mm-std 0.4.17__py3-none-any.whl → 0.4.18__py3-none-any.whl

mm_std/__init__.py

@@ -13,10 +13,7 @@ from .config import BaseConfig as BaseConfig
 from .crypto.fernet import fernet_decrypt as fernet_decrypt
 from .crypto.fernet import fernet_encrypt as fernet_encrypt
 from .crypto.fernet import fernet_generate_key as fernet_generate_key
-from .crypto.openssl import openssl_decrypt as openssl_decrypt
-from .crypto.openssl import openssl_decrypt_base64 as openssl_decrypt_base64
-from .crypto.openssl import openssl_encrypt as openssl_encrypt
-from .crypto.openssl import openssl_encrypt_base64 as openssl_encrypt_base64
+from .crypto.openssl import OpensslAes256Cbc as OpensslAes256Cbc
 from .date import parse_date as parse_date
 from .date import utc_delta as utc_delta
 from .date import utc_now as utc_now

mm_std/crypto/openssl.py

@@ -1,207 +1,109 @@
-from base64 import b64decode, b64encode
+import base64
+import secrets
 from hashlib import pbkdf2_hmac
-from os import urandom
-from pathlib import Path
 
 from cryptography.hazmat.primitives import padding
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 
-MAGIC = b"Salted__"
-SALT_SIZE = 8
-KEY_SIZE = 32  # for AES-256
-IV_SIZE = 16
 
