Mercurial > libervia-backend
annotate src/memory/crypto.py @ 2309:c7a72b75232b
jp (shell): shell command (REPL mode), first draft:
This command launch jp in REPL mode, allowing do normal jp commands with some facilities.
Command can be selected with "cmd" (e.g. "cmd blog").
An argument can be fixed with "use" (e.g. "use output fancy").
Command is launched with "do", or directly with its name if it doesn't conflict with a shell command.
Arguments completion is still TODO (only shell commands are completed so far).
author | Goffi <goffi@goffi.org> |
---|---|
date | Thu, 06 Jul 2017 20:28:25 +0200 |
parents | 2daf7b4c6756 |
children | 8b37a62336c3 |
rev | line source |
---|---|
1934
2daf7b4c6756
use of /usr/bin/env instead of /usr/bin/python in shebang
Goffi <goffi@goffi.org>
parents:
1766
diff
changeset
|
1 #!/usr/bin/env python2 |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
2 # -*- coding: utf-8 -*- |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
3 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
4 # SAT: a jabber client |
1766 | 5 # Copyright (C) 2009-2016 Jérôme Poisson (goffi@goffi.org) |
6 # Copyright (C) 2013-2016 Adrien Cossa (souliane@mailoo.org) | |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
7 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
8 # This program is free software: you can redistribute it and/or modify |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
9 # it under the terms of the GNU Affero General Public License as published by |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
10 # the Free Software Foundation, either version 3 of the License, or |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
11 # (at your option) any later version. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
12 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
13 # This program is distributed in the hope that it will be useful, |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
16 # GNU Affero General Public License for more details. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
17 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
18 # You should have received a copy of the GNU Affero General Public License |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
19 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
20 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
21 try: |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
22 from Crypto.Cipher import AES |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
23 from Crypto.Protocol.KDF import PBKDF2 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
24 except ImportError: |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
25 raise Exception("PyCrypto is not installed.") |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
26 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
27 from os import urandom |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
28 from base64 import b64encode, b64decode |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
29 from twisted.internet.threads import deferToThread |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
30 from twisted.internet.defer import succeed |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
31 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
32 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
33 class BlockCipher(object): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
34 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
35 BLOCK_SIZE = AES.block_size # 16 bits |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
36 MAX_KEY_SIZE = AES.key_size[-1] # 32 bits = AES-256 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
37 IV_SIZE = BLOCK_SIZE # initialization vector size, 16 bits |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
38 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
39 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
40 def encrypt(cls, key, text, leave_empty=True): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
41 """Encrypt a message. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
42 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
43 Based on http://stackoverflow.com/a/12525165 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
44 |
1098
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
45 @param key (unicode): the encryption key |
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
46 @param text (unicode): the text to encrypt |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
47 @param leave_empty (bool): if True, empty text will be returned "as is" |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
48 @return: Deferred: base-64 encoded str |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
49 """ |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
50 if leave_empty and text == '': |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
51 return succeed(text) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
52 iv = BlockCipher.getRandomKey() |
1098
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
53 key = key.encode('utf-8') |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
54 key = key[:BlockCipher.MAX_KEY_SIZE] if len(key) >= BlockCipher.MAX_KEY_SIZE else BlockCipher.pad(key) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
55 cipher = AES.new(key, AES.MODE_CFB, iv) |
1098
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
56 d = deferToThread(cipher.encrypt, BlockCipher.pad(text.encode('utf-8'))) |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
57 d.addCallback(lambda ciphertext: b64encode(iv + ciphertext)) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
58 return d |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
59 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
60 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
61 def decrypt(cls, key, ciphertext, leave_empty=True): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
62 """Decrypt a message. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
63 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
64 Based on http://stackoverflow.com/a/12525165 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
65 |
1098
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
66 @param key (unicode): the decryption key |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
67 @param ciphertext (base-64 encoded str): the text to decrypt |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
68 @param leave_empty (bool): if True, empty ciphertext will be returned "as is" |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
69 @return: Deferred: str or None if the password could not be decrypted |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
70 """ |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
71 if leave_empty and ciphertext == '': |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
