def decode_row_batch(crypt: CryptoOptions, data) -> vpb.RowBatchData: jwe = JsonWebEncryption() rb = vpb.RowBatchData() data = jwe.deserialize_compact(data, crypt.jwk_private_key) rb.ParseFromString(data['payload']) return rb
def forgot_password_token(mode) : """ @app.route('/forgot_password_token/', methods = ['GET', 'POST']) This function is called from email to decode token and reset password. """ if request.method == 'GET' : token = request.args.get('token') key = privatekey.get_key(mode.owner_talao, 'rsa_key', mode) jwe = JsonWebEncryption() try : data = jwe.deserialize_compact(token, key) except : flash ('Incorrect data', 'danger') logging.warning('JWE did not decrypt') return render_template('./login/login_password.html') payload = json.loads(data['payload'].decode('utf-8')) if payload['expired'] < datetime.timestamp(datetime.now()) : flash ('Delay expired (3 minutes maximum)', 'danger') return render_template('./login/login_password.html') session['email_password'] = payload['email'] session['username_password'] = payload['username'] return render_template('./login/update_password_external.html') if request.method == 'POST' : if session['email_password'] != request.form['email'] : flash('Incorrect email', 'danger') return render_template('./login/update_password_external.html') ns.update_password(session['username_password'], request.form['password'], mode) flash('Password updated', "success") del session['email_password'] del session['username_password'] return render_template('./login/login_password.html')
def decrypt(self, token, key, type='AES'): if type == 'AES': data = SJCL.decrypt(self, token, key) return data.decode() else: jwe = JsonWebEncryption() data = jwe.deserialize_compact(token, key) return data['payload'].decode()
def test_compact_rsa(self): jwe = JsonWebEncryption(algorithms=JWE_ALGORITHMS) s = jwe.serialize_compact({ 'alg': 'RSA-OAEP', 'enc': 'A256GCM' }, 'hello', read_file_path('rsa_public.pem')) data = jwe.deserialize_compact(s, read_file_path('rsa_private.pem')) header, payload = data['header'], data['payload'] self.assertEqual(payload, b'hello') self.assertEqual(header['alg'], 'RSA-OAEP')
def test_ecdh_es_with_okp(self): jwe = JsonWebEncryption(algorithms=JWE_ALGORITHMS) key = OKPKey.generate_key('X25519', is_private=True) for alg in [ "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ]: protected = {'alg': alg, 'enc': 'A128GCM'} data = jwe.serialize_compact(protected, b'hello', key) rv = jwe.deserialize_compact(data, key) self.assertEqual(rv['payload'], b'hello')
def test_with_zip_header(self): jwe = JsonWebEncryption() s = jwe.serialize_compact( { 'alg': 'RSA-OAEP', 'enc': 'A128CBC-HS256', 'zip': 'DEF' }, 'hello', read_file_path('rsa_public.pem')) data = jwe.deserialize_compact(s, read_file_path('rsa_private.pem')) header, payload = data['header'], data['payload'] self.assertEqual(payload, b'hello') self.assertEqual(header['alg'], 'RSA-OAEP')
def test_dir_alg_c20p(self): jwe = JsonWebEncryption(algorithms=JWE_ALGORITHMS) key = OctKey.generate_key(256, is_private=True) protected = {'alg': 'dir', 'enc': 'C20P'} data = jwe.serialize_compact(protected, b'hello', key) rv = jwe.deserialize_compact(data, key) self.assertEqual(rv['payload'], b'hello') key2 = OctKey.generate_key(128, is_private=True) self.assertRaises(ValueError, jwe.deserialize_compact, data, key2) self.assertRaises(ValueError, jwe.serialize_compact, protected, b'hello', key2)
def test_aes_gcm_jwe(self): jwe = JsonWebEncryption(algorithms=JWE_ALGORITHMS) sizes = [128, 192, 256] _enc_choices = [ 'A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM' ] for s in sizes: alg = 'A{}GCMKW'.format(s) key = os.urandom(s // 8) for enc in _enc_choices: protected = {'alg': alg, 'enc': enc} data = jwe.serialize_compact(protected, b'hello', key) rv = jwe.deserialize_compact(data, key) self.assertEqual(rv['payload'], b'hello')
