def test_seed_add(self): self.assertIsNone(Rand.rand_seed(os.urandom(1024))) # XXX Should there be limits on the entropy parameter? self.assertIsNone(Rand.rand_add(os.urandom(2), 0.5)) Rand.rand_add(os.urandom(2), -0.5) Rand.rand_add(os.urandom(2), 5000.0)
def test_seed_add(self): if sys.version_info >= (2, 4): assert Rand.rand_seed(os.urandom(1024)) is None # XXX Should there be limits on the entropy parameter? assert Rand.rand_add(os.urandom(2), 0.5) is None Rand.rand_add(os.urandom(2), -0.5) Rand.rand_add(os.urandom(2), 5000.0)
def DecodeMessages(self, response_comms): """Extract and verify server message. Args: response_comms: A ClientCommunication rdfvalue Returns: list of messages and the CN where they came from. Raises: DecryptionError: If the message failed to decrypt properly. """ if response_comms.api_version not in [3]: raise DecryptionError("Unsupported api version.") if response_comms.encrypted_cipher: # Have we seen this cipher before? try: cipher = self.encrypted_cipher_cache.Get( response_comms.encrypted_cipher) except KeyError: cipher = ReceivedCipher(response_comms, self.private_key, self.pub_key_cache) if cipher.signature_verified: # Remember it for next time. self.encrypted_cipher_cache.Put(response_comms.encrypted_cipher, cipher) # Add entropy to the PRNG. Rand.rand_add(response_comms.encrypted, len(response_comms.encrypted)) # Check the encrypted message integrity using HMAC. if cipher.HMAC(response_comms.encrypted) != response_comms.hmac: raise DecryptionError("HMAC verification failed.") # Decrypt the messages iv = response_comms.iv or cipher.cipher.iv plain = cipher.Decrypt(response_comms.encrypted, iv) try: signed_message_list = rdfvalue.SignedMessageList(plain) except rdfvalue.DecodeError as e: raise DecryptionError(str(e)) message_list = self.DecompressMessageList(signed_message_list) else: # The message is not encrypted. We do not allow unencrypted # messages: raise DecryptionError("Server response is not encrypted.") # Are these messages authenticated? auth_state = self.VerifyMessageSignature( response_comms, signed_message_list, cipher, response_comms.api_version) # Mark messages as authenticated and where they came from. for msg in message_list.job: msg.auth_state = auth_state msg.SetWireFormat("source", utils.SmartStr( cipher.cipher_metadata.source.Basename())) return (message_list.job, cipher.cipher_metadata.source, signed_message_list.timestamp)
def DecodeMessages(self, response_comms): """Extract and verify server message. Args: response_comms: A ClientCommunication rdfvalue Returns: list of messages and the CN where they came from. Raises: DecryptionError: If the message failed to decrypt properly. """ if response_comms.api_version not in [3]: raise DecryptionError("Unsupported api version.") if response_comms.encrypted_cipher: # Have we seen this cipher before? try: cipher = self.encrypted_cipher_cache.Get( response_comms.encrypted_cipher) except KeyError: cipher = ReceivedCipher(response_comms, self.private_key, self.pub_key_cache) if cipher.signature_verified: # Remember it for next time. self.encrypted_cipher_cache.Put( response_comms.encrypted_cipher, cipher) # Add entropy to the PRNG. Rand.rand_add(response_comms.encrypted, len(response_comms.encrypted)) # Check the encrypted message integrity using HMAC. if cipher.HMAC(response_comms.encrypted) != response_comms.hmac: raise DecryptionError("HMAC verification failed.") # Decrypt the messages iv = response_comms.iv or cipher.cipher.iv plain = cipher.Decrypt(response_comms.encrypted, iv) try: signed_message_list = rdfvalue.SignedMessageList(plain) except rdfvalue.DecodeError as e: raise DecryptionError(str(e)) message_list = self.DecompressMessageList(signed_message_list) else: # The message is not encrypted. We do not allow unencrypted # messages: raise DecryptionError("Server response is not encrypted.") # Are these messages authenticated? auth_state = self.VerifyMessageSignature(response_comms, signed_message_list, cipher, response_comms.api_version) # Mark messages as authenticated and where they came from. for msg in message_list.job: msg.auth_state = auth_state msg.SetWireFormat( "source", utils.SmartStr(cipher.cipher_metadata.source.Basename())) return (message_list.job, cipher.cipher_metadata.source, signed_message_list.timestamp)