def decryptPasswd(buf, passKey, iv = '\x00' * 16):
cipher = Cipher(alg='aes_128_cbc', key=passKey, iv=iv, op=0) # 0 is decrypt
cipher.set_padding(padding=7)
v = cipher.update(buf)
v = v + cipher.final()
del cipher
return v
def encrypt_sn(sn):
m=Cipher(alg = "aes_128_cbc", key = config['passout'], iv = '\x00' * 16, op = 1)
m.set_padding(padding=7)
v = m.update(sn)
v = v + m.final()
del m
return v
def encrypt_hpwd(self, clearpass):
key=settings.SECRET_KEY
iv=get_random_string(16)
cipher=Cipher(alg='aes_256_cbc', key=key, iv=iv, op=1)
v=cipher.update(clearpass) + cipher.final()
del cipher
return b64encode(v), iv
def __encryptData(self, key, iv, data):
data = str(data) + "\0" # <---- ----------
cipher = Cipher("aes_256_cbc", key, iv, ENC)
v = cipher.update(data)
v = v + cipher.final()
v = base64.b64encode(v)
return v
def decrypt_text(encrypted_text, key):
# Porting from pyDes-based encryption (see http://git.io/htpk)
# to use M2Crypto instead (see https://gist.github.com/mrluanma/917014)
cipher = Cipher(alg="des_ede3_ecb", key=b"{}".format(key), op=0, iv="\0" * 16)
decrypted_text = cipher.update(base64.b64decode(b"{}".format(encrypted_text)))
decrypted_text += cipher.final()
return decrypted_text
def decrypt(self, encryptedObject):
"""Given an encrypted object, decrypt it and return the plaintext value.
If necessary, will retrieve the private key and bulk encryption key
from the storage context associated with self."""
# Coerce JSON if necessary
if type(encryptedObject) == str or type(encryptedObject) == unicode:
encryptedObject = json.loads(encryptedObject)
# An encrypted object has two relevant fields
encryptionLabel = encryptedObject['encryption']
ciphertext = base64.decodestring(encryptedObject['ciphertext'])
# Go get the keying infromation if need it
if self.privateKey == None:
self.fetchPrivateKey()
if not encryptionLabel in self.bulkKeys:
self.fetchBulkKey(encryptionLabel)
# In case you were wondering, this is the same as this operation at the openssl command line:
# openssl enc -d -in data -aes-256-cbc -K `cat unwrapped_symkey.16` -iv `cat iv.16`
# Do the decrypt
logging.debug("Decrypting data record using bulk key %s" % encryptionLabel)
cipher = Cipher(alg='aes_256_cbc', key=self.bulkKeys[encryptionLabel], iv=self.bulkKeyIVs[encryptionLabel], op=0) # 0 is DEC
v = cipher.update(ciphertext)
v = v + cipher.final()
del cipher
logging.debug("Successfully decrypted data record")
return v
def do_encrypt(file_name, encrypt_type): # encrypt_type: 0->decrypt, 1->encrypt
algorithm = 'bf_cbc'
key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
iv = "\x01\x02\x03\x04\x05\x06\x07\x08"
key_as_bytes = 0 # 0->use iv, 1->not use iv
algo_method = 'md5' # 'md5', 'sha1'
salt = '12345678'
iter_count = 1
padding = 1
if not os.path.isfile(file_name):
return ''
file = open(file_name, 'r')
content = file.read()
file.close()
try:
# constructor the EVP.Cipher obj
cipher_obj = Cipher(algorithm, key, iv, encrypt_type, key_as_bytes, algo_method, salt, iter_count, padding)
# use memory file obj
out = StringIO.StringIO()
out.write(cipher_obj.update(content))
out.write(cipher_obj.final())
return out.getvalue()
except Exception as e:
return ''
def sym_decrypt(self, key, data):
data = b64decode(data)
cipher = Cipher(alg='aes_128_cbc', key=key, iv=self.IV, op=DEC)
v = cipher.update(data)
v = v + cipher.final()
del cipher
return v
def decrypt_text(encrypted_text, key):
# Porting from pyDes-based encryption (see http://git.io/htpk)
# to use M2Crypto instead (see https://gist.github.com/mrluanma/917014)
cipher = Cipher(alg="des_ede3_ecb", key=b"{}".format(key), op=0, iv="\0" * 16)
decrypted_text = cipher.update(base64.b64decode(b"{}".format(encrypted_text)))
decrypted_text += cipher.final()
return decrypted_text
def decrypt(chunk, key):
cipher = Cipher(alg=ALG, key=key, iv=IV, op=0, key_as_bytes=0, padding=PADDING) # 0 is decrypt
cipher.set_padding(padding=m2.no_padding)
v = cipher.update(chunk)
v = v + cipher.final()
del cipher #需要删除
return v
def encrypt_3des(key, text, usebase64=False):
cipher = Cipher(alg='des_ede3_ecb', key=key, op=1, iv='\0'*16)
s = cipher.update(text)
if usebase64:
return base64.b64encode( s + cipher.final() )
else:
return s + cipher.final()
def decrypt(self, encryptedObject):
"""Given an encrypted object, decrypt it and return the plaintext value.
