forked from Scifabric/pybossa
-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #78 from bloomberg/crowd-1221-file-encryption
Crowd 1221 file encryption
- Loading branch information
Showing
17 changed files
with
601 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
import base64 | ||
from hashlib import sha256 | ||
import os | ||
|
||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes | ||
from cryptography.hazmat.backends import default_backend | ||
import six | ||
|
||
|
||
class AESWithGCM(object): | ||
|
||
def __init__(self, key, iv_length=12, tag_length=16): | ||
""" | ||
Encrypt/Decrypt text using AES256 and GCM. The input to the encrypt | ||
method and the output of decrypt method are base64 encoded byte | ||
strings with the following structure: | ||
- the first byte of the string is the lenght of the IV in bytes | ||
- the remaining is the concatenation of IV + ciphertext + tag | ||
@param key: the secret key, unhashed | ||
@param iv_length: length of the initialization vector. Only needed for | ||
encryption. | ||
@param tag_length (bytes): only needed for decryption. Encryption always | ||
produces 16 bytes tags. | ||
""" | ||
self.iv_length = iv_length | ||
self.tag_length = tag_length | ||
self.key = self._hash_key(key) | ||
|
||
@staticmethod | ||
def _hash_key(key): | ||
_hash = sha256() | ||
_hash.update(key) | ||
return _hash.digest() | ||
|
||
def get_cipher(self, iv, tag=None): | ||
backend = default_backend() | ||
mode = modes.GCM(iv, tag) | ||
algo = algorithms.AES(self.key) | ||
return Cipher(algo, mode, backend) | ||
|
||
def encrypt(self, string): | ||
""" | ||
@param string: a byte string to encrypt | ||
""" | ||
iv = os.urandom(self.iv_length) | ||
encryptor = self.get_cipher(iv).encryptor() | ||
ct = encryptor.update(string) + encryptor.finalize() | ||
tag = encryptor.tag | ||
encrypted = six.int2byte(self.iv_length) + iv + ct + tag | ||
return base64.b64encode(encrypted) | ||
|
||
def _split_ciphertext(self, string): | ||
iv_length = six.byte2int(string[0]) | ||
iv = string[1:iv_length + 1] | ||
ciphertext = string[iv_length + 1:-self.tag_length] | ||
tag = string[-self.tag_length:] | ||
return iv, ciphertext, tag | ||
|
||
def decrypt(self, string): | ||
''' | ||
@param string: expected to be base64 encoded. | ||
Return a byte string | ||
''' | ||
decoded = base64.b64decode(string) | ||
iv, ciphertext, tag = self._split_ciphertext(decoded) | ||
decryptor = self.get_cipher(iv, tag).decryptor() | ||
return decryptor.update(ciphertext) + decryptor.finalize() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.