`hfc.util.crypto.crypto`¶

Module Contents¶

Classes¶

`Key`()	An abstract base class for Key.
`AsymmetricKey`()	An asymmetric key.
`Crypto`()	An abstract base class for crypto.
`Ecies`(security_level=CURVE_P_256_Size, hash_algorithm=SHA2)	A crypto implementation based on ECDSA and SHA.

Functions¶

`generate_nonce`(size)	Generate a secure random for cryptographic use.
`ecies`(security_level=CURVE_P_256_Size, hash_algorithm=SHA2)	Factory method for creating a Ecies instance.

hfc.util.crypto.crypto.DEFAULT_NONCE_SIZE = 24¶

hfc.util.crypto.crypto.CURVE_P_256_Size = 256¶

hfc.util.crypto.crypto.CURVE_P_384_Size = 384¶

hfc.util.crypto.crypto.SHA2 = SHA2¶

hfc.util.crypto.crypto.SHA3 = SHA3¶

hfc.util.crypto.crypto.AES_KEY_LENGTH = 32¶

hfc.util.crypto.crypto.HMAC_KEY_LENGTH = 32¶

hfc.util.crypto.crypto.IV_LENGTH = 16¶

class hfc.util.crypto.crypto.Key¶

Bases: object

An abstract base class for Key.

Key represents a base cryptographic key. It can be symmetric or asymmetric. In asymmetric case, the private key can retrieve public key with the corresponding method.

A key can be referenced via the Subject Key Identifier (SKI) with DER or PEM encoding.

abstract is_symmetric(self)¶

Return if this key is with symmetric crypt, i.e. whether it’s a symmetric key.

Returns: True or False

abstract get_SKI(self)¶

Return the SKI string

Returns: string represent the SKI

class hfc.util.crypto.crypto.AsymmetricKey¶

Bases: hfc.util.crypto.crypto.Key

An asymmetric key.

Can be a public key or private key, the private key can retrieve public key with the corresponding method.

abstract is_private(self)¶

Return if this key is private key

Returns: True or False

abstract get_public_key(self)¶

Get the corresponding public key for this private key.

If this key is already a public one, then return itself.

Returns: Public key

class hfc.util.crypto.crypto.Crypto¶

Bases: object

An abstract base class for crypto.

abstract generate_private_key(self)¶

Generate asymmetric key pair.

Returns: An private key object which include public key object.

abstract encrypt(self, public_key, message)¶

Encrypt the message by encryption public key.

Parameters

public_key – Encryption public key
message – message need encrypt

Returns

An object including secure context

abstract decrypt(self, private_key, cipher_text)¶

Decrypt the cipher text by encryption private key.

Parameters

private_key – Encryption private key
cipher_text – Cipher text received

Returns

An object including secure context

abstract sign(self, private_key, message)¶

Sign the origin message by signing private key.

Parameters

private_key – Signing private key
message – Origin message

Returns

An object including secure context

abstract verify(self, public_key, message, signature)¶

Verify the signature by signing public key.

Parameters

public_key – Signing public key
message – Origin message
signature – Signature of message

Returns

A boolean True as valid

static generate_nonce(size)¶

Generate a secure random for cryptographic use.

Parameters: size – Number of bytes for the nonce
Returns: Generated random bytes

hfc.util.crypto.crypto.generate_nonce(size)¶

Generate a secure random for cryptographic use.

Parameters: size – Number of bytes for the nonce
Returns: Generated random bytes

class hfc.util.crypto.crypto.Ecies(security_level=CURVE_P_256_Size, hash_algorithm=SHA2)¶

Bases: hfc.util.crypto.crypto.Crypto

A crypto implementation based on ECDSA and SHA.

property hash(self)¶

Get hash function

Returns: hash function

sign(self, private_key, message)¶

ECDSA sign message.

Parameters

private_key – private key
message – message to sign

Returns

signature

verify(self, public_key, message, signature)¶

ECDSA verify signature.

Parameters

public_key – Signing public key
message – Origin message
signature – Signature of message

Returns

verify result boolean, True means valid

_prevent_malleability(self, sig)¶

_check_malleability(self, sig)¶

generate_private_key(self)¶

ECDSA key pair generation by current curve.

Returns: A private key object which include public key object.

decrypt(self, private_key, cipher_text)¶

ECIES decrypt cipher text.

First restore the ephemeral public key from bytes(97 bytes for 384,: 65 bytes for 256).

Then derived a shared key based ecdh, using the key based hkdf to generate aes key and hmac key, using hmac-sha3 to verify the hmac bytes. Last using aes-256-cfb to decrypt the bytes.

Parameters

private_key – private key
cipher_text – cipher text

Returns

plain text

encrypt(self, public_key, plain_text)¶

ECIES encrypt plain text.

First create a ephemeral ecdsa key pair, then serialize the public key for part of result. Then derived a shared key based ecdh, using the key based hkdf to generate aes key and hmac key, using aes-256-cfb to generate the part of result. Last using hmac-sha3 and the part of previous step to generate last part of result.

Parameters

public_key – public key
plain_text – plain text

Returns

cipher text

generate_csr(self, private_key, subject_name, extensions=None)¶

Generate certificate signing request.

Parameters

private_key – Private key
subject_name (x509.Name) – Subject name
extensions – (Default value = None)

return: x509.CertificateSigningRequest

hfc.util.crypto.crypto.ecies(security_level=CURVE_P_256_Size, hash_algorithm=SHA2)¶

Factory method for creating a Ecies instance.

Parameters

security_level – Security level (Default value = CURVE_P_256_Size)
hash_algorithm – Hash algorithm

Returns

A Ecies instance (Default value = SHA2)

hfc.util.crypto.crypto¶

Module Contents¶

Classes¶

Functions¶

`hfc.util.crypto.crypto`¶