def insertUser(self, name, passwd):
"""
Insert user in talbe Users. User password is hashed with salt_p.
@param name: user name
@param passwd: user password
"""
name = name.decode('utf-8')
passwd = passwd.decode('utf-8')
# generate salt using cryptographic safe pseudo-random generator
salt_p = CryptoBasics.genUserPassSalt()
# prepends salts and create hash
passwd = CryptoBasics.getUserPassHash(salt_p, passwd)
try:
self._cursor.execute("INSERT INTO Users(name, passwd, salt_p) VALUES(:name, :passwd, :salt_p)",
{"name" : name, "passwd" : passwd, "salt_p" : salt_p})
self._connection.commit()
logging.info("users with ID: %i, inserted: %s", self._cursor.lastrowid, self._cursor.rowcount)
except sqlite3.IntegrityError as e:
logging.warning(e)
except sqlite3.Error as e:
logging.exception(e)
self._connection.rollback()
raise e
def insertPassword(self, title, username, passwd, url, comment, c_date, e_date, grp_id, user_id, attachment, att_name, expire):
"""
Inserts password in table Passwords. Encrypts inserted data. Only grp_id, user_id salt and iv are not encrypted.
@param title: password title
@param username: account username
@param passwd: account password
@param url: account url
@param comment: password comment
@param c_date: date of creation
@param e_date: date of expiration
@param grp_id: password group ID, from Groups table
@param user_id: user ID, from Users table
@param attachment: attachment of password
@param att_name: attachment name
@param expire: if password expires, should be set to 'true' string
"""
salt = CryptoBasics.genKeySalt().decode("utf8")
iv = CryptoBasics.genIV()
# encrypt data
encrypted_row = self.encryptAndPrepRow(title, username, passwd, url,
comment, c_date, e_date,
grp_id, user_id, attachment,
att_name,
salt, iv, expire)
try:
self._cursor.execute("""INSERT INTO
Passwords(title, username, passwd, url, comment, c_date, m_date, e_date, grp_id, user_id, attachment, att_name, salt, iv, expire)
VALUES(:title, :username, :passwd, :url, :comment, :c_date, :m_date, :e_date, :grp_id, :user_id, :attachment, :att_name,
:salt, :iv, :expire)""",
encrypted_row)
self._connection.commit()
logging.info("passwords with ID: %d, inserted: %d", self._cursor.lastrowid, self._cursor.rowcount)
except sqlite3.IntegrityError as e:
logging.warning(e)
self._connection.rollback()
except sqlite3.Error as e:
logging.exception(e)
self._connection.rollback()
raise e
def selectByNameMaster(self, name, master):
"""
Select user from database by username and password.
@param name: username
@param master: plain text password
@return: UserModel object, or None
"""
name = name.decode('utf-8')
master = master.decode('utf-8')
user = None
try:
user = self.selectByName(name)
if (not user):
logging.info("username doesn't exist, %s", name)
return None
# prepare hash
passwd = CryptoBasics.getUserPassHash(user._salt, master)
except sqlite3.Error as e:
logging.exception(e)
raise e
finally:
if (user and user._passwd == passwd):
logging.debug("user with username '%s' selected", name)
user._master = master
return user
else:
logging.info("user password not correct")
return None
def decryptRow(self, p_id, title, username, passwd, url, comment, c_date, m_date, e_date, grp_id, user_id, attachment, att_name, salt, iv, expire):
"""
Decrypts password in table Passwords. Decrypts slected data. Only grp_id, user_id salt and iv are not encrypted.
