def encrypt(contents):
k = crypto.generate_random_key(32)
v = crypto.generate_random_key(32)
u = crypto.strbitxor(k, v)
ciphertext = crypto.encrypt(contents, k)
try:
recovered = crypto.decrypt(ciphertext, k).decode('utf-8')
except UnicodeDecodeError:
recovered = crypto.decrypt(ciphertext, k)
if recovered != contents:
raise Exception("Test decryption failed")
return {'u': u, 'v': v, 'k': k, 'ciphertext': ciphertext}
def encrypt(contents):
k = crypto.generate_random_key(32)
v = crypto.generate_random_key(32)
u = crypto.strbitxor(k, v)
ciphertext = crypto.encrypt(contents, k)
try:
recovered = crypto.decrypt(ciphertext, k).decode("utf-8")
except UnicodeDecodeError:
recovered = crypto.decrypt(ciphertext, k)
if recovered != contents:
raise Exception("Test decryption failed")
return {"u": u, "v": v, "k": k, "ciphertext": ciphertext}
def random_password(length=20):
rand = crypto.generate_random_key(length)
chars = string.ascii_uppercase + string.digits + string.ascii_lowercase
password = ''
for i in range(length):
password += chars[(rand[i]) % len(chars)]
return password
def read_private(warn=False):
global global_password
if global_password is None:
setpassword(
getpass.getpass(
"Please enter the password to decrypt your keystore: "))
if os.path.exists('private.yml'):
with open('private.yml', 'r') as f:
toread = yaml.load(f, Loader=SafeLoader)
key = crypto.kdf(global_password, toread['salt'])
try:
plain = crypto.decrypt(toread['priv'], key)
except ValueError:
raise Exception("Invalid password for keystore")
return yaml.load(plain, Loader=SafeLoader), toread['salt']
if warn:
# file doesn't exist, just invent a salt
logger.warning("Private certificate data %s does not exist yet." %
os.path.abspath("private.yml"))
logger.warning(
"Keylime will attempt to load private certificate data again when it is needed."
)
return {
'revoked_keys': []
}, base64.b64encode(crypto.generate_random_key()).decode()
def read_private():
global global_password
if global_password is None:
setpassword(getpass.getpass("Please enter the password to decrypt your keystore: "))
if os.path.exists('private.yml'):
with open('private.yml','r') as f:
toread = yaml.load(f, Loader=SafeLoader)
key = crypto.kdf(global_password,toread['salt'])
try:
plain = crypto.decrypt(toread['priv'],key)
except ValueError:
raise Exception("Invalid password for keystore")
return yaml.load(plain, Loader=SafeLoader),toread['salt']
else:
#file doesn't exist, just invent a salt
return {'revoked_keys':[]},base64.b64encode(crypto.generate_random_key()).decode()
def test_xor(self):
k = get_random_bytes(32)
s1 = generate_random_key(32)
s2 = strbitxor(s1, k)
self.assertEqual(strbitxor(s1, s2), k)