If necessary, will retrieve the private key and bulk encryption key
from the storage context associated with self."""
# Coerce JSON if necessary
if type(encryptedObject) == str or type(encryptedObject) == unicode:
encryptedObject = json.loads(encryptedObject)
# An encrypted object has two relevant fields
encryptionLabel = encryptedObject['encryption']
ciphertext = base64.decodestring(encryptedObject['ciphertext'])
# Go get the keying infromation if need it
if self.privateKey == None:
self.fetchPrivateKey()
if not encryptionLabel in self.bulkKeys:
self.fetchBulkKey(encryptionLabel)
# In case you were wondering, this is the same as this operation at the openssl command line:
# openssl enc -d -in data -aes-256-cbc -K `cat unwrapped_symkey.16` -iv `cat iv.16`
# Do the decrypt
logging.debug("Decrypting data record using bulk key %s" %
encryptionLabel)
cipher = Cipher(alg='aes_256_cbc',
key=self.bulkKeys[encryptionLabel],
iv=self.bulkKeyIVs[encryptionLabel],
op=0) # 0 is DEC
v = cipher.update(ciphertext)
v = v + cipher.final()
del cipher
logging.debug("Successfully decrypted data record")
return v
def Decrypt(data):
data = util.h2b(data)
cipher = Cipher(alg='aes_128_ecb', key=PRIVATE_KEY, iv=iv, op=DECRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
return buf
def Encrypt(data):
print "Enc len=", len(data)
cipher = Cipher(alg='aes_128_ecb', key=PRIVATE_KEY, iv=iv, op=ENCRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
return buf
"""
def encryptData(key, data):
iv = '\0' * 16
cipher = Cipher(alg=ALGS[len(key)], key=key, iv=iv, op=1)
encoded = cipher.update(data)
encoded = encoded + cipher.final()
return encoded
def testhash(request):
key=settings.SECRET_KEY
iv=Account.objects.get(id=1).random_str
data=b64decode('MTkcUSMxaxZytN4D3B7XEaPy5wNvAe0MHB1xNZeqZKo=')
cipher=Cipher(alg='aes_256_cbc', key=key, iv=iv, op=0)
v=cipher.update(data) + cipher.final()
del cipher
return HttpResponse(v)
def AESDecrypt(cls, data): '使用aes_128_ecb算法对数据解密' # 将密文从16进制转为字节流 data = util.h2b(data) cipher = Cipher(alg = 'aes_128_ecb', key = cls.privateKey, iv = cls.iv, op = DEC) txt = cipher.update(data) txt = txt + cipher.final() del cipher return txt
def Decrypt(data): '使用aes_128_ecb算法对数据解密' # 将密文从16进制转为字节流 data = util.h2b(data) cipher = Cipher(alg = 'aes_128_ecb', key = PRIVATE_KEY, iv = iv, op = DECRYPT_OP) buf = cipher.update(data) buf = buf + cipher.final() del cipher return buf
def encrypt(chunk, key):
cipher = Cipher(alg=ALG, key=key, iv=IV, op=1, key_as_bytes=0,padding=PADDING) # 1 is encrypt
# padding 有时设置为1
cipher.set_padding(padding=m2.no_padding)
v = cipher.update(chunk)
v = v + cipher.final()
del cipher #需要删除
return v
def Encrypt(data):
cipher = Cipher(alg = 'aes_128_ecb', key = PRIVATE_KEY, iv = iv, op = ENCRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
# 将明文从字节流转为16进制
output = ''
for i in buf:
output += '%02X' % (ord(i))
return output
def decryptData(key, encoded, testforpickle=False):
iv = '\0' * 16
cipher = Cipher(alg=ALGS[len(key)], key=key, iv=iv, op=0)
decoded = cipher.update(encoded)
decoded = decoded + cipher.final()
# old format encryption seems to have 16 bytes before pickled data
if testforpickle and not decoded.startswith('(dp'):
return decoded[16:]
return decoded
def Decrypt(data):
# 将密文从16进制转为字节流
data = util.h2b(data)
