def bcrypt_check_pw(self, password_string, hashed_pw_str): """ Bcrypt-based password checker. Takes a raw string password and compares it to the hash of a previously hashed password, returning True if the passwords match, or False if not. Bcrypt functions are to be used where ever you are storing a user's password, but do not ever want to be able to "know" their password directly. We only need to know if the password they supplied is correct or not. If bcrypt is not installed on the system, the comparison is just a comparison of the two supplied strings. :Args: :passphrase: 32 URL-safe Base64 encoded bytes :data: string data or password to encrypt :encoding: encoding (string). :returns: a string repr of the encrypted data """ if not bcrypt: print( "\x1b\x5b\x33\x33\x6dWARNING! Package `bcrypt` is not installed" ". Therefore, `crypt` is only doing a string comparison of the " "'hash' and the 'password'! \x1b\x5b\x30\x6d" ) if password_string == hashed_pw_str: return True else: return False password_bytes = py_bytes(password_string, self.encoding) hashed_pw = py_bytes(hashed_pw_str, self.encoding) return bcrypt.checkpw(password_bytes, hashed_pw)
def decrypt(self, encrypted_str_data): """ Decrypt password using cryptography Fernet. :Args: :passphrase: 32 URL-safe Base64 encoded bytes :returns: a string repr of the decrypted data. Returns False if decrypt fails """ if not Fernet: print( "\x1b\x5b\x33\x33\x6dWARNING! Package `cryptography` is not " "installed... `Crypt.decrypt` did not do anything! " "\x1b\x5b\x30\x6d" ) return encrypted_str_data cipher = Fernet(self.passphrase) encrypted_byte_data = py_bytes(encrypted_str_data, self.encoding) try: decrypted_bytes = cipher.decrypt(encrypted_byte_data) except: # data could not be decryted (probably wrong salt/passphrase) return False return py_str(decrypted_bytes, self.encoding)
def phrase_to_url_safebytes(pass_phrase, encoding='utf-8', salt=b'AAAAA'): """return 32, url-safe, base64 encoded bytes from a string""" passphrase = py_bytes(pass_phrase, encoding) if not Fernet: return passphrase backend = default_backend() salt_b = py_bytes(salt, encoding) kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=32, salt=salt_b, iterations=100000, backend=backend ) return urlsafe_b64encode(kdf.derive(passphrase))
def bcrypt_make_hash(self, password_string): """ Use bcrypt to hash a password and return a string repr of the hash. Bcrypt functions are to be used where ever you are storing a user's password, but do not ever want to be able to "know" their password directly. We only need to know if the password they supplied is correct or not. """ if not bcrypt: print( "\x1b\x5b\x33\x33\x6dWARNING! Package `bcrypt` is not installed. " "Therefore, `crypt` could not create a hash for this password!" " \x1b\x5b\x30\x6d" % password_string) return False password_bytes = py_bytes(password_string, self.encoding) hashed_bytes = bcrypt.hashpw(password_bytes, bcrypt.gensalt()) return py_str(hashed_bytes, self.encoding)
def encrypt(self, data): """Encrypt password using cryptography Fernet. :Args: :passphrase: 32 URL-safe Base64 encoded bytes :data: string data or password to encrypt :returns: a string repr of the encrypted data """ if not Fernet: print( "\x1b\x5b\x33\x33\x6dWARNING! Package `cryptography` is not " "installed. Therefore, `crypt` did not actually encrypt the data: " "`%s`. It was simply returned as plain text" "! \x1b\x5b\x30\x6d" % data) return data cipher = Fernet(self.passphrase) byte_data = py_bytes(data, self.encoding) encrypted_bytes = cipher.encrypt(byte_data) return py_str(encrypted_bytes, self.encoding)
def write(self, message): if type(message) is str: message = py_bytes(message, self.wrapper.encoding) self.socket.send(message)
def send(self, payload): pay = py_bytes("%s\n" % payload, self.encoding) if self.socket: self.socket.send(pay) else: return False