Module: crypto_provider

class doubleratchet.recommended.crypto_provider.CryptoProvider[source]

Bases: ABC

Abstraction of the cryptographic operations needed by this package to allow for different backend implementations.

abstractmethod async static hkdf_derive(hash_function, length, salt, info, key_material)[source]
Parameters:

  • hash_function (HashFunction) – The hash function to parameterize the HKDF with.

  • length (int) – The number of bytes to derive.

  • salt (bytes) – The salt input for the HKDF.

  • info (bytes) – The info input for the HKDF.

  • key_material (bytes) – The input key material to derive from.

Return type:

bytes

Returns:

The derived key material.

abstractmethod async static hmac_calculate(key, hash_function, data)[source]
Parameters:

  • key (bytes) – The authentication key.

  • hash_function (HashFunction) – The hash function to parameterize the HMAC with.

  • data (bytes) – The data to authenticate.

Return type:

bytes

Returns:

The authentication tag.

abstractmethod async static aes_cbc_encrypt(key, initialization_vector, plaintext)[source]

Encrypt plaintext with AES-CBC. The plaintext is padded with PKCS#7 before encryption.

Parameters:

  • key (bytes) – The AES key. Either 128, 192 or 256 bits.

  • initialization_vector (bytes) – The initialization vector as needed by AES-CBC.

  • plaintext (bytes) – The plaintext.

Return type:

bytes

Returns:

The ciphertext obtained by padding the plaintext with PKCS#7 and then encrypting it with AES-CBC.

abstractmethod async static aes_cbc_decrypt(key, initialization_vector, ciphertext)[source]

Decrypt plaintext with AES-CBC. The plaintext is unpadded with PKCS#7 after decryption.

Parameters:

  • key (bytes) – The AES key. Either 128, 192 or 256 bits.

  • initialization_vector (bytes) – The initialization vector as needed by AES-CBC.

  • ciphertext (bytes) – The ciphertext.

Return type:

bytes

Returns:

The plaintext obtained by decrypting it with AES-CBC and unpadding the result with PKCS#7.

Raises:

DecryptionFailedException – on decryption or unpadding failure.

class doubleratchet.recommended.crypto_provider.HashFunction(*values)[source]

Bases: Enum

Enumeration of the three hash functions that can be used with doubleratchet.recommended.aead_aes_hmac.AEAD, doubleratchet.recommended.kdf_hkdf.KDF and doubleratchet.recommended.kdf_separate_hmacs.KDF. The three hash functions are SHA-256, SHA-512, and truncated SHA-512 to 256 bits.

SHA_256 = 'SHA_256'
SHA_512 = 'SHA_512'
SHA_512_256 = 'SHA_512_256'
property hash_size: int

Returns: The byte size of the hashes produced by this hash function.