encrypt data with AES-CBC and sign it with HMAC-SHA256
(self, data)
| 1997 | return key[: -cls.SIG_SIZE], key[-cls.SIG_SIZE :] |
| 1998 | |
| 1999 | def encrypt(self, data): |
| 2000 | """ |
| 2001 | encrypt data with AES-CBC and sign it with HMAC-SHA256 |
| 2002 | """ |
| 2003 | aes_key, hmac_key = self.keys |
| 2004 | pad = self.AES_BLOCK_SIZE - len(data) % self.AES_BLOCK_SIZE |
| 2005 | data = data + salt.utils.stringutils.to_bytes(pad * chr(pad)) |
| 2006 | iv_bytes = os.urandom(self.AES_BLOCK_SIZE) |
| 2007 | cipher = Cipher(algorithms.AES(aes_key), modes.CBC(iv_bytes)) |
| 2008 | encryptor = cipher.encryptor() |
| 2009 | encr = encryptor.update(data) |
| 2010 | encr += encryptor.finalize() |
| 2011 | data = iv_bytes + encr |
| 2012 | sig = hmac.new(hmac_key, data, hashlib.sha256).digest() |
| 2013 | return data + sig |
| 2014 | |
| 2015 | def decrypt(self, data): |
| 2016 | """ |