def test_IVRPrivateKey(self): u = User.objects.get(username="******") IVR_RSAKeyPair.objects.get(owner=u) IVR_RSAPubKey.objects.get(owner=u) msg = SecureTestMessage.objects.create(owner=u) msg.encrypt(self.clear_text, self.aes_key) msg.save() private_key = IVR_PrivateKey(owner=u, object=msg, key=self.aes_key) private_key.save() object_type = ContentType.objects.get_for_model(msg) private_key = IVR_PrivateKey.objects.get(owner=u, object_type=object_type, object_id=msg.id) decrypted_text = private_key.decrypt(None, key=self.rsa_key) self.assertEqual(decrypted_text, self.clear_text) # Admin private key tests aes_key = strengthen_key(ADMIN_PASSWORD) msg = SecureTestMessage.objects.create(owner=None) msg.encrypt(self.clear_text, aes_key) msg.save() private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD)) private_key.object = msg private_key.save() decrypted_text = private_key.decrypt(None, strengthen_key(ADMIN_PASSWORD)) self.assertEqual(decrypted_text, self.clear_text)
def upgrade_admin_reset_key(creds):
""" Upgrade admin reset rsa keypair storing in _admin_reset.py. Upgraded
public rsa keypart is stored in standard PEM format, encrypted private
rsa keypart stored AES encrypted using CBC mode in base64 with no pickle.
"""
aes = AES.new(strengthen_key(creds))
admin_kp = aes.decrypt(b64decode(settings.CRYPTO_ADMIN_KEYPAIR))
try:
admin_rsa = loads(admin_kp)
admin_rsa._randfunc = os.urandom # pickled diffs pycrypto 2.3<-->2.6
# public key exported PEM format
pub = export_rsa(admin_rsa.publickey())
priv = export_rsa(admin_rsa, strengthen_key(creds))
# put file in parent MHLogin directory
fname = join(settings.INSTALLATION_PATH, '_admin_reset.py')
f = open(fname, 'wb')
f.write(ADMIN_RESET_PY % {
'admin_public_rsa': pub,
'admin_rsa': priv,
})
f.close()
# sanity check upgrade:
from MHLogin._admin_reset import ADMIN_RESET_PUBLIC_RSA, ADMIN_RESET_ENCD_RSA
upgrade_rsa_pub = import_rsa(ADMIN_RESET_PUBLIC_RSA)
assert upgrade_rsa_pub.publickey() == admin_rsa.publickey(
), "public key mismatch"
upgrade_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, strengthen_key(creds))
assert upgrade_rsa == admin_rsa, "rsa key mismatch"
sys.stderr.write("Admin RSA reset keys upgraded in: %s\n" % fname)
except UnpicklingError:
sys.stderr.write("Invalid password.\n")
def test_IncorrectPassword(self):
u = User.objects.get(username="******")
RSAKeyPair.objects.get(owner=u)
RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
private_key = PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
self.assertRaises(KeyInvalidException, private_key.decrypt, None,
key=strengthen_key('this is an incorrect password'))
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
self.assertRaises(KeyInvalidException, private_key.decrypt, None,
key=strengthen_key('this is an incorrect password'))
def test_IncorrectPassword(self):
u = User.objects.get(username="******")
RSAKeyPair.objects.get(owner=u)
RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
private_key = PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
self.assertRaises(KeyInvalidException,
private_key.decrypt,
None,
key=strengthen_key('this is an incorrect password'))
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
self.assertRaises(KeyInvalidException,
private_key.decrypt,
None,
key=strengthen_key('this is an incorrect password'))
def upgrade_admin_reset_key(creds):
""" Upgrade admin reset rsa keypair storing in _admin_reset.py. Upgraded
public rsa keypart is stored in standard PEM format, encrypted private
rsa keypart stored AES encrypted using CBC mode in base64 with no pickle.
"""
aes = AES.new(strengthen_key(creds))
admin_kp = aes.decrypt(b64decode(settings.CRYPTO_ADMIN_KEYPAIR))
try:
admin_rsa = loads(admin_kp)
admin_rsa._randfunc = os.urandom # pickled diffs pycrypto 2.3<-->2.6
# public key exported PEM format
pub = export_rsa(admin_rsa.publickey())
priv = export_rsa(admin_rsa, strengthen_key(creds))
# put file in parent MHLogin directory
fname = join(settings.INSTALLATION_PATH, '_admin_reset.py')
f = open(fname, 'wb')
f.write(ADMIN_RESET_PY % {'admin_public_rsa': pub, 'admin_rsa': priv, })
f.close()
# sanity check upgrade:
from MHLogin._admin_reset import ADMIN_RESET_PUBLIC_RSA, ADMIN_RESET_ENCD_RSA
upgrade_rsa_pub = import_rsa(ADMIN_RESET_PUBLIC_RSA)
assert upgrade_rsa_pub.publickey() == admin_rsa.publickey(), "public key mismatch"
upgrade_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, strengthen_key(creds))
assert upgrade_rsa == admin_rsa, "rsa key mismatch"
sys.stderr.write("Admin RSA reset keys upgraded in: %s\n" % fname)
except UnpicklingError:
sys.stderr.write("Invalid password.\n")
def test_IVRPrivateKey(self):
u = User.objects.get(username="******")
IVR_RSAKeyPair.objects.get(owner=u)
IVR_RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
private_key = IVR_PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
object_type = ContentType.objects.get_for_model(msg)
private_key = IVR_PrivateKey.objects.get(owner=u,
object_type=object_type,
object_id=msg.id)
decrypted_text = private_key.decrypt(None, key=self.rsa_key)
self.assertEqual(decrypted_text, self.clear_text)
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
decrypted_text = private_key.decrypt(None,
strengthen_key(ADMIN_PASSWORD))
self.assertEqual(decrypted_text, self.clear_text)
def test_rekey_reset(self):
cleartext = "Who is the best super hero of all time?"
