def _get_key(argl, password):
"""This method decrypts file key from scrypt line arguments.
Args:
argl: scrypt line argument list.
password: password.
Returns:
File key.
"""
# decode salt
salt = encoding._decode(argl[0])
# get cost
try:
n = int(argl[1])
except ValueError:
raise ValueError('Invalid scrypt cost')
# decode encrypted file key
enc_file_key = encoding._decode(argl[2])
# compute key encryption key
kek = scrypt(password.encode("utf-8"),
salt=salt,
n=n,
r=8,
p=1,
maxmem=2**28,
dklen=32)
# decrypt and return file key
return symencrypt._decrypt_key(kek, enc_file_key)
def _put_key(password, n, salt, file_key):
"""This method encrypts file key and returns scrypt line arguments.
Args:
password: password.
n: scrypt cost.
salt: 16-bytes random salt.
file_key: file key.
Returns:
scrypt line argument list.
"""
# compute key encryption key
kek = scrypt(password.encode("utf-8"),
salt=salt,
n=n,
r=8,
p=1,
maxmem=2**28,
dklen=32)
# encrypt file key
enc_file_key = symencrypt._encrypt_key(kek, file_key)
# build and return argument list
argl = [encoding._encode(salt), str(n), encoding._encode(enc_file_key)]
return argl
def _hash_scrypt(password, salt):
password = _convert_to_bytes(password)
salt = _convert_to_bytes(salt)
# old version of globalealeaks have used hexelify in place of base64;
# the function is still used for compatibility reasons
hash = scrypt(password, salt, _GCE.ALGORITM_CONFIGURATION['SCRYPT']['N'])
return binascii.hexlify(hash).decode()
def SecuBoost_KDF(data, salt):
"""SecuBoost key derivation."""
return scrypt(
data.replace(b" ", b""), salt, n=pow(2, 20), r=8, p=8, dklen=64, maxmem=1.5 * pow(2, 30)
)