Crypt4GH Container
The documentation of these modules and classes should NOT be considered a stable API and is subject to change in the future. However, it should always be reflecting the current internal implementation.
Common Interfaces
oarepo_c4gh.crypt4gh.common
A convenience module providing all common interfaces in one bundle.
DataBlock
This class represents single data block - either successfully decrypted or opaque.
Source code in oarepo_c4gh/crypt4gh/common/data_block.py
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
|
ciphertext: bytes
property
The encrypted data of the whole packet accessor.
Returns:
Type | Description |
---|---|
bytes
|
The ecrypted packet as-is. |
cleartext: Optional[bytes]
property
The decrypted data of the packet accessor.
Returns:
Type | Description |
---|---|
Optional[bytes]
|
The cleartext of the packet contents if available, None otherwise. |
dek_index
property
Returns the DEK index (to avoid leaking the actual key)
is_deciphered: bool
property
Predicate to test whether the cleartext contents of this packet can be read.
offset
property
Returns the offset this block starts at (in original cleartext data)
size
property
Returns the size of cleartext data of this packet - regardless of whether it was deciphered.
__init__(enc: bytes, clear: Optional[bytes], idx: Optional[int], off: Optional[int]) -> None
Initializes all the data block instance properties.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
enc
|
bytes
|
encrypted data of the packet including nonce and MAC |
required |
clear
|
Optional[bytes]
|
decrypted packet data - if available |
required |
Source code in oarepo_c4gh/crypt4gh/common/data_block.py
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
|
Header
Bases: Protocol
This is a protocol class which guarantees that a header packets collection is available by its descendants. The properties provided are a list of packets - both readable and unreadable - and header metadata fields magic_bytes and version.
Source code in oarepo_c4gh/crypt4gh/common/header.py
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
|
magic_bytes: bytes
property
Must return the original magic bytes.
packets: list
property
Must return original or transformed list of header packets.
version: int
property
Must return the version of the loaded/transformer container. Must always return 1.
HeaderPacket
Represents a single Crypt4GH header packet. If it was possible to decrypt it, the parsed contents are made available as well.
Source code in oarepo_c4gh/crypt4gh/common/header_packet.py
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
|
content: bytes
property
Returns the encrypted packet content.
data_encryption_key: bytes
property
Getter for the symmetric encryption key.
Returns:
Type | Description |
---|---|
bytes
|
32 bytes of the symmetric key. |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderPacketException
|
if this packet does not contain DEK |
is_data_encryption_parameters: bool
property
A predicate for checking whether this packet contains DEK.
Returns:
Type | Description |
---|---|
bool
|
True if this packet was successfully decrypted and it is |
bool
|
an encryption parameters type packet. |
is_edit_list: bool
property
A predicate for checking whether this packet contains edit list.
Returns:
Type | Description |
---|---|
bool
|
True if it is a successfully decrypted edit list packet. |
is_readable: bool
property
A predicate for checking whether the packet was successfully decrypted.
length: int
property
Returns the packet length in bytes - including the packet length 4-byte value at the beginning.
packet_data: bytes
property
Returns the original packet data (for serialization).
packet_type: int
property
Returns the numerical representation of packet type.
reader_key: bytes
property
Returns public key used for decrypting this header packet or None if the decryption was not successful.
__init__(packet_length, packet_data, content, reader_key, packet_type, data_encryption_method, data_encryption_key)
Initializes the packet structure with all fields given.
Source code in oarepo_c4gh/crypt4gh/common/header_packet.py
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
|
Proto4GH
Bases: Protocol
A protocol ensuring a header and data packets are available.
Source code in oarepo_c4gh/crypt4gh/common/proto4gh.py
11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
|
data_blocks: Generator[DataBlock, None, None]
property
Must be a single-use iterator for data blocks.
header: Header
property
Must return an implementaiton of abstract header.
Protocols
oarepo_c4gh.crypt4gh.common.header
Protocol for header implementation.