c = self.client
response = c.post('/login/', {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
user = authenticate(username='******', password='******')
user = MHLUser.objects.get(id=user.id)
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], user.id)
# get users' public key
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
# encrypt_object encrypts w/user pub key
msg = encrypt_object(SecureTestMessage, {}, cleartext, opub)
# encrypt_object() creates EncryptedObject
encobj = EncryptedObject.objects.get_object(msg, opub)
# test decryption of keys with user's credentials when not grandfathered
upriv = UserPrivateKey.objects.get(user=user, opub=opub)
clearkey = encobj.decrypt_cipherkey(upriv, strengthen_key('healme'))
# now call the object's decrypt method
decrypted_cleartext = msg.decrypt(c, clearkey)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# get admin reset key
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
privs = UserPrivateKey.objects.filter(user=user, credtype=CRED_WEBAPP)
reset_keys(privs, admin_rsa)
# fetch the encrypted object again but decrypt with initial settings
encobj = EncryptedObject.objects.get_object(msg, opub)
# test decryption with initial credentials when grandfathered
upriv = UserPrivateKey.objects.get(user=user, opub=opub)
clearkey = encobj.decrypt_cipherkey(
upriv, strengthen_key(settings.SECRET_KEY))
# now call the object's decrypt method
decrypted_cleartext = msg.decrypt(c, clearkey)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# now logout, we can alternatively call c.post('/logout/')
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
# try resetting admins keys
privs = UserPrivateKey.objects.filter(user=self.adminguy,
credtype=CRED_WEBAPP)
reset_keys(privs, admin_rsa)
# test str rep of encobj
self.assertEqual(
unicode(encobj), u"SecureTestMessage object %s, key type: %s" %
(user, RSA_TYPES[encobj.opub.keytype]), encobj)
def test_wrong_key(self):
u = User.objects.get(username="******")
key_pair = IVR_RSAKeyPair.objects.get(owner=u)
pub_key = IVR_RSAPubKey.objects.get(owner=u)
cipher_text = pub_key.encrypt(self.clear_text)
self.assertRaises(KeyInvalidException, key_pair.decrypt, cipher_text,
key=strengthen_key('thisisanincorrectpassword'))
key_pair = RSAKeyPair.objects.get(owner=u)
pub_key = RSAPubKey.objects.get(owner=u)
cipher_text = pub_key.encrypt(self.clear_text)
self.assertRaises(KeyInvalidException, key_pair.decrypt, cipher_text,
key=strengthen_key('thisisanincorrectpassword'))
def create_default_keys(user, webcreds=None, ivrcreds=None): """ Helper to create standard user setup: 1. Web/App RSA key encrypted w/web credentials (password) 2. IVR RSA key encrypted w/ivr credentials (pin) 3. Same IVR RSA key encrypted w/web credentials """ # 1. Web/App RSA key encrypted w/web credentials create_rsakeypair(user, RSA_PRIMARY, CRED_WEBAPP, webcreds) # 2. IVR RSA key encrypted w/IVR PIN credentials ipub, ipriv = create_rsakeypair(user, RSA_IVR, CRED_IVRPIN, ivrcreds) # 3. Same IVR key, this is so users can change a forgotten pin via web rsa = import_rsa(ipriv.privatekey, strengthen_key(ivrcreds or settings.SECRET_KEY)) UserPrivateKey.objects.create(user=user, opub=ipub, credtype=CRED_WEBAPP, privatekey=export_rsa(rsa, strengthen_key(webcreds or settings.SECRET_KEY)), gfather=False if webcreds else True)
def handle(self, *args, **options):
if (len(args) != 1):
sys.stderr.write("Admin password required.\n")
self.print_help(sys.argv[1], "")
else:
from MHLogin._admin_reset import ADMIN_RESET_ENCD_RSA
try:
force = options.pop('force', False)
logoff = options.pop('logoff', False)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA,
strengthen_key(args[0]))
migrate_admin_objectkeys(admin_rsa, force)
# Remove active sessions, users need to log in. During initial migration
# rsa keys are grandfathered since we do not know users's password.
# And we don't want specialized code in KMS checking for this single
# use-case where keys are grandfathered while user logged in.
if logoff:
Session.objects.filter(
expire_date__gte=datetime.now()).delete()
SmartPhoneAssn.objects.filter(is_active=True).update(
is_active=False)
except ValueError:
sys.stderr.write("Invalid password.\n")
def test_recovery_key_generation(self):
c = self.client
recovery = generate_recovery(self.adminguy, None)
self.assertTrue(recovery != None) # all keys still g'fathered so true
response = c.post('/login/', {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
user = authenticate(username='******', password='******')
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], user.id)
# get admin reset private key
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
recovery = generate_recovery(self.adminguy, admin_rsa)
self.assertTrue(recovery != None)
recovery = generate_recovery(self.adminguy, None)
self.assertTrue(recovery == None) # not all keys g'fathered now
# test recovery on regular user
recovery = generate_recovery(self.provider, admin_rsa)
self.assertTrue(recovery != None)
# logout. cleanup
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
def test_static_reset(self):
# new way will obsolete test_gen_new_keys when rm #2115 in
cleartext = "We never really grow up, we only learn how to act in public."
c = self.client
# after successful login should get re-direct to /
response = c.post('/login/', {'username': '******', 'password': '******'})
c.COOKIES = {'ss': response.cookies['ss'].value}
c.user = authenticate(username='******', password='******')
c.user = MHLUser.objects.get(id=c.user.id)
opub = OwnerPublicKey.objects.get_pubkey(owner=c.user)
msg = encrypt_object(SecureTestMessage, {}, cleartext, opub)
c.user.set_password('gorilla')
c.user.save()
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
privs = UserPrivateKey.objects.filter(user=c.user, credtype=CRED_WEBAPP)
reset_keys(privs, admin_rsa, 'gorilla')
c.logout()
response = c.post('/login/', {'username': '******', 'password': '******'})
c.COOKIES = {'ss': response.cookies['ss'].value}
decrypted_cleartext = decrypt_object(c, msg)
self.assertEqual(decrypted_cleartext, cleartext)
msg.id += 1
with self.assertRaises(KeyInvalidException):
decrypt_object(c, msg)
response = c.logout()
def reset_private_keys(request):
"""
This view takes the KMS administrator password, and for each user whose
password was reset, generates new private keys.
