RunasSudo
e555af1a0d
Always use cryptography AESSIV implementation even for zero-length plaintext See https://github.com/pyca/cryptography/issues/10958 and https://github.com/openssl/openssl/issues/26580
37 lines
1.5 KiB
Python
37 lines
1.5 KiB
Python
# cryptomator-utils: Python utilities for inspecting Cryptomator drives
|
|
# Copyright (C) 2024-2025 Lee Yingtong Li (RunasSudo)
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
from cryptography.hazmat.primitives.ciphers.aead import AESSIV
|
|
from cryptography.hazmat.primitives.ciphers.algorithms import AES
|
|
from cryptography.hazmat.primitives.cmac import CMAC
|
|
|
|
import struct
|
|
|
|
def aes_siv_encrypt(primary_master_key, hmac_master_key, plaintext, associated_data):
|
|
"""
|
|
Encrypt the given bytes using AES-SIV
|
|
"""
|
|
|
|
siv_and_ciphertext = AESSIV(hmac_master_key + primary_master_key).encrypt(plaintext, associated_data)
|
|
return siv_and_ciphertext
|
|
|
|
def aes_siv_decrypt(primary_master_key, hmac_master_key, siv_and_ciphertext, associated_data):
|
|
"""
|
|
Decrypt the given AES-SIV ciphertext
|
|
"""
|
|
|
|
return AESSIV(hmac_master_key + primary_master_key).decrypt(siv_and_ciphertext, associated_data)
|