-
-def openssl_encrypt(input_path: Path, output_path: Path, password: str, iterations: int = 1_000_000) -> None:
-    """
-    Encrypt a file using OpenSSL-compatible AES-256-CBC with PBKDF2 and output in binary format.
-
-    This function creates encrypted files that are fully compatible with OpenSSL command:
-    openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -in message.txt -out message.enc
-
-    Args:
-        input_path: Path to the input file to encrypt
-        output_path: Path where the encrypted binary file will be saved
-        password: Password for encryption
-        iterations: Number of PBKDF2 iterations (minimum 1000, default 1,000,000)
-
-    Raises:
-        ValueError: If iterations < 1000
-
-    Example:
-        >>> from pathlib import Path
-        >>> openssl_encrypt(Path("secret.txt"), Path("secret.enc"), "mypassword")
-
-        # Decrypt with OpenSSL:
-        # openssl enc -d -aes-256-cbc -pbkdf2 -iter 1000000 -in secret.enc -out secret_decrypted.txt -pass pass:mypassword
-    """
-    if iterations < 1000:
-        raise ValueError("Iteration count must be at least 1000 for security")
-
-    data: bytes = input_path.read_bytes()
-    salt: bytes = urandom(SALT_SIZE)
-
-    key_iv: bytes = pbkdf2_hmac("sha256", password.encode("utf-8"), salt, iterations, KEY_SIZE + IV_SIZE)
-    key: bytes = key_iv[:KEY_SIZE]
-    iv: bytes = key_iv[KEY_SIZE:]
-
-    padder = padding.PKCS7(algorithms.AES.block_size).padder()
-    padded_data: bytes = padder.update(data) + padder.finalize()
-
-    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
-    encryptor = cipher.encryptor()
-    ciphertext: bytes = encryptor.update(padded_data) + encryptor.finalize()
-
-    output_path.write_bytes(MAGIC + salt + ciphertext)
-
-
-def openssl_decrypt(input_path: Path, output_path: Path, password: str, iterations: int = 1_000_000) -> None:
+class OpensslAes256Cbc:
     """
-    Decrypt a binary file created by OpenSSL-compatible AES-256-CBC with PBKDF2.
-
-    This function decrypts files that were encrypted with OpenSSL command:
-    openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -in message.txt -out message.enc
-
-    Args:
-        input_path: Path to the encrypted binary file
-        output_path: Path where the decrypted file will be saved
-        password: Password for decryption
-        iterations: Number of PBKDF2 iterations (minimum 1000, default 1,000,000)
-
-    Raises:
-        ValueError: If iterations < 1000, invalid file format, or wrong password
-
-    Example:
-        >>> from pathlib import Path
-        >>> openssl_decrypt(Path("secret.enc"), Path("secret_decrypted.txt"), "mypassword")
-
-        # Encrypt with OpenSSL:
-        # openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -in secret.txt -out secret.enc -pass pass:mypassword
+    AES-256-CBC encryption/decryption compatible with OpenSSL's `enc -aes-256-cbc -pbkdf2 -iter 1000000`.
+
+    Provides both raw-byte and Base64-encoded interfaces:
+      • encrypt_bytes / decrypt_bytes: work with bytes
+      • encrypt_base64 / decrypt_base64: work with Base64 strings
+
+    Usage:
+        >>> cipher = OpensslAes256Cbc(password="mypassword")
+        >>> # raw bytes
+        >>> ciphertext = cipher.encrypt_bytes(b"secret")
+        >>> plaintext = cipher.decrypt_bytes(ciphertext)
+        >>> # Base64 convenience
+        >>> token = cipher.encrypt_base64("secret message")
+        >>> result = cipher.decrypt_base64(token)
+        >>> print(result)
+        secret message
+
+    OpenSSL compatibility:
+        echo "secret message" |
+          openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -base64 -pass pass:mypassword
+
+        echo "U2FsdGVkX1/dGGdg6SExWgtKxvuLroWqhezy54aTt1g=" |
+          openssl enc -d -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -pass pass:mypassword
     """
-    if iterations < 1000:
-        raise ValueError("Iteration count must be at least 1000 for security")
-
-    raw: bytes = input_path.read_bytes()
-    if not raw.startswith(MAGIC):
-        raise ValueError("Invalid file format: missing OpenSSL Salted header")
-
-    salt: bytes = raw[8:16]
-    ciphertext: bytes = raw[16:]
-
-    key_iv: bytes = pbkdf2_hmac("sha256", password.encode("utf-8"), salt, iterations, KEY_SIZE + IV_SIZE)
-    key: bytes = key_iv[:KEY_SIZE]
-    iv: bytes = key_iv[KEY_SIZE:]
-
-    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
-    decryptor = cipher.decryptor()
-    padded_plaintext: bytes = decryptor.update(ciphertext) + decryptor.finalize()
-
-    unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
-    try:
-        plaintext: bytes = unpadder.update(padded_plaintext) + unpadder.finalize()
-    except ValueError as e:
-        raise ValueError("Decryption failed: invalid padding or wrong password") from e
-
-    output_path.write_bytes(plaintext)
-
-
-def openssl_encrypt_base64(input_path: Path, output_path: Path, password: str, iterations: int = 1_000_000) -> None:
-    """
-    Encrypt a file using OpenSSL-compatible AES-256-CBC with PBKDF2 and output in base64 format.
-
-    This function creates encrypted files that are fully compatible with OpenSSL command:
-    openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -base64 -in message.txt -out message.enc
-
-    Args:
-        input_path: Path to the input file to encrypt
-        output_path: Path where the encrypted base64 file will be saved
-        password: Password for encryption
-        iterations: Number of PBKDF2 iterations (minimum 1000, default 1,000,000)
-
-    Raises:
-        ValueError: If iterations < 1000
-
-    Example:
-        >>> from pathlib import Path
-        >>> openssl_encrypt_base64(Path("secret.txt"), Path("secret.enc"), "mypassword")
-
-        # Decrypt with OpenSSL:
-        # openssl enc -d -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -in secret.enc -out secret_decrypted.txt -pass pass:mypassword
-    """
-    if iterations < 1000:
-        raise ValueError("Iteration count must be at least 1000 for security")
-
-    data: bytes = input_path.read_bytes()
-    salt: bytes = urandom(SALT_SIZE)
-
-    key_iv: bytes = pbkdf2_hmac("sha256", password.encode("utf-8"), salt, iterations, KEY_SIZE + IV_SIZE)
-    key: bytes = key_iv[:KEY_SIZE]
-    iv: bytes = key_iv[KEY_SIZE:]
-
-    padder = padding.PKCS7(algorithms.AES.block_size).padder()
-    padded_data: bytes = padder.update(data) + padder.finalize()
-
-    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
-    encryptor = cipher.encryptor()
-    ciphertext: bytes = encryptor.update(padded_data) + encryptor.finalize()
-
-    # Encode binary data to base64
-    binary_data: bytes = MAGIC + salt + ciphertext
-    base64_data: str = b64encode(binary_data).decode("ascii")
-    output_path.write_text(base64_data)
-
-
-def openssl_decrypt_base64(input_path: Path, output_path: Path, password: str, iterations: int = 1_000_000) -> None:
-    """
-    Decrypt a base64-encoded file created by OpenSSL-compatible AES-256-CBC with PBKDF2.
-
-    This function decrypts files that were encrypted with OpenSSL command:
-    openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -base64 -in message.txt -out message.enc
-
-    Args:
-        input_path: Path to the encrypted base64 file
-        output_path: Path where the decrypted file will be saved
-        password: Password for decryption
-        iterations: Number of PBKDF2 iterations (minimum 1000, default 1,000,000)
-
-    Raises:
-        ValueError: If iterations < 1000, invalid file format, or wrong password
-
-    Example:
-        >>> from pathlib import Path
-        >>> openssl_decrypt_base64(Path("secret.enc"), Path("secret_decrypted.txt"), "mypassword")
-
-        # Encrypt with OpenSSL:
-        # openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -salt -base64 -in secret.txt -out secret.enc -pass pass:mypassword
-    """
-    if iterations < 1000:
-        raise ValueError("Iteration count must be at least 1000 for security")
-
-    # Decode base64 to binary data
-    try:
-        base64_data: str = input_path.read_text().strip()
-        raw: bytes = b64decode(base64_data)
-    except Exception as e:
-        raise ValueError("Invalid base64 format") from e
-
-    if not raw.startswith(MAGIC):
-        raise ValueError("Invalid file format: missing OpenSSL Salted header")
-
-    salt: bytes = raw[8:16]
-    ciphertext: bytes = raw[16:]
-
-    key_iv: bytes = pbkdf2_hmac("sha256", password.encode("utf-8"), salt, iterations, KEY_SIZE + IV_SIZE)
-    key: bytes = key_iv[:KEY_SIZE]
-    iv: bytes = key_iv[KEY_SIZE:]
-
-    cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
-    decryptor = cipher.decryptor()
-    padded_plaintext: bytes = decryptor.update(ciphertext) + decryptor.finalize()
-
-    unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
-    try:
-        plaintext: bytes = unpadder.update(padded_plaintext) + unpadder.finalize()
-    except ValueError as e:
-        raise ValueError("Decryption failed: invalid padding or wrong password") from e
 
