def testM2CryptoCipherCompatibility(self):
m2crypto_ciphertext = open(
os.path.join(self.base_path, "m2crypto/send_file_data"), "rb").read()
key = rdf_crypto.EncryptionKey("x" * 16)
iv = rdf_crypto.EncryptionKey("y" * 16)
cipher = rdf_crypto.AES128CBCCipher(key, iv)
plaintext = cipher.Decrypt(m2crypto_ciphertext)
self.assertEqual(plaintext, self.memory_dump)
def testAES128CBCCipher(self):
key = rdf_crypto.AES128Key.GenerateKey()
iv = rdf_crypto.AES128Key.GenerateKey()
cipher = rdf_crypto.AES128CBCCipher(key, iv)
plain_text = "hello world!"
cipher_text = cipher.Encrypt(plain_text)
# Repeatedly calling Encrypt should repeat the same cipher text.
self.assertEqual(cipher_text, cipher.Encrypt(plain_text))
self.assertNotEqual(cipher_text, plain_text)
self.assertEqual(cipher.Decrypt(cipher_text), plain_text)
key2 = rdf_crypto.AES128Key.GenerateKey()
iv2 = rdf_crypto.AES128Key.GenerateKey()
cipher = rdf_crypto.AES128CBCCipher(key, iv2)
self.assertRaises(rdf_crypto.CipherError, cipher.Decrypt, plain_text)
cipher = rdf_crypto.AES128CBCCipher(key2, iv)
self.assertRaises(rdf_crypto.CipherError, cipher.Decrypt, plain_text)
cipher = rdf_crypto.AES128CBCCipher(key2, iv2)
self.assertRaises(rdf_crypto.CipherError, cipher.Decrypt, plain_text)
def testStreamingCBCEncryptor(self):
key = rdf_crypto.AES128Key.GenerateKey()
iv = rdf_crypto.AES128Key.GenerateKey()
# 160 characters.
message = "Hello World!!!!!" * 10
for plaintext, partitions in [
(message, [
[160],
[80, 80],
[75, 75, 10],
[1, 159],
[10] * 16,
[1] * 160,
]),
# Prime length, not a multiple of blocksize.
(message[:149], [
[149],
[80, 69],
[75, 55, 19],
[1, 148],
[10] * 14 + [9],
[1] * 149,
])
]:
for partition in partitions:
cipher = rdf_crypto.AES128CBCCipher(key, iv)
streaming_cbc = rdf_crypto.StreamingCBCEncryptor(cipher)
it = iter(plaintext)
out = []
for n in partition:
next_partition = "".join([it.next() for _ in xrange(n)])
out.append(streaming_cbc.Update(next_partition))
out.append(streaming_cbc.Finalize())
self.assertEqual(cipher.Decrypt("".join(out)), plaintext)
def Run(self, args):
"""Run."""
# Open the file.
fd = vfs.VFSOpen(args.pathspec, progress_callback=self.Progress)
if args.address_family == rdf_client.NetworkAddress.Family.INET:
family = socket.AF_INET
elif args.address_family == rdf_client.NetworkAddress.Family.INET6:
family = socket.AF_INET6
else:
raise RuntimeError("Socket address family not supported.")
s = socket.socket(family, socket.SOCK_STREAM)
try:
s.connect((args.host, args.port))
except socket.error as e:
raise RuntimeError(str(e))
cipher = rdf_crypto.AES128CBCCipher(args.key, args.iv)
streaming_encryptor = rdf_crypto.StreamingCBCEncryptor(cipher)
while True:
data = fd.read(self.BLOCK_SIZE)
if not data:
break
self.Send(s, streaming_encryptor.Update(data))
# Send heartbeats for long files.
self.Progress()
self.Send(s, streaming_encryptor.Finalize())
s.close()
self.SendReply(fd.Stat())
def Encrypt(self, data, iv=None):
"""Symmetrically encrypt the data using the optional iv."""
if iv is None:
iv = rdf_crypto.EncryptionKey.GenerateKey(length=128)
cipher = rdf_crypto.AES128CBCCipher(self.cipher.key, iv)
return iv, cipher.Encrypt(data)
def Decrypt(self, data, iv):
"""Symmetrically decrypt the data."""
key = rdf_crypto.EncryptionKey(self.cipher.key)
iv = rdf_crypto.EncryptionKey(iv)
return rdf_crypto.AES128CBCCipher(key, iv).Decrypt(data)
def GetCipher(self):
if self.name == "AES128CBC":
return rdf_crypto.AES128CBCCipher(self.key, self.metadata_iv)