cipher = Cipher(alg = 'aes_128_ecb', key = PRIVATE_KEY, iv = iv, op = DECRYPT_OP)
buf = cipher.update(data)
buf = buf + cipher.final()
del cipher
return buf
# print Decrypt('6C0D072989D9F7271EF1BD5AA1C830F2')
def Decrypt(data):
#data = util.h2b(data)
data1 = binascii.a2b_hex(data)
#for i in len(data)/2:
# data1 += binascii.a2b_hex()
cipher = Cipher(alg='aes_128_ecb', key=PRIVATE_KEY, iv=iv, op=DECRYPT_OP)
buf = cipher.update(data1)
buf = buf + cipher.final()
del cipher
return buf
def AESEncrypt(cls, data): '使用aes_128_ecb算法对数据加密' cipher = Cipher(alg = 'aes_128_ecb', key = cls.privateKey, iv = cls.iv, op = ENC) txt = cipher.update(data) txt = txt + cipher.final() del cipher # 将明文从字节流转为16进制 output = '' for i in txt: output += '%02X' % (ord(i)) return output
def _decrypt(self, payload, key):
''' Decrypt payload fetched from server. '''
ciphertext = payload['ciphertext'].decode('base64')
iv = payload['IV'].decode('base64')
# Perform the actual decryption.
cipher = Cipher(alg='aes_256_cbc', key=key, iv=iv, op=0)
v = cipher.update(ciphertext)
v = v + cipher.final()
del cipher
return json.loads(v)
def encrypt(self, message):
# 1. Encrypt
iv = Random.new().read(16)
encrypter = Cipher(self.enc_alg, self.key_enc, iv, self.ENC_OP)
c = b64encode(encrypter.update(message) + encrypter.final())
encryption = b64encode(iv) + c # b64encode(iv) size is always 24
# 2. Sign
hmac = HMAC(self.key_auth, self.auth_alg)
hmac.update(encryption)
auth_sig = b64encode(hmac.digest()) # auth_sig size is always 28
return auth_sig + encryption
def decrypt_aes(key, text, iv='\0'*16, usebase64=False):
""" aes比3des: 加解密速度快, 资源消耗低, 安全级别高
param:
key: 密钥, 16个字符
note: 当key或iv不足16个字符的时候, 后面补字符'0'; 当超过16个字符的时候, 截断为前面16个字符
note: 标准Base64编码会出现字符+和/,在URL中不能作为参数,而urlsafe的base64编码,其实是把字符+和/分别变成-和_
"""
key = _autofill(key) # 当使用 aes_256时候, key需要32个字符; 而使用aes_128时, key需要16个字符
iv = _autofill(iv)
if usebase64:
text = base64.urlsafe_b64decode( text )
cipher = Cipher(alg='aes_128_cbc', key=key, op=0, iv=iv) # aes_256_cbc, aes_256_ecb
s = cipher.update(text)
return s + cipher.final()
def aes_decrypt(mess,aes_key,size=256):
if size == 128:
algo = 'aes_128_cbc'
elif size == 256:
algo = 'aes_256_cbc'
else:
algo = 'aes_128_cbc'
mess = b64decode(mess)
cipher = Cipher(alg=algo,key=aes_key,iv=IV,op=0)
o = cipher.update(mess)
o = o + cipher.final()
del cipher
return o
def aes_decrypt(mess, aes_key, size=256):
if size == 128:
algo = 'aes_128_cbc'
elif size == 256:
algo = 'aes_256_cbc'
else:
algo = 'aes_128_cbc'
mess = b64decode(mess)
cipher = Cipher(alg=algo, key=aes_key, iv=IV, op=0)
o = cipher.update(mess)
o = o + cipher.final()
del cipher
return o
def aes_html_data_decrypt(data):
"""
解密Html传过来的数据
:param data: 数据Base64编码
:return: 解密后的字符串,如果为无效的字符串解密,则返回空串
"""
key = '!@#$%^&*()_+|%^&'
iv = '!@#$%^&*()_+|%^&'
decryptor = Cipher(alg="aes_128_cbc", key=key, iv=iv, op=OP_DECRYPT, padding=0)
encrypted_data = base64.b64decode(data)
decrypted_data = decryptor.update(encrypted_data)
decrypted_data += decryptor.final()
return unpad(decrypted_data)
def main():
master_key = open('{{jenkins_home}}/secrets/master.key').read()
hudson_secret_key = open(
'{{jenkins_home}}/secrets/hudson.util.Secret').read()
hashed_master_key = hashlib.sha256(master_key).digest()[:16]