Header
Bases: Protocol
This is a protocol class which guarantees that a header packets collection is available by its descendants. The properties provided are a list of packets - both readable and unreadable - and header metadata fields magic_bytes and version.
Source code in oarepo_c4gh/crypt4gh/common/header.py
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
|
magic_bytes: bytes
property
Must return the original magic bytes.
packets: list
property
Must return original or transformed list of header packets.
version: int
property
Must return the version of the loaded/transformer container. Must always return 1.
oarepo_c4gh.crypt4gh.common.proto4gh
Protocol for container implementation.
Proto4GH
Bases: Protocol
A protocol ensuring a header and data packets are available.
Source code in oarepo_c4gh/crypt4gh/common/proto4gh.py
11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
|
data_blocks: Generator[DataBlock, None, None]
property
Must be a single-use iterator for data blocks.
header: Header
property
Must return an implementaiton of abstract header.
Data Structures
oarepo_c4gh.crypt4gh.common.header_packet
Header packet data structure.
HeaderPacket
Represents a single Crypt4GH header packet. If it was possible to decrypt it, the parsed contents are made available as well.
Source code in oarepo_c4gh/crypt4gh/common/header_packet.py
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
|
content: bytes
property
Returns the encrypted packet content.
data_encryption_key: bytes
property
Getter for the symmetric encryption key.
Returns:
Type | Description |
---|---|
bytes
|
32 bytes of the symmetric key. |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderPacketException
|
if this packet does not contain DEK |
is_data_encryption_parameters: bool
property
A predicate for checking whether this packet contains DEK.
Returns:
Type | Description |
---|---|
bool
|
True if this packet was successfully decrypted and it is |
bool
|
an encryption parameters type packet. |
is_edit_list: bool
property
A predicate for checking whether this packet contains edit list.
Returns:
Type | Description |
---|---|
bool
|
True if it is a successfully decrypted edit list packet. |
is_readable: bool
property
A predicate for checking whether the packet was successfully decrypted.
length: int
property
Returns the packet length in bytes - including the packet length 4-byte value at the beginning.
packet_data: bytes
property
Returns the original packet data (for serialization).
packet_type: int
property
Returns the numerical representation of packet type.
reader_key: bytes
property
Returns public key used for decrypting this header packet or None if the decryption was not successful.
__init__(packet_length, packet_data, content, reader_key, packet_type, data_encryption_method, data_encryption_key)
Initializes the packet structure with all fields given.
Source code in oarepo_c4gh/crypt4gh/common/header_packet.py
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
|
oarepo_c4gh.crypt4gh.common.data_block
This module implements thin layer on top of data blocks read from the container.
DataBlock
This class represents single data block - either successfully decrypted or opaque.
Source code in oarepo_c4gh/crypt4gh/common/data_block.py
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
|
ciphertext: bytes
property
The encrypted data of the whole packet accessor.
Returns:
Type | Description |
---|---|
bytes
|
The ecrypted packet as-is. |
cleartext: Optional[bytes]
property
The decrypted data of the packet accessor.
Returns:
Type | Description |
---|---|
Optional[bytes]
|
The cleartext of the packet contents if available, None otherwise. |
dek_index
property
Returns the DEK index (to avoid leaking the actual key)
is_deciphered: bool
property
Predicate to test whether the cleartext contents of this packet can be read.
offset
property
Returns the offset this block starts at (in original cleartext data)
size
property
Returns the size of cleartext data of this packet - regardless of whether it was deciphered.
__init__(enc: bytes, clear: Optional[bytes], idx: Optional[int], off: Optional[int]) -> None
Initializes all the data block instance properties.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
enc
|
bytes
|
encrypted data of the packet including nonce and MAC |
required |
clear
|
Optional[bytes]
|
decrypted packet data - if available |
required |
Source code in oarepo_c4gh/crypt4gh/common/data_block.py
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
|
Container Stream
oarepo_c4gh.crypt4gh.crypt4gh
This module implements a simple convenience wrapper Crypt4GH on top of actual Stream4GH implementation.
