1*e7b1675dSTing-Kang Chang // Copyright 2019 Google Inc.
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang // http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang
17*e7b1675dSTing-Kang Chang #include "tink/cc/pybind/aead.h"
18*e7b1675dSTing-Kang Chang
19*e7b1675dSTing-Kang Chang #include <string>
20*e7b1675dSTing-Kang Chang #include <utility>
21*e7b1675dSTing-Kang Chang
22*e7b1675dSTing-Kang Chang #include "pybind11/pybind11.h"
23*e7b1675dSTing-Kang Chang #include "tink/aead.h"
24*e7b1675dSTing-Kang Chang #include "tink/util/statusor.h"
25*e7b1675dSTing-Kang Chang #include "tink/cc/pybind/tink_exception.h"
26*e7b1675dSTing-Kang Chang
27*e7b1675dSTing-Kang Chang namespace crypto {
28*e7b1675dSTing-Kang Chang namespace tink {
29*e7b1675dSTing-Kang Chang
30*e7b1675dSTing-Kang Chang using pybind11::google_tink::TinkException;
31*e7b1675dSTing-Kang Chang
PybindRegisterAead(pybind11::module * module)32*e7b1675dSTing-Kang Chang void PybindRegisterAead(pybind11::module* module) {
33*e7b1675dSTing-Kang Chang namespace py = pybind11;
34*e7b1675dSTing-Kang Chang py::module& m = *module;
35*e7b1675dSTing-Kang Chang
36*e7b1675dSTing-Kang Chang // TODO(b/146492561): Reduce the number of complicated lambdas.
37*e7b1675dSTing-Kang Chang py::class_<Aead>(
38*e7b1675dSTing-Kang Chang m, "Aead",
39*e7b1675dSTing-Kang Chang "The interface for authenticated encryption with associated data. "
40*e7b1675dSTing-Kang Chang "Implementations of this interface are secure against adaptive "
41*e7b1675dSTing-Kang Chang "chosen ciphertext attacks. Encryption with associated data ensures "
42*e7b1675dSTing-Kang Chang "authenticity and integrity of that data, but not its secrecy. "
43*e7b1675dSTing-Kang Chang "(see RFC 5116, https://tools.ietf.org/html/rfc5116)")
44*e7b1675dSTing-Kang Chang
45*e7b1675dSTing-Kang Chang .def(
46*e7b1675dSTing-Kang Chang "encrypt",
47*e7b1675dSTing-Kang Chang [](const Aead &self, const py::bytes &plaintext,
48*e7b1675dSTing-Kang Chang const py::bytes &associated_data) -> py::bytes {
49*e7b1675dSTing-Kang Chang util::StatusOr<std::string> result = self.Encrypt(
50*e7b1675dSTing-Kang Chang std::string(plaintext), std::string(associated_data));
51*e7b1675dSTing-Kang Chang if (!result.ok()) {
52*e7b1675dSTing-Kang Chang throw TinkException(result.status());
53*e7b1675dSTing-Kang Chang }
54*e7b1675dSTing-Kang Chang return *std::move(result);
55*e7b1675dSTing-Kang Chang },
56*e7b1675dSTing-Kang Chang py::arg("plaintext"), py::arg("associated_data"),
57*e7b1675dSTing-Kang Chang "Encrypts 'plaintext' with 'associated_data' as associated data, "
58*e7b1675dSTing-Kang Chang "and returns the resulting ciphertext. "
59*e7b1675dSTing-Kang Chang "The ciphertext allows for checking authenticity and integrity "
60*e7b1675dSTing-Kang Chang "of the associated data, but does not guarantee its secrecy.")
61*e7b1675dSTing-Kang Chang .def(
62*e7b1675dSTing-Kang Chang "decrypt",
63*e7b1675dSTing-Kang Chang [](const Aead &self, const py::bytes &ciphertext,
64*e7b1675dSTing-Kang Chang const py::bytes &associated_data) -> py::bytes {
65*e7b1675dSTing-Kang Chang // TODO(b/145925674)
66*e7b1675dSTing-Kang Chang util::StatusOr<std::string> result = self.Decrypt(
67*e7b1675dSTing-Kang Chang std::string(ciphertext), std::string(associated_data));
68*e7b1675dSTing-Kang Chang if (!result.ok()) {
69*e7b1675dSTing-Kang Chang throw TinkException(result.status());
70*e7b1675dSTing-Kang Chang }
71*e7b1675dSTing-Kang Chang return *std::move(result);
72*e7b1675dSTing-Kang Chang },
73*e7b1675dSTing-Kang Chang py::arg("ciphertext"), py::arg("associated_data"),
74*e7b1675dSTing-Kang Chang "Decrypts 'ciphertext' with 'associated_data' as associated data, "
75*e7b1675dSTing-Kang Chang "and returns the resulting plaintext. "
76*e7b1675dSTing-Kang Chang "The decryption verifies the authenticity and integrity "
77*e7b1675dSTing-Kang Chang "of the associated data, but there are no guarantees wrt. secrecy "
78*e7b1675dSTing-Kang Chang "of that data.");
79*e7b1675dSTing-Kang Chang }
80*e7b1675dSTing-Kang Chang
81*e7b1675dSTing-Kang Chang } // namespace tink
82*e7b1675dSTing-Kang Chang } // namespace crypto
83