Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 1d2901cae193cb965480835aaf96696f8eecfaab / . / cryptography / fernet.py
blob: 1c6cb5ddd58ae0b11886d0c2280ded4754084afa [file] [log] [blame]
Alex Gaynor8912d3a2013-11-02 14:04:19 -0700[diff] [blame]1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
10# implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]14import base64
Alex Gaynor69ab59e2013-10-31 15:26:43 -0700[diff] [blame]15import binascii
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]16import os
17import struct
18import time
19
Alex Gaynor3d5041c2013-10-31 15:55:33 -0700[diff] [blame]20import cffi
21
Alex Gaynorbbeba712013-10-30 14:29:58 -0700[diff] [blame]22import six
23
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]24from cryptography.hazmat.primitives import padding, hashes
25from cryptography.hazmat.primitives.hmac import HMAC
Alex Gaynordcc3f662013-11-07 14:28:16 -0800[diff] [blame]26from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]27
28
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]29class InvalidToken(Exception):
30 pass
31
32
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]33_ffi = cffi.FFI()
34_ffi.cdef("""
35bool Cryptography_constant_time_compare(uint8_t *, size_t, uint8_t *, size_t);
Alex Gaynor3d5041c2013-10-31 15:55:33 -0700[diff] [blame]36""")
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]37_lib = _ffi.verify("""
Alex Gaynor3d5041c2013-10-31 15:55:33 -0700[diff] [blame]38#include <stdbool.h>
39
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]40bool Cryptography_constant_time_compare(uint8_t *a, size_t len_a, uint8_t *b,
41 size_t len_b) {
Alex Gaynor38db2142013-10-31 16:25:25 -0700[diff] [blame]42 size_t i = 0;
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]43 uint8_t mismatch = 0;
Alex Gaynor3d5041c2013-10-31 15:55:33 -0700[diff] [blame]44 if (len_a != len_b) {
45 return false;
46 }
Alex Gaynor38db2142013-10-31 16:25:25 -0700[diff] [blame]47 for (i = 0; i < len_a; i++) {
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]48 mismatch |= a[i] ^ b[i];
Alex Gaynor3d5041c2013-10-31 15:55:33 -0700[diff] [blame]49 }
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]50
51 /* Make sure any bits set are copied to the lowest bit */
52 mismatch |= mismatch >> 4;
53 mismatch |= mismatch >> 2;
54 mismatch |= mismatch >> 1;
55 /* Now check the low bit to see if it's set */
56 return (mismatch & 1) == 0;
Alex Gaynor3d5041c2013-10-31 15:55:33 -0700[diff] [blame]57}
58""")
59
Alex Gaynor2c58bbe2013-10-31 16:31:38 -0700[diff] [blame]60
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]61class Fernet(object):
Alex Gaynor105e8132013-11-07 14:25:42 -0800[diff] [blame]62 def __init__(self, key, backend=None):
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]63 super(Fernet, self).__init__()
Alex Gaynor898fe0f2013-11-20 16:38:32 -0800[diff] [blame]64 key = base64.urlsafe_b64decode(key)
Alex Gaynorcd47c4a2013-10-31 09:46:27 -0700[diff] [blame]65 assert len(key) == 32
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]66 self.signing_key = key[:16]
67 self.encryption_key = key[16:]
Alex Gaynor105e8132013-11-07 14:25:42 -0800[diff] [blame]68 self.backend = backend
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]69
70 def encrypt(self, data):
71 current_time = int(time.time())
72 iv = os.urandom(16)
73 return self._encrypt_from_parts(data, current_time, iv)
74
75 def _encrypt_from_parts(self, data, current_time, iv):
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]76 if isinstance(data, six.text_type):
Alex Gaynorc1ea0a02013-10-31 15:03:53 -0700[diff] [blame]77 raise TypeError(
