def on_new_file(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
d = get_data_by_id(msg[1])
if d is None:
logger.info("not found", msg[1])
return False
try:
sc = scell.scell_seal(msg[2].encode("UTF-8"))
d = base64.b64decode(sc.decrypt(d[0], msg[3].encode("UTF-8")))
jj = json.loads(d.decode("UTF-8"))
new_id, new_pass = new_file(msg[3])
jj["context"].append({
"type": "file",
"name": "New File",
"desc": "new file",
"id": new_id,
"password": new_pass
})
update_data_by_id(
msg[1],
sc.encrypt(base64.b64encode(json.dumps(jj).encode("UTF-8")),
msg[3].encode("UTF-8")))
ws_response.send_str(
base64.b64encode(
session.wrap("NEW_FILE {}".format(new_id).encode(
"UTF-8"))).decode("UTF-8"))
return True
except Exception:
logger.info("decription_error")
return False
def new_file(context):
c = dbconn.cursor();
passwd=generate_pass();
enc=scell.scell_seal(passwd.encode("UTF-8"));
c.execute("INSERT INTO data (data) VALUES (?)", [sqlite3.Binary(enc.encrypt(base64.b64encode(b"{ \"type\":\"file\",\"name\": \"File\", \"desc\":\"file\",\"context\": []}"), context.encode('utf8'))), ] );
dbconn.commit()
return c.lastrowid, passwd;
def on_update_message(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
try:
sc = scell.scell_seal(msg[2].encode("UTF-8"))
d = sc.encrypt(msg[4].encode("UTF-8"), msg[3].encode("UTF-8"))
update_data_by_id(msg[1], d)
return True
except Exception:
logger.info("decription_error")
return False
def on_update_message(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
try:
sc = scell.scell_seal(msg[2].encode("UTF-8"))
d=sc.encrypt(msg[4].encode("UTF-8"), msg[3].encode("UTF-8"));
update_data_by_id(msg[1], d)
return True
except Exception:
logger.info("decription_error")
return False
def on_auth2_message(msg, ws_response, session, comparator):
try:
data = base64.b64encode(comparator.proceed_compare(base64.b64decode(msg[2]))).decode("UTF-8");
sc = scell.scell_seal(get_user_password(msg[1])[0].encode("UTF-8"))
rr = int.from_bytes((sc.decrypt(get_user_root_id(msg[1]),msg[1].encode("UTF-8"))), byteorder='big');
if comparator.result() != scomparator.SCOMPARATOR_CODES.NOT_MATCH:
ws_response.send_str(base64.b64encode(session.wrap(("AUTH2 "+data+" "+str(rr)).encode("UTF-8"))).decode("UTF-8"));
return True;
except Exception:
a=1
ws_response.send_str(base64.b64encode(session.wrap(b"INVALID_LOGIN")).decode("UTF-8"));
return False
def new_file(context):
c = dbconn.cursor()
passwd = generate_pass()
enc = scell.scell_seal(passwd.encode("UTF-8"))
c.execute("INSERT INTO data (data) VALUES (?)", [
sqlite3.Binary(
enc.encrypt(
base64.b64encode(
b"{ \"type\":\"file\",\"name\": \"File\", \"desc\":\"file\",\"context\": []}"
), context.encode('utf8'))),
])
dbconn.commit()
return c.lastrowid, passwd
def on_get_context_info(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
jj=json.loads(base64.b64decode(msg[2]).decode("UTF-8"));
res="{\"context\":["
for ctx in jj["context_info"]:
sc=scell.scell_seal(ctx["password"].encode("UTF-8"));
d=json.loads(base64.b64decode(sc.decrypt(get_data_by_id(ctx["id"])[0],msg[1].encode("UTF-8"))).decode("UTF-8"));
res+="{\"name\":\""+d["name"]+"\",\"desc\":\""+d["desc"]+"\",\"id\":"+str(ctx["id"])+"}"
if ctx != jj["context_info"][-1]:
res+=",";
res+="]}";
ws_response.send_str(base64.b64encode(session.wrap("GET_CONTEXT {}".format(base64.b64encode(res.encode("UTF-8")).decode("UTF-8")).encode("UTF-8"))).decode("UTF-8"));
return True;
def on_get_message(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
d=get_data_by_id(msg[1])
if d is None:
logger.info("not found", msg[1])
return False;
try:
sc = scell.scell_seal(msg[2].encode("UTF-8"))
d=sc.decrypt(d[0], msg[3].encode("UTF-8"));
ws_response.send_str(base64.b64encode(session.wrap("GET {} {}".format(msg[1], d.decode("UTF-8")).encode("UTF-8"))).decode("UTF-8"));
return True
except Exception:
logger.info("decription_error")
return False
def on_get_message(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
d = get_data_by_id(msg[1])
if d is None:
logger.info("not found", msg[1])
return False
try:
sc = scell.scell_seal(msg[2].encode("UTF-8"))
d = sc.decrypt(d[0], msg[3].encode("UTF-8"))
ws_response.send_str(
base64.b64encode(
session.wrap("GET {} {}".format(
msg[1],
d.decode("UTF-8")).encode("UTF-8"))).decode("UTF-8"))
return True
except Exception:
logger.info("decription_error")
return False