def test_ecdh_es_jwe(self): jwe = JsonWebEncryption(algorithms=JWE_ALGORITHMS) key = { "kty": "EC", "crv": "P-256", "x": "gI0GAILBdu7T53akrFmMyGcsF3n5dO7MmwNBHKW5SV0", "y": "SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps", "d": "0_NxaRPUMQoAJt50Gz8YiTr8gRTwyEaCumd-MToTmIo" } for alg in [ "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ]: protected = {'alg': alg, 'enc': 'A128GCM'} data = jwe.serialize_compact(protected, b'hello', key) rv = jwe.deserialize_compact(data, key) self.assertEqual(rv['payload'], b'hello')
def jweRsaDecryptFromBase64UrlToken(rsaPrivateKey, jweTokenBase64Url): jwe = JsonWebEncryption() return jwe.deserialize_compact(jweTokenBase64Url, rsaPrivateKey)
def _get(workspace_contract_from, private_key_from, workspace_contract_user, documentId, mode): # @documentID is int if not isinstance(documentId, int): documentId = int(documentId) logging.error('doc_id must be int') w3 = mode.w3 contract = w3.eth.contract(workspace_contract_user, abi=constante.workspace_ABI) #try : (doctype, doctypeversion, unused, issuer, unused, unused, ipfshash, unused, unused) = contract.functions.getDocument(documentId).call() #except : # logging.error('connexion blockchain talaonet impossble, document.py') # return None, None, None, None, None, None, None if doctype in [50000, 40000, 10000, 15000, 20000, 11000]: privacy = 'public' if doctype in [50001, 40001, 15001, 20001]: privacy = 'private' if doctype in [50002, 40002, 20002]: privacy = 'secret' workspace_contract_identity = workspace_contract_user # download from IPFS ipfs_data = Talao_ipfs.ipfs_get(ipfshash.decode('utf-8')) # previous version (deprecated) if privacy == 'public' and doctypeversion == 2: return issuer, workspace_contract_identity, ipfs_data, ipfshash.decode( ), privacy, "", 0 # data encrypted server side with AES algo and server keys (public, private, secret) elif doctypeversion == 3: msg = privatekey.decrypt_data(workspace_contract_user, ipfs_data, privacy, mode) if msg: # decrypt avec algo AES-EAX ou AES-CBC return issuer, workspace_contract_user, msg, ipfshash.decode( 'utf-8'), privacy, "", 0 else: # la clé RSA n'est pas disponible sur le serveur logging.warning('Cannot decrypt data') return issuer, workspace_contract_user, { "data": 'Encrypted' }, ipfshash.decode('utf-8'), privacy, "", 0 # data encrypted server side as JWE with RSA identity key elif doctypeversion == 4: jwe = JsonWebEncryption() address_user = contracts_to_owners(workspace_contract_user, mode) key = privatekey.get_key(address_user, 'rsa_key', mode) data = jwe.deserialize_compact(ipfs_data['jwe'], key) payload = data['payload'] return issuer, workspace_contract_user, payload.decode( ), ipfshash.decode(), privacy, "", 0 # data encrypted server side as JWE with AES key elif doctypeversion == 5: jwe = JsonWebEncryption() address_user = contracts_to_owners(workspace_contract_user, mode) if privacy == 'public': secret = mode.aes_public_key.encode() else: secret = privatekey.get_key(address_user, privacy, mode) data = jwe.deserialize_compact(ipfs_data['jwe'], secret) payload = data['payload'] return issuer, workspace_contract_user, payload.decode( ), ipfshash.decode(), privacy, ipfs_data['id'], ipfs_data['sequence'] # data encrypted client side as JWE. There is no server decryption. elif doctypeversion == 6: return issuer, workspace_contract_user, ipfs_data[ 'jwe'], ipfshash.decode(), privacy, "", 0 else: logging.error('pb doctypeversion') return None, None, None, None, None, None, None