Exemplo n.º 1
0
 def __init__(self, vault_fl, mp):
     self.pcfg = DTE_large()
     domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST
     self.domain_hash_map = json.load(open_(domain_hash_map_fl))
     self.vault_fl = vault_fl
     self.mp = mp
     self.initialize_vault(mp)
     self.dte = DTE(self.pcfg.decode_grammar(self.H))
Exemplo n.º 2
0
 def __init__(self, vault_fl, mp):
     self.pcfg = DTE_large()
     domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST
     self.domain_hash_map = json.load(open_(domain_hash_map_fl))
     self.vault_fl = vault_fl
     self.mp = mp
     self.initialize_vault(mp)
     self.dte = DTE(self.pcfg.decode_grammar(self.H))
Exemplo n.º 3
0
class HoneyVault:
    s1 = hny_config.HONEY_VAULT_S1
    s2 = hny_config.HONEY_VAULT_S2
    s_g = hny_config.HONEY_VAULT_GRAMMAR_SIZE
    s = hny_config.HONEY_VAULT_STORAGE_SIZE
    vault_total_size = hny_config.HONEY_VAULT_ENCODING_SIZE
    sample = [10,19,20,31]
    mpass_set_size = hny_config.HONEY_VAULT_MACHINE_PASS_SET_SIZE

    def __init__(self, vault_fl, mp):
        self.pcfg = DTE_large()
        domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST
        self.domain_hash_map = json.load(open_(domain_hash_map_fl))
        self.vault_fl = vault_fl
        self.mp = mp
        self.initialize_vault(mp)
        self.dte = DTE(self.pcfg.decode_grammar(self.H))
        #print_err (self.dte.G)
        
    def get_domain_index(self, d):
        h = SHA256.new()
        h.update(d)
        d_hash = h.hexdigest()[:32]
        try:
            i = self.domain_hash_map[d_hash]
            if i>self.s1: 
                raise KeyError;
            else: return i
        except KeyError:
            sys.stderr.write('WARNING! S1 miss for %s\n' % d)
            x = struct.unpack('8I', h.digest())[0]
            return self.s1 + x % self.s2

    def initialize_vault(self, mp):
        vd = VaultDistribution()
        if not os.path.exists(self.vault_fl):
            buf = rnd_source.read(hny_config.HONEY_VAULT_ENCODING_SIZE * 4)
            t_s = struct.unpack(
                '!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE, buf)
            self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE]
            t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:]
            self.S = [t_s[i*hny_config.PASSWORD_LENGTH:(i+1)*hny_config.PASSWORD_LENGTH]
                      for i in range(self.s)]
            #buf = struct.unpack('!%sI' % self.mpass_set_size, rnd_source.read(self.mpass_set_size))
            # self.machine_pass_set = \
            #     list(''.join(["{0:08b}".format(x) 
            #                   for x in struct.unpack(
            #                     "%sB" % self.mpass_set_size, buf)]))
            # assert len(self.machine_pass_set) >= len(self.S)
            self.machine_pass_set = list('0'*(self.mpass_set_size*8))
            k = int(math.ceil(hny_config.HONEY_VAULT_STORAGE_SIZE * \
                                  hny_config.MACHINE_GENRATED_PASS_PROB/1000.0))
            for i in random.sample(range(hny_config.HONEY_VAULT_STORAGE_SIZE), k):
                self.machine_pass_set[i] = '1'
            self.salt = rnd_source.read(8)
            self.save(mp)
        else:
            self.load(mp)

    def gen_password(self, mp, domain_list, size=10):
        r_dte = DTE_random()
        reply = []
        for d in domain_list:
            i = self.get_domain_index(d)
            p, encoding = r_dte.generate_and_encode_password(size)
            self.S[i] = encoding
            self.machine_pass_set[i] = '1'
            reply.append(p)
            self.save()
        return OrderedDict(zip(domain_list, reply))
    
    def add_password(self, domain_pw_map):
        #print self.dte.G
        nG = copy.deepcopy(self.dte.G)
        nG.update_grammar(*(domain_pw_map.values()))
        ndte = DTE(nG)
        if self.dte and (ndte != self.dte):
            # if new dte is different then
            data = [(self.dte, ndte, i, p)
                        for i,p in enumerate(self.S)
                        if self.machine_pass_set[i] == '0']            
            result = ProcessParallel(copy_from_old_parallel, data, func_load=100)
            for i, p in enumerate(result):
                self.S[i] = p
            self.H = self.pcfg.encode_grammar(nG)
            #print_err(self.H[:10])
            G_ = self.pcfg.decode_grammar(self.H)
            #print_err("-"*50)
            #print_err("Original: ", nG, '\n', '='*50)
            #print_err("After Decoding:", G_)
            assert G_ == nG
        for d,p in domain_pw_map.items():
            i = self.get_domain_index(d)
            self.S[i] = ndte.encode_pw(p)
            self.machine_pass_set[i] = '0'
        self.dte = ndte
        