:param request: The HTTP request
:type request: django.core.handlers.wsgi.WSGIRequest
:returns: django.http.HttpResponse -- The webpage
"""
context, resp = get_context(request), None
log_qs = PasswordResetLog.objects.filter(reset=True, resolved=False).values('user')
reset_users = context['reset_users'] = MHLUser.objects.filter(pk__in=log_qs)
if request.method == 'POST':
form = context['form'] = PasswordForm(request.POST)
if form.is_valid():
try:
from MHLogin._admin_reset import ADMIN_RESET_ENCD_RSA
creds = strengthen_key(form.cleaned_data['password'])
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
except ValueError:
msg = _('Invalid password for admin reset key.')
form._errors['password'] = form.error_class([msg])
else:
for user in reset_users:
reset_user_invalid_keys(user, admin_rsa)
PasswordResetLog.objects.filter(reset=True, resolved=False,
user=user).update(resolved=True, servicer=request.user,
servicer_ip=request.META['REMOTE_ADDR'],
resolution_timestamp=datetime.datetime.now())
resp = render_to_response('PrivateKeyResetComplete.html', context)
else:
context['form'] = PasswordForm()
return resp or render_to_response('PrivateKeyReset.html', context)
def test_gen_new_keys(self):
cleartext = "A sql query walks in to a bar, approaches two tables and asks 'may I join you?'"
c = self.client
# after successful login should get re-direct to /
response = c.post('/login/', {'username': '******', 'password': '******'})
c.COOKIES = {'ss': response.cookies['ss'].value}
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
c.user = authenticate(username='******', password='******')
c.user = MHLUser.objects.get(id=c.user.id)
msg = encrypt_object(SecureTestMessage, {}, cleartext)
gen_keys_for_users(msg, [c.user], None, c, ivr=True)
generate_new_user_keys(c.user, 'monkey')
c.user.set_password('monkey')
c.user.save()
# logout. cleanup
response = c.logout()
# simulate admin update invalid keys
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
reset_user_invalid_keys(MHLUser.objects.get(id=c.user.id), admin_rsa)
# login with new password and verify we can decrypt message
response = c.post('/login/', {'username': '******', 'password': '******'})
c.COOKIES = {'ss': response.cookies['ss'].value}
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
c.user = authenticate(username='******', password='******')
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], c.user.id)
decrypted_cleartext = decrypt_object(c, msg)
self.assertEqual(decrypted_cleartext, cleartext)
response = c.logout()
def test_static_reset(self):
# new way will obsolete test_gen_new_keys when rm #2115 in
cleartext = "We never really grow up, we only learn how to act in public."
c = self.client
# after successful login should get re-direct to /
response = c.post('/login/', {
'username': '******',
'password': '******'
})
c.COOKIES = {'ss': response.cookies['ss'].value}
c.user = authenticate(username='******', password='******')
c.user = MHLUser.objects.get(id=c.user.id)
opub = OwnerPublicKey.objects.get_pubkey(owner=c.user)
msg = encrypt_object(SecureTestMessage, {}, cleartext, opub)
c.user.set_password('gorilla')
c.user.save()
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
privs = UserPrivateKey.objects.filter(user=c.user,
credtype=CRED_WEBAPP)
reset_keys(privs, admin_rsa, 'gorilla')
c.logout()
response = c.post('/login/', {
'username': '******',
'password': '******'
})
c.COOKIES = {'ss': response.cookies['ss'].value}
decrypted_cleartext = decrypt_object(c, msg)
self.assertEqual(decrypted_cleartext, cleartext)
msg.id += 1
with self.assertRaises(KeyInvalidException):
decrypt_object(c, msg)
response = c.logout()
def create_rsakeypair(user,
keytype=RSA_PRIMARY,
credtype=CRED_WEBAPP,
creds=None):
""" Create rsa key pair - public and private, grandfathered if no credentials """
from MHLogin._admin_reset import ADMIN_RESET_PUBLIC_RSA
# create RSA public and private key instances
rsa = RSA.generate(2048, os.urandom)
# encrypt a copy of rsa key with admin reset pubkey
adminclearkey = os.urandom(32)
adminpub = import_rsa(ADMIN_RESET_PUBLIC_RSA)
admincipher = b64encode(PKCS1_OAEP.new(adminpub).encrypt(adminclearkey))
adminscopy = export_rsa(rsa, adminclearkey)
# now create pub/priv pair, encrypting with creds (password, pin, etc.)
opub = OwnerPublicKey.objects.create(
owner_id=user.id,
owner_type=ContentType.objects.get_for_model(user),
adminscopy=adminscopy,
admincipher=admincipher,
publickey=export_rsa(rsa.publickey()),
keytype=keytype)
upriv = UserPrivateKey.objects.create(
user=user,
opub=opub,
credtype=credtype,
privatekey=export_rsa(rsa, strengthen_key(creds
or settings.SECRET_KEY)),
gfather=False if creds else True)
return opub, upriv
def test_rekey_reset(self):
cleartext = "Who is the best super hero of all time?"
