def __init__(self, vault_fl, mp): self.pcfg = DTE_large() domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST self.domain_hash_map = json.load(open_(domain_hash_map_fl)) self.vault_fl = vault_fl self.mp = mp self.initialize_vault(mp) self.dte = DTE(self.pcfg.decode_grammar(self.H))
class HoneyVault: s1 = hny_config.HONEY_VAULT_S1 s2 = hny_config.HONEY_VAULT_S2 s_g = hny_config.HONEY_VAULT_GRAMMAR_SIZE s = hny_config.HONEY_VAULT_STORAGE_SIZE vault_total_size = hny_config.HONEY_VAULT_ENCODING_SIZE sample = [10,19,20,31] mpass_set_size = hny_config.HONEY_VAULT_MACHINE_PASS_SET_SIZE def __init__(self, vault_fl, mp): self.pcfg = DTE_large() domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST self.domain_hash_map = json.load(open_(domain_hash_map_fl)) self.vault_fl = vault_fl self.mp = mp self.initialize_vault(mp) self.dte = DTE(self.pcfg.decode_grammar(self.H)) #print_err (self.dte.G) def get_domain_index(self, d): h = SHA256.new() h.update(d) d_hash = h.hexdigest()[:32] try: i = self.domain_hash_map[d_hash] if i>self.s1: raise KeyError; else: return i except KeyError: sys.stderr.write('WARNING! S1 miss for %s\n' % d) x = struct.unpack('8I', h.digest())[0] return self.s1 + x % self.s2 def initialize_vault(self, mp): vd = VaultDistribution() if not os.path.exists(self.vault_fl): buf = rnd_source.read(hny_config.HONEY_VAULT_ENCODING_SIZE * 4) t_s = struct.unpack( '!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE, buf) self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE] t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:] self.S = [t_s[i*hny_config.PASSWORD_LENGTH:(i+1)*hny_config.PASSWORD_LENGTH] for i in range(self.s)] #buf = struct.unpack('!%sI' % self.mpass_set_size, rnd_source.read(self.mpass_set_size)) # self.machine_pass_set = \ # list(''.join(["{0:08b}".format(x) # for x in struct.unpack( # "%sB" % self.mpass_set_size, buf)])) # assert len(self.machine_pass_set) >= len(self.S) self.machine_pass_set = list('0'*(self.mpass_set_size*8)) k = int(math.ceil(hny_config.HONEY_VAULT_STORAGE_SIZE * \ hny_config.MACHINE_GENRATED_PASS_PROB/1000.0)) for i in random.sample(range(hny_config.HONEY_VAULT_STORAGE_SIZE), k): self.machine_pass_set[i] = '1' self.salt = rnd_source.read(8) self.save(mp) else: self.load(mp) def gen_password(self, mp, domain_list, size=10): r_dte = DTE_random() reply = [] for d in domain_list: i = self.get_domain_index(d) p, encoding = r_dte.generate_and_encode_password(size) self.S[i] = encoding self.machine_pass_set[i] = '1' reply.append(p) self.save() return OrderedDict(zip(domain_list, reply)) def add_password(self, domain_pw_map): #print self.dte.G nG = copy.deepcopy(self.dte.G) nG.update_grammar(*(domain_pw_map.values())) ndte = DTE(nG) if self.dte and (ndte != self.dte): # if new dte is different then data = [(self.dte, ndte, i, p) for i,p in enumerate(self.S) if self.machine_pass_set[i] == '0'] result = ProcessParallel(copy_from_old_parallel, data, func_load=100) for i, p in enumerate(result): self.S[i] = p self.H = self.pcfg.encode_grammar(nG) #print_err(self.H[:10]) G_ = self.pcfg.decode_grammar(self.H) #print_err("-"*50) #print_err("Original: ", nG, '\n', '='*50) #print_err("After Decoding:", G_) assert G_ == nG for d,p in domain_pw_map.items(): i = self.get_domain_index(d) self.S[i] = ndte.encode_pw(p) self.machine_pass_set[i] = '0' self.dte = ndte def get_password(self, domain_list): pw_list = [] r_dte = DTE_random() for d in domain_list: i = self.get_domain_index(d) if self.machine_pass_set[i] == '1': print_err("Machine Password") pw = r_dte.decode_pw(self.S[i]) else: pw = self.dte.decode_pw(self.S[i]) pw_list.append(pw) return OrderedDict(zip(domain_list, pw_list)) def get_sample_decoding(self): """ check some of the sample decoding to make sure you are not accidentally spoiling the vault """ return [self.dte.decode_pw(self.S[i]) for i in self.sample] def save(self, mp=None): if not mp: mp = self.mp with open(self.vault_fl, 'wb') as fvault: fvault.write(self.salt) buf = list(self.H[:]) for i, a in enumerate(self.S): buf.extend(a) aes = do_crypto_setup(mp, self.salt) fvault.write(aes.encrypt( struct.pack('!%sI' % \ hny_config.HONEY_VAULT_ENCODING_SIZE, *buf)) ) for i in range(self.mpass_set_size): fvault.write(struct.pack('!B', int( ''.join(self.machine_pass_set[i*8:(i+1)*8]), 2))) def load(self, mp): with open(self.vault_fl, 'rb') as fvault: self.salt = fvault.read(8) size_of_int = struct.calcsize('I') aes = do_crypto_setup(mp, self.salt) buf = aes.decrypt( fvault.read(hny_config.HONEY_VAULT_ENCODING_SIZE * size_of_int)) t_s = struct.unpack( '!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE, buf) self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE] t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:] self.S = [t_s[i*hny_config.PASSWORD_LENGTH:(i+1)*hny_config.PASSWORD_LENGTH] for i in range(self.s)] buf = fvault.read(self.mpass_set_size) self.machine_pass_set = \ list(''.join(["{0:08b}".format(x) for x in struct.unpack( "%sB" % self.mpass_set_size, buf)])) assert len(self.machine_pass_set) >= len(self.S)
class HoneyVault: s1 = hny_config.HONEY_VAULT_S1 s2 = hny_config.HONEY_VAULT_S2 s_g = hny_config.HONEY_VAULT_GRAMMAR_SIZE s = hny_config.HONEY_VAULT_STORAGE_SIZE vault_total_size = hny_config.HONEY_VAULT_ENCODING_SIZE sample = [10, 19, 20, 31] mpass_set_size = hny_config.HONEY_VAULT_MACHINE_PASS_SET_SIZE def __init__(self, vault_fl, mp): self.pcfg = DTE_large() domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST self.domain_hash_map = json.load(open_(domain_hash_map_fl)) self.vault_fl = vault_fl self.mp = mp self.initialize_vault(mp) self.dte = DTE(self.pcfg.decode_grammar(self.H)) #print_err (self.dte.G) def get_domain_index(self, d): h = SHA256.new() h.update(d) d_hash = h.hexdigest()[:32] try: i = self.domain_hash_map[d_hash] if i > self.s1: raise KeyError else: return i except KeyError: sys.stderr.write('WARNING! S1 miss for %s\n' % d) x = struct.unpack('8I', h.digest())[0] return self.s1 + x % self.s2 def initialize_vault(self, mp): vd = VaultDistribution() if not os.path.exists(self.vault_fl): buf = rnd_source.read(hny_config.HONEY_VAULT_ENCODING_SIZE * 4) t_s = struct.unpack('!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE, buf) self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE] t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:] self.S = [ t_s[i * hny_config.PASSWORD_LENGTH:(i + 1) * hny_config.PASSWORD_LENGTH] for i in range(self.s) ] #buf = struct.unpack('!