jgaunt/pykmip
2
0
Fork 0
mirror of https://github.com/openkmip/pykmip synced 2025-12-23 19:53:24 +00:00
Code Issues Releases Wiki Activity

Add decryption support to the server cryptography engine

Browse Source 
This change adds decryption functionality to the cryptographic
engine used by the server. It supports a variety of symmetric
decryption algorithms and block cipher modes. Asymmetric
decryption support will be added in a future patch.

Unit tests and minor updates to surrounding code are included.
This commit is contained in:
Peter Hamilton
2017-06-27 14:05:28 -04:00
parent e18dd54599
commit 60bd56066e
3 changed files with 307 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
kmip/services/server/crypto/api.py
View File

@@ -121,3 +121,36 @@ class CryptographicEngine(object):
was needed by the encryption scheme and if it was
automatically generated for the encryption
"""
@abstractmethod
def decrypt(self,
decryption_algorithm,
decryption_key,
cipher_text,
cipher_mode=None,
padding_method=None,
iv_nonce=None):
"""
Decrypt data using symmetric decryption.
Args:
decryption_algorithm (CryptographicAlgorithm): An enumeration
specifying the symmetric decryption algorithm to use for
decryption.
decryption_key (bytes): The bytes of the symmetric key to use for
decryption.
cipher_text (bytes): The bytes to be decrypted.
cipher_mode (BlockCipherMode): An enumeration specifying the
block cipher mode to use with the decryption algorithm.
Required in the general case. Optional if the decryption
algorithm is RC4 (aka ARC4). If optional, defaults to None.
padding_method (PaddingMethod): An enumeration specifying the
padding method to use on the data after decryption. Required
if the cipher mode is for block ciphers (e.g., CBC, ECB).
Optional otherwise, defaults to None.
iv_nonce (bytes): The IV/nonce value to use to initialize the mode
of the decryption algorithm. Optional, defaults to None.
Returns:
bytes: the bytes of the decrypted data
"""