c = self.client
response = c.post('/login/', {'username': '******', 'password': '******'})
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
user = authenticate(username='******', password='******')
user = MHLUser.objects.get(id=user.id)
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], user.id)
# get users' public key
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
# encrypt_object encrypts w/user pub key
msg = encrypt_object(SecureTestMessage, {}, cleartext, opub)
# encrypt_object() creates EncryptedObject
encobj = EncryptedObject.objects.get_object(msg, opub)
# test decryption of keys with user's credentials when not grandfathered
upriv = UserPrivateKey.objects.get(user=user, opub=opub)
clearkey = encobj.decrypt_cipherkey(upriv, strengthen_key('healme'))
# now call the object's decrypt method
decrypted_cleartext = msg.decrypt(c, clearkey)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# get admin reset key
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
privs = UserPrivateKey.objects.filter(user=user, credtype=CRED_WEBAPP)
reset_keys(privs, admin_rsa)
# fetch the encrypted object again but decrypt with initial settings
encobj = EncryptedObject.objects.get_object(msg, opub)
# test decryption with initial credentials when grandfathered
upriv = UserPrivateKey.objects.get(user=user, opub=opub)
clearkey = encobj.decrypt_cipherkey(upriv, strengthen_key(settings.SECRET_KEY))
# now call the object's decrypt method
decrypted_cleartext = msg.decrypt(c, clearkey)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# now logout, we can alternatively call c.post('/logout/')
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
# try resetting admins keys
privs = UserPrivateKey.objects.filter(user=self.adminguy, credtype=CRED_WEBAPP)
reset_keys(privs, admin_rsa)
# test str rep of encobj
self.assertEqual(unicode(encobj), u"SecureTestMessage object %s, key type: %s"
% (user, RSA_TYPES[encobj.opub.keytype]), encobj)
def recrypt_ivr_key_via_web_creds(user, request, new_pin): """ decrypt special web enc'd ivr key then recrypt pin enc'd ivr key with new pin """ opub = OwnerPublicKey.objects.get_pubkey(owner=user, keytype=RSA_IVR) uprivw = UserPrivateKey.objects.get_privkey(user, opub, CRED_WEBAPP, gfather=False) rsa = import_rsa(uprivw.privatekey, get_user_key(request)) # ivr pin may still be g'fathered uprivi = UserPrivateKey.objects.get_privkey(user, opub, CRED_IVRPIN) uprivi.privatekey = export_rsa(rsa, strengthen_key(new_pin)) uprivi.gfather = False uprivi.save()
def test_wrong_key(self):
u = User.objects.get(username="******")
key_pair = IVR_RSAKeyPair.objects.get(owner=u)
pub_key = IVR_RSAPubKey.objects.get(owner=u)
cipher_text = pub_key.encrypt(self.clear_text)
self.assertRaises(KeyInvalidException,
key_pair.decrypt,
cipher_text,
key=strengthen_key('thisisanincorrectpassword'))
key_pair = RSAKeyPair.objects.get(owner=u)
pub_key = RSAPubKey.objects.get(owner=u)
cipher_text = pub_key.encrypt(self.clear_text)
self.assertRaises(KeyInvalidException,
key_pair.decrypt,
cipher_text,
key=strengthen_key('thisisanincorrectpassword'))
class RSAKeyPairTests(unittest.TestCase):
# Configuration
rsa_key = strengthen_key('foobazbar')
clear_text = 'This is my message'
@classmethod
def setUpClass(cls):
""" Create a User to link the keypair to. """
cls.u = u = User(username="******")
u.save()
cls.key_pair = key_pair = RSAKeyPair(key=cls.rsa_key)
u = User.objects.get(username="******")
key_pair.owner = u
key_pair.save()
@classmethod
def tearDownClass(self):
User.objects.all().delete()
Provider.objects.all().delete()
Administrator.objects.all().delete()
OwnerPublicKey.objects.all().delete()
UserPrivateKey.objects.all().delete()
EncryptedObject.objects.all().delete()
def test_key_pair_fetch(self):
u = User.objects.get(username="******")
key_pair = RSAKeyPair.objects.get(owner=u)
pub_key = RSAPubKey.objects.get(owner=u)
cipher_text = pub_key.encrypt(self.clear_text)
decrypted_text = key_pair.decrypt(cipher_text, key=self.rsa_key)
self.assertEqual(self.clear_text, decrypted_text)
def test_wrong_key(self):
u = User.objects.get(username="******")
key_pair = RSAKeyPair.objects.get(owner=u)
pub_key = RSAPubKey.objects.get(owner=u)
cipher_text = pub_key.encrypt(self.clear_text)
self.assertRaises(KeyInvalidException,
key_pair.decrypt,
cipher_text,
key=strengthen_key('thisisanincorrectpassword'))
def test_invalid_key_lengths(self):
self.assertRaises(
KeyInvalidException,
RSAKeyPair,
key=
'thisisareallyobnoxiouslylongpasswordthatreallyoughttobetoolong!')
self.assertRaises(KeyInvalidException, RSAKeyPair, key='')
def test_login_and_rsa_key_import_export(self):
c = self.client
response = c.post('/login/', {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
user = authenticate(username='******', password='******')
user = MHLUser.objects.get(id=user.id)
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], user.id)
# These should match:
self.assertEqual(get_user_key(c, response.cookies['ss'].value),
strengthen_key('healme'))
# query our KeyPair we created in setup
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
upriv = UserPrivateKey.objects.get_privkey(user=user, opub=opub)
devnull.write(unicode(upriv)) # simulate __unicode__
# grab pubkey from db its in RSA export format but double test import/export
pub_key_from_db = export_rsa(
import_rsa(upriv.opub.publickey).publickey())
# grab our binary user credential
creds = get_user_key(c, response.cookies['ss'].value)
# properly import
rsa_key = import_rsa(upriv.privatekey, creds)
# verify we can properly create RSA objs by importing
pub_key_from_key = export_rsa(rsa_key.publickey())
# verify match
self.assertEqual(pub_key_from_db, pub_key_from_key)
# now test decryption of key with admin credentials
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
adminclear = PKCS1_OAEP.new(admin_rsa).decrypt(
b64decode(upriv.opub.admincipher))
rsa_key = import_rsa(upriv.opub.adminscopy, adminclear)
# verify match
self.assertEqual(pub_key_from_db, export_rsa(rsa_key.publickey()))
# now logout, we can alternatively call c.post('/logout/')
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
def create_default_keys(user, webcreds=None, ivrcreds=None):
""" Helper to create standard user setup:
1. Web/App RSA key encrypted w/web credentials (password)
2. IVR RSA key encrypted w/ivr credentials (pin)
3. Same IVR RSA key encrypted w/web credentials
"""
# 1. Web/App RSA key encrypted w/web credentials
create_rsakeypair(user, RSA_PRIMARY, CRED_WEBAPP, webcreds)
# 2. IVR RSA key encrypted w/IVR PIN credentials
ipub, ipriv = create_rsakeypair(user, RSA_IVR, CRED_IVRPIN, ivrcreds)
