baseimage-tutorial-framework/lib/tfw/crypto.py

# Copyright (C) 2018 Avatao.com Innovative Learning Kft.
# All Rights Reserved. See LICENSE file for details.

from functools import wraps
from base64 import b64encode, b64decode
from copy import deepcopy
from hashlib import md5

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.hashes import SHA256
from cryptography.hazmat.primitives.hmac import HMAC as _HMAC
from cryptography.exceptions import InvalidSignature

from tfw.networking import message_bytes


def message_checksum(message):
    return md5(message_bytes(message)).hexdigest()


def sign_message(key, message):
    signature = message_signature(key, message)
    message['signature'] = b64encode(signature).decode()


def message_signature(key, message):
    return HMAC(key, message_bytes(message)).signature


def verify_message(key, message):
    message = deepcopy(message)
    try:
        signature_b64 = message.pop('signature')
        signature = b64decode(signature_b64)
        actual_signature = message_signature(key, message)
        return signature == actual_signature
    except KeyError:
        return False


class HMAC:
    def __init__(self, key, message):
        self.key = key
        self.message = message
        self._hmac = _HMAC(
            key=key,
            algorithm=SHA256(),
            backend=default_backend()
        )

    def _reload_if_finalized(f):
        # pylint: disable=no-self-argument,not-callable
        @wraps(f)
        def wrapped(instance, *args, **kwargs):
            if getattr(instance, '_finalized', False):
                instance.__init__(instance.key, instance.message)
            ret_val = f(instance, *args, **kwargs)
            setattr(instance, '_finalized', True)
            return ret_val
        return wrapped

    @property
    @_reload_if_finalized
    def signature(self):
        self._hmac.update(self.message)
        signature = self._hmac.finalize()
        return signature

    @_reload_if_finalized
    def verify(self, signature):
        self._hmac.update(self.message)
        try:
            self._hmac.verify(signature)
            return True
        except InvalidSignature:
            return False
Add crypto module with HMAC-SHA256 implementation 2018-07-15 15:27:35 +00:00			`# Copyright (C) 2018 Avatao.com Innovative Learning Kft.`
			`# All Rights Reserved. See LICENSE file for details.`

			`from functools import wraps`
Implement message signing and verification logic 2018-07-15 15:29:16 +00:00			`from base64 import b64encode, b64decode`
			`from copy import deepcopy`
Move message checksum logic to crypto.py 2018-07-15 15:30:19 +00:00			`from hashlib import md5`
Add crypto module with HMAC-SHA256 implementation 2018-07-15 15:27:35 +00:00
			`from cryptography.hazmat.backends import default_backend`
			`from cryptography.hazmat.primitives.hashes import SHA256`
			`from cryptography.hazmat.primitives.hmac import HMAC as _HMAC`
			`from cryptography.exceptions import InvalidSignature`

Implement message signing and verification logic 2018-07-15 15:29:16 +00:00			`from tfw.networking import message_bytes`


Move message checksum logic to crypto.py 2018-07-15 15:30:19 +00:00			`def message_checksum(message):`
			`return md5(message_bytes(message)).hexdigest()`


Implement message signing and verification logic 2018-07-15 15:29:16 +00:00			`def sign_message(key, message):`
Refactor message signing and verifying logic 2018-07-16 08:29:06 +00:00			`signature = message_signature(key, message)`
Implement message signing and verification logic 2018-07-15 15:29:16 +00:00			`message['signature'] = b64encode(signature).decode()`


Refactor message signing and verifying logic 2018-07-16 08:29:06 +00:00			`def message_signature(key, message):`
			`return HMAC(key, message_bytes(message)).signature`


Implement message signing and verification logic 2018-07-15 15:29:16 +00:00			`def verify_message(key, message):`
			`message = deepcopy(message)`
			`try:`
			`signature_b64 = message.pop('signature')`
			`signature = b64decode(signature_b64)`
Refactor message signing and verifying logic 2018-07-16 08:29:06 +00:00			`actual_signature = message_signature(key, message)`
Implement message signing and verification logic 2018-07-15 15:29:16 +00:00			`return signature == actual_signature`
			`except KeyError:`
			`return False`

Add crypto module with HMAC-SHA256 implementation 2018-07-15 15:27:35 +00:00
			`class HMAC:`
			`def __init__(self, key, message):`
			`self.key = key`
			`self.message = message`
			`self._hmac = _HMAC(`
			`key=key,`
			`algorithm=SHA256(),`
			`backend=default_backend()`
			`)`

			`def _reload_if_finalized(f):`
			`# pylint: disable=no-self-argument,not-callable`
			`@wraps(f)`
			`def wrapped(instance, args, *kwargs):`
			`if getattr(instance, '_finalized', False):`
			`instance.__init__(instance.key, instance.message)`
			`ret_val = f(instance, args, *kwargs)`
			`setattr(instance, '_finalized', True)`
			`return ret_val`
			`return wrapped`

			`@property`
			`@_reload_if_finalized`
			`def signature(self):`
			`self._hmac.update(self.message)`
			`signature = self._hmac.finalize()`
			`return signature`

			`@_reload_if_finalized`
			`def verify(self, signature):`
			`self._hmac.update(self.message)`
			`try:`
			`self._hmac.verify(signature)`
			`return True`
			`except InvalidSignature:`
			`return False`