[Cryptography-dev] Low level API for Symmetric Encryption

Alex Gaynor alex.gaynor at gmail.com
Thu Aug 8 00:31:05 CEST 2013 

On Wed, Aug 7, 2013 at 3:27 PM, Donald Stufft <donald at stufft.io> wrote:

>
> On Aug 7, 2013, at 6:21 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:
>
> A few thoughts:
>
> a) I don't like each call to update() returning data, it seems like it
> should all be buffered in the cipher and then returned at the end.
>
>
> The idea behind returning data is it enables the ability to stream the
> cipher (albeit at whatever the block size is for block ciphers). If you
> just buffer it and return it at the end then you can't really do that. Like
> a list comprehension vs an generator.
>
>
Different API then? I think most people assume update() won't return
anything (also they'll do bufferring slowly with stuff like += on bytes).


>
> b) I assume it raises an error if you try to do anything after
> finalization?
>
>
> That'd make the most sense I think, the other alternative is garbage but I
> think that's bad.
>
>
Garbage bad.


>
> c) I think params like a MAC should just be added to __init__ for ciphers
> which need them
>
>
> Well for instance for AES-GCM when encrypting you wouldn't add anything to
> __init__, you'd just need a way to fetch the MAC data that you can use to
> authenticate the ciphertext. When decrypting you need a way to pass the MAC
> data in so it can be authenticated (so this could use __init__).
>
> The same sort of thing exists for authenticated plaintext too, when
> encrypting you need to pass it in, when decrypting you get it back out.
>

Yeah I think passing MAC on decrypt to __init__, and a method to get the
mac makes the most sense (or have finalize return a tuple?).


>
>
> d) I don't have any ideas about specifying encrypt vs. decrypt.
>
> Alex
>
>
> On Wed, Aug 7, 2013 at 3:16 PM, Donald Stufft <donald at stufft.io> wrote:
>
>> So to kick things off I'd like to get AES-GCM exposed and figured it
>> could be a good way to start the ball rolling for figuring out how we want
>> to expose symmetric ciphers at the low level API.
>>
>> I'm thinking cryptography.primitives.aes which has classes named like
>> AES128GCM, AES256CBC, etc. The obvious naming scheme being
>> AlgorithmKeysizeMode.
>>
>> classes look something like
>>
>> class AES128GCM:
>>
>>     # Information about the Cipher
>>     authenticated = True
>>     block_size = 128
>>
>>     def __init__(self, key, iv, …)
>>
>>     def update(self, plaintext)  # Updates an internal buffer as well as
>> returns the encrypted chunk of data
>>
>>     def finalize(self)  # Updates the internal buffer witth finalized
>> data and returns the same finalized data
>>
>>
>> Some open questions:
>>
>> A lot of these are going to be block ciphers, do we want to do padding
>> for people or expect them to hand us chunks of the correct block size?
>>
>> How do we decrypt vs encrypt. I think that:
>>
>>     cipher = AES128GCM(key, iv)
>>     enciphered = cipher.update(plaintext) + cipher.finalize()
>>
>>     cipher = AES128GCM(key, iv)
>>     plaintext = cipher.update(enciphered) + cipher.finalize()
>>
>> Makes a decent API here, but we need a way to make a decryption vs
>> encryption cipher. Possibly something like encrypt=True, or decrypt=True
>> (specifying both being an error)?
>>
>> Some ciphers (AES-GCM included) are authenticated and thus return (and
>> require giving) a MAC in order to authenticate it, some authenticated
>> ciphers also support the ability to pass along unencrypted but still
>> authenticated data as well. I can't think of a decent way of doing this
>> besides just adding functions (or __init__ args) to pass this data in, does
>> anyone else have any ideas?
>>
>> Any other thoughts? I'm just spitballing here so let's see what we can
>> come up with!
>>
>>
>> -----------------
>> Donald Stufft
>> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372
>> DCFA
>>
>>
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> http://mail.python.org/mailman/listinfo/cryptography-dev
>>
>>
>
>
> --
> "I disapprove of what you say, but I will defend to the death your right
> to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: 125F 5C67 DFE9 4084
>  _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> http://mail.python.org/mailman/listinfo/cryptography-dev
>
>
>
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372
> DCFA
>
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> http://mail.python.org/mailman/listinfo/cryptography-dev
>
>


-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130807/9925f1a1/attachment.html>

More information about the Cryptography-dev mailing list