# 3. Same IVR key, this is so users can change a forgotten pin via web
rsa = import_rsa(ipriv.privatekey,
strengthen_key(ivrcreds or settings.SECRET_KEY))
UserPrivateKey.objects.create(user=user,
opub=ipub,
credtype=CRED_WEBAPP,
privatekey=export_rsa(
rsa,
strengthen_key(webcreds
or settings.SECRET_KEY)),
gfather=False if webcreds else True)
def recrypt_ivr_key_via_web_creds(user, request, new_pin):
""" decrypt special web enc'd ivr key then recrypt pin enc'd ivr key with new pin """
opub = OwnerPublicKey.objects.get_pubkey(owner=user, keytype=RSA_IVR)
uprivw = UserPrivateKey.objects.get_privkey(user,
opub,
CRED_WEBAPP,
gfather=False)
rsa = import_rsa(uprivw.privatekey, get_user_key(request))
# ivr pin may still be g'fathered
uprivi = UserPrivateKey.objects.get_privkey(user, opub, CRED_IVRPIN)
uprivi.privatekey = export_rsa(rsa, strengthen_key(new_pin))
uprivi.gfather = False
uprivi.save()
def test_login_and_rsa_key_import_export(self):
c = self.client
response = c.post('/login/', {'username': '******', 'password': '******'})
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
user = authenticate(username='******', password='******')
user = MHLUser.objects.get(id=user.id)
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], user.id)
# These should match:
self.assertEqual(get_user_key(c, response.cookies['ss'].value),
strengthen_key('healme'))
# query our KeyPair we created in setup
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
upriv = UserPrivateKey.objects.get_privkey(user=user, opub=opub)
devnull.write(unicode(upriv)) # simulate __unicode__
# grab pubkey from db its in RSA export format but double test import/export
pub_key_from_db = export_rsa(import_rsa(upriv.opub.publickey).publickey())
# grab our binary user credential
creds = get_user_key(c, response.cookies['ss'].value)
# properly import
rsa_key = import_rsa(upriv.privatekey, creds)
# verify we can properly create RSA objs by importing
pub_key_from_key = export_rsa(rsa_key.publickey())
# verify match
self.assertEqual(pub_key_from_db, pub_key_from_key)
# now test decryption of key with admin credentials
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
adminclear = PKCS1_OAEP.new(admin_rsa).decrypt(b64decode(upriv.opub.admincipher))
rsa_key = import_rsa(upriv.opub.adminscopy, adminclear)
# verify match
self.assertEqual(pub_key_from_db, export_rsa(rsa_key.publickey()))
# now logout, we can alternatively call c.post('/logout/')
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
def test_key_pair_fetch(self): """ Just for fun, normally using RSA for AES key en/decryption. """ cleartext = 'Something fishy...' user = MHLUser.objects.get(username=self.provider.user.username) opub = OwnerPublicKey.objects.get_pubkey(owner=user) upriv = UserPrivateKey.objects.get_privkey(user=user, opub=opub) # we store keys in PEM format so import pubkey = import_rsa(upriv.opub.publickey) rsa = import_rsa(upriv.privatekey, strengthen_key(settings.SECRET_KEY if upriv.gfather else 'healme')) # pubkey enc/dec low level, PKCS1_OAEP w/RSA in production ciphertext = pubkey.encrypt(cleartext, os.urandom)[0] decrypted_text = rsa.decrypt(ciphertext) self.assertEqual(cleartext, decrypted_text)
def test_key_pair_fetch(self):
""" Just for fun, normally using RSA for AES key en/decryption. """
cleartext = 'Something fishy...'
user = MHLUser.objects.get(username=self.provider.user.username)
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
upriv = UserPrivateKey.objects.get_privkey(user=user, opub=opub)
# we store keys in PEM format so import
pubkey = import_rsa(upriv.opub.publickey)
rsa = import_rsa(
upriv.privatekey,
strengthen_key(settings.SECRET_KEY if upriv.gfather else 'healme'))
# pubkey enc/dec low level, PKCS1_OAEP w/RSA in production
ciphertext = pubkey.encrypt(cleartext, os.urandom)[0]
decrypted_text = rsa.decrypt(ciphertext)
self.assertEqual(cleartext, decrypted_text)
def admin_decrypt_cipherkey(admin_creds, obj): """ ADMIN UTILITY, TODO: move this to black box, rm #2115 """ clearkey = None ct = ContentType.objects.get_for_model(obj) encobj = EncryptedObject.objects.filter(object_type=ct, object_id=obj.pk) if encobj.exists(): from MHLogin._admin_reset import ADMIN_RESET_ENCD_RSA admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, strengthen_key(admin_creds)) # get first match since we are decrypting admincipher opub = encobj[0].opub # decrypt adminscopy rsa key for this encd object adminclearkey = PKCS1_OAEP.new(admin_rsa).decrypt(b64decode(opub.admincipher)) rsa = import_rsa(opub.adminscopy, adminclearkey) # finally, decrypt encobj's cipherkey with decrypted admins rsa copy clearkey = PKCS1_OAEP.new(rsa).decrypt(b64decode(encobj[0].cipherkey)) return clearkey
def create_rsakeypair(user, keytype=RSA_PRIMARY, credtype=CRED_WEBAPP, creds=None): """ Create rsa key pair - public and private, grandfathered if no credentials """ from MHLogin._admin_reset import ADMIN_RESET_PUBLIC_RSA # create RSA public and private key instances rsa = RSA.generate(2048, os.urandom) # encrypt a copy of rsa key with admin reset pubkey adminclearkey = os.urandom(32) adminpub = import_rsa(ADMIN_RESET_PUBLIC_RSA) admincipher = b64encode(PKCS1_OAEP.new(adminpub).encrypt(adminclearkey)) adminscopy = export_rsa(rsa, adminclearkey) # now create pub/priv pair, encrypting with creds (password, pin, etc.) opub = OwnerPublicKey.objects.create(owner_id=user.id, owner_type=ContentType.objects.get_for_model(user), adminscopy=adminscopy, admincipher=admincipher, publickey=export_rsa(rsa.publickey()), keytype=keytype) upriv = UserPrivateKey.objects.create(user=user, opub=opub, credtype=credtype, privatekey=export_rsa(rsa, strengthen_key(creds or settings.SECRET_KEY)), gfather=False if creds else True) return opub, upriv
def change_pin(self, request, **kwargs):
new_pin = kwargs.get('new_pin', None)
if not new_pin:
raise Exception('new_pin is required')
old_key = kwargs.get('old_key', None)
# TESTING_KMS_INTEGRATION
from MHLogin.MHLUsers.models import MHLUser
user = MHLUser.objects.get(id=self.owner.id)
uprivs = UserPrivateKey.objects.filter(user=user, credtype=CRED_IVRPIN, gfather=True)
if uprivs.exists():
recrypt_keys(uprivs, settings.SECRET_KEY, new_pin)
elif old_key:
uprivs = UserPrivateKey.objects.filter(user=user, credtype=CRED_IVRPIN)
recrypt_keys(uprivs, old_key, strengthen_key(new_pin), True)
else: # business logic: recrypt ivr key via user's webapp based ivr key
recrypt_ivr_key_via_web_creds(user, request, new_pin)
self._set_pin(new_pin)
self.save()
def generateHttpRequest():
