def __testDecrypt(self, subdir, reader=None):
path = os.path.join(TEST_DATA, subdir)
if reader:
crypter = keyczar.Crypter(reader)
else:
crypter = keyczar.Crypter.Read(path)
active_ciphertext = util.ReadFile(os.path.join(path, "1.out"))
primary_ciphertext = util.ReadFile(os.path.join(path, "2.out"))
active_decrypted = crypter.Decrypt(active_ciphertext)
self.assertEqual(self.input_data, active_decrypted)
primary_decrypted = crypter.Decrypt(primary_ciphertext)
self.assertEqual(self.input_data, primary_decrypted)
def UseKey(purpose, loc, dest, crypter=None, msg="This is some test data"):
reader = readers.CreateReader(loc)
try:
answer = ""
if crypter:
reader = readers.EncryptedReader(reader, crypter)
if purpose == keyinfo.DECRYPT_AND_ENCRYPT:
answer = keyczar.Crypter(reader).Encrypt(msg)
elif purpose == keyinfo.SIGN_AND_VERIFY:
answer = keyczar.Signer(reader).Sign(msg)
util.WriteFile(answer, dest)
finally:
reader.Close()
def crypter(self):
"""The actual keyczar crypter"""
if not hasattr(self, '_crypter'):
# initialise the Keyczar keysets
if not self.keyset_location:
raise ValueError('No encrypted keyset location!')
reader = keyczar.readers.CreateReader(self.keyset_location)
if self.encrypting_keyset_location:
encrypting_keyczar = keyczar.Crypter.Read(
self.encrypting_keyset_location)
reader = keyczar.readers.EncryptedReader(reader,
encrypting_keyczar)
self._crypter = keyczar.Crypter(reader)
return self._crypter
def Encrypt(data, key_type=None):
"""Encrypts data and returns.
Args:
data: blob, data to encrypt.
key_type: str, predefined type of encryption to use.
Returns:
encrypted blob data.
"""
if key_type is None:
key_type = settings.KEY_TYPE_DEFAULT_FILEVAULT
if not data:
return data
reader = CauliflowerVestReader()
reader.LoadKeys(key_type)
crypter = keyczar.Crypter(reader=reader)
return crypter.Encrypt(data)
def Encrypt(data, key_name=None, key_type=None): # pylint: disable=unused-argument
"""Encrypts data and returns.
Args:
data: blob, data to encrypt.
key_name: str, key_name for encryption to use.
key_type: str, predefined type of encryption to use.
Returns:
encrypted blob data.
"""
if not key_type:
key_type = settings.KEY_TYPE_DEFAULT_FILEVAULT
if not data:
return data
reader = CauliflowerVestReader()
reader.LoadKeys(key_type)
crypter = keyczar.Crypter(reader=reader)
return crypter.Encrypt(data)
def __testDecryptStream(self, subdir, reader, input_data, stream_buffer_size,
len_to_read, stream_source):
"""NOTE: input_data ignored here as we don't have a valid ".out" for
random data"""
path = os.path.join(TEST_DATA, subdir)
if reader:
crypter = keyczar.Crypter(reader)
else:
crypter = keyczar.Crypter.Read(path)
active_ciphertext = util.ReadFile(os.path.join(path, "1.out"))
if stream_source is None:
decoder = None
active_ciphertext = util.Base64WSDecode(active_ciphertext)
else:
decoder = util.IncrementalBase64WSStreamReader
decryption_stream = crypter.CreateDecryptingStreamReader(
StringIO.StringIO(active_ciphertext),
decoder=decoder,
buffer_size=stream_buffer_size)
plaintext = self.__readFromStream(decryption_stream, len_to_read)
self.assertEquals(self.input_data, plaintext,
'Active not equals for buffer:%d, read len:%d, src:%s' %(
stream_buffer_size,
len_to_read,
stream_source
))
primary_ciphertext = util.ReadFile(os.path.join(path, "2.out"))
if stream_source is None:
primary_ciphertext = util.Base64WSDecode(primary_ciphertext)
decryption_stream = crypter.CreateDecryptingStreamReader(
StringIO.StringIO(primary_ciphertext),
decoder=decoder,
buffer_size=stream_buffer_size)
plaintext = self.__readFromStream(decryption_stream, len_to_read)
self.assertEquals(self.input_data, plaintext,
'Primary not equals for buffer:%d, read len:%d, src:%s' %(
stream_buffer_size,
len_to_read,
stream_source
))
def GetCrypter(self, secret): """Assumes the secret is a Keyczar crypt keyset. Loads the secret value and returns a Keyczar Crypter object already initialized with the keyset value. """ return keyczar.Crypter(keyczar_dict.DictReader(self.GetSecret(secret)))
def __init__(self, keyname, *args, **kwargs):
self.keydata = readers.FileReader(keyname)
self.crypter = keyczar.Crypter(self.keydata)
def __init__(self, key_string):
key = keys.AesKey.Read(key_string)
reader = readers.StaticKeyReader(key, keyinfo.DECRYPT_AND_ENCRYPT)
self.crypter = keyczar.Crypter(reader)
"""