Crypt4GH
Bases: Stream4GH
This class differs only in its name from the underlying Stream4GH.
Source code in oarepo_c4gh/crypt4gh/crypt4gh.py
9 10 11 12 13 |
|
oarepo_c4gh.crypt4gh.stream
A convenience module providing all stream classes in one bundle.
Stream4GH
Bases: Proto4GH
An instance of this class represents a Crypt4GH container and provides stream processing capabilities of both header packets and data blocks. The input is processed lazily as needed and the header packets are stored for future processing within the instance. The data blocks stream can be used only once.
Source code in oarepo_c4gh/crypt4gh/stream/stream4gh.py
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
|
analyzer
property
For direct access to analyzer and its results.
clear_blocks: Generator[DataBlock, None, None]
property
Single-use iterator for deciphered blocks only.
data_blocks: Generator[DataBlock, None, None]
property
Single-use iterator for data blocks.
Raises:
Type | Description |
---|---|
Crypt4GHProcessedException
|
if called second time |
header: StreamHeader
property
Accessor for the container header object.
Returns:
Type | Description |
---|---|
StreamHeader
|
The contents of the parsed header. |
__init__(reader_key: Union[Key, KeyCollection], istream: io.RawIOBase, decrypt: bool = True, analyze: bool = False) -> None
Initializes the instance by storing the reader_key and the input stream. Verifies whether the reader key can perform symmetric key derivation.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
reader_key
|
Union[Key, KeyCollection]
|
the key used for reading the container |
required |
istream
|
RawIOBase
|
the container input stream |
required |
decrypt
|
bool
|
if True, attempt to decrypt the data blocks |
True
|
Source code in oarepo_c4gh/crypt4gh/stream/stream4gh.py
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
|
StreamHeader
Bases: Header
The constructor of this class loads the Crypt4GH header from given stream.
Source code in oarepo_c4gh/crypt4gh/stream/header.py
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
|
deks: DEKCollection
property
Returns the collection of Data Encryption Keys obtained by processing all header packets. Ensures the header packets were actually processed before returning the reference.
Returns:
Type | Description |
---|---|
DEKCollection
|
The DEK Collection. |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if packets needed to be loaded and something went wrong |
magic_bytes: bytes
property
Returns the original magic bytes from the beginning of the container.
packets: list
property
The accessor to the direct list of header packets.
Returns:
Type | Description |
---|---|
list
|
List of header packets. |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if the reader key cannot perform symmetric key derivation |
reader_keys_used: list[bytes]
property
Returns all reader public keys successfully used in any packets decryption.
version: int
property
Returns the version of this container format (must always return 1).
__init__(reader_key_or_collection: Union[Key, KeyCollection], istream: io.RawIOBase, analyzer: Analyzer = None) -> None
Checks the Crypt4GH container signature, version and header packet count. The header packets are loaded lazily when needed.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
reader_key_or_collection
|
Union[Key, KeyCollection]
|
the key used for trying to decrypt header packets (must include the private part) or collection of keys |
required |
istream
|
RawIOBase
|
the container input stream |
required |
analyzer
|
Analyzer
|
analyzer for storing packet readability information |
None
|
Source code in oarepo_c4gh/crypt4gh/stream/header.py
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
|
load_packets() -> None
Loads the packets from the input stream and discards the key. It populates the internal Data Encryption Key collection for later use during this process.
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if the reader key cannot perform symmetric key derivation |
Source code in oarepo_c4gh/crypt4gh/stream/header.py
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
|
StreamHeaderPacket
Bases: HeaderPacket
Loads the header packet from stream.
