sql_app: crypto: added crypto python helper fucntions
Idea is to isolate cryptography from database managment code. Signed-off-by: HeshamTB <hishaminv@gmail.com>
This commit is contained in:
parent
3922d659da
commit
75984d1f1f
29
sql_app/crypto.py
Normal file
29
sql_app/crypto.py
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
|
||||||
|
import os
|
||||||
|
from hashlib import pbkdf2_hmac
|
||||||
|
|
||||||
|
PASS_ENCODING='utf-8'
|
||||||
|
HASH_FUNC='sha256'
|
||||||
|
NUM_ITIRATIONS=100000
|
||||||
|
|
||||||
|
def get_new_salt(n_bytes : int = 32) -> bytes:
|
||||||
|
|
||||||
|
if type(n_bytes) != int:
|
||||||
|
n_bytes = 32 # Forece in case of misuse
|
||||||
|
|
||||||
|
return os.urandom(n_bytes)
|
||||||
|
|
||||||
|
"""
|
||||||
|
Generate a new key and salt to store.
|
||||||
|
Returns (key, salt)
|
||||||
|
"""
|
||||||
|
def gen_new_key(plain_passwd : str) -> tuple:
|
||||||
|
salt = get_new_salt(32)
|
||||||
|
return (calc_key(plain_passwd, salt), salt)
|
||||||
|
|
||||||
|
def verify_key(plain_passwd : str, salt : bytes, stored_key : bytes) -> bool:
|
||||||
|
key_tmp = calc_key(plain_passwd, salt)
|
||||||
|
return (stored_key == key_tmp)
|
||||||
|
|
||||||
|
def calc_key(passwd: str, salt : bytes) -> bytes:
|
||||||
|
return pbkdf2_hmac(HASH_FUNC, passwd.encode(PASS_ENCODING), salt, NUM_ITIRATIONS)
|
Loading…
Reference in New Issue
Block a user