class CryptoService(object): def __init__(self, rsa_pub_path=None, rsa_pri_path=None, p=None, g=None): self.dh = DiffieHellman(p, g) if p is not None and g is not None else None self.encryptor = Encryptor(rsa_pub_path) self.decryptor = Decryptor(rsa_pri_path) def get_dh_pri_key(self): return self.dh.generate_private_key() def get_dh_pub_key(self, private_key): return self.dh.generate_public_key(private_key) def get_dh_secret(self, private_key, other_public_key): # TODO verify the other_public_key return self.dh.compute_secret(private_key, other_public_key) def sym_encrypt(self, secret, p_text): return self.encryptor.sym_encrypt(secret, p_text) def sym_decrypt(self, secret, c_text): return self.decryptor.sym_decrypt(secret, c_text) def rsa_decrypt(self, c_text): return self.decryptor.rsa_decrypt(c_text) def rsa_sign(self, msg): return self.decryptor.rsa_sign(msg) def rsa_verify(self, msg, sign): return self.encryptor.rsa_verify(msg, sign) def rsa_encrypt(self, p_text): return self.encryptor.rsa_encrypt(p_text) def compute_pw_hash(self, pw, salt): return hashlib.sha256(pw + salt).hexdigest() def new_sym_key(self, size=32): return os.urandom(size) @staticmethod def generate_hmac_sign(dh_key, msg): #generate digest for the cipher text with HMAC h = hmac.HMAC(dh_key, hashes.SHA256(), backend=default_backend()) h.update(msg) sign = h.finalize() return sign @staticmethod def verify_hmac_sign(dh_key, msg, sign): expect_sign = CryptoService.generate_hmac_sign(dh_key, msg) return expect_sign == sign
def __init__(self, rsa_pub_path=None, rsa_pri_path=None, p=None, g=None): self.dh = DiffieHellman(p, g) if p is not None and g is not None else None self.encryptor = Encryptor(rsa_pub_path) self.decryptor = Decryptor(rsa_pri_path)