# Fix for 2030 - should rename function, it does more than just generate request
# TODO: for requests should use Django's test Client(), see IVR unittests for
# example of view unittests using Django's test client request handling features.
env = Client()._base_environ()
user = create_mhluser()
request = HttpRequest()
request.META['REMOTE_ADDR'] = env['REMOTE_ADDR']
key = strengthen_key('demo')
split1, split2 = split_user_key('demo')
db_key = os.urandom(32)
xor = XOR.new(base64.b64decode(split2))
dbsplit = base64.b64encode(xor.encrypt(db_key))
assn = SmartPhoneAssn(
user=user,
device_serial='',
version='1.22',
platform='iPad',
user_type=1,
)
assn.save(request)
assn.update_secret(split1, key)
assn.update_db_secret(dbsplit, db_key)
request.REQUEST = {}
request.META['HTTP_DCOM_DEVICE_ID'] = request.REQUEST[
'DCOM_DEVICE_ID'] = assn.device_id
request.session = dict()
request.user = user
providers = Provider.objects.filter(user=user)
if not providers:
provider = Provider(user=request.user,
office_lat=0.0,
office_longit=0.0)
provider.save()
request.provider = provider
request.role_user = provider
return request
def admin_decrypt_cipherkey(admin_creds, obj):
""" ADMIN UTILITY, TODO: move this to black box, rm #2115 """
clearkey = None
ct = ContentType.objects.get_for_model(obj)
encobj = EncryptedObject.objects.filter(object_type=ct, object_id=obj.pk)
if encobj.exists():
from MHLogin._admin_reset import ADMIN_RESET_ENCD_RSA
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA,
strengthen_key(admin_creds))
# get first match since we are decrypting admincipher
opub = encobj[0].opub
# decrypt adminscopy rsa key for this encd object
adminclearkey = PKCS1_OAEP.new(admin_rsa).decrypt(
b64decode(opub.admincipher))
rsa = import_rsa(opub.adminscopy, adminclearkey)
# finally, decrypt encobj's cipherkey with decrypted admins rsa copy
clearkey = PKCS1_OAEP.new(rsa).decrypt(b64decode(encobj[0].cipherkey))
return clearkey
def generateHttpRequest():
# Fix for 2030 - should rename function, it does more than just generate request
# TODO: for requests should use Django's test Client(), see IVR unittests for
# example of view unittests using Django's test client request handling features.
env = Client()._base_environ()
user = create_mhluser()
request = HttpRequest()
request.META['REMOTE_ADDR'] = env['REMOTE_ADDR']
key = strengthen_key('demo')
split1, split2 = split_user_key('demo')
db_key = os.urandom(32)
xor = XOR.new(base64.b64decode(split2))
dbsplit = base64.b64encode(xor.encrypt(db_key))
assn = SmartPhoneAssn(
user=user,
device_serial='',
version='1.22',
platform='iPad',
user_type=1,
)
assn.save(request)
assn.update_secret(split1, key)
assn.update_db_secret(dbsplit, db_key)
request.REQUEST = {}
request.META['HTTP_DCOM_DEVICE_ID'] = request.REQUEST['DCOM_DEVICE_ID'] = assn.device_id
request.session = dict()
request.user = user
providers = Provider.objects.filter(user=user)
if not providers:
provider = Provider(user=request.user, office_lat=0.0, office_longit=0.0)
provider.save()
request.provider = provider
request.role_user = provider
return request
def reset_private_keys(request):
"""
This view takes the KMS administrator password, and for each user whose
password was reset, generates new private keys.
:param request: The HTTP request
:type request: django.core.handlers.wsgi.WSGIRequest
:returns: django.http.HttpResponse -- The webpage
"""
context, resp = get_context(request), None
log_qs = PasswordResetLog.objects.filter(reset=True,
resolved=False).values('user')
reset_users = context['reset_users'] = MHLUser.objects.filter(
pk__in=log_qs)
if request.method == 'POST':
form = context['form'] = PasswordForm(request.POST)
if form.is_valid():
try:
from MHLogin._admin_reset import ADMIN_RESET_ENCD_RSA
creds = strengthen_key(form.cleaned_data['password'])
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
except ValueError:
msg = _('Invalid password for admin reset key.')
form._errors['password'] = form.error_class([msg])
else:
for user in reset_users:
reset_user_invalid_keys(user, admin_rsa)
PasswordResetLog.objects.filter(
reset=True, resolved=False, user=user).update(
resolved=True,
servicer=request.user,
servicer_ip=request.META['REMOTE_ADDR'],
resolution_timestamp=datetime.datetime.now())
resp = render_to_response('PrivateKeyResetComplete.html',
context)
else:
context['form'] = PasswordForm()
return resp or render_to_response('PrivateKeyReset.html', context)
def handle(self, *args, **options):
if (len(args) != 1):
sys.stderr.write("Admin password required.\n")
self.print_help(sys.argv[1], "")
else:
from MHLogin._admin_reset import ADMIN_RESET_ENCD_RSA
try:
force = options.pop('force', False)
logoff = options.pop('logoff', False)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, strengthen_key(args[0]))
migrate_admin_objectkeys(admin_rsa, force)
# Remove active sessions, users need to log in. During initial migration
# rsa keys are grandfathered since we do not know users's password.
# And we don't want specialized code in KMS checking for this single
# use-case where keys are grandfathered while user logged in.
if logoff:
Session.objects.filter(expire_date__gte=datetime.now()).delete()
SmartPhoneAssn.objects.filter(is_active=True).update(is_active=False)
except ValueError:
sys.stderr.write("Invalid password.\n")
def test_gen_new_keys(self):
cleartext = "A sql query walks in to a bar, approaches two tables and asks 'may I join you?'"