cipher = Cipher('aes_128_ecb', hashed_master_key, '', 0)
v = cipher.update(hudson_secret_key)
x = v + cipher.final()
assert MAGIC in x
k = x[:-16]
k = k[:16]
token = os.urandom(16).encode('hex')
plaintext = token + MAGIC
cipher = Cipher('aes_128_ecb', k, '', 1)
v = cipher.update(plaintext)
password = base64.b64encode(v + cipher.final())
print password
with open('/etc/jenkins_jobs/jenkins_jobs.ini', 'wb+') as f:
f.write('\n'.join([
'[jenkins]', 'user=jenkins',
'password=%s' % hashlib.md5(token).hexdigest(),
'url=http://localhost:8080'
]))
def aes_api_data_encrypt(data):
"""
加密api数据
:param data: 字符串数据等
:return: base64数据
"""
key = '!@#$%^&*()_+|%^&'
iv = '!@#$%^&*()_+|%^&'
pad_data = pkcs7_pad(data, 16)
encryptor = Cipher(alg="aes_128_cbc", key=key, iv=iv, op=OP_ENCRYPT, padding=0)
str = encryptor.update(pad_data)
str = str + encryptor.final()
base64str = base64.b64encode(str)
return base64str
def get_cipher(key, method, op, iv):
if method == 'rc4-md5':
return create_rc4_md5(method, key, iv, op)
elif method in ('salsa20', 'chacha20'):
return Salsa20Crypto(method, key, iv, op)
else:
return Cipher(method.replace('-', '_'), key, iv, op)
def _new_cipher(key):
skey = key[0:
crypto_algo["key_size"]] # Use first n bytes as crypto key
iv = key[-crypto_algo["iv_size"]:] # Use last m bytes as IV
return Cipher(algorithms.TripleDES(skey),
modes.CBC(iv),
backend=default_backend())
def decrypt(self, sig_encryption):
auth_sig = sig_encryption[:28]
encryption = sig_encryption[28:]
# 1. Verify signature
hmac = HMAC(self.key_auth, self.auth_alg)
hmac.update(encryption)
if auth_sig != b64encode(hmac.digest()):
raise EVPError("Authentication failure: " +
auth_sig + " does not match " + b64encode(hmac.digest()))
# 2. Decrypt
iv = b64decode(encryption[:24])
ciphertext = b64decode(encryption[24:])
decrypter = Cipher(self.enc_alg, self.key_enc, iv, self.DEC_OP)
return decrypter.update(ciphertext) + decrypter.final()
class DecryptorVersion1(object):
def __init__(self, key, data, iv):
self.key = hashlib.sha256(key).digest()
self.data = base64.standard_b64decode(data)
self.iv = base64.standard_b64decode(iv)
self.decryptor = Cipher(alg=EncryptedDataBagItem.AES_MODE, key=self.key, iv=self.iv, op=0)
def decrypt(self):
value = self.decryptor.update(self.data) + self.decryptor.final()
del self.decryptor
# Strip all the whitespace and sequence control characters
value = value.strip(reduce(lambda x, y: "%s%s" % (x, y), EncryptedDataBagItem.Decryptors.STRIP_CHARS))
# After decryption we should get a string with JSON
try:
value = json.loads(value)
except ValueError:
raise ChefDecryptionError()
return value["json_wrapper"]
def build_cipher(key, op):
return Cipher(alg='aes_128_cbc',
key=key,
iv='\0' * 16,
op=op,
key_as_bytes=1,
d='sha1',
salt='saltsalt',
i=5)
def __init__(self, encrypted_header=None):
if encrypted_header:
self.__enc_data = encrypted_header
header = self.K_CIPHER.private_decrypt(encrypted_header,
RSA.pkcs1_padding)
secret = header[:32]
iv = header[32:]
op = DEC
else:
secret = self._get_random(32)
iv = self._get_random(16)
self.__enc_data = self.K_CIPHER.public_encrypt(
secret + iv, RSA.pkcs1_padding)
op = ENC
self.__cipher = Cipher(alg='aes_128_cbc', key=secret, iv=iv, op=op)
self.__cipher.set_padding(1)
def encrypt_mode_cbc(data, key, iv):
"""
