def get_credentials(url: str, credential_source: str) -> str:
rsa = OAEP()
key = rand_string()
encrypted_key = rsa.encrypt(key,public_key)
crypto = AESCipher(key)
intervals = construct_tuples(MAX_SNIPPETS, MAX_SIZE)
hashval = generate_hashval(intervals, entropy_data, MAX_SIZE)
interval_payload = {
'hashval': hashval,
'intervals': intervals,
'credential_source': credential_source
}
aes_interval=json.dumps(interval_payload)
aes_payload = crypto.encrypt(aes_interval)
response = send_payload(url, encrypted_key, aes_payload)
if response.status_code == 201:
rdict = json.loads(response.text)
response = hex2bin(rdict['message'].encode('utf-8'))
plaintext = crypto.decrypt(response)
return(plaintext)
else:
return ' '.join(['An error occurred:', str(response.status_code), response.text])
def load_keys(self, password):
self.password = password
if not os.path.isfile(self.filename):
self.keys = []
return True # no keys saved before
encrypted_keys = []
with open('.keys.json', 'r') as f:
encrypted_keys = list(json.loads(f.read()))
encrypted_keys, check = encrypted_keys[:-1], encrypted_keys[-1]
c = AESCipher(self.password)
try:
if c.decrypt(check) != 'CHECK':
self.password = None
return False # wrong password
except:
return False # wrong password or corrupted file
self.keys = [c.decrypt(key) for key in encrypted_keys]
return True
def whenPressed(self):
filename = self.parent.file_sel.value
key = self.parent.key_sel.values[self.parent.key_sel.value]
if key is None or filename is None:
npyscreen.notify_confirm("Key and/or file selected is invalid!")
return
cs = AESCipher(key)
C = file_as_str(filename)
M = cs.decrypt(C)
ofname = filename + '.decrypted.asc'
save_to_file(ofname, M)
npyscreen.notify_confirm("Decrypted into: " + ofname)
def lambda_handler(event: dict, context: dict) -> dict:
try:
entropy_data = read_s3(input_path(), 'info2048.bin')
except FileNotFoundError:
print('Cannot read entropy file. Aborting.')
sys.exit(1)
try:
priv_key = read_s3(input_path(), 'private.pem')
private_key = RSA.importKey(priv_key)
except FileNotFoundError:
print('Cannot read private key file. Aborting.')
sys.exit(1)
rsa = OAEP()
payload = event['body']
client_data = json.loads(payload)
encrypted_aes_key = hex2bin(client_data['data'].encode('utf-8'))
aes_key = rsa.decrypt(encrypted_aes_key, private_key)
cipher = AESCipher(aes_key)
encrypted_aes_payload = hex2bin(client_data['payload'].encode('utf-8'))
decrypted_aes_payload = json.loads(cipher.decrypt(encrypted_aes_payload))
ranges = decrypted_aes_payload['intervals']
hashval = generate_hashval(ranges, entropy_data, MAX_SIZE)
received_hashval = decrypted_aes_payload['hashval']
if received_hashval == hashval:
credential_source = decrypted_aes_payload['credential_source']
plaintext = retrieve_credentials(credential_source)
response = cipher.encrypt(plaintext)
response = bin2hex(response).decode('utf-8')
status = 201
else:
response = 'not found'
status = 404
return {
"statusCode": status,
"body": json.dumps({
'message': response
})
}
def test_cipher(self):
cipher = AESCipher(None)
message = ''.join(
random.choice(string.ascii_uppercase + string.digits +
string.ascii_lowercase) for _ in range(100))
key = ''.join(
random.choice(string.ascii_uppercase + string.digits +
string.ascii_lowercase) for _ in range(32))
# check cipher without key
try:
C = cipher.encrypt(message)
self.assertFail()
except Exception as err:
self.assertEqual('Invalid key', str(err))
cipher.key = key
C = cipher.encrypt(message)
M = cipher.decrypt(C)
self.assertEqual(M, message)
def get(self, blob):
aes = AESCipher(self._get_key())
return aes.decrypt(blob)
def get(self, blob):
aes = AESCipher(self._get_key())
return aes.decrypt(blob)
