def testReadAcrastructInAcrastruct(self): """test correct decrypting acrastruct when acrastruct concatenated to partial another acrastruct""" keyname = 'keypair1_storage' with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f: server_public1 = f.read() incorrect_data = self.get_random_data() correct_data = self.get_random_data() fake_offset = (3 + 45 + 84) - 4 fake_acra_struct = create_acrastruct(incorrect_data.encode('ascii'), server_public1)[:fake_offset] inner_acra_struct = create_acrastruct(correct_data.encode('ascii'), server_public1) data = fake_acra_struct + inner_acra_struct row_id = self.get_random_id() self.log(keyname, data, fake_acra_struct + correct_data.encode('ascii')) self.engine1.execute(test_table.insert(), { 'id': row_id, 'data': data, 'raw_data': correct_data }) result = self.engine1.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() try: self.assertEqual(row['data'][fake_offset:], row['raw_data'].encode('utf-8')) except UnicodeDecodeError: print( 'incorrect data: {}\ncorrect data: {}\ndata: {}\n data len: {}' .format(incorrect_data, correct_data, row['data'], len(row['data']))) raise result = self.engine2.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual( row['data'][fake_offset:].decode('ascii', errors='ignore'), row['raw_data']) result = self.engine_raw.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual( row['data'][fake_offset:].decode('ascii', errors='ignore'), row['raw_data'])
def testProxyRead(self): data = self.get_random_data() zone_public = b64decode(zones[0]['public_key'].encode('ascii')) acra_struct = create_acrastruct(data.encode('ascii'), zone_public, context=zones[0]['id'].encode('ascii')) row_id = self.get_random_id() self.log(zones[0]['id'] + '_zone', acra_struct, data.encode('ascii')) self.engine1.execute(test_table.insert(), { 'id': row_id, 'data': acra_struct, 'raw_data': data }) zone = zones[0]['id'].encode('ascii') result = self.engine1.execute( sa.select([sa.cast(zone, BYTEA), test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertEqual(row['data'], row['raw_data'].encode('utf-8')) # without zone in another proxy, in the same proxy and without any proxy for engine in self.engines: result = engine.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual(row['data'].decode('ascii', errors='ignore'), row['raw_data'])
def testProxyRead(self): """test decrypting with correct acraproxy and not decrypting with incorrect acraproxy or using direct connection to db""" keyname = 'keypair1_storage' with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f: server_public1 = f.read() data = self.get_random_data() acra_struct = create_acrastruct(data.encode('ascii'), server_public1) row_id = self.get_random_id() self.log(keyname, acra_struct, data.encode('ascii')) self.engine1.execute(test_table.insert(), { 'id': row_id, 'data': acra_struct, 'raw_data': data }) result = self.engine1.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertEqual(row['data'], row['raw_data'].encode('utf-8')) result = self.engine2.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual(row['data'].decode('ascii', errors='ignore'), row['raw_data']) result = self.engine_raw.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual(row['data'].decode('ascii', errors='ignore'), row['raw_data'])
def write_data(data, connection, sslcontext=None): zone_id, key = get_zone(sslcontext=sslcontext) print("data: {}\nzone: {}".format(data, zone_id)) # here we encrypt our data and wrap into AcraStruct encrypted_data = create_acrastruct(data.encode('utf-8'), key, zone_id.encode('utf-8')) connection.execute(test_table.insert(), data=encrypted_data, raw_data=data)
