diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/__init__.py | 9 | ||||
| -rw-r--r-- | security/__pycache__/__init__.cpython-313.pyc | bin | 0 -> 398 bytes | |||
| -rw-r--r-- | security/__pycache__/crypto.cpython-313.pyc | bin | 0 -> 2391 bytes | |||
| -rw-r--r-- | security/__pycache__/memory.cpython-313.pyc | bin | 0 -> 2155 bytes | |||
| -rw-r--r-- | security/crypto.py | 37 | ||||
| -rw-r--r-- | security/memory.py | 38 |
6 files changed, 84 insertions, 0 deletions
diff --git a/security/__init__.py b/security/__init__.py new file mode 100644 index 0000000..8b5131e --- /dev/null +++ b/security/__init__.py @@ -0,0 +1,9 @@ +""" +Security package for P2P/Mesh chat application. +Handles cryptography and secure memory operations. +""" + +from .crypto import CryptoManager +from .memory import SecureMemory + +__all__ = ['CryptoManager', 'SecureMemory'] diff --git a/security/__pycache__/__init__.cpython-313.pyc b/security/__pycache__/__init__.cpython-313.pyc Binary files differnew file mode 100644 index 0000000..45ee6b0 --- /dev/null +++ b/security/__pycache__/__init__.cpython-313.pyc diff --git a/security/__pycache__/crypto.cpython-313.pyc b/security/__pycache__/crypto.cpython-313.pyc Binary files differnew file mode 100644 index 0000000..3cba246 --- /dev/null +++ b/security/__pycache__/crypto.cpython-313.pyc diff --git a/security/__pycache__/memory.cpython-313.pyc b/security/__pycache__/memory.cpython-313.pyc Binary files differnew file mode 100644 index 0000000..ec12fd7 --- /dev/null +++ b/security/__pycache__/memory.cpython-313.pyc diff --git a/security/crypto.py b/security/crypto.py new file mode 100644 index 0000000..f961a21 --- /dev/null +++ b/security/crypto.py @@ -0,0 +1,37 @@ +from pyspx.shake_256f import generate_keypair, sign, verify +import hashlib +from typing import Tuple, Optional +import os + +class CryptoManager: + def __init__(self): + self.signing_key: Optional[bytes] = None + self.verify_key: Optional[bytes] = None + + def generate_keys(self) -> Tuple[bytes, bytes]: + """Generate new signing keypair""" + self.signing_key, self.verify_key = generate_keypair() + return self.signing_key, self.verify_key + + def sign_message(self, message: bytes) -> bytes: + """Sign a message using the signing key""" + if not self.signing_key: + raise ValueError("No signing key available") + return sign(message, self.signing_key) + + def verify_signature(self, message: bytes, signature: bytes, + public_key: bytes) -> bool: + """Verify a message signature""" + try: + verify(message, signature, public_key) + return True + except: + return False + + def hash_data(self, data: bytes) -> str: + """Create SHA-256 hash of data""" + return hashlib.sha256(data).hexdigest() + + def generate_nonce(self) -> bytes: + """Generate a random nonce""" + return os.urandom(32) diff --git a/security/memory.py b/security/memory.py new file mode 100644 index 0000000..6a6e96e --- /dev/null +++ b/security/memory.py @@ -0,0 +1,38 @@ + +import nacl.bindings +import ctypes +import platform + +class SecureMemory: + def __init__(self): + self.protected_blocks = [] + + def protect_memory(self, data: bytes) -> bytearray: + """Protect memory block from being swapped to disk""" + protected = bytearray(data) + self.protected_blocks.append(protected) + + if platform.system() != 'Windows': + try: + # Lock memory to prevent swapping + libc = ctypes.CDLL('libc.so.6') + libc.mlock( + ctypes.c_void_p(protected.__array_interface__['data'][0]), + len(protected) + ) + except: + pass + + return protected + + def secure_wipe(self, data: bytearray): + """Securely wipe memory block""" + if data in self.protected_blocks: + self.protected_blocks.remove(data) + + nacl.bindings.sodium_memzero(data) + + def wipe_all(self): + """Wipe all protected memory blocks""" + for block in self.protected_blocks[:]: + self.secure_wipe(block) |