78 "Unicode-objects must be encoded before encryption"
79 )
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]80
Alex Gaynordcc3f662013-11-07 14:28:16 -0800[diff] [blame]81 padder = padding.PKCS7(algorithms.AES.block_size).padder()
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]82 padded_data = padder.update(data) + padder.finalize()
Alex Gaynordcc3f662013-11-07 14:28:16 -0800[diff] [blame]83 encryptor = Cipher(
84 algorithms.AES(self.encryption_key), modes.CBC(iv), self.backend
Alex Gaynorde36e902013-10-31 10:10:44 -0700[diff] [blame]85 ).encryptor()
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]86 ciphertext = encryptor.update(padded_data) + encryptor.finalize()
87
Alex Gaynor1d2901c2013-11-22 10:12:05 -0800[diff] [blame^]88 basic_parts = (
89 b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext
Alex Gaynor02fad002013-10-30 14:16:13 -0700[diff] [blame]90 )
Alex Gaynorbbeba712013-10-30 14:29:58 -0700[diff] [blame]91
Alex Gaynor1d2901c2013-11-22 10:12:05 -0800[diff] [blame^]92 h = HMAC(self.signing_key, hashes.SHA256(), self.backend)
93 h.update(basic_parts)
94 hmac = h.finalize()
95 return base64.urlsafe_b64encode(basic_parts + hmac)
96
97 def decrypt(self, data, ttl=None):
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]98 if isinstance(data, six.text_type):
Alex Gaynorc1ea0a02013-10-31 15:03:53 -0700[diff] [blame]99 raise TypeError(
100 "Unicode-objects must be encoded before decryption"
101 )
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]102
Alex Gaynor1d2901c2013-11-22 10:12:05 -0800[diff] [blame^]103 current_time = int(time.time())
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]104
105 try:
106 data = base64.urlsafe_b64decode(data)
Alex Gaynor69ab59e2013-10-31 15:26:43 -0700[diff] [blame]107 except (TypeError, binascii.Error):
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]108 raise InvalidToken
109
Alex Gaynor5c5342e2013-10-31 11:25:54 -0700[diff] [blame]110 assert six.indexbytes(data, 0) == 0x80
Alex Gaynorf5938482013-10-30 14:34:55 -0700[diff] [blame]111 timestamp = data[1:9]
112 iv = data[9:25]
113 ciphertext = data[25:-32]
Alex Gaynorbbeba712013-10-30 14:29:58 -0700[diff] [blame]114 if ttl is not None:
Alex Gaynor5e87dfd2013-10-31 09:46:03 -0700[diff] [blame]115 if struct.unpack(">Q", timestamp)[0] + ttl < current_time:
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]116 raise InvalidToken
Alex Gaynor105e8132013-11-07 14:25:42 -0800[diff] [blame]117 h = HMAC(self.signing_key, hashes.SHA256(), self.backend)
Alex Gaynorbbeba712013-10-30 14:29:58 -0700[diff] [blame]118 h.update(data[:-32])
Alex Gaynorfa7081a2013-11-01 16:38:25 -0700[diff] [blame]119 hmac = h.finalize()
Alex Gaynor286433d2013-11-18 10:15:20 -0800[diff] [blame]120 valid = _lib.Cryptography_constant_time_compare(
121 hmac, len(hmac), data[-32:], 32
122 )
123 if not valid:
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]124 raise InvalidToken
125
Alex Gaynordcc3f662013-11-07 14:28:16 -0800[diff] [blame]126 decryptor = Cipher(
127 algorithms.AES(self.encryption_key), modes.CBC(iv), self.backend
Alex Gaynorde36e902013-10-31 10:10:44 -0700[diff] [blame]128 ).decryptor()
Alex Gaynor2b21b122013-10-31 09:39:25 -0700[diff] [blame]129 plaintext_padded = decryptor.update(ciphertext) + decryptor.finalize()
Alex Gaynordcc3f662013-11-07 14:28:16 -0800[diff] [blame]130 unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
Alex Gaynor38f34552013-10-31 14:50:00 -0700[diff] [blame]131
132 unpadded = unpadder.update(plaintext_padded)
133 try:
134 unpadded += unpadder.finalize()
135 except ValueError:
136 raise InvalidToken
137 return unpadded