def testReadAcrastructInAcrastruct(self): incorrect_data = self.get_random_data() correct_data = self.get_random_data() zone_public = b64decode(zones[0]['public_key'].encode('ascii')) fake_offset = (3 + 45 + 84) - 1 fake_acra_struct = create_acrastruct( incorrect_data.encode('ascii'), zone_public, context=zones[0]['id'].encode('ascii'))[:fake_offset] inner_acra_struct = create_acrastruct( correct_data.encode('ascii'), zone_public, context=zones[0]['id'].encode('ascii')) data = fake_acra_struct + inner_acra_struct self.log(zones[0]['id'] + '_zone', data, fake_acra_struct + correct_data.encode('ascii')) row_id = self.get_random_id() self.engine1.execute(test_table.insert(), { 'id': row_id, 'data': data, 'raw_data': correct_data }) zone = zones[0]['id'].encode('ascii') result = self.engine1.execute( sa.select([sa.cast(zone, BYTEA), test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertEqual(row['data'][fake_offset:], row['raw_data'].encode('utf-8')) result = self.engine2.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual( row['data'][fake_offset:].decode('ascii', errors='ignore'), row['raw_data']) result = self.engine_raw.execute( sa.select([test_table]).where(test_table.c.id == row_id)) row = result.fetchone() self.assertNotEqual( row['data'][fake_offset:].decode('ascii', errors='ignore'), row['raw_data'])
def get_db_prep_value(self, value, connection, prepared=False): value = super(CharField, self).get_db_prep_value(value, connection, prepared) if value == '': return b'' elif value is None: return None else: return acrawriter.create_acrastruct(value.encode(self._encoding), self._public_key)
def setup_df(table, zone_id, key, n=1000000, encrypt=False): zone_id_utf8 = zone_id.encode('utf-8') data = dict() for i in range(n): raw = str( i ) + ': een beetje lange string om wat vulling te creƫren, raw_' + str( i) if encrypt: enc = create_acrastruct(raw.encode('utf-8'), key, zone_id_utf8) else: enc = raw data[i] = (i, zone_id, enc, raw) return pd.DataFrame.from_dict(data, columns=[c.name for c in table.columns], orient='index')
def test_with_zone_to_file(self): zone_public = b64decode(zones[0]['public_key'].encode('ascii')) rows = [] for _ in range(self.DATA_COUNT): data = self.get_random_data() row = { 'raw_data': data, 'data': create_acrastruct(data.encode('ascii'), zone_public, context=zones[0]['id'].encode('ascii')), 'id': self.get_random_id() } rows.append(row) self.engine_raw.execute(test_table.insert(), rows) subprocess.check_call([ './acra_rollback', '--client_id=keypair1', '--connection_string=dbname={dbname} user={user} ' 'password={password} host={host} port={port}'.format( dbname=self.DB_NAME, user=self.DB_USER, port=self.DB_PORT, password=self.DB_USER_PASSWORD, host=self.DB_HOST), '--output_file={}'.format( self.output_filename), '--select=select \'{id}\'::bytea, data from {table};'.format( id=zones[0]['id'], table=test_table.name), '--zonemode=true', '--insert=insert into {} values($1);'.format( rollback_output_table.name) ], cwd=os.getcwd()) # execute file with open(self.output_filename, 'r') as f: for line in f: self.engine_raw.execute(line) source_data = set([i['raw_data'].encode('ascii') for i in rows]) result = self.engine_raw.execute(rollback_output_table.select()) result = result.fetchall() for data in result: self.assertIn(data[0], source_data)
def test_without_zone_to_file(self): keyname = 'keypair1_storage' with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f: server_public1 = f.read() rows = [] for _ in range(self.DATA_COUNT): data = self.get_random_data() row = { 'raw_data': data, 'data': create_acrastruct(data.encode('ascii'), server_public1), 'id': self.get_random_id() } rows.append(row) self.engine_raw.execute(test_table.insert(), rows) subprocess.check_call([ './acra_rollback', '--client_id=keypair1', '--connection_string=dbname={dbname} user={user} ' 'password={password} host={host} port={port}'.format( dbname=self.DB_NAME, user=self.DB_USER, port=self.DB_PORT, password=self.DB_USER_PASSWORD, host=self.DB_HOST), '--output_file={}'.format( self.output_filename), '--select=select data from {};'.format( test_table.name), '--insert=insert into {} values($1);'.format( rollback_output_table.name) ], cwd=os.getcwd()) # execute file with open(self.output_filename, 'r') as f: for line in f: self.engine_raw.execute(line) source_data = set([i['raw_data'].encode('ascii') for i in rows]) result = self.engine_raw.execute(rollback_output_table.select()) result = result.fetchall() for data in result: self.assertIn(data[0], source_data)
