GFree_Wind

GFree_Wind

关注
发信
关注(28)粉丝(399)

分享一个用python实现的AES加解密的http服务代码

作者:gfree.wind@gmail.com
博客:linuxfocus.blog.chinaunix.net
微博:weibo.com/glinuxer
QQ技术群:4367710
github: https://github.com/gfreewind

      刚毕业时,一方面不知道自己的方向在哪,另一方面对什么都有兴趣,于是什么东西都学一下,当时各种脚本基本上都会写一点。后来可能做的事情越来越专了,基本上就只写C代码了,偶尔由于个人爱好,也会写一些C++。但脚本语言基本上忘光光了,比如Perl,TCL等。
       这段时间觉得Python有点意思,上手快,库丰富,可以快速做出功能,很适合搭建原型。所以有意识的让自己多写一些python代码。前几天给一个朋友,做个小功能,一个AES加解密服务。总共用了大概一天左右的时间,基本完成了第一版。
       因为我还是python代码的初学者,所以想把代码分享给大家,希望大家多提宝贵意见。下面是github的地址,方便大家阅读最新的代码(由于我可能会实时更新):https://github.com/gfreewind/py_aes_http_service
       为了方便大家,也在本文中贴出一份当前的代码:

  1. #!/usr/bin/python

  3. __author__ = "Feng Gao gfree.wind@gmail.com"
  4. __copyright__ = "Copyright (C) 2015 Feng Gao"
  5. __license__ = "GPL"
  6. __version__ = "1.0"

  8. import sys, socket, select, json
  9. import getopt, base64, binascii
  10. import commands

  12. from BaseHTTPServer import BaseHTTPRequestHandler
  13. from StringIO import StringIO
  14. from Crypto.Cipher import AES
  15. from Crypto import Random

  17. DEBUG = False
  18. USE_OPENSSL = False
  19. SAVE_DETAIL = False
  20. LISTEN_PORT = int(80)
  21. ENCRYPT_COUNT = int(1)
  22. AES_KEY = "1234567890abcdef"
  23. AES_BLOCK_SIZE = 16
  24. AES_MODE = AES.MODE_CBC
  25. AES_MODE_STR = "cbc"
  26. AES_IV_STR = ""
  27. OPENSSL_AES_MODE = "aes-256-cbc"
  28. OPENSSL_PASSWORD = "1234567890"


  31. AES_PAD = lambda s: s + (AES_BLOCK_SIZE - len(s) % AES_BLOCK_SIZE) * chr(AES_BLOCK_SIZE - len(s) % AES_BLOCK_SIZE)
  32. AES_UNPAD = lambda s : s[:-ord(s[len(s)-1:])]

  34. def ConstructErrorResponse(err):
  35.     lenth_str = "Content-Length: "+str(len(err))+"\r\n\r\n"
  36.     err_header = "HTTP/1.1 400 \r\nContent-Type: text/html\r\n"+lenth_str+err
  37.     return err_header
  38.     
  39. def ConstructResponse(payload):
  40.     lenth_str = "Content-Length: "+str(len(payload))+"\r\n\r\n"
  41.     response = "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n"+lenth_str+payload
  42.     return response

  44. class AESCipher:
  45.     def __init__(self, key, bs):
  46.         self.key = key
  47.         self.bs = bs
  48.     
  49.     def encrypt(self, text):
  50.         if USE_OPENSSL:
  51.             cmd = "echo -n \""+text+"\" | openssl enc -" + OPENSSL_AES_MODE+" -pass pass:"+OPENSSL_PASSWORD+" | openssl base64"
  52.             if DEBUG:
  53.                 print cmd
  54.             ret, enc = commands.getstatusoutput(cmd)
  55.         else:
  56.             text = AES_PAD(text)
  57.             if (DEBUG):
  58.                 print "PAD text size is", len(text)
  59.                 print "PAD text is", text
  60.                 print "AES.block size is", AES.block_size
  61.             if (len(AES_IV_STR)):
  62.                 iv = AES_IV_STR
  63.             else:
  64.                 iv = Random.new().read(AES.block_size)
  65.             cipher = AES.new(self.key, AES_MODE, iv)
  66.             if (len(AES_IV_STR)):
  67.                 enc = base64.b64encode(cipher.encrypt(text))
  68.             else:
  69.                 enc = base64.b64encode(iv + cipher.encrypt(text))
  70.         if SAVE_DETAIL:
  71.             global ENCRYPT_COUNT
  72.             ENCRYPT_COUNT = ENCRYPT_COUNT+1
  73.             print str(ENCRYPT_COUNT)+". text: "+text+" ciper: "+enc
  74.         return enc