72 return succeed('') |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
73 ciphertext = b64decode(ciphertext) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
74 iv, ciphertext = ciphertext[:BlockCipher.IV_SIZE], ciphertext[BlockCipher.IV_SIZE:] |
1098
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
75 key = key.encode('utf-8') |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
76 key = key[:BlockCipher.MAX_KEY_SIZE] if len(key) >= BlockCipher.MAX_KEY_SIZE else BlockCipher.pad(key) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
77 cipher = AES.new(key, AES.MODE_CFB, iv) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
78 d = deferToThread(cipher.decrypt, ciphertext) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
79 d.addCallback(lambda text: BlockCipher.unpad(text)) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
80 # XXX: cipher.decrypt gives no way to make the distinction between |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
81 # a decrypted empty value and a decryption failure... both return |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
82 # the empty value. Fortunately, we detect empty passwords beforehand |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
83 # thanks to the "leave_empty" parameter which is used by default. |
1098
77cd312d32c4
memory: fixes encoding issues during encryption
souliane <souliane@mailoo.org>
parents:
1028
diff
changeset
|
84 d.addCallback(lambda text: text.decode('utf-8') if text else None) |
1028
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
85 return d |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
86 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
87 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
88 def getRandomKey(cls, size=None, base64=False): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
89 """Return a random key suitable for block cipher encryption. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
90 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
91 Note: a good value for the key length is to make it as long as the block size. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
92 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
93 @param size: key length in bytes, positive or null (default: BlockCipher.IV_SIZE) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
94 @param base64: if True, encode the result to base-64 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
95 @return: str (eventually base-64 encoded) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
96 """ |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
97 if size is None or size < 0: |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
98 size = BlockCipher.IV_SIZE |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
99 key = urandom(size) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
100 return b64encode(key) if base64 else key |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
101 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
102 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
103 def pad(self, s): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
104 """Method from http://stackoverflow.com/a/12525165""" |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
105 bs = BlockCipher.BLOCK_SIZE |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
106 return s + (bs - len(s) % bs) * chr(bs - len(s) % bs) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
107 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
108 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
109 def unpad(self, s): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
110 """Method from http://stackoverflow.com/a/12525165""" |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
111 return s[0:-ord(s[-1])] |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
112 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
113 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
114 class PasswordHasher(object): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
115 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
116 SALT_LEN = 16 # 128 bits |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
117 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
118 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
119 def hash(cls, password, salt=None, leave_empty=True): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
120 """Hash a password. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
121 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
122 @param password (str): the password to hash |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
123 @param salt (base-64 encoded str): if not None, use the given salt instead of a random value |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
124 @param leave_empty (bool): if True, empty password will be returned "as is" |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
125 @return: Deferred: base-64 encoded str |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
126 """ |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
127 if leave_empty and password == '': |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
128 return succeed(password) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
129 salt = b64decode(salt)[:PasswordHasher.SALT_LEN] if salt else urandom(PasswordHasher.SALT_LEN) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
130 d = deferToThread(PBKDF2, password, salt) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
131 d.addCallback(lambda hashed: b64encode(salt + hashed)) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
132 return d |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
133 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
134 @classmethod |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
135 def verify(cls, attempt, hashed): |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
136 """Verify a password attempt. |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
137 |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
138 @param attempt (str): the attempt to check |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
139 @param hashed (str): the hash of the password |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
140 @return: Deferred: boolean |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
141 """ |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
142 leave_empty = hashed == '' |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
143 d = PasswordHasher.hash(attempt, hashed, leave_empty) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
144 d.addCallback(lambda hashed_attempt: hashed_attempt == hashed) |
127c96020022
memory, test: added module crypto to hash passwords and encrypt/decrypt passwords or blocks
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
145 return d |