-    output_path.write_bytes(plaintext)
+    MAGIC_HEADER = b"Salted__"
+    SALT_SIZE = 8
+    KEY_SIZE = 32  # AES-256
+    IV_SIZE = 16  # AES block size
+    ITERATIONS = 1_000_000
+    HEADER_LEN = len(MAGIC_HEADER)
+
+    def __init__(self, password: str) -> None:
+        """
+        Initialize the cipher with password. Uses a fixed iteration count of 1,000,000.
+
+        Args:
+            password: Password for encryption/decryption
+        """
+        self._password = password.encode("utf-8")
+
+    def _derive_key_iv(self, salt: bytes) -> tuple[bytes, bytes]:
+        key_iv = pbkdf2_hmac(
+            hash_name="sha256", password=self._password, salt=salt, iterations=self.ITERATIONS, dklen=self.KEY_SIZE + self.IV_SIZE
+        )
+        return key_iv[: self.KEY_SIZE], key_iv[self.KEY_SIZE :]
+
+    def encrypt_bytes(self, plaintext: bytes) -> bytes:
+        """Encrypt raw bytes and return encrypted bytes (OpenSSL compatible)."""
+        salt = secrets.token_bytes(self.SALT_SIZE)
+        key, iv = self._derive_key_iv(salt)
+
+        padder = padding.PKCS7(algorithms.AES.block_size).padder()
+        padded = padder.update(plaintext) + padder.finalize()
+
+        cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+        encryptor = cipher.encryptor()
+        ciphertext = encryptor.update(padded) + encryptor.finalize()
+
+        return self.MAGIC_HEADER + salt + ciphertext
+
+    def decrypt_bytes(self, encrypted: bytes) -> bytes:
+        """Decrypt raw encrypted bytes (as produced by encrypt_bytes)."""
+        if not encrypted.startswith(self.MAGIC_HEADER):
+            raise ValueError("Invalid format: missing OpenSSL salt header")
+
+        salt = encrypted[self.HEADER_LEN : self.HEADER_LEN + self.SALT_SIZE]
+        ciphertext = encrypted[self.HEADER_LEN + self.SALT_SIZE :]
+
+        key, iv = self._derive_key_iv(salt)
+        cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
+        decryptor = cipher.decryptor()
+
+        try:
+            padded = decryptor.update(ciphertext) + decryptor.finalize()
+        except ValueError as exc:
+            raise ValueError("Decryption failed: wrong password or corrupted data") from exc
+
+        unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
+        try:
+            data = unpadder.update(padded) + unpadder.finalize()
+        except ValueError as exc:
+            raise ValueError("Decryption failed: wrong password or corrupted data") from exc
+
+        return data
+
+    def encrypt_base64(self, plaintext: str) -> str:
+        """Encrypt a UTF-8 string and return Base64-encoded encrypted data."""
+        raw = self.encrypt_bytes(plaintext.encode("utf-8"))
+        return base64.b64encode(raw).decode("ascii")
+
+    def decrypt_base64(self, b64_encoded: str) -> str:
+        """Decode Base64, decrypt bytes, and return UTF-8 string."""
+        try:
+            raw = base64.b64decode(b64_encoded.strip())
+        except Exception as exc:
+            raise ValueError("Invalid base64 format") from exc
+        plaintext_bytes = self.decrypt_bytes(raw)
+        return plaintext_bytes.decode("utf-8")

