1 # 2 # Copyright 2017 The Android Open Source Project 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 # 16 """AES GCM functions. 17 18 Class to organize GCM-related functions 19 """ 20 21 import os 22 from cryptography.hazmat.backends import default_backend 23 from cryptography.hazmat.primitives.ciphers import algorithms 24 from cryptography.hazmat.primitives.ciphers import Cipher 25 from cryptography.hazmat.primitives.ciphers import modes 26 27 28 class AESGCM(object): 29 """Contains static methods for AES GCM operations. 30 31 Attributes: 32 None 33 """ 34 35 @staticmethod 36 def encrypt(plaintext, key, associated_data=''): 37 """Encrypts provided plaintext using AES-GCM. 38 39 Encrypts plaintext with a provided key and optional associated data. Uses 40 a 96 bit IV. 41 42 Args: 43 plaintext: The plaintext to be encrypted 44 key: The AES-GCM key 45 associated_data: Associated data (optional) 46 47 Returns: 48 iv: The IV 49 ciphertext: The ciphertext 50 tag: The GCM TAG 51 52 Raises: 53 None 54 """ 55 56 iv = os.urandom(12) 57 58 encryptor = Cipher( 59 algorithms.AES(key), modes.GCM(iv), 60 backend=default_backend()).encryptor() 61 62 encryptor.authenticate_additional_data(associated_data) 63 64 ciphertext = encryptor.update(plaintext) + encryptor.finalize() 65 66 return (iv, ciphertext, encryptor.tag) 67 68 @staticmethod 69 def decrypt(ciphertext, key, iv, tag, associated_data=''): 70 """Decrypts provided plaintext using AES-GCM. 71 72 Decrypts ciphertext with a provided key, iv, tag, and optional associated 73 data. 74 75 Args: 76 ciphertext: The ciphertext 77 key: An AES-128 key 78 iv: The IV 79 tag: The GCM Tag 80 associated_data: Associated data (optional) 81 82 Returns: 83 The plaintext 84 85 Raises: 86 cryptography.exceptions.InvalidTag 87 """ 88 89 decryptor = Cipher( 90 algorithms.AES(key), modes.GCM(iv, tag), 91 backend=default_backend()).decryptor() 92 93 decryptor.authenticate_additional_data(associated_data) 94 95 return decryptor.update(ciphertext) + decryptor.finalize() 96