Added AESCipher that uses the Python cryptography package (in a way that is compatible and interoperable with the AESCipher that uses the pycrytodome package). Should work as a drop-in replacement.

Author: johnbywater

Makefile

@@ -15,11 +15,11 @@ install-poetry:
 
 .PHONY: install
 install:
-	$(POETRY) install --sync --extras "crypto" --with "docs" -vv $(opts)
+	$(POETRY) install --sync --extras "crypto cryptography" --with "docs" -vv $(opts)
 
 .PHONY: install-packages
 install-packages:
-	$(POETRY) install --sync --no-root --extras "crypto" --with "docs" -vv $(opts)
+	$(POETRY) install --sync --no-root --extras "crypto cryptography" --with "docs" -vv $(opts)
 
 .PHONY: update-lockfile
 update-lockfile:

eventsourcing/cipher.py

@@ -16,7 +16,8 @@
 
 class AESCipher(Cipher):
     """
-    Cipher strategy that uses AES cipher in GCM mode.
+    Cipher strategy that uses AES cipher (in GCM mode)
+    from the Python pycryptodome package.
     """
 
     CIPHER_KEY = "CIPHER_KEY"
@@ -71,6 +72,7 @@ def encrypt(self, plaintext: bytes) -> bytes:
 
         # Return ciphertext.
         return nonce + tag + encrypted
+        # return nonce + tag + encrypted
 
     def construct_cipher(self, nonce: bytes) -> GcmMode:
         cipher = AES.new(

eventsourcing/cryptography.py

@@ -0,0 +1,96 @@
+from __future__ import annotations
+
+import os
+from base64 import b64decode, b64encode
+from typing import TYPE_CHECKING
+
+from cryptography.exceptions import InvalidTag
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+from eventsourcing.persistence import Cipher
+
+if TYPE_CHECKING:
+    from eventsourcing.utils import Environment
+
+
+class AESCipher(Cipher):
+    """
+    Cipher strategy that uses AES cipher (in GCM mode)
+    from the Python cryptography package.
+    """
+
+    CIPHER_KEY = "CIPHER_KEY"
+    KEY_SIZES = (16, 24, 32)
+
+    @staticmethod
+    def create_key(num_bytes: int) -> str:
+        """
+        Creates AES cipher key, with length num_bytes.
+
+        :param num_bytes: An int value, either 16, 24, or 32.
+
+        """
+        AESCipher.check_key_size(num_bytes)
+        key = AESGCM.generate_key(num_bytes * 8)
+        return b64encode(key).decode("utf8")
+
+    @staticmethod
+    def check_key_size(num_bytes: int) -> None:
+        if num_bytes not in AESCipher.KEY_SIZES:
+            msg = f"Invalid key size: {num_bytes} not in {AESCipher.KEY_SIZES}"
+            raise ValueError(msg)
+
+    @staticmethod
+    def random_bytes(num_bytes: int) -> bytes:
+        return os.urandom(num_bytes)
+
+    def __init__(self, environment: Environment):
+        """
+        Initialises AES cipher with ``cipher_key``.
+
+        :param str cipher_key: 16, 24, or 32 bytes encoded as base64
+        """
+        cipher_key = environment.get(self.CIPHER_KEY)
+        if not cipher_key:
+            msg = f"'{self.CIPHER_KEY}' not in env"
+            raise OSError(msg)
+        key = b64decode(cipher_key.encode("utf8"))
+        AESCipher.check_key_size(len(key))
+        self.key = key
+
+    def encrypt(self, plaintext: bytes) -> bytes:
+        """Return ciphertext for given plaintext."""
+
+        # Construct AES-GCM cipher, with 96-bit nonce.
+        aesgcm = AESGCM(self.key)
+        nonce = AESCipher.random_bytes(12)
+        res = aesgcm.encrypt(nonce, plaintext, None)
+        # Put tag at the front for compatibility with eventsourcing.crypto.AESCipher.
+        tag = res[-16:]
+        encrypted = res[:-16]
+        return nonce + tag + encrypted
+
+    def decrypt(self, ciphertext: bytes) -> bytes:
+        """Return plaintext for given ciphertext."""
+
+        # Split out the nonce, tag, and encrypted data.
+        nonce = ciphertext[:12]
+        if len(nonce) != 12:
+            msg = "Damaged cipher text: invalid nonce length"
+            raise ValueError(msg)
+
+        # Expect tag at the front.
+        tag = ciphertext[12:28]
+        if len(tag) != 16:
+            msg = "Damaged cipher text: invalid tag length"
+            raise ValueError(msg)
+        encrypted = ciphertext[28:]
+
+        aesgcm = AESGCM(self.key)
+        try:
+            plaintext = aesgcm.decrypt(nonce, encrypted + tag, None)
+        except InvalidTag as e:
+            msg = "Invalid cipher tag"
+            raise ValueError(msg) from e
+        # Decrypt and verify.
+        return plaintext

poetry.lock

@@ -41,14 +41,16 @@ keywords=[
 ]
 
