hfc.util.crypto.crypto
¶
Module Contents¶
Classes¶
|
An abstract base class for Key. |
An asymmetric key. |
|
|
An abstract base class for crypto. |
|
A crypto implementation based on ECDSA and SHA. |
Functions¶
|
Generate a secure random for cryptographic use. |
|
Factory method for creating a Ecies instance. |
-
hfc.util.crypto.crypto.
DEFAULT_NONCE_SIZE
= 24¶
-
hfc.util.crypto.crypto.
CURVE_P_256_Size
= 256¶
-
hfc.util.crypto.crypto.
CURVE_P_384_Size
= 384¶
-
hfc.util.crypto.crypto.
SHA2
= SHA2¶
-
hfc.util.crypto.crypto.
SHA3
= SHA3¶
-
hfc.util.crypto.crypto.
AES_KEY_LENGTH
= 32¶
-
hfc.util.crypto.crypto.
HMAC_KEY_LENGTH
= 32¶
-
hfc.util.crypto.crypto.
IV_LENGTH
= 16¶
-
class
hfc.util.crypto.crypto.
Key
¶ Bases:
object
An abstract base class for Key.
Key represents a base cryptographic key. It can be symmetric or asymmetric. In asymmetric case, the private key can retrieve public key with the corresponding method.
A key can be referenced via the Subject Key Identifier (SKI) with DER or PEM encoding.
-
abstract
is_symmetric
(self)¶ Return if this key is with symmetric crypt, i.e. whether it’s a symmetric key.
- Returns
True or False
-
abstract
get_SKI
(self)¶ Return the SKI string
- Returns
string represent the SKI
-
abstract
-
class
hfc.util.crypto.crypto.
AsymmetricKey
¶ Bases:
hfc.util.crypto.crypto.Key
An asymmetric key.
Can be a public key or private key, the private key can retrieve public key with the corresponding method.
-
abstract
is_private
(self)¶ Return if this key is private key
- Returns
True or False
-
abstract
get_public_key
(self)¶ Get the corresponding public key for this private key.
If this key is already a public one, then return itself.
- Returns
Public key
-
abstract
-
class
hfc.util.crypto.crypto.
Crypto
¶ Bases:
object
An abstract base class for crypto.
-
abstract
generate_private_key
(self)¶ Generate asymmetric key pair.
- Returns
An private key object which include public key object.
-
abstract
encrypt
(self, public_key, message)¶ Encrypt the message by encryption public key.
- Parameters
public_key – Encryption public key
message – message need encrypt
- Returns
An object including secure context
-
abstract
decrypt
(self, private_key, cipher_text)¶ Decrypt the cipher text by encryption private key.
- Parameters
private_key – Encryption private key
cipher_text – Cipher text received
- Returns
An object including secure context
-
abstract
sign
(self, private_key, message)¶ Sign the origin message by signing private key.
- Parameters
private_key – Signing private key
message – Origin message
- Returns
An object including secure context
-
abstract
verify
(self, public_key, message, signature)¶ Verify the signature by signing public key.
- Parameters
public_key – Signing public key
message – Origin message
signature – Signature of message
- Returns
A boolean True as valid
-
static
generate_nonce
(size)¶ Generate a secure random for cryptographic use.
- Parameters
size – Number of bytes for the nonce
- Returns
Generated random bytes
-
abstract
-
hfc.util.crypto.crypto.
generate_nonce
(size)¶ Generate a secure random for cryptographic use.
- Parameters
size – Number of bytes for the nonce
- Returns
Generated random bytes
-
class
hfc.util.crypto.crypto.
Ecies
(security_level=CURVE_P_256_Size, hash_algorithm=SHA2)¶ Bases:
hfc.util.crypto.crypto.Crypto
A crypto implementation based on ECDSA and SHA.
-
property
hash
(self)¶ Get hash function
- Returns
hash function
-
sign
(self, private_key, message)¶ ECDSA sign message.
- Parameters
private_key – private key
message – message to sign
- Returns
signature
-
verify
(self, public_key, message, signature)¶ ECDSA verify signature.
- Parameters
public_key – Signing public key
message – Origin message
signature – Signature of message
- Returns
verify result boolean, True means valid
-
_prevent_malleability
(self, sig)¶
-
_check_malleability
(self, sig)¶
-
generate_private_key
(self)¶ ECDSA key pair generation by current curve.
- Returns
A private key object which include public key object.
-
decrypt
(self, private_key, cipher_text)¶ ECIES decrypt cipher text.
- First restore the ephemeral public key from bytes(97 bytes for 384,
65 bytes for 256).
Then derived a shared key based ecdh, using the key based hkdf to generate aes key and hmac key, using hmac-sha3 to verify the hmac bytes. Last using aes-256-cfb to decrypt the bytes.
- Parameters
private_key – private key
cipher_text – cipher text
- Returns
plain text
-
encrypt
(self, public_key, plain_text)¶ ECIES encrypt plain text.
First create a ephemeral ecdsa key pair, then serialize the public key for part of result. Then derived a shared key based ecdh, using the key based hkdf to generate aes key and hmac key, using aes-256-cfb to generate the part of result. Last using hmac-sha3 and the part of previous step to generate last part of result.
- Parameters
public_key – public key
plain_text – plain text
- Returns
cipher text
-
generate_csr
(self, private_key, subject_name, extensions=None)¶ Generate certificate signing request.
- Parameters
private_key – Private key
subject_name (x509.Name) – Subject name
extensions – (Default value = None)
return: x509.CertificateSigningRequest
-
property
-
hfc.util.crypto.crypto.
ecies
(security_level=CURVE_P_256_Size, hash_algorithm=SHA2)¶ Factory method for creating a Ecies instance.
- Parameters
security_level – Security level (Default value = CURVE_P_256_Size)
hash_algorithm – Hash algorithm
- Returns
A Ecies instance (Default value = SHA2)