c = self.client
# after successful login should get re-direct to /
response = c.post('/login/', {
'username': '******',
'password': '******'
})
c.COOKIES = {'ss': response.cookies['ss'].value}
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
c.user = authenticate(username='******', password='******')
c.user = MHLUser.objects.get(id=c.user.id)
msg = encrypt_object(SecureTestMessage, {}, cleartext)
gen_keys_for_users(msg, [c.user], None, c, ivr=True)
generate_new_user_keys(c.user, 'monkey')
c.user.set_password('monkey')
c.user.save()
# logout. cleanup
response = c.logout()
# simulate admin update invalid keys
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
reset_user_invalid_keys(MHLUser.objects.get(id=c.user.id), admin_rsa)
# login with new password and verify we can decrypt message
response = c.post('/login/', {
'username': '******',
'password': '******'
})
c.COOKIES = {'ss': response.cookies['ss'].value}
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
c.user = authenticate(username='******', password='******')
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], c.user.id)
decrypted_cleartext = decrypt_object(c, msg)
self.assertEqual(decrypted_cleartext, cleartext)
response = c.logout()
def test_recovery_key_generation(self):
c = self.client
recovery = generate_recovery(self.adminguy, None)
self.assertTrue(recovery != None) # all keys still g'fathered so true
response = c.post('/login/', {'username': '******', 'password': '******'})
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
user = authenticate(username='******', password='******')
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], user.id)
# get admin reset private key
creds = strengthen_key(ADMIN_PASSWORD)
admin_rsa = import_rsa(ADMIN_RESET_ENCD_RSA, creds)
recovery = generate_recovery(self.adminguy, admin_rsa)
self.assertTrue(recovery != None)
recovery = generate_recovery(self.adminguy, None)
self.assertTrue(recovery == None) # not all keys g'fathered now
# test recovery on regular user
recovery = generate_recovery(self.provider, admin_rsa)
self.assertTrue(recovery != None)
# logout. cleanup
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
def test_secure_message(self):
cleartext = "I drive a Dodge Stratus, don't tell anyone."
c = self.client
response = c.post('/login/', {
'username': '******',
'password': '******'
})
c.COOKIES = {'ss': response.cookies['ss'].value}
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
c.user = authenticate(username='******', password='******')
c.user = MHLUser.objects.get(id=c.user.id)
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], c.user.id)
# These should match:
self.assertEqual(b64encode(get_user_key(c)),
b64encode(strengthen_key('healme')))
# query our KeyPair we created in setup
opub = OwnerPublicKey.objects.get_pubkey(owner=c.user)
with self.assertRaises(AttributeError):
encrypt_object(str, {}, "boo")
# NOTE: encrypt_object leaks m._key but using that fact to test this for now
msg = encrypt_object(SecureTestMessage, {}, cleartext)
# verify keys don't exist:
exists = check_keys_exist_for_users(msg, [c.user])
self.assertEqual(exists, False)
with self.assertRaises(Exception):
gen_keys_for_users(msg, [c.user], None, None)
gen_keys_for_users(msg, [c.user], None, c,
ivr=True) # does both default & ivr
# test with cache
gen_keys_for_users(msg, [self.drbob], msg._key, c)
msg._key = None # uncache, test with diff user
gen_keys_for_users(msg, [self.adminguy], None, c)
# verify keys do exist:
exists = check_keys_exist_for_users(msg, [c.user])
self.assertEqual(exists, True)
exists = check_keys_exist_for_users(msg, [c.user, self.adminguy])
self.assertEqual(exists, True)
# time passes by .... now decrypt it
encobj = EncryptedObject.objects.get_object(msg, opub)
# do step by step instead of helper decrypt_object
opub = OwnerPublicKey.objects.get_pubkey(owner=c.user)
upriv = UserPrivateKey.objects.get(user=c.user, opub=opub)
creds = get_user_key(c, response.cookies['ss'].value)
clearkey = encobj.decrypt_cipherkey(upriv, creds)
self.assertEqual(clearkey, decrypt_cipherkey(c, msg))
# now call the object's decrypt method
decrypted_cleartext = msg.decrypt(c, clearkey)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# now try calling top level helper decrypt_object and verify
decrypted_cleartext = decrypt_object(c, msg)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# try calling encobj's decrypt with invalid creds
with self.assertRaises(KeyInvalidException):
decrypt_object(c, msg, ss="malarkey")
# create encrypted object without encrypting
msg2 = encrypt_object(SecureTestMessage, {})
self.assertTrue(len(msg2.ciphertext) == 0)
# now logout, we can alternatively call c.post('/logout/')
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
# test str rep of opub
self.assertEqual(
unicode(opub),
u"%s, key type: %s" % (c.user, RSA_TYPES[opub.keytype]), opub)
### tickle the admin interface with all the objs created in this UT ###
response = c.post('/login/', {
'username': '******',
'password': '******'
})
user = authenticate(username='******', password='******')
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
url = reverse("admin:%s_%s_change" %
(opub._meta.app_label, opub._meta.module_name),
args=[opub.id])
response = c.get(url)
upriv = opub.userprivatekey.get()
url = reverse("admin:%s_%s_change" %
(upriv._meta.app_label, upriv._meta.module_name),
args=[upriv.id])
response = c.get(url)
encobj = EncryptedObject.objects.all()[0]
url = reverse("admin:%s_%s_change" %
(encobj._meta.app_label, encobj._meta.module_name),
args=[encobj.id])
response = c.get(url)
response = c.logout()
class PrivateKeyTests(unittest.TestCase):
# Configuration
rsa_key = strengthen_key('foobazbar')
aes_key = strengthen_key('this is my secure passphrase')
clear_text = 'This is my message. There are many others like it, but this one is mine.'
