Ejemplo n.º 1
0
 def test_encrypt_decrypt_sym(self):
     # generate 256-bit key
     key = os.urandom(32)
     iv, cyphertext = crypto.encrypt_sym('data', key)
     self.assertTrue(cyphertext is not None)
     self.assertTrue(cyphertext != '')
     self.assertTrue(cyphertext != 'data')
     plaintext = crypto.decrypt_sym(cyphertext, key, iv)
     self.assertEqual('data', plaintext)
Ejemplo n.º 2
0
 def test_encrypt_decrypt_sym(self):
     # generate 256-bit key
     key = os.urandom(32)
     iv, cyphertext = crypto.encrypt_sym('data', key)
     self.assertTrue(cyphertext is not None)
     self.assertTrue(cyphertext != '')
     self.assertTrue(cyphertext != 'data')
     plaintext = crypto.decrypt_sym(cyphertext, key, iv)
     self.assertEqual('data', plaintext)
Ejemplo n.º 3
0
 def test_decrypt_with_wrong_key_fails(self):
     key = os.urandom(32)
     iv, cyphertext = crypto.encrypt_sym('data', key)
     self.assertTrue(cyphertext is not None)
     self.assertTrue(cyphertext != '')
     self.assertTrue(cyphertext != 'data')
     wrongkey = os.urandom(32)  # 256-bits key
     # ensure keys are different in case we are extremely lucky
     while wrongkey == key:
         wrongkey = os.urandom(32)
     plaintext = crypto.decrypt_sym(cyphertext, wrongkey, iv)
     self.assertNotEqual('data', plaintext)
Ejemplo n.º 4
0
 def test_decrypt_with_wrong_key_fails(self):
     key = os.urandom(32)
     iv, cyphertext = crypto.encrypt_sym('data', key)
     self.assertTrue(cyphertext is not None)
     self.assertTrue(cyphertext != '')
     self.assertTrue(cyphertext != 'data')
     wrongkey = os.urandom(32)  # 256-bits key
     # ensure keys are different in case we are extremely lucky
     while wrongkey == key:
         wrongkey = os.urandom(32)
     plaintext = crypto.decrypt_sym(cyphertext, wrongkey, iv)
     self.assertNotEqual('data', plaintext)
Ejemplo n.º 5
0
 def test_decrypt_with_wrong_iv_fails(self):
     key = os.urandom(32)
     iv, cyphertext = crypto.encrypt_sym('data', key)
     self.assertTrue(cyphertext is not None)
     self.assertTrue(cyphertext != '')
     self.assertTrue(cyphertext != 'data')
     # get a different iv by changing the first byte
     rawiv = binascii.a2b_base64(iv)
     wrongiv = rawiv
     while wrongiv == rawiv:
         wrongiv = os.urandom(1) + rawiv[1:]
     plaintext = crypto.decrypt_sym(
         cyphertext, key, iv=binascii.b2a_base64(wrongiv))
     self.assertNotEqual('data', plaintext)
Ejemplo n.º 6
0
 def test_decrypt_with_wrong_iv_fails(self):
     key = os.urandom(32)
     iv, cyphertext = crypto.encrypt_sym('data', key)
     self.assertTrue(cyphertext is not None)
     self.assertTrue(cyphertext != '')
     self.assertTrue(cyphertext != 'data')
     # get a different iv by changing the first byte
     rawiv = binascii.a2b_base64(iv)
     wrongiv = rawiv
     while wrongiv == rawiv:
         wrongiv = os.urandom(1) + rawiv[1:]
     plaintext = crypto.decrypt_sym(
         cyphertext, key, iv=binascii.b2a_base64(wrongiv))
     self.assertNotEqual('data', plaintext)
Ejemplo n.º 7
0
    def _encrypt_storage_secret(self, decrypted_secret):
        """
        Encrypt the storage secret.

