This is an automated email from the ASF dual-hosted git repository.
gstein pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/steve.git
The following commit(s) were added to refs/heads/trunk by this push:
new 58e7172 draft up the crypto-related functions
58e7172 is described below
commit 58e7172d95db6e98462de62d0980f6699cc41fab
Author: Greg Stein <[email protected]>
AuthorDate: Fri May 27 10:41:36 2022 -0400
draft up the crypto-related functions
---
v3/steve/crypto.py | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 82 insertions(+)
diff --git a/v3/steve/crypto.py b/v3/steve/crypto.py
new file mode 100644
index 0000000..fb1271f
--- /dev/null
+++ b/v3/steve/crypto.py
@@ -0,0 +1,82 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ### TBD docco
+#
+#
+
+import base64
+
+import passlib.hash # note that .argon2 is proxy in this pkg
+import passlib.utils # for the RNG, to create Salt values
+
+import cryptography.fernet
+
+# All salt values will be 16 bytes in length. After base64 encoding, they
+# will be represented with 22 characters.
+SALT_LEN = 16
+
+
+def gen_salt() -> bytes:
+ "Generate bytes to be used as a salt, for hashing."
+ return passlib.utils.getrandbytes(passlib.utils.rng, SALT_LEN)
+
+
+### fix the types of the election metadata and issue data
+### fix return type
+def gen_opened_key(election: bytes, issues: bytes) -> bytes:
+ "Generate the OpenedKey for this election."
+ salt = gen_salt()
+ ### TBD: map ELECTION and ISSUES parameters to bytes
+ opened_key = _hash(election + issues, salt)
+ return opened_key, salt
+
+
+### fix return type
+def gen_token(opened_key: bytes, value: bytes) -> bytes:
+ "Generate a voter or issue token."
+ salt = gen_salt()
+ return _hash(opened_key + value, salt), salt
+
+
+### fix return type
+def create_vote(voter_token: bytes,
+ issue_token: bytes,
+ votestring: bytes) -> bytes:
+ "Create a vote tuple, to record the VOTESTRING."
+ salt = gen_salt()
+ key = _hash(voter_token + issue_token, salt)
+ b64key = base64.urlsafe_b64encode(key)
+ f = cryptography.fernet.Fernet(b64key)
+ return voter_token, issue_token, salt, f.encrypt(votestring)
+
+
+def decrypt_votestring(voter_token: bytes,
+ issue_token: bytes,
+ salt: bytes,
+ token: bytes) -> bytes:
+ "Decrypt TOKEN into a VOTESTRING."
+ key = _hash(voter_token + issue_token, salt)
+ b64key = base64.urlsafe_b64encode(key)
+ f = cryptography.fernet.Fernet(b64key)
+ return f.decrypt(token)
+
+
+def _hash(data: bytes, salt: bytes) -> bytes:
+ "Apply our desired hashing function."
+ ph = passlib.hash.argon2.using(type='d', salt=salt)
+ h = ph.hash(data)
+ return base64.standard_b64decode(h.split('$')[-1] + '==')
