コード例 #1
0
def encrypt_handler(infile=None,
                    outfile=None,
                    recipient=None,
                    self=None,
                    basedir=None):
    # provides a high level function to do encryption of files
    # infile specifies the filename of the input file,
    #        if '-' or not specified it uses stdin
    # outfile specifies the filename of the output file, if not specified
    #         it uses the same filename with '.pbp' appended
    # recipient specifies the name of the recipient for using public key crypto
    # self specifies the sender for signing the message using pk crypto
    # basedir provides a root for the keystores needed for pk crypto
    # if both self and recipient is specified pk crypto is used, otherwise symmetric
    # this function also handles buffering.
    fd = inputfd(infile)
    outfd = outputfd(outfile or
                     (infile + '.pbp' if infile not in [None, '-'] else '-'))

    if recipient and self:
        # let's do public key encryption
        key = nacl.randombytes(nacl.crypto_secretbox_KEYBYTES)
        me = publickey.Identity(self, basedir=basedir)
        size = struct.pack('>H', len(recipient))
        # write out encrypted message key (nonce, c(key+recplen)) for each recipient
        for r in recipient:
            r = publickey.Identity(r, basedir=basedir, publicOnly=True)
            nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES)
            outfd.write(nonce)
            outfd.write(nacl.crypto_box(key + size, nonce, r.cp, me.cs))
        me.clear()
    else:
        # let's do symmetric crypto
        key = getkey(nacl.crypto_secretbox_KEYBYTES)

    buf = fd.read(BLOCK_SIZE)
    if buf:
        nonce, cipher = encrypt(buf, k=key)
        outfd.write(nonce)
        outfd.write(cipher)
        buf = fd.read(BLOCK_SIZE)
        while buf:
            nonce = inc_nonce(nonce)
            nonce, cipher = encrypt(buf, k=key, nonce=nonce)
            outfd.write(cipher)
            buf = fd.read(BLOCK_SIZE)
    clearmem(key)
    key = None

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout and isinstance(outfd, file): outfd.close()
コード例 #2
0
ファイル: pitchfork.py プロジェクト: stef/pbp
def rng(size, outfile=None):
    outfd = outputfd(outfile or '-')
    reset()
    read = 0
    res = ''
    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_RNG)
    while(read<size):
        res=eps[USB_CRYPTO_EP_DATA_OUT].read(32768 if size - read > 32768 else size -read)
        outfd.write(''.join([chr(x) for x in res]))
        read += len(res)

    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_STOP)
    read_ctrl()
    reset()
コード例 #3
0
def verify_handler(infile=None, outfile=None, basedir=None):
    # provides a high level function to verify signed files
    # infile specifies the filename of the input file,
    #        if '-' or not specified it uses stdin
    # outfile specifies the filename of the output file,
    # basedir provides a root for the keystores
    # this function also handles buffering.
    fd = inputfd(infile)
    outfd = outputfd(outfile)

    sender = publickey.buffered_verify(fd, outfd, basedir)

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()

    return sender
コード例 #4
0
def chaining_decrypt_handler(infile=None,
                             outfile=None,
                             recipient=None,
                             self=None,
                             basedir=None):
    # provides highlevel forward secure deccryption receive primitive for files
    # for details see doc/chaining-dh.txt
    # infile specifies the input file,
    # outfile the filename of the output,
    # self the sending parties name
    # recipient the receiving peers name
    # basedir the root directory used for key storage
    fd = inputfd(infile)
    outfd = outputfd(outfile or infile + '.pbp')

    ctx = chaining.ChainingContext(self, recipient, basedir)
    ctx.buffered_decrypt(fd, outfd)

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
コード例 #5
0
ファイル: pitchfork.py プロジェクト: stef/pbp
def sign(peer, infile=None, outfile=None):
    if len(peer)>PEER_NAME_MAX:
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile)

    reset()
    written=0

    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_SIGN+peer, timeout=0)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)
    # needs to return keyid read it here
    keyid = ''.join([chr(x) for x in eps[USB_CRYPTO_EP_CTRL_OUT].read(EKID_SIZE, timeout=0)])
    if(keyid.startswith('err: ')):
       return
    if len(keyid)<EKID_SIZE:
        return
    pkt = fd.read(32768)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp!="go"):
       raise ValueError(tmp)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        written+=eps[USB_CRYPTO_EP_DATA_IN].write(pkt, timeout=0)
        pkt = fd.read(32768)
        if outfile: outfd.write(pkt)
    if(written%64==0):
        eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)
    read_ctrl()
    res = eps[USB_CRYPTO_EP_DATA_OUT].read(nacl.crypto_generichash_BYTES, timeout=0)

    read_ctrl()
    reset()
    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
    return ''.join([chr(x) for x in res]), keyid
コード例 #6
0
ファイル: pitchfork.py プロジェクト: stef/pbp
def encrypt(peer, infile=None, outfile=None):
    if len(peer)>PEER_NAME_MAX:
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile or infile+'.pbp' if infile else '-')
    reset()

    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_ENCRYPT+peer, timeout=0)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)
    # needs to return keyid read it here
    keyid = ''.join([chr(x) for x in eps[USB_CRYPTO_EP_CTRL_OUT].read(EKID_SIZE, timeout=0)])
    if(keyid.startswith('err: ')):
        raise ValueError(keyid)
    if len(keyid)<EKID_SIZE:
        print len(keyid),EKID_SIZE
        print repr(keyid)
        raise ValueError
    pkt = fd.read(32768)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        wrote = eps[USB_CRYPTO_EP_DATA_IN].write(pkt, timeout=0)
        if (wrote<32768 and not (wrote&0x3f)):
            eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)
        outfd.write(''.join([chr(x) for x in eps[USB_CRYPTO_EP_DATA_OUT].read(wrote+40, timeout=0)]))
        pkt = fd.read(32768)
    if(len(pkt)==32768):
        eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)

    reset()

