def encrypt_conn_data(cls, conn_id, data):
if not SysConfig.is_proto_encrypt():
return RET_OK, '', data
if type(data) is not bytes:
data = bytes_utf8(str(data))
len_src = len(data)
mod_tail_len = (len_src % 16)
# AES 要求源数据长度是16的整数倍, 不足的话要补0
if mod_tail_len != 0:
data += (b'\x00' * (16 - mod_tail_len))
aes_cryptor = FutuConnMng.get_conn_aes_cryptor(conn_id)
if aes_cryptor:
data = aes_cryptor.encrypt(data)
# 增加一个16字节的数据块(目前只有最后一个字节有用),如果对原数据有补数据,记录原数据最后一个数据块真实长度
data_tail = b'\x00' * 15 + bytes_utf8(chr(mod_tail_len))
data_tail = data_tail[-16:]
data += data_tail
return RET_OK, '', data
return RET_ERROR, 'invalid connid', data
def encrypt_conn_data(cls, conn_id, data):
if type(data) is not bytes:
data = bytes_utf8(str(data))
conn_info = FutuConnMng.get_conn_info(conn_id)
if not conn_info:
return RET_ERROR, 'invalid connid', data
aes_cryptor = FutuConnMng.get_conn_aes_cryptor(conn_id)
if not aes_cryptor:
return RET_ERROR, 'invalid connid', data
has_conn_iv = conn_info.get('conn_iv') is not None
if not has_conn_iv: # FTAES ECB
len_src = len(data)
mod_tail_len = (len_src % 16)
# AES 要求源数据长度是16的整数倍, 不足的话要补0
if mod_tail_len != 0:
data += (b'\x00' * (16 - mod_tail_len))
data = aes_cryptor.encrypt(data)
# 增加一个16字节的数据块(目前只有最后一个字节有用),如果对原数据有补数据,记录原数据最后一个数据块真实长度
data_tail = b'\x00' * 15 + bytes_utf8(chr(mod_tail_len))
data_tail = data_tail[-16:]
data += data_tail
return RET_OK, '', data
else: # AES CBC
data = add_pkcs7_padding(data)
return RET_OK, '', aes_cryptor.encrypt(data)
def get_conn_aes_cryptor(cls, conn_id):
conn_info = FutuConnMng.get_conn_info(conn_id)
if not conn_info:
return None
key = conn_info.get('conn_key')
iv = conn_info.get('conn_iv')
if not key:
return None
key = bytes_utf8(key)
if iv: # AES CBC加密
iv = bytes_utf8(iv)
return AES.new(key, AES.MODE_CBC, iv=iv)
else: # FTAES ECB加密
if 'aes_cryptor' not in conn_info:
cryptor = AES.new(key, AES.MODE_ECB)
conn_info['aes_cryptor'] = cryptor
return cryptor
return conn_info['aes_cryptor']
def encrypt(cls, data):
if RsaCrypt.CHIPPER is None:
rsa = SysConfig.get_init_rsa_obj()
RsaCrypt.CHIPPER = Cipher_pkcs1.new(rsa)
if type(data) is not bytes:
data = bytes_utf8(str(data))
# 单次加密串的长度最大为(key_size / 8) - 11
# 1024 bit的证书用100, 2048 bit的证书用 200
one_len = 100
ret_data = b''
for i in range(0, len(data), one_len):
ret_data += RsaCrypt.CHIPPER.encrypt(data[i:i + one_len])
return ret_data
def get_conn_aes_cryptor(cls, conn_id):
conn_info = FutuConnMng.get_conn_info(conn_id)
if not conn_info:
return None
if 'aes_cryptor' not in conn_info:
key = FutuConnMng.get_conn_key(conn_id)
if not key:
return None
key_tmp = bytes_utf8(str(key))
cryptor = AES.new(key_tmp, AES.MODE_ECB)
conn_info['aes_cryptor'] = cryptor
return cryptor
return conn_info['aes_cryptor']