Skip to content

Class swarmauri_cipher_suite_cnsa20.Cnsa20CipherSuite.Cnsa20CipherSuite

swarmauri_cipher_suite_cnsa20.Cnsa20CipherSuite.Cnsa20CipherSuite

Bases: CipherSuiteBase

Skeleton suite for CNSA 2.0 policy.

suite_id

suite_id()
Source code in swarmauri_cipher_suite_cnsa20/Cnsa20CipherSuite.py
24
25
def suite_id(self) -> str:
    return "cnsa-2.0"

supports

supports()
Source code in swarmauri_cipher_suite_cnsa20/Cnsa20CipherSuite.py
27
28
29
30
31
32
33
def supports(self) -> Mapping[CipherOp, Iterable[Alg]]:
    return {
        "sign": _SIGN,
        "verify": _SIGN,
        "encrypt": _ENC,
        "decrypt": _ENC,
    }

default_alg

default_alg(op, *, for_key=None)
Source code in swarmauri_cipher_suite_cnsa20/Cnsa20CipherSuite.py
35
36
def default_alg(self, op: CipherOp, *, for_key: Optional[KeyRef] = None) -> Alg:
    return {"sign": "ES384", "encrypt": "A256GCM"}.get(op, "A256GCM")

features

features()
Source code in swarmauri_cipher_suite_cnsa20/Cnsa20CipherSuite.py
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
def features(self) -> Features:
    return {
        "suite": "cnsa-2.0",
        "version": 1,
        "dialects": {"jwa": list({*_SIGN, *_ENC})},
        "constraints": {
            "min_rsa_bits": 3072,
            "allowed_curves": ["P-384"],
            "hash": "SHA384",
            "aead": {"tagBits": 128, "nonceLen": 12},
        },
        "compliance": {"cnsa": True},
        "ops": {
            "sign": {"default": "ES384", "allowed": list(_SIGN)},
            "encrypt": {"default": "A256GCM", "allowed": list(_ENC)},
        },
    }

normalize

normalize(
    *, op, alg=None, key=None, params=None, dialect=None
)
Source code in swarmauri_cipher_suite_cnsa20/Cnsa20CipherSuite.py
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
def normalize(
    self,
    *,
    op: CipherOp,
    alg: Optional[Alg] = None,
    key: Optional[KeyRef] = None,
    params: Optional[ParamMapping] = None,
    dialect: Optional[str] = None,
) -> NormalizedDescriptor:
    allowed = set(self.supports().get(op, ()))
    chosen = alg or self.default_alg(op)
    if chosen not in allowed:
        raise ValueError(f"{chosen=} not supported for {op=}")

    resolved = dict(params or {})
    if chosen.endswith("GCM"):
        resolved.setdefault("tagBits", 128)
        resolved.setdefault("nonceLen", 12)

    return {
        "op": op,
        "alg": chosen,
        "dialect": "jwa" if dialect is None else dialect,
        "mapped": {"jwa": chosen, "provider": chosen},
        "params": resolved,
        "constraints": {"minKeyBits": 3072},
        "policy": self.policy(),
    }