@param p_id: password id
@param title: password title
@param username: account username
@param passwd: account password
@param url: account url
@param comment: password comment
@param c_date: date of creation
@param m_date: date of modification
@param e_date: date of expiration
@param grp_id: password group ID, from Groups table
@param user_id: user ID, from Users table
@param attachment: attachment of password
@param att_name: attachment name
@param salt: secret key salt
@param iv: cipher input vector
@param expire: if password expires, should be set to 'true' string
@return: enrypted dictionary data
"""
secret_key = CryptoBasics.genCipherKey(self._master, salt)
# decrypt data
title = CryptoBasics.decryptDataAutoPad(title, secret_key, iv)
username = CryptoBasics.decryptDataAutoPad(username, secret_key, iv)
passwd = CryptoBasics.decryptDataAutoPad(passwd, secret_key, iv)
url = CryptoBasics.decryptDataAutoPad(url, secret_key, iv)
comment = CryptoBasics.decryptDataAutoPad(comment, secret_key, iv)
c_date = CryptoBasics.decryptDataAutoPad(c_date, secret_key, iv)
e_date = CryptoBasics.decryptDataAutoPad(e_date, secret_key, iv)
m_date = CryptoBasics.decryptDataAutoPad(m_date, secret_key, iv)
# unpack returns a touple, but I need just one value
m_date = struct.unpack(self._TIME_PRECISION, m_date)[0]
c_date = struct.unpack(self._TIME_PRECISION, c_date)[0]
e_date = struct.unpack(self._TIME_PRECISION, e_date)[0]
attachment = CryptoBasics.decryptDataAutoPad(attachment, secret_key, iv)
att_name = CryptoBasics.decryptDataAutoPad(att_name, secret_key, iv)
expire = CryptoBasics.decryptDataAutoPad(expire, secret_key, iv)
return {"id" :p_id, "title" : title, "username" : username, "passwd" : passwd, "url" : url, "comment" : comment,
"c_date" : c_date, "m_date" : m_date, "e_date" : e_date, "grp_id" : grp_id, "user_id" : user_id,
"attachment" : attachment, "att_name" : att_name, "salt" : salt, "iv" : iv, "expire" : expire}
def encryptAndPrepRow(self, title, username, passwd, url, comment, c_date, e_date, grp_id, user_id, attachment, att_name, salt, iv, expire):
"""
Encrypts password in table Passwords. Encrypts inserted data. Only grp_id, user_id salt and iv are not encrypted.
Also change m_date column, modification date, to current timestamp. Encrypted data are inserted as BLOB type.
And prepares them for sqlite binary data.
@param title: password title
@param username: account username
@param passwd: account password
@param url: account url
@param comment: password comment
@param c_date: date of creation
@param e_date: date of expiration
@param grp_id: password group ID, from Groups table
@param user_id: user ID, from Users table
@param attachment: attachment of password
@param att_name: attachment name
@param salt: secret key salt
@param iv: cipher input vector
@param expire: if password expires, should be set to 'true' string
@return: encrypted dictionary data
"""
secret_key = CryptoBasics.genCipherKey(self._master, salt)
# pack time (float) to bytes, need to encrypt it, add padding
m_date = time.time()
logging.debug("modification timestamp: %f", m_date)
# use little endian and float type to convert timestamp
c_date = struct.pack(self._TIME_PRECISION, c_date)
e_date = struct.pack(self._TIME_PRECISION, e_date)
m_date = struct.pack(self._TIME_PRECISION, m_date)
# encrypt data
title = CryptoBasics.encryptDataAutoPad(title, secret_key, iv)
username = CryptoBasics.encryptDataAutoPad(username, secret_key, iv)
passwd = CryptoBasics.encryptDataAutoPad(passwd, secret_key, iv)
url = CryptoBasics.encryptDataAutoPad(url, secret_key, iv)
comment = CryptoBasics.encryptDataAutoPad(comment, secret_key, iv)
c_date = CryptoBasics.encryptDataAutoPad(c_date, secret_key, iv)
m_date = CryptoBasics.encryptDataAutoPad(m_date, secret_key, iv)
e_date = CryptoBasics.encryptDataAutoPad(e_date, secret_key, iv)
attachment = CryptoBasics.encryptDataAutoPad(attachment, secret_key, iv)
att_name = CryptoBasics.encryptDataAutoPad(att_name, secret_key, iv)
expire = CryptoBasics.encryptDataAutoPad(expire, secret_key, iv)
# prepare binary data
title = sqlite3.Binary(title)
username = sqlite3.Binary(username)
passwd = sqlite3.Binary(passwd)
url = sqlite3.Binary(url)
comment = sqlite3.Binary(comment)
c_date = sqlite3.Binary(c_date)
m_date = sqlite3.Binary(m_date)
e_date = sqlite3.Binary(e_date)
# grp_id = sqlite3.Binary(grp_id)
# user_id = sqlite3.Binary(user_id)
attachment = sqlite3.Binary(attachment)
att_name = sqlite3.Binary(att_name)
iv = sqlite3.Binary(iv)
expire = sqlite3.Binary(expire)
return {'title' : title, 'username' : username, 'passwd' : passwd, 'url' : url, 'comment' : comment,
'c_date' : c_date, 'm_date' : m_date, 'e_date' : e_date, 'grp_id' : grp_id, 'user_id' : user_id,
'attachment' : attachment, 'att_name' : att_name, 'salt' : salt, 'iv' : iv, 'expire' : expire}
