def test_seed_add(self):
self.assertIsNone(Rand.rand_seed(os.urandom(1024)))
# XXX Should there be limits on the entropy parameter?
self.assertIsNone(Rand.rand_add(os.urandom(2), 0.5))
Rand.rand_add(os.urandom(2), -0.5)
Rand.rand_add(os.urandom(2), 5000.0)
def test_seed_add(self):
self.assertIsNone(Rand.rand_seed(os.urandom(1024)))
# XXX Should there be limits on the entropy parameter?
self.assertIsNone(Rand.rand_add(os.urandom(2), 0.5))
Rand.rand_add(os.urandom(2), -0.5)
Rand.rand_add(os.urandom(2), 5000.0)
def test_seed_add(self):
if sys.version_info >= (2, 4):
assert Rand.rand_seed(os.urandom(1024)) is None
# XXX Should there be limits on the entropy parameter?
assert Rand.rand_add(os.urandom(2), 0.5) is None
Rand.rand_add(os.urandom(2), -0.5)
Rand.rand_add(os.urandom(2), 5000.0)
def test_seed_add(self):
if sys.version_info >= (2, 4):
assert Rand.rand_seed(os.urandom(1024)) is None
# XXX Should there be limits on the entropy parameter?
assert Rand.rand_add(os.urandom(2), 0.5) is None
Rand.rand_add(os.urandom(2), -0.5)
Rand.rand_add(os.urandom(2), 5000.0)
def DecodeMessages(self, response_comms):
"""Extract and verify server message.
Args:
response_comms: A ClientCommunication rdfvalue
Returns:
list of messages and the CN where they came from.
Raises:
DecryptionError: If the message failed to decrypt properly.
"""
if response_comms.api_version not in [3]:
raise DecryptionError("Unsupported api version.")
if response_comms.encrypted_cipher:
# Have we seen this cipher before?
try:
cipher = self.encrypted_cipher_cache.Get(
response_comms.encrypted_cipher)
except KeyError:
cipher = ReceivedCipher(response_comms, self.private_key,
self.pub_key_cache)
if cipher.signature_verified:
# Remember it for next time.
self.encrypted_cipher_cache.Put(response_comms.encrypted_cipher,
cipher)
# Add entropy to the PRNG.
Rand.rand_add(response_comms.encrypted, len(response_comms.encrypted))
# Check the encrypted message integrity using HMAC.
if cipher.HMAC(response_comms.encrypted) != response_comms.hmac:
raise DecryptionError("HMAC verification failed.")
# Decrypt the messages
iv = response_comms.iv or cipher.cipher.iv
plain = cipher.Decrypt(response_comms.encrypted, iv)
try:
signed_message_list = rdfvalue.SignedMessageList(plain)
except rdfvalue.DecodeError as e:
raise DecryptionError(str(e))
message_list = self.DecompressMessageList(signed_message_list)
else:
# The message is not encrypted. We do not allow unencrypted
# messages:
raise DecryptionError("Server response is not encrypted.")
# Are these messages authenticated?
auth_state = self.VerifyMessageSignature(
response_comms, signed_message_list, cipher,
response_comms.api_version)
# Mark messages as authenticated and where they came from.
for msg in message_list.job:
msg.auth_state = auth_state
msg.SetWireFormat("source", utils.SmartStr(
cipher.cipher_metadata.source.Basename()))
return (message_list.job, cipher.cipher_metadata.source,
signed_message_list.timestamp)
def DecodeMessages(self, response_comms):
"""Extract and verify server message.
Args:
response_comms: A ClientCommunication rdfvalue
Returns:
list of messages and the CN where they came from.
Raises:
DecryptionError: If the message failed to decrypt properly.
"""
if response_comms.api_version not in [3]:
raise DecryptionError("Unsupported api version.")
if response_comms.encrypted_cipher:
# Have we seen this cipher before?
try:
cipher = self.encrypted_cipher_cache.Get(
response_comms.encrypted_cipher)
except KeyError:
cipher = ReceivedCipher(response_comms, self.private_key,
self.pub_key_cache)
if cipher.signature_verified:
# Remember it for next time.
self.encrypted_cipher_cache.Put(
response_comms.encrypted_cipher, cipher)
# Add entropy to the PRNG.
Rand.rand_add(response_comms.encrypted,
len(response_comms.encrypted))
# Check the encrypted message integrity using HMAC.
if cipher.HMAC(response_comms.encrypted) != response_comms.hmac:
raise DecryptionError("HMAC verification failed.")
# Decrypt the messages
iv = response_comms.iv or cipher.cipher.iv
plain = cipher.Decrypt(response_comms.encrypted, iv)
try:
signed_message_list = rdfvalue.SignedMessageList(plain)
except rdfvalue.DecodeError as e:
raise DecryptionError(str(e))
message_list = self.DecompressMessageList(signed_message_list)
else:
# The message is not encrypted. We do not allow unencrypted
# messages:
raise DecryptionError("Server response is not encrypted.")
# Are these messages authenticated?
auth_state = self.VerifyMessageSignature(response_comms,
signed_message_list, cipher,
response_comms.api_version)
# Mark messages as authenticated and where they came from.
for msg in message_list.job:
msg.auth_state = auth_state
msg.SetWireFormat(
"source",
utils.SmartStr(cipher.cipher_metadata.source.Basename()))
return (message_list.job, cipher.cipher_metadata.source,
signed_message_list.timestamp)
