libervia-backend: libervia/backend/memory/crypto.py annotate

annotate libervia/backend/memory/crypto.py @ 4309:b56b1eae7994

component email gateway: add multicasting: XEP-0033 multicasting is now supported both for incoming and outgoing messages. XEP-0033 metadata are converted to suitable Email headers and vice versa. Email address and JID are both supported, and delivery is done by the gateway when suitable on incoming messages. rel 450

author	Goffi <goffi@goffi.org>
date	Thu, 26 Sep 2024 16:12:01 +0200
parents	0d7bb4df2343
children

rev	line source
3028 ab2696e34d29 Python 3 port: Goffi <goffi@goffi.org> parents: 2771 diff changeset	1 #!/usr/bin/env python3
3137 559a625a236b fixed shebangs Goffi <goffi@goffi.org> parents: 3136 diff changeset	2
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	3 # SAT: a jabber client
3479 be6d91572633 date update Goffi <goffi@goffi.org> parents: 3160 diff changeset	4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org)
1766 d17772b0fe22 copyright update Goffi <goffi@goffi.org> parents: 1396 diff changeset	5 # Copyright (C) 2013-2016 Adrien Cossa (souliane@mailoo.org)
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	6
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	7 # This program is free software: you can redistribute it and/or modify
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	8 # it under the terms of the GNU Affero General Public License as published by
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	9 # the Free Software Foundation, either version 3 of the License, or
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	10 # (at your option) any later version.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	11
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	12 # This program is distributed in the hope that it will be useful,
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	15 # GNU Affero General Public License for more details.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	16
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	17 # You should have received a copy of the GNU Affero General Public License
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	19
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	20 from os import urandom
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	21 from base64 import b64encode, b64decode
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	22 from cryptography.hazmat.primitives import hashes
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	23 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	24 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	25 from cryptography.hazmat.backends import default_backend
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	26
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	27
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	28 crypto_backend = default_backend()
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	29
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	30
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	31 class BlockCipher:
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	32
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	33 BLOCK_SIZE = 16
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	34 MAX_KEY_SIZE = 32
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	35 IV_SIZE = BLOCK_SIZE # initialization vector size, 16 bits
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	36
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	37 @staticmethod
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	38 def encrypt(key, text, leave_empty=True):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	39 """Encrypt a message.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	40
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	41 Based on http://stackoverflow.com/a/12525165
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	42
1098 77cd312d32c4 memory: fixes encoding issues during encryption souliane <souliane@mailoo.org> parents: 1028 diff changeset	43 @param key (unicode): the encryption key
77cd312d32c4 memory: fixes encoding issues during encryption souliane <souliane@mailoo.org> parents: 1028 diff changeset	44 @param text (unicode): the text to encrypt
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	45 @param leave_empty (bool): if True, empty text will be returned "as is"
3040 fee60f17ebac jp: jp asyncio port: Goffi <goffi@goffi.org> parents: 3028 diff changeset	46 @return (D(str)): base-64 encoded encrypted message
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	47 """
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	48 if leave_empty and text == "":
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	49 return ""
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3479 diff changeset	50 iv = BlockCipher.get_random_key()
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	51 key = key.encode()
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	52 key = (
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	53 key[: BlockCipher.MAX_KEY_SIZE]
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	54 if len(key) >= BlockCipher.MAX_KEY_SIZE
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	55 else BlockCipher.pad(key)
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	56 )
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	57
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	58 cipher = Cipher(algorithms.AES(key), modes.CFB8(iv), backend=crypto_backend)
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	59 encryptor = cipher.encryptor()
4270 0d7bb4df2343 Reformatted code base using black. Goffi <goffi@goffi.org> parents: 4071 diff changeset	60 encrypted = (
0d7bb4df2343 Reformatted code base using black. Goffi <goffi@goffi.org> parents: 4071 diff changeset	61 encryptor.update(BlockCipher.pad(text.encode())) + encryptor.finalize()
0d7bb4df2343 Reformatted code base using black. Goffi <goffi@goffi.org> parents: 4071 diff changeset	62 )
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	63 return b64encode(iv + encrypted).decode()
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	64
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	65 @staticmethod
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	66 def decrypt(key, ciphertext, leave_empty=True):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	67 """Decrypt a message.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	68
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	69 Based on http://stackoverflow.com/a/12525165
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	70
1098 77cd312d32c4 memory: fixes encoding issues during encryption souliane <souliane@mailoo.org> parents: 1028 diff changeset	71 @param key (unicode): the decryption key
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	72 @param ciphertext (base-64 encoded str): the text to decrypt
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	73 @param leave_empty (bool): if True, empty ciphertext will be returned "as is"
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	74 @return: Deferred: str or None if the password could not be decrypted
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	75 """
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	76 if leave_empty and ciphertext == "":
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	77 return ""
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	78 ciphertext = b64decode(ciphertext)
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	79 iv, ciphertext = (
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	80 ciphertext[: BlockCipher.IV_SIZE],
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	81 ciphertext[BlockCipher.IV_SIZE :],
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	82 )
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	83 key = key.encode()
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	84 key = (