Source code in oarepo_c4gh/crypt4gh/stream/header_packet.py
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
|
__init__(reader_keys: KeyCollection, istream: io.RawIOBase) -> None
Tries parsing a single packet from given input stream and stores it for future processing. If it is possible to decrypt the packet with given reader key, the contents are parsed and interpreted as well.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
reader_keys
|
KeyCollection
|
the key collection used for decryption attempts |
required |
istream
|
RawIOBase
|
the container input stream |
required |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderPacketException
|
if any problem in parsing the packet occurs. |
Source code in oarepo_c4gh/crypt4gh/stream/header_packet.py
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
|
oarepo_c4gh.crypt4gh.stream.header_packet
Implementation of single Crypt4GH header packet stream parser.
StreamHeaderPacket
Bases: HeaderPacket
Loads the header packet from stream.
Source code in oarepo_c4gh/crypt4gh/stream/header_packet.py
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
|
__init__(reader_keys: KeyCollection, istream: io.RawIOBase) -> None
Tries parsing a single packet from given input stream and stores it for future processing. If it is possible to decrypt the packet with given reader key, the contents are parsed and interpreted as well.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
reader_keys
|
KeyCollection
|
the key collection used for decryption attempts |
required |
istream
|
RawIOBase
|
the container input stream |
required |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderPacketException
|
if any problem in parsing the packet occurs. |
Source code in oarepo_c4gh/crypt4gh/stream/header_packet.py
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
|
oarepo_c4gh.crypt4gh.stream.header
This module implements the class responsible for loading Crypt4GH from given input stream.
StreamHeader
Bases: Header
The constructor of this class loads the Crypt4GH header from given stream.
Source code in oarepo_c4gh/crypt4gh/stream/header.py
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
|
deks: DEKCollection
property
Returns the collection of Data Encryption Keys obtained by processing all header packets. Ensures the header packets were actually processed before returning the reference.
Returns:
Type | Description |
---|---|
DEKCollection
|
The DEK Collection. |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if packets needed to be loaded and something went wrong |
magic_bytes: bytes
property
Returns the original magic bytes from the beginning of the container.
packets: list
property
The accessor to the direct list of header packets.
Returns:
Type | Description |
---|---|
list
|
List of header packets. |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if the reader key cannot perform symmetric key derivation |
reader_keys_used: list[bytes]
property
Returns all reader public keys successfully used in any packets decryption.
version: int
property
Returns the version of this container format (must always return 1).
__init__(reader_key_or_collection: Union[Key, KeyCollection], istream: io.RawIOBase, analyzer: Analyzer = None) -> None
Checks the Crypt4GH container signature, version and header packet count. The header packets are loaded lazily when needed.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
reader_key_or_collection
|
Union[Key, KeyCollection]
|
the key used for trying to decrypt header packets (must include the private part) or collection of keys |
required |
istream
|
RawIOBase
|
the container input stream |
required |
analyzer
|
Analyzer
|
analyzer for storing packet readability information |
None
|
Source code in oarepo_c4gh/crypt4gh/stream/header.py
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
|
load_packets() -> None
Loads the packets from the input stream and discards the key. It populates the internal Data Encryption Key collection for later use during this process.
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if the reader key cannot perform symmetric key derivation |
Source code in oarepo_c4gh/crypt4gh/stream/header.py
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
|
check_crypt4gh_magic(magic_bytes: bytes) -> None
Checks given bytes whether they match the required Crypt4GH magic bytes.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
magic_bytes
|
bytes
|
the bytes to check |
required |
Raises:
Type | Description |
---|---|
Crypt4GHHeaderException
|
if not enough or incorrect bytes |
Source code in oarepo_c4gh/crypt4gh/stream/header.py
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
|
oarepo_c4gh.crypt4gh.stream.stream4gh
A module containing the Crypt4GH stream loading class.
Stream4GH
Bases: Proto4GH
An instance of this class represents a Crypt4GH container and provides stream processing capabilities of both header packets and data blocks. The input is processed lazily as needed and the header packets are stored for future processing within the instance. The data blocks stream can be used only once.
Source code in oarepo_c4gh/crypt4gh/stream/stream4gh.py
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
|
analyzer
property
For direct access to analyzer and its results.
clear_blocks: Generator[DataBlock, None, None]
property
Single-use iterator for deciphered blocks only.
data_blocks: Generator[DataBlock, None, None]
property
Single-use iterator for data blocks.