def testWithEncoding(self): test_data = 'some data' public_key = GenerateKeyPair(KEY_PAIR_TYPE.EC).export_public_key() self.assertIsNotNone(create_acrastruct(test_data, public_key))
def testWithContext(self): test_data = b'some data' context = b'some context' public_key = GenerateKeyPair(KEY_PAIR_TYPE.EC).export_public_key() self.assertIsNotNone(create_acrastruct(test_data, public_key, context))
help='Client ID (default: testclientid)') parser.add_argument( '--zone_id', nargs='?', help='Zone ID') parser.add_argument( '--keys_dir', nargs='?', default='docker/.acrakeys/acra-writer', help='Directory where keys placed (default: docker/.acrakeys/acra-writer)') parser.add_argument( '--data', nargs='?', default='Plain text.', help='Plain text to encode (default: "Plain text.")') parser.add_argument( '--out_file', nargs='?', default='', help='Save AcraStruct to filename (default: "<client_id>.acrastruct")') args = parser.parse_args() as_out_file = args.out_file if as_out_file == '': if args.zone_id: as_out_file = '{}.acrastruct'.format(args.zone_id) else: as_out_file = '{}.acrastruct'.format(args.client_id) if args.zone_id: encryption_key = read_zone_public_key(args.zone_id, args.keys_dir) acrastruct = create_acrastruct(args.data, encryption_key, args.zone_id.encode('ascii')) else: encryption_key = read_storage_public_key(args.client_id, args.keys_dir) acrastruct = create_acrastruct(args.data, encryption_key) with open(as_out_file, 'wb') as f: f.write(acrastruct)
def process_bind_param(self, value, dialect): return create_acrastruct(value, self._public_key)
for row in result: try: print("{:<3} - {} - {} - {:>10}\n".format( row['id'], row[0], row['data'].decode('utf-8'), row['raw_data'])) except: print("{:<3} - {} - {} - {:>10}\n".format( row['id'], row[0], row['data'], row['raw_data'])) else: if args.zone_id: print("For encrypting will be used random generated zone_id") exit(1) zone_id, key = get_zone() data = bytes([randint(32, 126) for _ in range(randint(10, 20))]) string_data = ''.join( choice(string.ascii_letters) for _ in range(randint(10, 20))) data = args.data or string_data print("data: {}\nzone: {}".format(data, zone_id)) encrypted_data = create_acrastruct(data.encode('utf-8'), key, zone_id.encode('utf-8')) rid = randint(1, 100500) proxy_connection.execute(test.insert(), data=encrypted_data, id=rid, raw_data='(zone: {}) - {}'.format( zone_id, data)) print("saved with zone: {}".format(zone_id))
default='docker/.acrakeys/acra-writer', help='Directory where keys placed (default: docker/.acrakeys/acra-writer)') parser.add_argument('--data', nargs='?', default='Plain text.', help='Plain text to encode (default: "Plain text.")') parser.add_argument( '--out_file', nargs='?', default='', help='Save AcraStruct to filename (default: "<client_id>.acrastruct")') args = parser.parse_args() as_out_file = args.out_file if as_out_file == '': if args.zone_id: as_out_file = '{}.acrastruct'.format(args.zone_id) else: as_out_file = '{}.acrastruct'.format(args.client_id) if args.zone_id: encryption_key = read_zone_public_key(args.zone_id, args.keys_dir) acrastruct = create_acrastruct(args.data.encode('utf-8'), encryption_key, args.zone_id.encode('utf-8')) else: encryption_key = read_storage_public_key(args.client_id, args.keys_dir) acrastruct = create_acrastruct(args.data.encode('utf-8'), encryption_key) with open(as_out_file, 'wb') as f: f.write(acrastruct)