pylibressl.cipher

Symmetric ciphers

Includes both authenticated and not authenticated modes and onion ciphering.

Non-authenticated example:

>>> from pylibressl.cipher import GOST89_CTR
>>> key, iv = b'1'*GOST89_CTR.key_length(), b'2'*GOST89_CTR.iv_length()
>>> data = b'Some data to be encoded'
>>> encoded_data = GOST89_CTR(key, iv).encrypt(data)

Authenticated example:

>>> from pylibresl.cipher import GOST89_HMAC_Streebog512
>>>
>>> data = b'Attack at dawn'
>>> key = b'ñ' * GOST89_HMAC_Streebog512.CIPHER_TYPE.key_length()
>>> iv = b':' * GOST89_HMAC_Streebog512.CIPHER_TYPE.iv_length()
>>> ciphertext, auth_code = GOST89_HMAC_Streebog512(key, iv).encrypt(data)
>>>
>>> # Decryption:
>>> decrypted = GOST89_HMAC_Streebog512(key, iv).decrypt(ciphertext, auth_code)
>>> assert decrypted == data

AEAD (AES-GCM) example:

>>> from pylibressl.cipher import AES256_GCM
>>>
>>> data = b'PIN code is 1234'
>>> key = b'1' * AES256_GCM.key_length()
>>> iv = b'2' * AES256_GCM.iv_length()
>>> aad = b'Credit card data for John Doe'   # additional authenticated data
>>> ciphertext, tag = AES256_GCM(key, iv).encrypt(data, aad=aad)
>>>
>>> # Decryption:
>>> decrypted = AES256_GCM(key, iv).decrypt(data, tag, aad=aad)
>>> assert data == decrypted

Onion ciphering:

>>> from pylibressl.cipher import Onion_AES256_GOST89, AES256_GCM, GOST89_CTR
>>>
>>> key1 = b'ð' * AES256_GCM.key_length()
>>> iv1 = b'ñ' * AES256_GCM.iv_length()
>>> key2 = b'ò' * GOST89_CTR.key_length()
>>> iv2 = b'ó' * GOST89_CTR.iv_length()
>>> key_list = [(key1, iv1), (key2, iv2)]
>>>
>>> data = b'Attack at dawn.'
>>>
>>> ciphertext, auth_codes = Onion_AES256_GOST89(key_list).encrypt(data)
>>> decrypted = Onion_AES256_GOST89(key_list).decrypt(data, auth_codes)
>>> assert data == decrypted

Package Contents

Classes

AES256_GCM

AES 256-bit cipher in GCM (Galois counter) mode.

CipherHMAC

Ready to use cipher+HMAC combination.

AES256_CBC

AES 256-bit cipher in CBC (cipher block chaining) mode.

AES256_CTR

AES 256-bit cipher in CTR (counter) mode.

GOST89_CTR

GOST R 28147-89 256-bit cipher in CTR (counter) mode.

OnionCipher

Onion ciphering.

Attributes

MODE_CTR

MODE_GCM

MODE_CBC

BLOCK_MODES

AES256_HMAC_SHA512

GOST89_HMAC_Streebog512

Onion_AES256_GOST89

AES256

pylibressl.cipher.MODE_CTR = 1
pylibressl.cipher.MODE_GCM = 2
pylibressl.cipher.MODE_CBC = 3
pylibressl.cipher.BLOCK_MODES
class pylibressl.cipher.AES256_GCM(key, iv)

Bases: BaseCipherGCM

AES 256-bit cipher in GCM (Galois counter) mode.

_CIPHER_ID
_MODE
class pylibressl.cipher.CipherHMAC(key, iv)

Bases: BaseCipherAuth

Ready to use cipher+HMAC combination.

classmethod new(cls, cipher_type, hash_type, name='NewCipherHMAC')

Create new cipher+HMAC type.

encrypt(self, data)

Encrypt a message.

Parameters

data – data to encrypt as a byte string

Returns

encrypted message and authencity code as byte strings

decrypt(self, data, auth_code)

Encrypt a message.

Parameters

  • data – data to encrypt as a byte string

  • auth_code – authencity code as byte strings

Returns

decrypted message

pylibressl.cipher.AES256_HMAC_SHA512
pylibressl.cipher.GOST89_HMAC_Streebog512
class pylibressl.cipher.AES256_CBC(key, iv)

Bases: BaseCipherNoauth

AES 256-bit cipher in CBC (cipher block chaining) mode.

_CIPHER_ID
_MODE
class pylibressl.cipher.AES256_CTR(key, iv)

Bases: BaseCipherNoauth

AES 256-bit cipher in CTR (counter) mode.

_CIPHER_ID
_MODE
class pylibressl.cipher.GOST89_CTR(key, iv)

Bases: BaseCipherNoauth

GOST R 28147-89 256-bit cipher in CTR (counter) mode.

_CIPHER_ID
_MODE
class pylibressl.cipher.OnionCipher(key_list)

Bases: object

Onion ciphering.

classmethod new(cls, cipher_list_, name='NewOnionCipher')

Create new onion cipher chain.

Ciphers are set in encryption order.

encrypt(self, data)

Encrypt a message.

decrypt(self, data, auth_codes)

Decrypt a message.

pylibressl.cipher.Onion_AES256_GOST89
pylibressl.cipher.AES256