Raises:
Type | Description |
---|---|
Crypt4GHProcessedException
|
if called second time |
header: StreamHeader
property
Accessor for the container header object.
Returns:
Type | Description |
---|---|
StreamHeader
|
The contents of the parsed header. |
__init__(reader_key: Union[Key, KeyCollection], istream: io.RawIOBase, decrypt: bool = True, analyze: bool = False) -> None
Initializes the instance by storing the reader_key and the input stream. Verifies whether the reader key can perform symmetric key derivation.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
reader_key
|
Union[Key, KeyCollection]
|
the key used for reading the container |
required |
istream
|
RawIOBase
|
the container input stream |
required |
decrypt
|
bool
|
if True, attempt to decrypt the data blocks |
True
|
Source code in oarepo_c4gh/crypt4gh/stream/stream4gh.py
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
|
Data Keys
oarepo_c4gh.crypt4gh.dek
Module with Data Encryption Key wrapper.
DEK
Data Encryption Key with reference to the Key that unlocked it.
Source code in oarepo_c4gh/crypt4gh/dek.py
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
|
dek: bytes
property
The Data Encryption Key - directly usable by symmetric cryptography functions.
key: Key
property
Bytes representation of the public key that unlocked this DEK.
__init__(dek: bytes, key: bytes) -> None
Initializes the wrapper.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
dek
|
bytes
|
the symmetric Data Encryption Key |
required |
key
|
bytes
|
public key that unlocked this DEK |
required |
Source code in oarepo_c4gh/crypt4gh/dek.py
15 16 17 18 19 20 21 22 23 24 25 |
|
oarepo_c4gh.crypt4gh.dek_collection
This module provides a persistent storage for multiple Data Encryption Keys and automates the mechanisms used for decrypting individual Data Blocks. It ensures the last working DEK is always tried first and properly reports decryption failure if no key managed to decrypt the data.
DEKCollection
This class contains a list of Data Encryption Keys and provides functionality for the Header4GH reader to add new DEKs. When fully populated it can be then used for decrypting a stream of Data Blocks.
Source code in oarepo_c4gh/crypt4gh/dek_collection.py
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
|
count: int
property
The current number of DEKs in the collection.
empty: bool
property
True if there are no DEKs available.
__init__() -> None
Initializes an empty collection.
Source code in oarepo_c4gh/crypt4gh/dek_collection.py
25 26 27 28 |
|
add_dek(dek: DEK) -> None
Adds a new dek to the collection if it is not already there.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
dek
|
DEK
|
a Data Encryption Key to add |
required |
Source code in oarepo_c4gh/crypt4gh/dek_collection.py
51 52 53 54 55 56 57 58 59 60 |
|
contains_dek(dek: DEK) -> bool
Check for duplicate DEKS.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
dek
|
DEK
|
a Data Encryption Key to check |
required |
Returns:
Type | Description |
---|---|
bool
|
True if given DEK is already contained. |
Source code in oarepo_c4gh/crypt4gh/dek_collection.py
40 41 42 43 44 45 46 47 48 49 |
|
decrypt_packet(istream: io.RawIOBase) -> (bytes, bytes, int)
Internal procedure for decrypting single data block from the stream. If there is not enough data (for example at EOF), two None values are returned. If the block cannot be decrypted using known DEKs, the encrypted version is returned as-is and None is returned as the cleartext version. If the block can be decrypted, both the ciphertext and cleartext versions are returned.
Updates current key upon successfull decryption so that subsequent attempts will try this key first.