  76.     def decrypt(self, enc):
  77.         if (DEBUG):
  78.             print "enc is",enc
  79.         if USE_OPENSSL:
  80.             cmd = "echo \""+enc+ "\" | openssl base64 -d | openssl enc -"+ OPENSSL_AES_MODE+" -pass pass:"+OPENSSL_PASSWORD+" -d"
  81.             if DEBUG:
  82.                 print cmd
  83.             ret, text = commands.getstatusoutput(cmd)
  84.             return text
  85.         else:
  86.             enc = base64.b64decode(enc)
  87.             if (len(AES_IV_STR)):
  88.                 iv = AES_IV_STR
  89.                 cipher = AES.new(self.key, AES_MODE, iv)
  90.                 return AES_UNPAD(cipher.decrypt(enc))
  91.             else:
  92.                 iv = enc[:AES.block_size]
  93.                 cipher = AES.new(self.key, AES_MODE, iv)
  94.                 return AES_UNPAD(cipher.decrypt(enc[AES.block_size:]))

  96. class HTTPRequest(BaseHTTPRequestHandler):
  97.     def __init__(self, request_text):
  98.         self.rfile = StringIO(request_text)
  99.         self.raw_requestline = self.rfile.readline()
  100.         self.error_code = self.error_message = None
  101.         self.parse_request()