@classmethod
def setUpClass(cls):
""" Create a User to link the private key to. """
u = User(username="******")
u.save()
key_pair = RSAKeyPair(key=cls.rsa_key)
key_pair.owner = u
key_pair.save()
key_pair = IVR_RSAKeyPair(key=cls.rsa_key)
key_pair.owner = u
key_pair.save()
@classmethod
def tearDownClass(cls):
User.objects.all().delete()
Provider.objects.all().delete()
Administrator.objects.all().delete()
OwnerPublicKey.objects.all().delete()
UserPrivateKey.objects.all().delete()
EncryptedObject.objects.all().delete()
def test_PrivateKey(self):
u = User.objects.get(username="******")
RSAKeyPair.objects.get(owner=u)
RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
private_key = PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
object_type = ContentType.objects.get_for_model(msg)
private_key = PrivateKey.objects.get(owner=u,
object_type=object_type,
object_id=msg.id)
decrypted_text = private_key.decrypt(None, key=self.rsa_key)
self.assertEqual(decrypted_text, self.clear_text)
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
decrypted_text = private_key.decrypt(None,
strengthen_key(ADMIN_PASSWORD))
self.assertEqual(decrypted_text, self.clear_text)
def test_IVRPrivateKey(self):
u = User.objects.get(username="******")
IVR_RSAKeyPair.objects.get(owner=u)
IVR_RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
private_key = IVR_PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
object_type = ContentType.objects.get_for_model(msg)
private_key = IVR_PrivateKey.objects.get(owner=u,
object_type=object_type,
object_id=msg.id)
decrypted_text = private_key.decrypt(None, key=self.rsa_key)
self.assertEqual(decrypted_text, self.clear_text)
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
decrypted_text = private_key.decrypt(None,
strengthen_key(ADMIN_PASSWORD))
self.assertEqual(decrypted_text, self.clear_text)
def test_ConcurrentPrivateKeys(self):
u = User.objects.get(username="******")
RSAKeyPair.objects.get(owner=u)
RSAPubKey.objects.get(owner=u)
IVR_RSAKeyPair.objects.get(owner=u)
IVR_RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
object_type = ContentType.objects.get_for_model(msg)
private_key = PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
ivr_private_key = IVR_PrivateKey(owner=u, object=msg, key=self.aes_key)
ivr_private_key.save()
private_key = PrivateKey.objects.get(owner=u,
object_type=object_type,
object_id=msg.id)
ivr_private_key = IVR_PrivateKey.objects.get(owner=u,
object_type=object_type,
object_id=msg.id)
decrypted_text = private_key.decrypt(None, key=self.rsa_key)
self.assertEqual(decrypted_text, self.clear_text)
decrypted_text = ivr_private_key.decrypt(None, key=self.rsa_key)
self.assertEqual(decrypted_text, self.clear_text)
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
decrypted_text = private_key.decrypt(None,
strengthen_key(ADMIN_PASSWORD))
self.assertEqual(decrypted_text, self.clear_text)
def test_IncorrectPassword(self):
u = User.objects.get(username="******")
RSAKeyPair.objects.get(owner=u)
RSAPubKey.objects.get(owner=u)
msg = SecureTestMessage.objects.create(owner=u)
msg.encrypt(self.clear_text, self.aes_key)
msg.save()
private_key = PrivateKey(owner=u, object=msg, key=self.aes_key)
private_key.save()
self.assertRaises(KeyInvalidException,
private_key.decrypt,
None,
key=strengthen_key('this is an incorrect password'))
# Admin private key tests
aes_key = strengthen_key(ADMIN_PASSWORD)
msg = SecureTestMessage.objects.create(owner=None)
msg.encrypt(self.clear_text, aes_key)
msg.save()
private_key = AdminPrivateKey(key=strengthen_key(ADMIN_PASSWORD))
private_key.object = msg
private_key.save()
self.assertRaises(KeyInvalidException,
private_key.decrypt,
None,
key=strengthen_key('this is an incorrect password'))
def test_secure_message(self):
cleartext = "I drive a Dodge Stratus, don't tell anyone."
c = self.client
response = c.post('/login/', {'username': '******', 'password': '******'})
c.COOKIES = {'ss': response.cookies['ss'].value}
self.assertEqual(response.status_code, 302)
# just extra verification we can get user from django auth
c.user = authenticate(username='******', password='******')
c.user = MHLUser.objects.get(id=c.user.id)
# verify we are logged in
self.assertEqual(c.session['_auth_user_id'], c.user.id)
# These should match:
self.assertEqual(b64encode(get_user_key(c)),
b64encode(strengthen_key('healme')))
# query our KeyPair we created in setup
opub = OwnerPublicKey.objects.get_pubkey(owner=c.user)
with self.assertRaises(AttributeError):
encrypt_object(str, {}, "boo")
# NOTE: encrypt_object leaks m._key but using that fact to test this for now
msg = encrypt_object(SecureTestMessage, {}, cleartext)
# verify keys don't exist:
exists = check_keys_exist_for_users(msg, [c.user])
self.assertEqual(exists, False)
with self.assertRaises(Exception):
gen_keys_for_users(msg, [c.user], None, None)
gen_keys_for_users(msg, [c.user], None, c, ivr=True) # does both default & ivr
# test with cache
gen_keys_for_users(msg, [self.drbob], msg._key, c)
msg._key = None # uncache, test with diff user
gen_keys_for_users(msg, [self.adminguy], None, c)
# verify keys do exist:
exists = check_keys_exist_for_users(msg, [c.user])
self.assertEqual(exists, True)
exists = check_keys_exist_for_users(msg, [c.user, self.adminguy])
self.assertEqual(exists, True)
# time passes by .... now decrypt it
encobj = EncryptedObject.objects.get_object(msg, opub)
# do step by step instead of helper decrypt_object
opub = OwnerPublicKey.objects.get_pubkey(owner=c.user)
upriv = UserPrivateKey.objects.get(user=c.user, opub=opub)
creds = get_user_key(c, response.cookies['ss'].value)
clearkey = encobj.decrypt_cipherkey(upriv, creds)
self.assertEqual(clearkey, decrypt_cipherkey(c, msg))
# now call the object's decrypt method
decrypted_cleartext = msg.decrypt(c, clearkey)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# now try calling top level helper decrypt_object and verify
decrypted_cleartext = decrypt_object(c, msg)
# verify they do match after decryption
self.assertTrue(decrypted_cleartext == cleartext)
# try calling encobj's decrypt with invalid creds
with self.assertRaises(KeyInvalidException):
decrypt_object(c, msg, ss="malarkey")
# create encrypted object without encrypting
msg2 = encrypt_object(SecureTestMessage, {})
self.assertTrue(len(msg2.ciphertext) == 0)
# now logout, we can alternatively call c.post('/logout/')
response = c.logout()
self.assertTrue('_auth_user_id' not in c.session)
# test str rep of opub
self.assertEqual(unicode(opub), u"%s, key type: %s" %
(c.user, RSA_TYPES[opub.keytype]), opub)
### tickle the admin interface with all the objs created in this UT ###
response = c.post('/login/', {'username': '******', 'password': '******'})
user = authenticate(username='******', password='******')
opub = OwnerPublicKey.objects.get_pubkey(owner=user)
url = reverse("admin:%s_%s_change" %
(opub._meta.app_label, opub._meta.module_name), args=[opub.id])
response = c.get(url)
upriv = opub.userprivatekey.get()
url = reverse("admin:%s_%s_change" %
(upriv._meta.app_label, upriv._meta.module_name), args=[upriv.id])
response = c.get(url)
encobj = EncryptedObject.objects.all()[0]
url = reverse("admin:%s_%s_change" %
(encobj._meta.app_label, encobj._meta.module_name), args=[encobj.id])
response = c.get(url)
response = c.logout()