Tries all DEKs in the collection in circular order until all have been tried or one succeeded.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
istream
|
RawIOBase
|
input stream with data blocks |
required |
Returns:
Type | Description |
---|---|
(bytes, bytes, int)
|
Two values, the first representing the encrypted version of the data block and second one containing decrypted contents if possible. Both are none when no packet has been read. |
Source code in oarepo_c4gh/crypt4gh/dek_collection.py
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
|
Auxilliary Functions and Analyzer
oarepo_c4gh.crypt4gh.util
Miscellaneous helper functions for Crypt4GH stream processing.
parse_crypt4gh_bytes_le_uint(number_bytes: bytes, name: str, size: int) -> int
Parses size-byte little-endian binary number from given bytes handling insufficient data errors with customizable error message.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
number_bytes
|
bytes
|
the bytes to parse |
required |
name
|
str
|
optional name of the number in the error message |
required |
size
|
int
|
number of bytes the encoding should contain |
required |
Raises:
Type | Description |
---|---|
ValueError
|
if the bytes given are too short |
Source code in oarepo_c4gh/crypt4gh/util.py
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
|
read_crypt4gh_bytes_le_uint32(ibytes: bytes, offset: int, name: str = 'number') -> int
Extracts little-endian integer from given bytes object handling errors with customizable message.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
ibytes
|
bytes
|
bytes with the binary structure |
required |
offset
|
int
|
starting byte of the encoded number |
required |
name
|
str
|
optional name of the number in the error message |
'number'
|
Raises:
Type | Description |
---|---|
ValueError
|
if not enough data given |
Source code in oarepo_c4gh/crypt4gh/util.py
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
|
read_crypt4gh_stream_le_uint32(istream: io.RawIOBase, name: str = 'number') -> int
Reads little-endian integer from given stream handling read errors with customizable error message.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
istream
|
RawIOBase
|
the container input stream |
required |
name
|
str
|
optional name of the number in the error message |
'number'
|
Raises:
Type | Description |
---|---|
ValueError
|
if not enough data can be read |
Source code in oarepo_c4gh/crypt4gh/util.py
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
|
oarepo_c4gh.crypt4gh.analyzer
Module with the Crypt4GH container analyzer.
Analyzer
The instance of this class keeps track of readable header packets and accessible data blocks and provides summary results about these.
Source code in oarepo_c4gh/crypt4gh/analyzer.py
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
|
__init__()
Initializes the instance with empty lists and no key information.
Source code in oarepo_c4gh/crypt4gh/analyzer.py
16 17 18 19 20 21 22 |
|
analyze_block(block: DataBlock) -> None
Analyzes single data block and adds the result into the block_info list.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
block
|
DataBlock
|
data block information class instance |
required |
Source code in oarepo_c4gh/crypt4gh/analyzer.py
39 40 41 42 43 44 45 46 47 48 49 50 |
|
analyze_packet(packet: HeaderPacket) -> None
Analyzes single header packet and adds the result into the packet_info list.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
packet
|
HeaderPacket
|
single header packet instance |
required |
Source code in oarepo_c4gh/crypt4gh/analyzer.py
24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
|
to_dict() -> dict
Returns dictionary representation of the analysis.
Source code in oarepo_c4gh/crypt4gh/analyzer.py
52 53 54 55 56 57 58 |
|
Stream Filtering
oarepo_c4gh.crypt4gh.filter
Empty
Base Filter
oarepo_c4gh.crypt4gh.filter.filter
This module implements a filtered Crypt4GH container backed by other Crypt4GH container but presenting filtered (added, changed and/or removed) header packets.
Filter
Bases: Proto4GH
The whole container filter which actually filters only header packets but for the writer the whole interface is needed.
Source code in oarepo_c4gh/crypt4gh/filter/filter.py
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
|
data_blocks: Generator[DataBlock, None, None]
property
Returns the iterator for the original data blocks.
header: Header
property
Returns the filtered header instance.
__init__(original: Proto4GH) -> None
Only prepares the filtered header and original container with original blocks.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
original
|
Proto4GH
|
the original container to be filtered. |
required |
Source code in oarepo_c4gh/crypt4gh/filter/filter.py
20 21 22 23 24 25 26 27 28 |
|
oarepo_c4gh.crypt4gh.filter.header
This module implements filtered header on top of other Header implementation. All filters should be derived from this class.
