidTag
     87     """
     88 
     89     decryptor = Cipher(
     90         algorithms.AES(key), modes.GCM(iv, tag),
     91         backend=default_backend()).decryptor()
     92 
     93     decryptor.authenticate_additional_data(associated_data)
     94 
     95     return decryptor.update(ciphertext) + decryptor.finalize()
     96