{mm_std-0.4.17.dist-info → mm_std-0.4.18.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mm-std
-Version: 0.4.17
+Version: 0.4.18
 Requires-Python: >=3.12
 Requires-Dist: aiohttp-socks~=0.10.1
 Requires-Dist: aiohttp~=3.12.2

{mm_std-0.4.17.dist-info → mm_std-0.4.18.dist-info}/RECORD

@@ -1,4 +1,4 @@
-mm_std/__init__.py,sha256=OpZAZw3BG3wyDnlRR3p2BZO2cZcE-imScPCf2qRWuUk,3189
+mm_std/__init__.py,sha256=PGjf3Cs_tDvJW-Mff2NADmi1dLDePVMHIvQsD3wleH8,2974
 mm_std/command.py,sha256=ze286wjUjg0QSTgIu-2WZks53_Vclg69UaYYgPpQvCU,1283
 mm_std/config.py,sha256=3-FxFCtOffY2t9vuu9adojwbzTPwdAH2P6qDaZnHLbY,3206
 mm_std/date.py,sha256=976eEkSONuNqHQBgSRu8hrtH23tJqztbmHFHLdbP2TY,1879
@@ -25,11 +25,11 @@ mm_std/concurrency/sync_scheduler.py,sha256=j4tBL_cBI1spr0cZplTA7N2CoYsznuORMeRN
 mm_std/concurrency/sync_task_runner.py,sha256=s5JPlLYLGQGHIxy4oDS-PN7O9gcy-yPZFoNm8RQwzcw,1780
 mm_std/crypto/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mm_std/crypto/fernet.py,sha256=jdk0_TCmeU0pPXMyz9xH6kQHSjjZ9GcGClBwQps5vBo,340
-mm_std/crypto/openssl.py,sha256=x8LTRG6-jXLucMcsWS746V7B5fGrJ1c27d08rNK5-Ng,8173
+mm_std/crypto/openssl.py,sha256=HyiYNgn5IrC3CWfe3qcLKJpAsbcSlCUoPvEg1vxbdvo,4274
 mm_std/http/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 mm_std/http/http_request.py,sha256=6bg3t49c3dG0jKRFxhcceeYb5yKrMoZwuyb25zBG3tY,4088
 mm_std/http/http_request_sync.py,sha256=zXLeDplYWTFIwaD1Ydyg9yTi37WcI-fReLM0mVnuvhM,1835
 mm_std/http/http_response.py,sha256=7ZllZFPKJ9s6m-18Dfhrm7hwc2XFnyX7ppt0O8gNmlE,3916
-mm_std-0.4.17.dist-info/METADATA,sha256=0rG7NElzy9ZOLdx3hnag32xev6avidgXTZe46h85waU,414
-mm_std-0.4.17.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-mm_std-0.4.17.dist-info/RECORD,,
+mm_std-0.4.18.dist-info/METADATA,sha256=eUTWVnKfAtzbA_v27albJ7pj4iuCTlbPpTWOTggjDQw,414
+mm_std-0.4.18.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+mm_std-0.4.18.dist-info/RECORD,,