import os
import hashlib
from cryptography.hazmat.primitives.ciphers.aead import AESGCM

SECRET = "BBLBTV-DNS-PASSWORDS"
KEY = hashlib.sha256(SECRET.encode()).digest()
ALGORITHM = "aes-256-gcm"
IV_LENGTH = 16
AUTH_TAG_LENGTH = 16

def encrypt_password(clear_string):
    iv = os.urandom(IV_LENGTH)
    aesgcm = AESGCM(KEY)
    
    ciphertext_and_tag = aesgcm.encrypt(iv, clear_string.encode(), None)
    ciphertext = ciphertext_and_tag[:-AUTH_TAG_LENGTH]
    tag = ciphertext_and_tag[-AUTH_TAG_LENGTH:]
    
    return (iv + tag + ciphertext).hex()

def decrypt_password(encrypted_string):
    data = bytes.fromhex(encrypted_string)
    
    iv = data[:IV_LENGTH]
    tag = data[IV_LENGTH:IV_LENGTH + AUTH_TAG_LENGTH]
    ciphertext = data[IV_LENGTH + AUTH_TAG_LENGTH:]
    
    aesgcm = AESGCM(KEY)
    decrypted_bytes = aesgcm.decrypt(iv, ciphertext + tag, None)
    return decrypted_bytes.decode()