aes加密得到十进制串
:param data:
:param key:
:param iv:
:return:
"""
cipher = Cipher(alg='aes_128_cbc', key=key, iv=iv, op=1)
buf = cipher.update(data)
buf += cipher.final()
del cipher
# 将明文从字节流转为十进制
des_list = [int('%02X' % (ord(i)), 16) for i in buf]
# 原码转补码
in_list = [~h ^ 255 if h > 128 else h for h in des_list]
return in_list
def encrypt_sn(sn):
m = Cipher(alg="aes_128_cbc", key=config['passout'], iv='\x00' * 16, op=1)
m.set_padding(padding=7)
v = m.update(sn)
v = v + m.final()
del m
return v
def main():
master_key = open('{{jenkins_home}}/secrets/master.key').read()
hudson_secret_key = open(
'{{jenkins_home}}/secrets/hudson.util.Secret'
).read()
hashed_master_key = hashlib.sha256(master_key).digest()[:16]
cipher = Cipher('aes_128_ecb', hashed_master_key, '', 0)
v = cipher.update(hudson_secret_key)
x = v + cipher.final()
assert MAGIC in x
k = x[:-16]
k = k[:16]
token = os.urandom(16).encode('hex')
plaintext = token + MAGIC
cipher = Cipher('aes_128_ecb', k, '', 1)
v = cipher.update(plaintext)
password = base64.b64encode(v + cipher.final())
print password
with open('/etc/jenkins_jobs/jenkins_jobs.ini', 'wb+') as f:
f.write('\n'.join([
'[jenkins]',
'user=jenkins',
'password=%s' % hashlib.md5(token).hexdigest(),
'url=http://localhost:8080'
]))
def decryptPasswd(buf, passKey, iv='\x00' * 16):
cipher = Cipher(alg='aes_128_cbc', key=passKey, iv=iv,
op=0) # 0 is decrypt
cipher.set_padding(padding=7)
v = cipher.update(buf)
v = v + cipher.final()
del cipher
return v
def simple_decrypto(s):
''' des_cbc对称解密 '''
buf = base64.decodestring(s.decode('utf8'))
cipher = Cipher(alg='des_cbc', key=CRYPTO_KEY, iv=CRYPTO_IV, op=0)
cipher.set_padding(padding=m2.no_padding)
out = cipher.update(buf)
out += cipher.final()
del cipher
return out
def simple_encrypto(s):
''' 加密字符串 '''
s = s.encode('utf8')
cipher = Cipher(alg='des_cbc', key=CRYPTO_KEY, iv=CRYPTO_IV, op=1)
cipher.set_padding(padding=m2.no_padding)
out = cipher.update(s)
out += cipher.final()
del cipher
return base64.encodestring(out)
class EncryptorVersion1(object):
VERSION = 1
def __init__(self, key, data):
self.key = hashlib.sha256(key).digest()
self.data = data
self.iv = os.urandom(8).encode("hex")
self.encryptor = Cipher(alg=EncryptedDataBagItem.AES_MODE, key=self.key, iv=self.iv, op=1)
self.encrypted_data = None
def encrypt(self):
if self.encrypted_data is None:
data = json.dumps({"json_wrapper": self.data})
self.encrypted_data = self.encryptor.update(data) + self.encryptor.final()
del self.encryptor
return self.encrypted_data
def to_dict(self):
return {
"encrypted_data": base64.standard_b64encode(self.encrypt()),
"iv": base64.standard_b64encode(self.iv),
"version": self.VERSION,
"cipher": "aes-256-cbc",
}
def get_cipher(self, password, method, op, iv=None):
password = password.encode('utf-8')
method = method.lower()
m = self.get_cipher_len(method)
if m:
key, iv_ = EVP_BytesToKey(password, m[0], m[1])
if iv is None:
iv = iv_[:m[1]]
if op == 1:
self.cipher_iv = iv[:m[
1]] # this iv is for cipher, not decipher
return Cipher(method.replace('-', '_'), key, iv, op)
logging.error('method %s not supported' % method)
sys.exit(1)
def str_decrypt(crypted, key, iv=IV, algorithm=ALGORITHM):
""" Decrypt a string with a key. For a higher-level decryption
interface, see :func:`ssl_decrypt`.
