-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpasswd.py
69 lines (59 loc) · 2.13 KB
/
passwd.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import base64
import os
from ConfigManager import ConfigManager
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
backend = default_backend()
configMgr = ConfigManager()
rawBaseKey = "librecall_basekey"
passhash = ""
basekey = configMgr.get("BASEKEY")
def deriveKey(password, salt):
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=backend
)
return kdf.derive(password.encode())
def encrypt(password, plaintext):
if type(plaintext) != str:
plaintext = str(plaintext)
salt = configMgr.get("SALT")
salt = base64.b64decode(salt)
if not salt:
return
iv = b'\xd5\xa7l\x1f0U\xd5\x1e\xeez\x18\xc8'
derivedKey = deriveKey(password, salt)
cipher = Cipher(algorithms.AES(derivedKey), modes.GCM(iv), backend=backend)
encryptor = cipher.encryptor()
ciphertext = encryptor.update(plaintext.encode()) + encryptor.finalize()
encryptedData = salt + iv + ciphertext + encryptor.tag
return base64.urlsafe_b64encode(encryptedData).decode()
def decrypt(password, data):
data = base64.urlsafe_b64decode(data)
salt = data[:16]
iv = data[16:28]
tag = data[-16:]
ciphertext = data[28:-16]
savedSalt = base64.b64decode(configMgr.get("SALT"))
derivedKey = deriveKey(password, salt)
cipher = Cipher(algorithms.AES(derivedKey), modes.GCM(iv, tag), backend=backend)
decryptor = cipher.decryptor()
rawData = decryptor.update(ciphertext) + decryptor.finalize()
return rawData.decode()
def getSHA256(bytes):
digest = hashes.Hash(hashes.SHA256(), backend=backend)
digest.update(bytes)
shaHex = digest.finalize().hex()
return shaHex
def verifyPassword(password):
return (encrypt(password, rawBaseKey) == basekey)
def setPassword(password):
global passhash, basekey
passhash = password
basekey = encrypt(password, rawBaseKey)
configMgr.set("BASEKEY", basekey)