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	85 key[: BlockCipher.MAX_KEY_SIZE]
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	86 if len(key) >= BlockCipher.MAX_KEY_SIZE
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	87 else BlockCipher.pad(key)
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	88 )
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	89
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	90 cipher = Cipher(algorithms.AES(key), modes.CFB8(iv), backend=crypto_backend)
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	91 decryptor = cipher.decryptor()
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	92 decrypted = decryptor.update(ciphertext) + decryptor.finalize()
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	93 return BlockCipher.unpad(decrypted)
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	94
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	95 @staticmethod
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3479 diff changeset	96 def get_random_key(size=None, base64=False):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	97 """Return a random key suitable for block cipher encryption.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	98
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	99 Note: a good value for the key length is to make it as long as the block size.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	100
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	101 @param size: key length in bytes, positive or null (default: BlockCipher.IV_SIZE)
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	102 @param base64: if True, encode the result to base-64
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	103 @return: str (eventually base-64 encoded)
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	104 """
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	105 if size is None or size < 0:
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	106 size = BlockCipher.IV_SIZE
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	107 key = urandom(size)
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	108 return b64encode(key) if base64 else key
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	109
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	110 @staticmethod
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	111 def pad(s):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	112 """Method from http://stackoverflow.com/a/12525165"""
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	113 bs = BlockCipher.BLOCK_SIZE
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	114 return s + (bs - len(s) % bs) * (chr(bs - len(s) % bs)).encode()
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	115
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	116 @staticmethod
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	117 def unpad(s):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	118 """Method from http://stackoverflow.com/a/12525165"""
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	119 s = s.decode()
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	120 return s[0 : -ord(s[-1])]
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	121
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	122
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	123 class PasswordHasher:
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	124
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	125 SALT_LEN = 16 # 128 bits
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	126
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	127 @staticmethod
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	128 def hash(password, salt=None, leave_empty=True):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	129 """Hash a password.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	130
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	131 @param password (str): the password to hash
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	132 @param salt (base-64 encoded str): if not None, use the given salt instead of a random value
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	133 @param leave_empty (bool): if True, empty password will be returned "as is"
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	134 @return: Deferred: base-64 encoded str
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	135 """
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	136 if leave_empty and password == "":
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	137 return ""
2624 56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	138 salt = (
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	139 b64decode(salt)[: PasswordHasher.SALT_LEN]
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	140 if salt
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	141 else urandom(PasswordHasher.SALT_LEN)
56f94936df1e code style reformatting using black Goffi <goffi@goffi.org> parents: 2562 diff changeset	142 )
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	143
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	144 # we use PyCrypto's PBKDF2 arguments while porting to crytography, to stay
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	145 # compatible with existing installations. But this is temporary and we need
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	146 # to update them to more secure values.
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	147 kdf = PBKDF2HMAC(
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	148 # FIXME: SHA1() is not secure, it is used here for historical reasons
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	149 # and must be changed as soon as possible
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	150 algorithm=hashes.SHA1(),
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	151 length=16,
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	152 salt=salt,
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	153 iterations=1000,
4270 0d7bb4df2343 Reformatted code base using black. Goffi <goffi@goffi.org> parents: 4071 diff changeset	154 backend=crypto_backend,
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	155 )
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	156 key = kdf.derive(password.encode())
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	157 return b64encode(salt + key).decode()
3028 ab2696e34d29 Python 3 port: Goffi <goffi@goffi.org> parents: 2771 diff changeset	158
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	159 @staticmethod
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	160 def verify(attempt, pwd_hash):
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	161 """Verify a password attempt.
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	162
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	163 @param attempt (str): the attempt to check
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	164 @param pwd_hash (str): the hash of the password
1028 127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	165 @return: Deferred: boolean
127c96020022 memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks souliane <souliane@mailoo.org> parents: diff changeset	166 """
3040 fee60f17ebac jp: jp asyncio port: Goffi <goffi@goffi.org> parents: 3028 diff changeset	167 assert isinstance(attempt, str)
3160 330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	168 assert isinstance(pwd_hash, str)
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	169 leave_empty = pwd_hash == ""
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	170 attempt_hash = PasswordHasher.hash(attempt, pwd_hash, leave_empty)
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	171 assert isinstance(attempt_hash, str)
330a5f1d9eea core (memory/crypto): replaced `PyCrypto` by `cryptography`: Goffi <goffi@goffi.org> parents: 3137 diff changeset	172 return attempt_hash == pwd_hash

Mercurial > libervia-backend

annotate libervia/backend/memory/crypto.py @ 4309:b56b1eae7994