BRE/webapi/portal/crypto.py

'''Cyptographic module'''
import base64

from cryptography.fernet import Fernet, InvalidToken
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC


def _get_crypto(password: str) -> Fernet:
    _CRYPTO16_SALT = b'\xac\xaa\xc7\xae\x99\xb1\x7fO\x01\xc6\x94<R$\xf7?'
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=_CRYPTO16_SALT,
        iterations=390000,
    )
    key = base64.urlsafe_b64encode(kdf.derive(password.encode('UTF-8')))
    return Fernet(key)


def validate_password(password: str) -> bool:
    '''Validate password using test message'''
    _VERIFICATION_MESSAGE = 'Hello BRE'
    _VERIFICATION_CRYPTO = \
        'gAAAAABiMGnQn96MZkBpBE9qZRJfZ91-muMLzxMnydwcXt3ZaG6zjRt576E1waelYKxhGMazRSYwmslHpqxpgtIMSDbQSuE6_A=='
    try:
        keyphrase = decrypt(_VERIFICATION_CRYPTO, password)
        return keyphrase == _VERIFICATION_MESSAGE
    except InvalidToken:
        return False


def encrypt(message: str, password: str) -> str:
    '''Encrypt message using key locked by password'''
    crypto = _get_crypto(password)
    return crypto.encrypt(message.encode('UTF-8')).decode('UTF-8')


def encrypt_user(user_name: str, user_password: str, crypto_passwrod: str) -> str:
    '''Encrypt user password using key locked by crypto password'''
    return encrypt(user_name + user_password, crypto_passwrod)


def decrypt(ciphertext: str,  password: str):
    '''Decrypt ciphertext using key locked by password'''
    crypto = _get_crypto(password)
    return crypto.decrypt(ciphertext.encode('UTF-8')).decode('UTF-8')


def decrypt_user(user_name: str, ciphertext: str, crypto_passwrod: str) -> str:
    '''Decrypt user password using key locked by crypto password'''
    text = decrypt(ciphertext, crypto_passwrod)
    return text[len(user_name):]
Initial commit 2024-06-07 19:50:21 +03:00			`'''Cyptographic module'''`
			`import base64`

			`from cryptography.fernet import Fernet, InvalidToken`
			`from cryptography.hazmat.primitives import hashes`
			`from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC`


			`def _get_crypto(password: str) -> Fernet:`
			`_CRYPTO16_SALT = b'\xac\xaa\xc7\xae\x99\xb1\x7fO\x01\xc6\x94<R$\xf7?'`
			`kdf = PBKDF2HMAC(`
			`algorithm=hashes.SHA256(),`
			`length=32,`
			`salt=_CRYPTO16_SALT,`
			`iterations=390000,`
			`)`
			`key = base64.urlsafe_b64encode(kdf.derive(password.encode('UTF-8')))`
			`return Fernet(key)`


			`def validate_password(password: str) -> bool:`
			`'''Validate password using test message'''`
			`_VERIFICATION_MESSAGE = 'Hello BRE'`
			`_VERIFICATION_CRYPTO = \`
			`'gAAAAABiMGnQn96MZkBpBE9qZRJfZ91-muMLzxMnydwcXt3ZaG6zjRt576E1waelYKxhGMazRSYwmslHpqxpgtIMSDbQSuE6_A=='`
			`try:`
			`keyphrase = decrypt(_VERIFICATION_CRYPTO, password)`
			`return keyphrase == _VERIFICATION_MESSAGE`
			`except InvalidToken:`
			`return False`


			`def encrypt(message: str, password: str) -> str:`
			`'''Encrypt message using key locked by password'''`
			`crypto = _get_crypto(password)`
			`return crypto.encrypt(message.encode('UTF-8')).decode('UTF-8')`


			`def encrypt_user(user_name: str, user_password: str, crypto_passwrod: str) -> str:`
			`'''Encrypt user password using key locked by crypto password'''`
			`return encrypt(user_name + user_password, crypto_passwrod)`


			`def decrypt(ciphertext: str, password: str):`
			`'''Decrypt ciphertext using key locked by password'''`
			`crypto = _get_crypto(password)`
			`return crypto.decrypt(ciphertext.encode('UTF-8')).decode('UTF-8')`


			`def decrypt_user(user_name: str, ciphertext: str, crypto_passwrod: str) -> str:`
			`'''Decrypt user password using key locked by crypto password'''`
			`text = decrypt(ciphertext, crypto_passwrod)`
			`return text[len(user_name):]`