:param crypted: The raw binary encrypted data
:type crypted: string
:param key: The encryption key to decrypt with
:type key: string
:param iv: The initialization vector
:type iv: string
:param algorithm: The cipher algorithm to use
:type algorithm: string
:returns: string - The decrypted data
"""
cipher = Cipher(alg=algorithm, key=key, iv=iv, op=DECRYPT)
return _cipher_filter(cipher, crypted)
def get_cipher(self, password, method, op, iv):
password = password.encode('utf-8')
method = method.lower()
m = self.get_cipher_len(method)
if m:
key, _ = EVP_BytesToKey(password, m[0], 0)
iv = iv[:m[1]]
if op == 1:
self.cipher_iv = iv # this iv is for cipher, not decipher
if method == 'rc4-md5':
return create_rc4_md5(method, key, iv, op)
elif method in ('salsa20', 'chacha20'):
return Salsa20Crypto(method, key, iv, op)
else:
return Cipher(method.replace('-', '_'), key, iv, op)
raise ValueError('method %s not supported' % method)
def __init__(self, encrypted_header=None):
if encrypted_header:
self.__enc_data = encrypted_header
header = self.K_CIPHER.private_decrypt(encrypted_header, RSA.pkcs1_padding)
secret = header[:32]
iv = header[32:]
op = DEC
else:
secret = self._get_random(32)
iv = self._get_random(16)
self.__enc_data = self.K_CIPHER.public_encrypt(secret+iv, RSA.pkcs1_padding)
op = ENC
self.__cipher = Cipher(alg='aes_128_cbc', key=secret, iv=iv, op=op)
self.__cipher.set_padding(1)
def encrypto(s):
''' 压缩加密字符串 '''
if isinstance(s, unicode):
s = s.encode('utf8')
s = zlib.compress(s)
cipher = Cipher(alg='des_cbc', key=CRYPTO_KEY, iv=CRYPTO_IV, op=1)
cipher.set_padding(padding=m2.no_padding)
out = cipher.update(s)
out += cipher.final()
del cipher
return base64.encodestring(out)
def str_encrypt(plaintext, key, iv=IV, algorithm=ALGORITHM, salt=None):
""" Encrypt a string with a key. For a higher-level encryption
interface, see :func:`ssl_encrypt`.