  103.     def send_error(self, code, message):
  104.         self.error_code = code
  105.         self.error_message = message
  106.     
  107.         
  108. class HTTPHeaders():
  109.     def __init__(self, data):
  110.         self.parsed_http = HTTPRequest(data)
  111.         self.uri = ""
  112.         self.params = ""
  113.         
  114.         if ('?' in self.parsed_http.path):
  115.             self.uri, param_str = self.parsed_http.path.split('?')
  116.             params = param_str.split('&')
  117.             self.params = {}
  118.             for str in params:
  119.                 name, value = str.split('=',1)
  120.                 self.params[name] = value
  121.         else:
  122.             self.uri = self.parsed_http.path
  123.         if (DEBUG):
  124.             self.show_headers()
  125.         
  126.     def show_headers(self):
  127.         parsed_http = self.parsed_http
  128.         headers = parsed_http.headers
  129.         print "Command:", parsed_http.command
  130.         print "Request_version:", parsed_http.request_version
  131.         print "Requestline:", parsed_http.requestline
  132.         print "Path:", parsed_http.path
  133.         print "URI:", self.uri
  134.         print "Params:", self.params
  135.         print "Headers:"
  136.         for (h,v) in parsed_http.headers.items():
  137.             print "\t", h, ": ", v
  138.     
  139.     def get_header_value(self, header_name):
  140.         headers = self.parsed_http.headers
  141.         if (not headers.has_key(header_name)):
  142.             return None
  143.         return headers[header_name]
  144.         
  145.     def get_param_value(self, param):
  146.         if param in self.params:
  147.             return self.params[param]
  148.         else:
  149.             return None            
  150.     
  151.         
  152. class HTTPClient():
  153.     def __init__(self, socket, addr, aes):
  154.         self.header = HTTPRequest("")
  155.         self.socket = socket
  156.         self.addr = addr
  157.         self.aes = aes
  158.         self.fileno = socket.fileno()
  159.         self.header_is_ok = False
  160.         self.request = ""
  161.         self.data_len = "0"
  162.             
  163.     def join_epoll(self, epoll):
  164.         if (DEBUG):
  165.             print self.addr, "is connected"
  166.         self.socket.setblocking(0)
  167.         epoll.register(self.fileno, select.EPOLLIN|select.EPOLLHUP)
  168.         self.epoll = epoll
  169.     
  170.     def leave_epoll(self):
  171.         if (DEBUG):
  172.             print self.addr, "is disconnected"
  173.         self.epoll.unregister(self.fileno)
  174.         self.socket.close();
  175.         
  176.     def get_fileno(self):
  177.         return self.fileno
  178.         
  179.     def parse_http_header(self):
  180.         if ("\r\n\r\n" in self.request):
  181.             sep_index = self.request.find("\r\n\r\n")
  182.             sep_index += len("\r\n\r\n")
  183.         elif ("\n\n" in self.request):
  184.             sep_index = self.request.find("\n\n")
  185.             sep_index += len("\n")
  186.         else:
  187.             print "Unexpected error"
  188.             exit(-1)
  189.         
  190.         header = self.request[:sep_index]
  191.         self.request = self.request[sep_index:]
  192.         self.http_headers = HTTPHeaders(header)
  193.         self.header_is_ok = True
  194.         
  195.     def read_data(self):
  196.         data = self.socket.recv(1024)
  197.         if (0 == len(data)):
  198.             self.leave_epoll()
  199.         else :
  200.             self.request += data
  201.             
  202.             if (not self.header_is_ok):
  203.                 if (self.header_is_completed()):
  204.                     self.parse_http_header()
  205.                     self.data_len = self.http_headers.get_header_value("Content-Length")
  206.                     if (None == self.data_len):
  207.                         self.data_len = "0"
  208.             
  209.             data_len = int(self.data_len)
  210.             if (self.header_is_ok and data_len <= len(self.request)):
  211.                 json_data = self.request[:data_len]
  212.                 self.request = self.request[data_len:]
  213.                 if (DEBUG):
  214.                     print "Payload:", json_data
  215.                 
  216.                 if (data_len):
  217.                     try:
  218.                         json_data = json.loads(json_data)
  219.                     except ValueError:
  220.                         print "Invalid json data", json_data
  221.                 
  222.                 # Get action
  223.                 action = self.http_headers.get_param_value("action")
  224.                 if ("enc" == action):
  225.                     text = self.http_headers.get_param_value("text")
  226.                     if (text):
  227.                         ciper = self.aes.encrypt(text)
  228.                         payload = {}
  229.                         payload["text"] = text
  230.                         payload["ciper"] = ciper
  231.                         jason_data = json.dumps(payload)
  232.                         response = ConstructResponse(jason_data)
  233.                     else:
  234.                         response = ConstructErrorResponse("No text param")
  235.                 elif ("dec" == action):
  236.                     ciper = self.http_headers.get_param_value("ciper")
  237.                     if (ciper):
  238.                         text = self.aes.decrypt(ciper)
  239.                         payload = {}
  240.                         payload["text"] = text
  241.                         payload["ciper"] = ciper
  242.                         jason_data = json.dumps(payload)
  243.                         response = ConstructResponse(jason_data)
  244.                     else:
  245.                         response = ConstructErrorResponse("No ciper param")
  246.                 else:
  247.                     if (DEBUG):
  248.                         print "No supported operation"
  249.                     response = ConstructErrorResponse("No supported aciton or no specify action")
  250.                     
  251.                 self.socket.send(response)
  252.                 self.leave_epoll()            
  253.             
  254.     def header_is_completed(self):
  255.         if (("\r\n\r\n" in self.request) or ("\n\n" in self.request)):
  256.             return True
  257.         else:
  258.             return False
  259.             
  260. def usage():
  261.     print "-h: Show the help"
  262.     print "-l: Specify listen port"
  263.     print "-k: Specify AES key"
  264.     print "-e: Specify AES encrypt mode. default is cbc"
  265.     print "-s: Specify AES block size"
  266.     print "-v: Specify AES IV. default is random string"
  267.     print "-o: Use openssl to encrypt or decrypt. Must specify password too"
  268.     print "-p: Specify password. Only used with openssl"
  269.     print "-m: Specify openssl enc mode. Only used with openssl"
  270.     print "-t: Save the encrypt count and record"
  271.     print "-d: Debug mode"

  273. if __name__ == "__main__":

