def make_fernet(key: bytes) -> Fernet: """Makes a Fernet encrypter/decrypter from the derived key. Args: key (bytes): The derived key, in bytes. Returns: A Fernet instance, which can be used to either encrypt or decrypt data. """ TypeCheck.ensure_bytes(key, "key") return Fernet(base64.urlsafe_b64encode(key))
def encode_salt(salt: bytes) -> str: """Encodes the raw salt as string. Args: salt (bytes): The raw salt, in bytes. Returns: The Base64-encoded string of the raw salt """ TypeCheck.ensure_bytes(salt, "salt") return str(base64.b64encode(salt), "utf-8")
def decrypt(self, encrypted_data: bytes) -> bytes: """Decrypts the encrypted data. Args: encrypted_data (bytes): The encrypted data to be decrypted. Returns: The decrypted data, in bytes, which is decrypted using the `Fernet` (created by `Cryptography.make_fernet`) """ TypeCheck.ensure_bytes(encrypted_data, "encrypted_data") if self.is_encrypt: raise ValueError("Not a decrypter!") fernet = Cryptographer.make_fernet(self.key) try: return fernet.decrypt(encrypted_data) except InvalidToken: raise
def encrypt(self, raw_data: bytes) -> bytes: """Encrypts raw data. Args: raw_data (bytes): The raw data to be encrypted. Returns: The encrypted data, in bytes, which is encrypted using the `Fernet` (created by `Cryptography.make_fernet`) Raises: ValueError: A decrypter is used to encrypt. """ TypeCheck.ensure_bytes(raw_data, "raw_data") if not self.is_encrypt: raise ValueError("Not an encrypter!") fernet = Cryptographer.make_fernet(self.key) return fernet.encrypt(raw_data)
def make_kdf(salt: bytes) -> PBKDF2HMAC: """Makes a key derivation function from raw salt. Args: salt (bytes): The raw salt, in bytes. Returns: A PBKDF2HMAC instance, which can be used to derive key from the authentication key. """ TypeCheck.ensure_bytes(salt, "salt") return PBKDF2HMAC( algorithm=hashes.SHA512(), length=32, salt=salt, iterations=10000, backend=default_backend(), )
def test_ensure_bytes(): assert TypeCheck.ensure_bytes(b"3123") is None assert TypeCheck.ensure_bytes(bytes(132423)) is None assert TypeCheck.ensure_bytes("n".encode()) is None with pytest.raises(TypeError): TypeCheck.ensure_bytes(8) with pytest.raises(TypeError): TypeCheck.ensure_bytes(["string"])