:param plaintext: The plaintext data to encrypt
:type plaintext: string
:param key: The key to encrypt the data with
:type key: string
:param iv: The initialization vector
:type iv: string
:param algorithm: The cipher algorithm to use
:type algorithm: string
:param salt: The salt to use
:type salt: string
:returns: string - The decrypted data
"""
cipher = Cipher(alg=algorithm, key=key, iv=iv, op=ENCRYPT, salt=salt)
return _cipher_filter(cipher, plaintext)
class M2CryptoEngine:
K_CIPHER = None
@classmethod
def init_key_cipher(cls, prikey):
cls.K_CIPHER = RSA.load_key_string(prikey)
def __init__(self, encrypted_header=None):
if encrypted_header:
self.__enc_data = encrypted_header
header = self.K_CIPHER.private_decrypt(encrypted_header, RSA.pkcs1_padding)
secret = header[:32]
iv = header[32:]
op = DEC
else:
secret = self._get_random(32)
iv = self._get_random(16)
self.__enc_data = self.K_CIPHER.public_encrypt(secret+iv, RSA.pkcs1_padding)
op = ENC
self.__cipher = Cipher(alg='aes_128_cbc', key=secret, iv=iv, op=op)
self.__cipher.set_padding(1)
def _get_random(self, cnt):
while True:
data = Rand.rand_bytes(cnt)
if data[0] != '\x00':
return data
def encrypt(self, data, finalize=False):
end_data = self.__cipher.update(data)
if finalize:
end_data += self.__cipher.final()
return end_data
def decrypt(self, data, finalize=False):
end_data = self.__cipher.update(data)
if finalize:
end_data += self.__cipher.final()
return end_data
def get_encrypted_header(self):
return self.__enc_data
def split_file(file_path, chunk_output_dir, compress=True, encrypt_key=None):
"""split the file into chunks
returns a list of ClientChunk objects
compress
compress with gzip
encrypt_key
128 bit key used for AES encryption
128 bit key recommended by Schneier
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
"""
file_size = os.stat(file_path).st_size
logger.debug('original file size is %s' % file_size)
chunk_sizes = []
data_stream = ''
if encrypt_key:
esalt = encrypt_key.binary_salt
if esalt is None:
esalt = ''
assert isinstance(encrypt_key, AESKey)
# account for iv
# size should be same as key
iv = os.urandom(16)
assert len(iv) == len(encrypt_key.binary_key)
encryptor = Cipher(
CIPHER_MODE, encrypt_key.binary_key, iv, CIPHER_ENCODE
)
data_stream = data_stream + esalt + iv
if not compress:
chunk_sizes = calc_chunk_sizes(file_size + len(data_stream))
logger.debug('splitting %s into %s' % (file_path, chunk_output_dir))
logger.debug('compress: %s' % compress)
if encrypt_key:
logger.debug('encrypt: True')
f = open(file_path, 'rb')
chunks = []
chunk_prefix = 'chunk'
if compress:
compressor = zlib.compressobj(9)
chunk_prefix = 'tmp_chunk'
# figure out the size of the first chunk
if chunk_sizes:
chunk_size = chunk_sizes.pop(0)
else:
chunk_size = CHUNK_SIZE_MAX
def chunk_stream(data_stream, chunk_size, check_size=True):
# check_size is for the last bit of data that is smaller than a
# chunk when data is compressed and the data sizes are
# unpredictable.
min_size = chunk_size
if not check_size:
min_size = 1
while len(data_stream) >= min_size:
chunk_data = data_stream[:chunk_size]
# If compressing, will have to create new chunks later.
chunks.append(ClientChunk.create(chunk_data, chunk_output_dir,
prefix=chunk_prefix))
data_stream = data_stream[chunk_size:]
if chunk_sizes:
# next chunk size may be different
chunk_size = chunk_sizes.pop(0)
return (data_stream, chunk_size)
while f.tell() < file_size:
data = f.read(CHUNK_SIZE_MAX)
if compress:
data = compressor.compress(data)
if encrypt_key:
data = encryptor.update(data)
assert not encryptor.final()
data_stream += data
data_stream_len = len(data_stream)
logger.debug('data stream length: %s' % data_stream_len)
(data_stream, chunk_size) = chunk_stream(data_stream, chunk_size)
# process data not chunked yet
logger.debug('%s bytes left over' % len(data_stream))
if compress:
# may have compressed data left.
flushed_data = compressor.flush()
if flushed_data:
logger.debug(
'another %s bytes of flushed data' % len(flushed_data))
if encrypt_key:
flushed_data = encryptor.update(flushed_data)
assert not encryptor.final()
data_stream += flushed_data
if data_stream:
(data_stream, chunk_size) = chunk_stream(data_stream, chunk_size,
False)
assert not chunk_sizes
f.close()
# finished initial data chunking.
new_size = sum((c.size - 4) for c in chunks)
if not compress:
emsg = ('original size was %s. expected new size to be '
'%s, but it is %s')
expected_size = file_size
if encrypt_key:
expected_size = file_size + len(esalt) + len(iv)
emsg = emsg % (file_size, expected_size, new_size)
assert expected_size == new_size, emsg
else:
# must reorganize the chunks.
new_chunks = []
chunk_sizes = calc_chunk_sizes(new_size)
# just replace the old chunk with the new one.
data_stream = ''
for chunk_size in chunk_sizes:
# read the old chunks until there is enough to write.
while len(data_stream) < chunk_size:
old_chunk = chunks.pop(0)
data_stream += old_chunk.read(raw=True)[:-4]
# free up the space
os.unlink(old_chunk.file_path)
# small files will not fill a chunk
if not chunks:
break
chunk_data = data_stream[:chunk_size]
new_chunks.append(ClientChunk.create(chunk_data, chunk_output_dir))
data_stream = data_stream[chunk_size:]
chunks = new_chunks
# There should not be anything left over.
assert not data_stream
# size for comparison
size_ratio = 1.0 * new_size / file_size
logger.debug('new size (combined chunks) is %s bytes' % new_size)
logger.debug('size ratio is %f' % size_ratio)
logger.debug('split file into %s chunks' % len(chunks))
return chunks
def combine_chunks(chunks, output_path, decompress=False, encrypt_key=None):
"""rebuild the original file from chunks
"""
msg = 'combining %s chunks' % len(chunks)
logger.info(msg)
salt_length = 0
key_length = 0
if encrypt_key:
if encrypt_key.binary_salt:
salt_length = len(encrypt_key.binary_salt)
assert salt_length == 16, salt_length
key_length = len(encrypt_key.binary_key)
assert key_length == 16, key_length
f = open(output_path, 'wb')
if decompress:
decompressor = zlib.decompressobj()
if encrypt_key:
# salt, then iv
iv = chunks[0].read(byte_range=[salt_length, salt_length + key_length])
decryptor = Cipher(
CIPHER_MODE, encrypt_key.binary_key, iv, CIPHER_DECODE
)
# sort out any parity chunks
parity_chunks = []
while chunks[-1].parity:
parity_chunks.insert(0, chunks.pop())
if parity_chunks and has_par2():
cwd1 = os.getcwd()
os.chdir(os.path.dirname(parity_chunks[0].file_path))
# The files have to end in .par2 to work.
for parity_chunk in parity_chunks:
new_name = '%s.%s' % (parity_chunk.filename, 'par2')
os.rename(parity_chunk.filename, new_name)
parity_chunk.file_path = os.path.join(
os.path.dirname(parity_chunk.file_path), new_name)
# It won't recognize them by name, so put them on the command line.
par2_repair([p.filename for p in parity_chunks])
os.chdir(cwd1)
for (i, chunk) in enumerate(chunks):
chunk.verify_checksum()
if i == 0 and encrypt_key:
chunk_size = chunk.size
if encrypt_key.binary_salt:
# strip salt and IV
data = chunk.read(
byte_range=[len(encrypt_key.binary_key) + \
len(encrypt_key.binary_salt),
chunk.size-4]
)
else:
# skip the IV
data = chunk.read(
byte_range=[len(encrypt_key.binary_key), chunk.size-4]
)
else:
data = chunk.read()
if encrypt_key:
data = decryptor.update(data)
assert not decryptor.final()
if decompress:
data = decompressor.decompress(data)
assert not decompressor.unused_data
f.write(data)
f.close()
logger.debug('file size is %s' % os.stat(output_path).st_size)
def m2crypto_decrypt(ciphertext, key, iv):
decipher = Cipher(alg='aes_128_cbc', key=key, iv=iv, op=Encryption.DECODE)
return decipher.update(ciphertext) + decipher.final()
def decrypt_3des(key, text):
decryptor = Cipher(alg='des_ede3_ecb', key=key, op=0, iv='\0'*16)
s= decryptor.update(text)
return s + decryptor.final()
def encrypt_3des(key, text):
encryptor = Cipher(alg='des_ede3_ecb', key=key, op=1, iv='\0'*16)
s = encryptor.update(text)
return s+ encryptor.final()
def m2crypto_encrypt(message, key, iv):
cipher = Cipher(alg='aes_128_cbc', key=key, iv=iv, op=Encryption.ENCODE)
return (cipher.update(message) + cipher.final(), iv)
