def _writeEncryptedFile(fname, password, magic, data):
"""Write 'data' into an encrypted file named 'fname', replacing it
if necessary. Encrypts the data with the password 'password',
and uses the filetype 'magic'."""
assert len(magic) == MAGIC_LEN
prng = getCommonPRNG()
length = struct.pack("!L", len(data))
paddingLen = ceilDiv(len(data), 1024)*1024 - len(data)
padding = prng.getBytes(paddingLen)
data = "".join([length,data,padding])
salt = prng.getBytes(SALT_LEN)
key = sha1(salt+password+salt)[:AES_KEY_LEN]
digest = sha1("".join([data,salt,magic]))
encrypted = ctr_crypt(data+digest, key)
contents = "".join([magic,"\x00",salt,encrypted])
writeFile(fname, armorText(contents,
"TYPE III KEYRING", [("Version","0.1")]))
def _writeEncryptedFile(fname, password, magic, data):
"""Write 'data' into an encrypted file named 'fname', replacing it
if necessary. Encrypts the data with the password 'password',
and uses the filetype 'magic'."""
assert len(magic) == MAGIC_LEN
prng = getCommonPRNG()
length = struct.pack("!L", len(data))
paddingLen = ceilDiv(len(data), 1024) * 1024 - len(data)
padding = prng.getBytes(paddingLen)
data = "".join([length, data, padding])
salt = prng.getBytes(SALT_LEN)
key = sha1(salt + password + salt)[:AES_KEY_LEN]
digest = sha1("".join([data, salt, magic]))
encrypted = ctr_crypt(data + digest, key)
contents = "".join([magic, "\x00", salt, encrypted])
writeFile(fname,
armorText(contents, "TYPE III KEYRING", [("Version", "0.1")]))
def _readEncryptedFile(fname, password, magicList):
"""Read encrypted data from the file named 'fname', using the password
'password' and checking for a magic string contained in 'magicList'.
Returns the magic string and the plaintext file contents on success.
If the file is corrupt or the password is wrong, raises BadPassword.
If the magic is incorrect, raises ValueError.
"""
assert list(map(len, magicList)) == [8]*len(magicList)
text = readFile(fname)
r = unarmorText(text, ["TYPE III KEYRING"])
if len(r) != 1:
raise ValueError("Bad ascii armor on keyring")
tp, headers, s = r[0]
assert tp == "TYPE III KEYRING"
vers = [ v for k,v in headers if k == 'Version' ]
if not vers or vers[0] != '0.1':
raise ValueError("Unrecognized version on keyring")
if len(s) < MAGIC_LEN+1 or s[MAGIC_LEN] != '\x00':
raise ValueError("Unrecognized encryption format on %s"%fname)
if s[:MAGIC_LEN] not in magicList:
raise ValueError("Invalid versioning on %s"%fname)
magic = s[:8]
s = s[MAGIC_LEN+1:]
if len(s) < 28:
raise MixError("File %s is too short."%fname)
salt = s[:SALT_LEN]
s = s[SALT_LEN:]
key = sha1(salt+password+salt)[:AES_KEY_LEN]
s = ctr_crypt(s, key)
data = s[:-DIGEST_LEN]
digest = s[-DIGEST_LEN:]
if digest != sha1(data+salt+magic):
raise BadPassword()
# We've decrypted it; now let's extract the data from the padding.
if len(data) < 4:
raise MixError("File %s is too short"%fname)
length, = struct.unpack("!L", data[:4])
if len(data) < length+4:
raise MixError("File %s is too short"%fname)
return magic, data[4:4+length]
def _readEncryptedFile(fname, password, magicList):
"""Read encrypted data from the file named 'fname', using the password
'password' and checking for a magic string contained in 'magicList'.
Returns the magic string and the plaintext file contents on success.
If the file is corrupt or the password is wrong, raises BadPassword.
If the magic is incorrect, raises ValueError.
"""
assert list(map(len, magicList)) == [8] * len(magicList)
text = readFile(fname)
r = unarmorText(text, ["TYPE III KEYRING"])
if len(r) != 1:
raise ValueError("Bad ascii armor on keyring")
tp, headers, s = r[0]
assert tp == "TYPE III KEYRING"
vers = [v for k, v in headers if k == 'Version']
if not vers or vers[0] != '0.1':
raise ValueError("Unrecognized version on keyring")
if len(s) < MAGIC_LEN + 1 or s[MAGIC_LEN] != '\x00':
raise ValueError("Unrecognized encryption format on %s" % fname)
if s[:MAGIC_LEN] not in magicList:
raise ValueError("Invalid versioning on %s" % fname)
magic = s[:8]
s = s[MAGIC_LEN + 1:]
if len(s) < 28:
raise MixError("File %s is too short." % fname)
salt = s[:SALT_LEN]
s = s[SALT_LEN:]
key = sha1(salt + password + salt)[:AES_KEY_LEN]
s = ctr_crypt(s, key)
data = s[:-DIGEST_LEN]
digest = s[-DIGEST_LEN:]
if digest != sha1(data + salt + magic):
raise BadPassword()
# We've decrypted it; now let's extract the data from the padding.
if len(data) < 4:
raise MixError("File %s is too short" % fname)
length, = struct.unpack("!L", data[:4])
if len(data) < length + 4:
raise MixError("File %s is too short" % fname)
return magic, data[4:4 + length]
