Пример #1
0
 def encrypt_pin(pin, iv=None, hsm=None):
     """
     returns a concatenated 'iv:crypt'
     """
     if not iv:
         iv = geturandom(16)
     enc_pin = encryptPin(pin, iv=iv, hsm=hsm)
     return enc_pin
Пример #2
0
    def _rollout_1(self, params):
        '''
        do the rollout 1 step

        1. https://linotpserver/admin/init?
            type=ocra&
            genkey=1&
            sharedsecret=1&
            user=BENUTZERNAME&
            session=SESSIONKEY

            =>> "serial" : SERIENNUMMER, "sharedsecret" : DATAOBJECT,
                                         "app_import" : IMPORTURL
            - genSharedSecret - vom HSM oder urandom ?
            - app_import : + linotp://
                           + ocrasuite ->> default aus dem config:
                                                           (DefaultOcraSuite)
                           + sharedsecret (Länge wie ???)
                           + seriennummer
            - seriennummer: uuid ??
            - token wird angelegt ist aber nicht aktiv!!! (counter == 0)

        '''

        sharedSecret = params.get('sharedsecret', None)
        if sharedSecret == '1':
            #  preserve the rollout state
            self.addToTokenInfo('rollout', '1')

            # preserve the current key as sharedSecret
            secObj = self._get_secret_object()
            key = secObj.getKey()
            encSharedSecret = encryptPin(key)
            self.addToTokenInfo('sharedSecret', encSharedSecret)

            info = {}
            uInfo = {}

            info['sharedsecret'] = key
            uInfo['sh'] = key

            info['ocrasuite'] = self.getOcraSuiteSuite()
            uInfo['os'] = self.getOcraSuiteSuite()

            info['serial'] = self.getSerial()
            uInfo['se'] = self.getSerial()

            info['app_import'] = 'lseqr://init?%s' % (urllib.urlencode(uInfo))
            del info['ocrasuite']
            self.info = info

            self.token.LinOtpIsactive = False

        return
Пример #3
0
    def encrypt_pin(pin: str):
        """
        encrypt a given pin

        :param pin:
        :return: a concatenated 'iv:crypt'
        """

        iv = utils.geturandom(16)
        enc_pin = utils.encryptPin(pin.encode("utf-8"), iv=iv)

        return enc_pin
Пример #4
0
    def check_encrypted_pin(pin: str, encrypted_pin: bytes, iv: bytes) -> bool:
        """
        check an encrypted against a given pin

        :param encrypted_pin: hex binary
        :param iv: hex binary iv from former decryption step
        :param pin: string
        :return: boolean
        """

        crypted_pin = utils.encryptPin(pin.encode("utf-8"), iv)

        # TODO: position independend compare
        if encrypted_pin == crypted_pin.encode("utf-8"):
            return True

        return False
Пример #5
0
    def _transform_action(action):
        """
        transform the action, especialy the secret parameter of the url
        """
        servers = []
        name, _sep, values = action.partition('=')
        for value in values.split(' '):
            # decompose the server url to identify, if there is a secret inside
            parsed_server = urlparse.urlparse(value)

            # the urlparse has a bug,, where in elder versions, the
            # path is not split from the query
            if not parsed_server.query:
                path, _sep, query = parsed_server.path.partition('?')
            else:
                path = parsed_server.path
                query = parsed_server.query

            # in gereal url parsing allows mutiple entries per key
            # but we support here only one
            params = urlparse.parse_qs(query)
            for key, entry in params.items():
                params[key] = entry[0]

            # finally we found the query parameters
            if 'secret' in params:
                secret = params['secret']
                params['encsecret'] = encryptPin(secret)
                del params['secret']

            # build the server url with the encrypted param:
            # as the named tuple is not updateable, we have to convert this
            # into an list to make the update and then back to a tuple to
            # create an url from this
            parsed_list = list(parsed_server[:])
            parsed_list[ForwardServerPolicy.Path_index] = path.strip()
            parsed_list[ForwardServerPolicy.Query_index] = \
                                                urllib.urlencode(params)
            server_url = urlparse.urlunparse(tuple(parsed_list))

            servers.append(server_url)

        ret = '='.join([name, ' '.join(servers)])
        return ret
Пример #6
0
 def encryptPin(self):
     self._setupKey_()
     res = encryptPin(self.bkey)
     self._clearKey_(preserve=self.preserve)
     return res