diff options
| -rw-r--r-- | cryptography/bindings/openssl/api.py | 2 | ||||
| -rw-r--r-- | cryptography/primitives/block/modes.py | 9 | ||||
| -rw-r--r-- | cryptography/primitives/interfaces.py | 4 | ||||
| -rw-r--r-- | docs/primitives/symmetric-encryption.rst | 19 | ||||
| -rw-r--r-- | tests/primitives/test_openssl_vectors.py | 12 | ||||
| -rw-r--r-- | tests/primitives/vectors/OpenSSL/AES/aes-128-ctr.txt | 4 | ||||
| -rw-r--r-- | tests/primitives/vectors/OpenSSL/AES/aes-192-ctr.txt | 4 | ||||
| -rw-r--r-- | tests/primitives/vectors/OpenSSL/AES/aes-256-ctr.txt | 5 |
8 files changed, 59 insertions, 0 deletions
diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py index f1a2c087..79ec5eea 100644 --- a/cryptography/bindings/openssl/api.py +++ b/cryptography/bindings/openssl/api.py @@ -103,6 +103,8 @@ class API(object): assert evp_cipher != self.ffi.NULL if isinstance(mode, interfaces.ModeWithInitializationVector): iv_nonce = mode.initialization_vector + elif isinstance(mode, interfaces.ModeWithNonce): + iv_nonce = mode.nonce else: iv_nonce = self.ffi.NULL diff --git a/cryptography/primitives/block/modes.py b/cryptography/primitives/block/modes.py index 9cfbca64..221e7393 100644 --- a/cryptography/primitives/block/modes.py +++ b/cryptography/primitives/block/modes.py @@ -44,6 +44,15 @@ class CFB(object): self.initialization_vector = initialization_vector +class CTR(object): + name = "CTR" + + def __init__(self, nonce): + super(CTR, self).__init__() + self.nonce = nonce + + interfaces.ModeWithInitializationVector.register(CBC) interfaces.ModeWithInitializationVector.register(OFB) interfaces.ModeWithInitializationVector.register(CFB) +interfaces.ModeWithNonce.register(CTR) diff --git a/cryptography/primitives/interfaces.py b/cryptography/primitives/interfaces.py index 6f74ccf7..c1fc9910 100644 --- a/cryptography/primitives/interfaces.py +++ b/cryptography/primitives/interfaces.py @@ -20,3 +20,7 @@ import six class ModeWithInitializationVector(six.with_metaclass(abc.ABCMeta)): pass + + +class ModeWithNonce(six.with_metaclass(abc.ABCMeta)): + pass diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst index c4bbf0a5..7899e67d 100644 --- a/docs/primitives/symmetric-encryption.rst +++ b/docs/primitives/symmetric-encryption.rst @@ -77,6 +77,25 @@ Modes reuse an ``initialization_vector`` with a given ``key``. + +.. class:: cryptography.primitives.block.modes.CTR(nonce) + + .. warning:: + + Counter mode is not recommended for use with block ciphers that have a + block size of less than 128-bits. + + CTR (Counter) is a mode of operation for block ciphers. It is considered + cryptographically strong. + + :param bytes nonce: Should be random bytes. It is critical to never reuse a + ``nonce`` with a given key. Any reuse of a nonce + with the same key compromises the security of every + message encrypted with that key. Must be the same + number of bytes as the ``block_size`` of the cipher + with a given key. The nonce does not need to be kept + secret and may be included alongside the ciphertext. + .. class:: cryptography.primitives.block.modes.OFB(initialization_vector) OFB (Output Feedback) is a mode of operation for block ciphers. It diff --git a/tests/primitives/test_openssl_vectors.py b/tests/primitives/test_openssl_vectors.py index 6e32eca6..5b2be784 100644 --- a/tests/primitives/test_openssl_vectors.py +++ b/tests/primitives/test_openssl_vectors.py @@ -59,3 +59,15 @@ class TestCamelliaCFB(object): only_if=lambda api: api.supports_cipher("camellia-128-cfb"), skip_message="Does not support Camellia CFB", ) + + +class TestAESCTR(object): + test_OpenSSL = generate_encrypt_test( + load_openssl_vectors_from_file, + "AES", + ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"], + lambda key, iv: ciphers.AES(binascii.unhexlify(key)), + lambda key, iv: modes.CTR(binascii.unhexlify(iv)), + only_if=lambda api: api.supports_cipher("aes-128-ctr"), + skip_message="Does not support AES CTR", + ) diff --git a/tests/primitives/vectors/OpenSSL/AES/aes-128-ctr.txt b/tests/primitives/vectors/OpenSSL/AES/aes-128-ctr.txt new file mode 100644 index 00000000..f4ce15eb --- /dev/null +++ b/tests/primitives/vectors/OpenSSL/AES/aes-128-ctr.txt @@ -0,0 +1,4 @@ +# AES Counter test vectors from RFC3686 +aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1 +aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1 +aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1 diff --git a/tests/primitives/vectors/OpenSSL/AES/aes-192-ctr.txt b/tests/primitives/vectors/OpenSSL/AES/aes-192-ctr.txt new file mode 100644 index 00000000..9e166fc4 --- /dev/null +++ b/tests/primitives/vectors/OpenSSL/AES/aes-192-ctr.txt @@ -0,0 +1,4 @@ +# AES Counter test vectors from RFC3686 +aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1 +aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1 +aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1 diff --git a/tests/primitives/vectors/OpenSSL/AES/aes-256-ctr.txt b/tests/primitives/vectors/OpenSSL/AES/aes-256-ctr.txt new file mode 100644 index 00000000..d4998750 --- /dev/null +++ b/tests/primitives/vectors/OpenSSL/AES/aes-256-ctr.txt @@ -0,0 +1,5 @@ +# AES Counter test vectors from RFC3686 +aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1 +aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1 +aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1 + |