 [tool.poetry.dependencies]
-python = ">=3.8,<4.0"
+python = ">=3.8,<4.0,!=3.9.0,!=3.9.1"
 typing_extensions = "*"
 "backports.zoneinfo" = { version = "*", python =  "<3.9" }
 pycryptodome = { version = "~3.22", optional = true }
+cryptography = { version = "~44.0", optional = true }
 psycopg = { version = "<=3.2.99999", optional = true, extras=["c,pool"]}
 
 [tool.poetry.extras]
 crypto = ["pycryptodome"]
+cryptography = ["cryptography"]
 postgres = ["psycopg"]
 
 [tool.poetry.group.dev.dependencies]

pyproject.toml

@@ -0,0 +1,25 @@
+from unittest import TestCase
+
+import eventsourcing.cipher as pycryptodome
+from eventsourcing import cryptography
+from eventsourcing.utils import Environment
+
+
+class TestAesCipherInteroperability(TestCase):
+    def test(self):
+        environment = Environment()
+        key = pycryptodome.AESCipher.create_key(16)
+        environment["CIPHER_KEY"] = key
+
+        aes_pycryptodome = pycryptodome.AESCipher(environment)
+        aes_cryptography = cryptography.AESCipher(environment)
+
+        plain_text = b"some text"
+        encrypted_text = aes_pycryptodome.encrypt(plain_text)
+        recovered_text = aes_cryptography.decrypt(encrypted_text)
+        self.assertEqual(plain_text, recovered_text)
+
+        plain_text = b"some text"
+        encrypted_text = aes_cryptography.encrypt(plain_text)
+        recovered_text = aes_pycryptodome.decrypt(encrypted_text)
+        self.assertEqual(plain_text, recovered_text)

tests/persistence_tests/test_aes_cryptodome_crytography_interoperability.py

@@ -0,0 +1,96 @@
+from base64 import b64encode
+from unittest.case import TestCase
+
+from eventsourcing.cryptography import AESCipher
+from eventsourcing.utils import Environment
+
+
+class TestAESCipher(TestCase):
+    def test_createkey(self):
+        environment = Environment()
+
+        # Valid key lengths.
+        key = AESCipher.create_key(16)
+        environment["CIPHER_KEY"] = key
+        AESCipher(environment)
+
+        key = AESCipher.create_key(24)
+        environment["CIPHER_KEY"] = key
+        AESCipher(environment)
+
+        key = AESCipher.create_key(32)
+        environment["CIPHER_KEY"] = key
+        AESCipher(environment)
+
+        # Non-valid key lengths (on generate key).
+        with self.assertRaises(ValueError):
+            AESCipher.create_key(12)
+
+        with self.assertRaises(ValueError):
+            AESCipher.create_key(20)
+
+        with self.assertRaises(ValueError):
+            AESCipher.create_key(28)
+
+        with self.assertRaises(ValueError):
+            AESCipher.create_key(36)
+
+        # Non-valid key lengths (on construction).
+        def create_key(num_bytes):
+            return b64encode(AESCipher.random_bytes(num_bytes)).decode("utf8")
+
+        key = create_key(12)
+        environment["CIPHER_KEY"] = key
+        with self.assertRaises(ValueError):
+            AESCipher(environment)
+
+        key = create_key(20)
+        environment["CIPHER_KEY"] = key
+        with self.assertRaises(ValueError):
+            AESCipher(environment)
+
+        key = create_key(28)
+        environment["CIPHER_KEY"] = key
+        with self.assertRaises(ValueError):
+            AESCipher(environment)
+
+        key = create_key(36)
+        environment["CIPHER_KEY"] = key
+        with self.assertRaises(ValueError):
+            AESCipher(environment)
+
+        with self.assertRaises(OSError):
+            AESCipher(Environment())
+
+    def test_encrypt_and_decrypt(self):
+        environment = Environment()
+
+        key = AESCipher.create_key(16)
+        environment["CIPHER_KEY"] = key
+
+        # Check plain text can be encrypted and recovered.
+        plain_text = b"some text"
+        cipher = AESCipher(environment)
+        cipher_text = cipher.encrypt(plain_text)
+        cipher = AESCipher(environment)
+        recovered_text = cipher.decrypt(cipher_text)
+        self.assertEqual(recovered_text, plain_text)
+
+        # Check raises on invalid nonce.
+        with self.assertRaises(ValueError):
+            cipher.decrypt(cipher_text[:10])
+
+        # Check raises on invalid tag.
+        with self.assertRaises(ValueError):
+            cipher.decrypt(cipher_text[:20])
+
+        # Check raises on invalid data.
+        with self.assertRaises(ValueError):
+            cipher.decrypt(cipher_text[:30])
+
+        # Check raises on invalid key.
+        key = AESCipher.create_key(16)
+        environment["CIPHER_KEY"] = key
+        cipher = AESCipher(environment)
+        with self.assertRaises(ValueError):
+            cipher.decrypt(cipher_text)

tests/persistence_tests/test_aes_cryptography.py

@@ -59,6 +59,9 @@ def create_key(num_bytes):
         with self.assertRaises(ValueError):
             AESCipher(environment)
 
+        with self.assertRaises(OSError):
+            AESCipher(Environment())
+
     def test_encrypt_and_decrypt(self):
         environment = Environment()