%sI' % self.mpass_set_size, rnd_source.read(self.mpass_set_size)) # self.machine_pass_set = \ # list(''.join(["{0:08b}".format(x) # for x in struct.unpack( # "%sB" % self.mpass_set_size, buf)])) # assert len(self.machine_pass_set) >= len(self.S) self.machine_pass_set = list('0' * (self.mpass_set_size * 8)) k = int(math.ceil(hny_config.HONEY_VAULT_STORAGE_SIZE * \ hny_config.MACHINE_GENRATED_PASS_PROB/1000.0)) for i in random.sample(range(hny_config.HONEY_VAULT_STORAGE_SIZE), k): self.machine_pass_set[i] = '1' self.salt = rnd_source.read(8) self.save(mp) else: self.load(mp) def gen_password(self, mp, domain_list, size=10): r_dte = DTE_random() reply = [] for d in domain_list: i = self.get_domain_index(d) p, encoding = r_dte.generate_and_encode_password(size) self.S[i] = encoding self.machine_pass_set[i] = '1' reply.append(p) self.save() return OrderedDict(zip(domain_list, reply)) def add_password(self, domain_pw_map): #print self.dte.G nG = copy.deepcopy(self.dte.G) nG.update_grammar(*(domain_pw_map.values())) ndte = DTE(nG) if self.dte and (ndte != self.dte): # if new dte is different then data = [(self.dte, ndte, i, p) for i, p in enumerate(self.S) if self.machine_pass_set[i] == '0'] result = ProcessParallel(copy_from_old_parallel, data, func_load=100) for i, p in enumerate(result): self.S[i] = p self.H = self.pcfg.encode_grammar(nG) #print_err(self.H[:10]) G_ = self.pcfg.decode_grammar(self.H) #print_err("-"*50) #print_err("Original: ", nG, '\n', '='*50) #print_err("After Decoding:", G_) assert G_ == nG for d, p in domain_pw_map.items(): i = self.get_domain_index(d) self.S[i] = ndte.encode_pw(p) self.machine_pass_set[i] = '0' self.dte = ndte def get_password(self, domain_list): pw_list = [] r_dte = DTE_random() for d in domain_list: i = self.get_domain_index(d) if self.machine_pass_set[i] == '1': print_err("Machine Password") pw = r_dte.decode_pw(self.S[i]) else: pw = self.dte.decode_pw(self.S[i]) pw_list.append(pw) return OrderedDict(zip(domain_list, pw_list)) def get_sample_decoding(self): """ check some of the sample decoding to make sure you are not accidentally spoiling the vault """ return [self.dte.decode_pw(self.S[i]) for i in self.sample] def save(self, mp=None): if not mp: mp = self.mp with open(self.vault_fl, 'wb') as fvault: fvault.write(self.salt) buf = list(self.H[:]) for i, a in enumerate(self.S): buf.extend(a) aes = do_crypto_setup(mp, self.salt) fvault.write(aes.encrypt( struct.pack('!%sI' % \ hny_config.HONEY_VAULT_ENCODING_SIZE, *buf)) ) for i in range(self.mpass_set_size): fvault.write( struct.pack( '!B', int(''.join(self.machine_pass_set[i * 8:(i + 1) * 8]), 2))) def load(self, mp): with open(self.vault_fl, 'rb') as fvault: self.salt = fvault.read(8) size_of_int = struct.calcsize('I') aes = do_crypto_setup(mp, self.salt) buf = aes.decrypt( fvault.read(hny_config.HONEY_VAULT_ENCODING_SIZE * size_of_int)) t_s = struct.unpack('!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE, buf) self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE] t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:] self.S = [ t_s[i * hny_config.PASSWORD_LENGTH:(i + 1) * hny_config.PASSWORD_LENGTH] for i in range(self.s) ] buf = fvault.read(self.mpass_set_size) self.machine_pass_set = \ list(''.join(["{0:08b}".format(x) for x in struct.unpack( "%sB" % self.mpass_set_size, buf)])) assert len(self.machine_pass_set) >= len(self.S)