FilterHeader
Bases: Header
As the header has its own interface, this class implements such interface for filtered header.
Source code in oarepo_c4gh/crypt4gh/filter/header.py
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
|
magic_bytes: bytes
property
Returns the original data.
version: int
property
Returns the original version.
__init__(original: Header) -> None
Setup to match original.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
original
|
Header
|
The original container header. |
required |
Source code in oarepo_c4gh/crypt4gh/filter/header.py
14 15 16 17 18 19 20 21 |
|
Add Recipient Filter
oarepo_c4gh.crypt4gh.filter.add_recipient
This module implements a filtered Crypt4GH container backed by other Crypt4GH container but presenting added packets based on recipients to be added.
AddRecipientFilter
Bases: Filter
The whole container filter which actually filters only header packets but for the writer the whole interface is needed.
Source code in oarepo_c4gh/crypt4gh/filter/add_recipient.py
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
|
header: FilterHeader
property
Returns the filtered header instance.
__init__(original: Proto4GH, *recipients: List[Key]) -> None
Only prepares the filtered header and original container with original blocks.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
original
|
Proto4GH
|
the original container to be filtered. |
required |
Source code in oarepo_c4gh/crypt4gh/filter/add_recipient.py
23 24 25 26 27 28 29 30 31 32 |
|
oarepo_c4gh.crypt4gh.filter.add_recipient_header
The actual recipient adding implementation in a header filter.
AddRecipientHeader
Bases: FilterHeader
This class implements a simple filter that adds all readable packets to the packet list - but encrypted for new recipient(s).
Source code in oarepo_c4gh/crypt4gh/filter/add_recipient_header.py
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
|
packets: list
property
Returns the filtered packets with added recipients. Both edit lists and DEKs are added.
__init__(original: Header, recipients: List[Key])
Just initializes the baseline header filter and stores the list of recipients for actual processing later.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
original
|
Header
|
the original container header |
required |
recipients
|
List[Key]
|
a list of recipients' public keys to add |
required |
Source code in oarepo_c4gh/crypt4gh/filter/add_recipient_header.py
22 23 24 25 26 27 28 29 30 31 32 |
|
Only Readable Filter
oarepo_c4gh.crypt4gh.filter.only_readable
A module implementing container filter that removes all non-readable packets from its header.
OnlyReadableFilter
Bases: Filter
This class implements a container filter that filters out all non-readable packets from the header.
Source code in oarepo_c4gh/crypt4gh/filter/only_readable.py
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
|
header: FilterHeader
property
Returns the filtered header instance.
__init__(original: Proto4GH)
Initializes with original container and sets filtering header instance up.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
original
|
Proto4GH
|
the original container |
required |
Source code in oarepo_c4gh/crypt4gh/filter/only_readable.py
18 19 20 21 22 23 24 25 26 27 |
|
oarepo_c4gh.crypt4gh.filter.only_readable_header
This module implements a container header filter that passes through only readable header packets.
OnlyReadableHeader
Bases: FilterHeader
This class wraps original container header and passes on only readable packets.
Source code in oarepo_c4gh/crypt4gh/filter/only_readable_header.py
9 10 11 12 13 14 15 16 17 |
|
packets: list
property
Returns only readable packets.
Container Writer
oarepo_c4gh.crypt4gh.writer
Wrapper around container that performs stream serialization.
Crypt4GHWriter
Simple writer which performs just one operation.
Source code in oarepo_c4gh/crypt4gh/writer.py
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
|
__init__(container: Proto4GH, ostream: io.RawIOBase) -> None
Can be wrapped around originally loaded Crypt4GH container or something compatible (like filtered container).
Source code in oarepo_c4gh/crypt4gh/writer.py
12 13 14 15 16 17 18 |
|
write() -> None
Performs the write operation.
Source code in oarepo_c4gh/crypt4gh/writer.py
20 21 22 23 24 25 26 27 28 29 30 31 32 |
|