  275.     try:
  276.         opts, args = getopt.getopt(sys.argv[1:], "hl:k:e:s:v:p:tdo")
  277.     except getopt.GetoptError as err:
  278.         print str(err)
  279.         usage()
  280.         sys.exit(1)
  281.     for o, a in opts:
  282.         if (o == "-h"):
  283.             usage()
  284.             sys.exit()
  285.         elif (o == "-l"):
  286.             LISTEN_PORT = int(a)
  287.         elif (o == "-k"):
  288.             AES_KEY = a
  289.             if (len(AES_KEY) != 16 and len(AES_KEY) != 24 and len(AES_KEY) != 32):
  290.                 print "AES key must be either 16, 24, or 32 bytes long"
  291.                 sys.exit(1)
  292.         elif (o == "-e"):
  293.             if ("ecb" == a):
  294.                 AES_MODE = AES.MODE_ECB
  295.             elif ("cbc" == a):
  296.                 AES_MODE = AES.MODE_CBC
  297.             elif ("cfb" == a):
  298.                 AES_MODE == AES.MODE_CFB
  299.             elif ("ofb" == a):
  300.                 AES_MODE == AES.MODE_OFB
  301.             elif ("ctr" == a):
  302.                 AES_MODE == AES.MODE_CTR
  303.             else:
  304.                 print "Only support (ecb|cbc|cfb|ofb|ctr)"
  305.                 sys.exit(1)
  306.             AES_MODE_STR = a
  307.         elif (o == "-s"):
  308.             AES_BLOCK_SIZE = int(a)
  309.         elif (o == "-v"):
  310.             AES_IV_STR = a
  311.             if (len(AES_IV_STR) != 16):
  312.                 print "AES IV size must be 16"
  313.                 sys.exit(1)
  314.         elif (o == "-p"):
  315.             OPENSSL_PASSWORD = a
  316.         elif (o == "-m"):
  317.             OPENSSL_AES_MODE = a
  318.         elif (o == "-o"):
  319.             USE_OPENSSL = True
  320.         elif (o == "-t"):
  321.             SAVE_DETAIL = True
  322.             ENCRYPT_COUNT = int(0)
  323.         elif (o == "-d"):
  324.             DEBUG = True
  325.         else:
  326.             assert False, "unhandled option"
  327.     
  328.     if (USE_OPENSSL and 0 == len(OPENSSL_PASSWORD)):
  329.         print "Must set password when use openssl"
  330.         sys.exit(1)

  332.     master_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  333.     master_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  334.     master_socket.bind(('', LISTEN_PORT))
  335.     master_socket.listen(5)
  336.     master_socket.setblocking(0)
  337.     
  338.     ass_ciper = AESCipher(AES_KEY, AES_BLOCK_SIZE)
  339.     
  340.     if not USE_OPENSSL:
  341.         if DEBUG:
  342.             print "Only support aes-128. Please use -o option to use openssl if you want to use other bits"
  343.     
  344.     if (DEBUG):
  345.         print "The AES server is listenning the", LISTEN_PORT, "port now"
  346.         print "The AES key is", AES_KEY, binascii.b2a_hex(AES_KEY)
  347.         print "The AES mode is", AES_MODE_STR
  348.         print "The AES block size is", AES_BLOCK_SIZE
  349.         if (len(AES_IV_STR)):
  350.             print "The AES iv is", AES_IV_STR, binascii.b2a_hex(AES_IV_STR)
  351.         else:
  352.             print "The AES iv uses random string"
  353.         if (USE_OPENSSL):
  354.             print "Use openssl to encrypt/decrypt"
  355.             print "password is", OPENSSL_PASSWORD
  356.             print "openssl aes mode is", OPENSSL_AES_MODE
  357.         if (SAVE_DETAIL):
  358.             print "Save details"

  360.     epoll = select.epoll()
  361.     epoll.register(master_socket.fileno(), select.EPOLLIN)

  363.     try:
  364.         http_clients = {}
  365.         
  366.         while (True):
  367.             request = ""
  368.             events = epoll.poll(3) # wait 3 seconds
  369.             for fileno, event in events:
  370.                 if fileno == master_socket.fileno():
  371.                     worker_socket, client_addr = master_socket.accept()
  372.                     http_client = HTTPClient(worker_socket, client_addr, ass_ciper)
  373.                     http_client.join_epoll(epoll)
  374.                     http_clients[http_client.get_fileno()] = http_client
  375.                 elif (event & (select.EPOLLIN|select.EPOLLHUP)):
  376.                     http_client = http_clients[fileno]
  377.                     http_client.read_data()
  378.                 else:
  379.                     print "Unhandled event", event
  380.     finally:
  381.         epoll.unregister(master_socket.fileno())
  382.         master_socket.close();





12-17 02:27
Powered by LMLPHP ©2024 GFree_Wind 0.076062