    def get_password(self, domain_list):
        pw_list = []
        r_dte = DTE_random()
        for d in domain_list:
            i = self.get_domain_index(d)
            if self.machine_pass_set[i] == '1':
                print_err("Machine Password")
                pw = r_dte.decode_pw(self.S[i])
            else:
                pw = self.dte.decode_pw(self.S[i])
            pw_list.append(pw)
        return OrderedDict(zip(domain_list, pw_list)) 

    def get_sample_decoding(self):
        """
        check some of the sample decoding to make sure you are
        not accidentally spoiling the vault
        """
        return [self.dte.decode_pw(self.S[i]) for i in self.sample]

    def save(self, mp=None):
        if not mp:
            mp = self.mp
        with open(self.vault_fl, 'wb') as fvault:
            fvault.write(self.salt)
            buf = list(self.H[:])
            for i, a in enumerate(self.S):
                buf.extend(a)
            aes = do_crypto_setup(mp, self.salt)
            fvault.write(aes.encrypt(
                    struct.pack('!%sI' % \
                                    hny_config.HONEY_VAULT_ENCODING_SIZE, 
                                *buf))
                         )
            for i in range(self.mpass_set_size):
                fvault.write(struct.pack('!B', int(
                            ''.join(self.machine_pass_set[i*8:(i+1)*8]), 2)))
                
    def load(self, mp):
        with open(self.vault_fl, 'rb') as fvault:
            self.salt = fvault.read(8)
            size_of_int = struct.calcsize('I')
            aes = do_crypto_setup(mp, self.salt)
            buf = aes.decrypt(
                fvault.read(hny_config.HONEY_VAULT_ENCODING_SIZE * size_of_int))
            t_s = struct.unpack(
                '!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE, buf)
            self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE]
            t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:]
            self.S = [t_s[i*hny_config.PASSWORD_LENGTH:(i+1)*hny_config.PASSWORD_LENGTH]
                      for i in range(self.s)]
            buf = fvault.read(self.mpass_set_size)
            self.machine_pass_set = \
                list(''.join(["{0:08b}".format(x) 
                              for x in struct.unpack(
                                "%sB" % self.mpass_set_size, buf)]))
            assert len(self.machine_pass_set) >= len(self.S)
Exemplo n.º 4
0
class HoneyVault:
    s1 = hny_config.HONEY_VAULT_S1
    s2 = hny_config.HONEY_VAULT_S2
    s_g = hny_config.HONEY_VAULT_GRAMMAR_SIZE
    s = hny_config.HONEY_VAULT_STORAGE_SIZE
    vault_total_size = hny_config.HONEY_VAULT_ENCODING_SIZE
    sample = [10, 19, 20, 31]
    mpass_set_size = hny_config.HONEY_VAULT_MACHINE_PASS_SET_SIZE

    def __init__(self, vault_fl, mp):
        self.pcfg = DTE_large()
        domain_hash_map_fl = hny_config.STATIC_DOMAIN_HASH_LIST
        self.domain_hash_map = json.load(open_(domain_hash_map_fl))
        self.vault_fl = vault_fl
        self.mp = mp
        self.initialize_vault(mp)
        self.dte = DTE(self.pcfg.decode_grammar(self.H))
        #print_err (self.dte.G)

    def get_domain_index(self, d):
        h = SHA256.new()
        h.update(d)
        d_hash = h.hexdigest()[:32]
        try:
            i = self.domain_hash_map[d_hash]
            if i > self.s1:
                raise KeyError
            else:
                return i
        except KeyError:
            sys.stderr.write('WARNING! S1 miss for %s\n' % d)
            x = struct.unpack('8I', h.digest())[0]
            return self.s1 + x % self.s2