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
    return keyid
コード例 #7
0
ファイル: pitchfork.py プロジェクト: stef/pbp
def verify(sign, keyid, infile=None, outfile=None):
    keyid=b85decode(keyid)
    sign=b85decode(sign)
    if(len(keyid)!=EKID_SIZE or len(sign)!= nacl.crypto_generichash_BYTES):
        print len(keyid), EKID_SIZE, repr(keyid)
        print len(sign), 32, repr(sign)
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile) if outfile else None

    reset()
    written=0

    eps[USB_CRYPTO_EP_CTRL_IN].write("%s%s%s" % (USB_CRYPTO_CMD_VERIFY,sign,keyid), timeout=0)
    tmp=read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       return
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp!="go"):
       raise ValueError(tmp)
    pkt = fd.read(32768)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        written+=eps[USB_CRYPTO_EP_DATA_IN].write(pkt, timeout=0)
        if outfd: outfd.write(pkt)
        pkt = fd.read(32768)
    if(written%64==0):
        eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)
    read_ctrl()
    res = eps[USB_CRYPTO_EP_DATA_OUT].read(1, timeout=0)
    read_ctrl()
    reset()
    if fd != sys.stdin: fd.close()
    if outfd and outfd != sys.stdout: outfd.close()
    return res[0]
コード例 #8
0
ファイル: pitchfork.py プロジェクト: stef/pbp
def decrypt(keyid, infile=None, outfile=None):
    keyid=b85decode(keyid)
    if(len(keyid)!=EKID_SIZE):
        raise ValueError

    fd = inputfd(infile)
    outfd = outputfd(outfile or infile+'.pbp' if infile else '-')

    reset()

    eps[USB_CRYPTO_EP_CTRL_IN].write(USB_CRYPTO_CMD_DECRYPT+keyid, timeout=0)
    tmp = read_ctrl(timeout=0)
    if(tmp and tmp.startswith('err: ')):
       raise ValueError(tmp)
    tmp = read_ctrl(timeout=0)

    pkt = fd.read(32808)
    if(tmp and tmp!="go"):
       raise ValueError(tmp)
    #if len(pkt)>0:
    #    outfd.write(keyid)
    while pkt:
        wrote = eps[USB_CRYPTO_EP_DATA_IN].write(pkt, timeout=0)
        if (wrote<32808 and not (wrote&0x3f)):
            eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)
        tmp = read_ctrl(timeout=50)
        if(tmp and tmp.startswith('err: ')):
            raise ValueError(tmp)
        outfd.write(''.join([chr(x) for x in eps[USB_CRYPTO_EP_DATA_OUT].read(wrote-40, timeout=0)]))
        pkt = fd.read(32808)
    if(len(pkt)==32808):
        eps[USB_CRYPTO_EP_DATA_IN].write(None, timeout=0)

    reset()
    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()
コード例 #9
0
def decrypt_handler(infile=None,
                    outfile=None,
                    self=None,
                    peer=None,
                    max_recipients=20,
                    basedir=None):
    # provides a high level function to do decryption of files
    # infile specifies the filename of the input file,
    #        if '-' or not specified it uses stdin
    # outfile specifies the filename of the output file, if not specified
    #         it uses the same filename with '.pbp' appended
    # self specifies the recipient of the message for using pk crypto
    # basedir provides a root for the keystores needed for pk crypto
    # if self is specified pk crypto is used, otherwise symmetric
    # this function also handles buffering.
    fd = inputfd(infile)
    outfd = outputfd(outfile)

    key = None
    # asym
    if self:
        me = publickey.Identity(self, basedir=basedir)
        if peer:
            peer = publickey.Identity(peer, basedir=basedir, publicOnly=True)
        sender = None
        size = None
        i = 0
        while i < (max_recipients if not size else size):
            i += 1
            rnonce = fd.read(nacl.crypto_box_NONCEBYTES)
            ct = fd.read(nacl.crypto_secretbox_KEYBYTES + 2 +
                         nacl.crypto_secretbox_MACBYTES)
            if sender: continue
            for keys in ([peer] if peer else publickey.get_public_keys(
                    basedir=basedir)):
                try:
                    tmp = nacl.crypto_box_open(ct, rnonce, keys.cp, me.cs)
                except ValueError:
                    continue

                key = tmp[:nacl.crypto_secretbox_KEYBYTES]
                size = struct.unpack('>H',
                                     tmp[nacl.crypto_secretbox_KEYBYTES:])[0]
                sender = keys.name
                break

        me.clear()
        if not sender:
            raise ValueError('decryption failed')
    # sym
    else:
        pwd = getpass.getpass('Passphrase for decrypting: ')
        key = scrypt.hash(pwd, scrypt_salt)[:nacl.crypto_secretbox_KEYBYTES]
        sender = None
        clearmem(pwd)
        pwd = None

    if key:
        nonce = fd.read(nacl.crypto_secretbox_NONCEBYTES)
        buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES)
        while buf:
            outfd.write(decrypt((nonce, buf), k=key))
            nonce = inc_nonce(nonce)
            buf = fd.read(BLOCK_SIZE + nacl.crypto_secretbox_MACBYTES)
        clearmem(key)
        key = None

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout and type(outfd) == file: outfd.close()
    return sender