        An encrypted secret has the following structure:

            {
                '<secret_id>': {
                        'kdf': 'scrypt',
                        'kdf_salt': '<b64 repr of salt>'
                        'kdf_length': <key length>
                        'cipher': 'aes256',
                        'length': <secret length>,
                        'secret': '<encrypted b64 repr of storage_secret>',
                }
            }

        :param decrypted_secret: The decrypted storage secret.
        :type decrypted_secret: str

        :return: The encrypted storage secret.
        :rtype: dict
        """
        # generate random salt
        salt = os.urandom(self.SALT_LENGTH)
        # get a 256-bit key
        key = scrypt.hash(self._passphrase_as_string(), salt, buflen=32)
        iv, ciphertext = encrypt_sym(decrypted_secret, key)
        encrypted_secret_dict = {
            # leap.soledad.crypto submodule uses AES256 for symmetric
            # encryption.
            self.KDF_KEY:
            self.KDF_SCRYPT,
            self.KDF_SALT_KEY:
            binascii.b2a_base64(salt),
            self.KDF_LENGTH_KEY:
            len(key),
            self.CIPHER_KEY:
            self.CIPHER_AES256,
            self.LENGTH_KEY:
            len(decrypted_secret),
            self.SECRET_KEY:
            '%s%s%s' %
            (str(iv), self.IV_SEPARATOR, binascii.b2a_base64(ciphertext)),
        }
        return encrypted_secret_dict
Ejemplo n.º 8
0
    def _encrypt_storage_secret(self, decrypted_secret):
        """
        Encrypt the storage secret.

        An encrypted secret has the following structure:

            {
                '<secret_id>': {
                        'kdf': 'scrypt',
                        'kdf_salt': '<b64 repr of salt>'
                        'kdf_length': <key length>
                        'cipher': 'aes256',
                        'length': <secret length>,
                        'secret': '<encrypted b64 repr of storage_secret>',
                }
            }

        :param decrypted_secret: The decrypted storage secret.
        :type decrypted_secret: str

        :return: The encrypted storage secret.
        :rtype: dict
        """
        # generate random salt
        salt = os.urandom(self.SALT_LENGTH)
        # get a 256-bit key
        key = scrypt.hash(self._passphrase_as_string(), salt, buflen=32)
        iv, ciphertext = encrypt_sym(decrypted_secret, key)
        encrypted_secret_dict = {
            # leap.soledad.crypto submodule uses AES256 for symmetric
            # encryption.
            self.KDF_KEY: self.KDF_SCRYPT,
            self.KDF_SALT_KEY: binascii.b2a_base64(salt),
            self.KDF_LENGTH_KEY: len(key),
            self.CIPHER_KEY: self.CIPHER_AES256,
            self.LENGTH_KEY: len(decrypted_secret),
            self.SECRET_KEY: '%s%s%s' % (
                str(iv), self.IV_SEPARATOR, binascii.b2a_base64(ciphertext)),
        }
        return encrypted_secret_dict
 def encrypt(self, content):
     iv, ciphertext = encrypt_sym(content, self.masterkey)
     mac = self.gen_mac(iv, ciphertext)
     return ''.join((mac, iv, ciphertext))
 def encrypt(self, content):
     iv, ciphertext = encrypt_sym(content, self.masterkey)
     mac = self.gen_mac(iv, ciphertext)
     return ''.join((mac, iv, ciphertext))
Ejemplo n.º 11
0
 def test_raw_decrypt(benchmark, payload):
     key = payload(32)
     iv, ciphertext = encrypt_sym(payload(size), key)
     benchmark(decrypt_sym, ciphertext, key, iv)
Ejemplo n.º 12
0
 def encrypt(self, content):
     iv, ciphertext = encrypt_sym(content, self.masterkey, EncryptionMethods.XSALSA20)
     mac = self.gen_mac(iv, ciphertext)
     return ''.join((mac, iv, ciphertext))