summaryrefslogtreecommitdiff
path: root/src/leap/mx/vendor/pgpy/symenc.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/mx/vendor/pgpy/symenc.py')
-rw-r--r--src/leap/mx/vendor/pgpy/symenc.py58
1 files changed, 58 insertions, 0 deletions
diff --git a/src/leap/mx/vendor/pgpy/symenc.py b/src/leap/mx/vendor/pgpy/symenc.py
new file mode 100644
index 0000000..3d81a7c
--- /dev/null
+++ b/src/leap/mx/vendor/pgpy/symenc.py
@@ -0,0 +1,58 @@
+""" symenc.py
+"""
+import six
+
+from cryptography.exceptions import UnsupportedAlgorithm
+
+from cryptography.hazmat.backends import default_backend
+
+from cryptography.hazmat.primitives.ciphers import Cipher
+from cryptography.hazmat.primitives.ciphers import modes
+
+from .errors import PGPDecryptionError
+from .errors import PGPEncryptionError
+from .errors import PGPInsecureCipher
+
+__all__ = ['_encrypt',
+ '_decrypt']
+
+
+def _encrypt(pt, key, alg, iv=None):
+ if iv is None:
+ iv = b'\x00' * (alg.block_size // 8)
+
+ if alg.is_insecure:
+ raise PGPInsecureCipher("{:s} is not secure. Do not use it for encryption!".format(alg.name))
+
+ if not callable(alg.cipher):
+ raise PGPEncryptionError("Cipher {:s} not supported".format(alg.name))
+
+ try:
+ encryptor = Cipher(alg.cipher(key), modes.CFB(iv), default_backend()).encryptor()
+
+ except UnsupportedAlgorithm as ex: # pragma: no cover
+ six.raise_from(PGPEncryptionError, ex)
+
+ else:
+ return bytearray(encryptor.update(pt) + encryptor.finalize())
+
+
+def _decrypt(ct, key, alg, iv=None):
+ if iv is None:
+ """
+ Instead of using an IV, OpenPGP prefixes a string of length
+ equal to the block size of the cipher plus two to the data before it
+ is encrypted. The first block-size octets (for example, 8 octets for
+ a 64-bit block length) are random, and the following two octets are
+ copies of the last two octets of the IV.
+ """
+ iv = b'\x00' * (alg.block_size // 8)
+
+ try:
+ decryptor = Cipher(alg.cipher(key), modes.CFB(iv), default_backend()).decryptor()
+
+ except UnsupportedAlgorithm as ex: # pragma: no cover
+ six.raise_from(PGPDecryptionError, ex)
+
+ else:
+ return bytearray(decryptor.update(ct) + decryptor.finalize())
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 14:46:29 +0000