    def initialize_vault(self, mp):
        vd = VaultDistribution()
        if not os.path.exists(self.vault_fl):
            buf = rnd_source.read(hny_config.HONEY_VAULT_ENCODING_SIZE * 4)
            t_s = struct.unpack('!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE,
                                buf)
            self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE]
            t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:]
            self.S = [
                t_s[i * hny_config.PASSWORD_LENGTH:(i + 1) *
                    hny_config.PASSWORD_LENGTH] for i in range(self.s)
            ]
            #buf = struct.unpack('!%sI' % self.mpass_set_size, rnd_source.read(self.mpass_set_size))
            # self.machine_pass_set = \
            #     list(''.join(["{0:08b}".format(x)
            #                   for x in struct.unpack(
            #                     "%sB" % self.mpass_set_size, buf)]))
            # assert len(self.machine_pass_set) >= len(self.S)
            self.machine_pass_set = list('0' * (self.mpass_set_size * 8))
            k = int(math.ceil(hny_config.HONEY_VAULT_STORAGE_SIZE * \
                                  hny_config.MACHINE_GENRATED_PASS_PROB/1000.0))
            for i in random.sample(range(hny_config.HONEY_VAULT_STORAGE_SIZE),
                                   k):
                self.machine_pass_set[i] = '1'
            self.salt = rnd_source.read(8)
            self.save(mp)
        else:
            self.load(mp)

    def gen_password(self, mp, domain_list, size=10):
        r_dte = DTE_random()
        reply = []
        for d in domain_list:
            i = self.get_domain_index(d)
            p, encoding = r_dte.generate_and_encode_password(size)
            self.S[i] = encoding
            self.machine_pass_set[i] = '1'
            reply.append(p)
            self.save()
        return OrderedDict(zip(domain_list, reply))

    def add_password(self, domain_pw_map):
        #print self.dte.G
        nG = copy.deepcopy(self.dte.G)
        nG.update_grammar(*(domain_pw_map.values()))
        ndte = DTE(nG)
        if self.dte and (ndte != self.dte):
            # if new dte is different then
            data = [(self.dte, ndte, i, p) for i, p in enumerate(self.S)
                    if self.machine_pass_set[i] == '0']
            result = ProcessParallel(copy_from_old_parallel,
                                     data,
                                     func_load=100)
            for i, p in enumerate(result):
                self.S[i] = p
            self.H = self.pcfg.encode_grammar(nG)
            #print_err(self.H[:10])
            G_ = self.pcfg.decode_grammar(self.H)
            #print_err("-"*50)
            #print_err("Original: ", nG, '\n', '='*50)
            #print_err("After Decoding:", G_)
            assert G_ == nG
        for d, p in domain_pw_map.items():
            i = self.get_domain_index(d)
            self.S[i] = ndte.encode_pw(p)
            self.machine_pass_set[i] = '0'
        self.dte = ndte

    def get_password(self, domain_list):
        pw_list = []
        r_dte = DTE_random()
        for d in domain_list:
            i = self.get_domain_index(d)
            if self.machine_pass_set[i] == '1':
                print_err("Machine Password")
                pw = r_dte.decode_pw(self.S[i])
            else:
                pw = self.dte.decode_pw(self.S[i])
            pw_list.append(pw)
        return OrderedDict(zip(domain_list, pw_list))

    def get_sample_decoding(self):
        """
        check some of the sample decoding to make sure you are
        not accidentally spoiling the vault
        """
        return [self.dte.decode_pw(self.S[i]) for i in self.sample]

    def save(self, mp=None):
        if not mp:
            mp = self.mp
        with open(self.vault_fl, 'wb') as fvault:
            fvault.write(self.salt)
            buf = list(self.H[:])
            for i, a in enumerate(self.S):
                buf.extend(a)
            aes = do_crypto_setup(mp, self.salt)
            fvault.write(aes.encrypt(
                    struct.pack('!%sI' % \
                                    hny_config.HONEY_VAULT_ENCODING_SIZE,
                                *buf))
                         )
            for i in range(self.mpass_set_size):
                fvault.write(
                    struct.pack(
                        '!B',
                        int(''.join(self.machine_pass_set[i * 8:(i + 1) * 8]),
                            2)))

    def load(self, mp):
        with open(self.vault_fl, 'rb') as fvault:
            self.salt = fvault.read(8)
            size_of_int = struct.calcsize('I')
            aes = do_crypto_setup(mp, self.salt)
            buf = aes.decrypt(
                fvault.read(hny_config.HONEY_VAULT_ENCODING_SIZE *
                            size_of_int))
            t_s = struct.unpack('!%sI' % hny_config.HONEY_VAULT_ENCODING_SIZE,
                                buf)
            self.H = t_s[:hny_config.HONEY_VAULT_GRAMMAR_SIZE]
            t_s = t_s[hny_config.HONEY_VAULT_GRAMMAR_SIZE:]
            self.S = [
                t_s[i * hny_config.PASSWORD_LENGTH:(i + 1) *
                    hny_config.PASSWORD_LENGTH] for i in range(self.s)
            ]
            buf = fvault.read(self.mpass_set_size)
            self.machine_pass_set = \
                list(''.join(["{0:08b}".format(x)
                              for x in struct.unpack(
                                "%sB" % self.mpass_set_size, buf)]))
            assert len(self.machine_pass_set) >= len(self.S)