def on_auth2_message(msg, ws_response, session, comparator):
try:
data = base64.b64encode(
comparator.proceed_compare(base64.b64decode(
msg[2]))).decode("UTF-8")
sc = scell.scell_seal(get_user_password(msg[1])[0].encode("UTF-8"))
rr = int.from_bytes(
(sc.decrypt(get_user_root_id(msg[1]), msg[1].encode("UTF-8"))),
byteorder='big')
if comparator.result() != scomparator.SCOMPARATOR_CODES.NOT_MATCH:
ws_response.send_str(
base64.b64encode(
session.wrap(("AUTH2 " + data + " " +
str(rr)).encode("UTF-8"))).decode("UTF-8"))
return True
except Exception:
a = 1
ws_response.send_str(
base64.b64encode(session.wrap(b"INVALID_LOGIN")).decode("UTF-8"))
return False
def on_new_file(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
d=get_data_by_id(msg[1])
if d is None:
logger.info("not found", msg[1])
return False;
try:
sc = scell.scell_seal(msg[2].encode("UTF-8"))
d=base64.b64decode(sc.decrypt(d[0], msg[3].encode("UTF-8")));
jj=json.loads(d.decode("UTF-8"));
new_id, new_pass=new_file(msg[3]);
jj["context"].append({"type":"file", "name":"New File","desc":"new file", "id":new_id, "password":new_pass})
update_data_by_id(msg[1], sc.encrypt(base64.b64encode(json.dumps(jj).encode("UTF-8")), msg[3].encode("UTF-8")))
ws_response.send_str(base64.b64encode(session.wrap("NEW_FILE {}".format(new_id).encode("UTF-8"))).decode("UTF-8"));
return True;
except Exception:
logger.info("decription_error")
return False
def on_del(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
d=get_data_by_id(msg[1])
if d is None:
logger.info("not found", msg[1])
return False;
try:
sc = scell.scell_seal(msg[3].encode("UTF-8"))
d=base64.b64decode(sc.decrypt(d[0], msg[4].encode("UTF-8")));
jj=json.loads(d.decode("UTF-8"));
for a in jj["context"]:
if a["id"] == int(msg[2]):
jj["context"].remove(a);
update_data_by_id(msg[1], sc.encrypt(base64.b64encode(json.dumps(jj).encode("UTF-8")), msg[4].encode("UTF-8")))
del_by_id(int(msg[2]));
return True;
except Exception:
logger.info("decription_error")
return False
def on_del(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
d = get_data_by_id(msg[1])
if d is None:
logger.info("not found", msg[1])
return False
try:
sc = scell.scell_seal(msg[3].encode("UTF-8"))
d = base64.b64decode(sc.decrypt(d[0], msg[4].encode("UTF-8")))
jj = json.loads(d.decode("UTF-8"))
for a in jj["context"]:
if a["id"] == int(msg[2]):
jj["context"].remove(a)
update_data_by_id(
msg[1],
sc.encrypt(base64.b64encode(json.dumps(jj).encode("UTF-8")),
msg[4].encode("UTF-8")))
del_by_id(int(msg[2]))
return True
except Exception:
logger.info("decription_error")
return False
def on_get_context_info(msg, ws_response, session, is_authorized):
if not is_authorized:
logger.info("not_authorized")
return False
jj = json.loads(base64.b64decode(msg[2]).decode("UTF-8"))
res = "{\"context\":["
for ctx in jj["context_info"]:
sc = scell.scell_seal(ctx["password"].encode("UTF-8"))
d = json.loads(
base64.b64decode(
sc.decrypt(
get_data_by_id(ctx["id"])[0],
msg[1].encode("UTF-8"))).decode("UTF-8"))
res += "{\"name\":\"" + d["name"] + "\",\"desc\":\"" + d[
"desc"] + "\",\"id\":" + str(ctx["id"]) + "}"
if ctx != jj["context_info"][-1]:
res += ","
res += "]}"
ws_response.send_str(
base64.b64encode(
session.wrap("GET_CONTEXT {}".format(
base64.b64encode(res.encode("UTF-8")).decode("UTF-8")).encode(
"UTF-8"))).decode("UTF-8"))
return True
def testSealWithContext(self):
with self.assertRaises(themis_exception):
scell.scell_seal("")
with self.assertRaises(TypeError):
scell.scell_seal(None)
with self.assertRaises(TypeError):
scell.scell_seal(112233)
enc = scell.scell_seal(self.key)
with self.assertRaises(themis_exception):
enc.encrypt("", self.context)
with self.assertRaises(TypeError):
enc.encrypt(None, self.context)
encrypted_message = enc.encrypt(self.message, self.context)
with self.assertRaises(themis_exception):
enc.decrypt(b"".join([encrypted_message, b"11"]), self.context)
with self.assertRaises(themis_exception):
enc.decrypt(encrypted_message)
with self.assertRaises(themis_exception):
enc.decrypt(encrypted_message, None)
with self.assertRaises(themis_exception):
enc.decrypt(encrypted_message, b"".join([self.context, b"11"]))
decrypted_message = enc.decrypt(encrypted_message, self.context)
self.assertEqual(self.message, decrypted_message)
def testSealWithContext(self):
with self.assertRaises(themis_exception):
scell.scell_seal("")
with self.assertRaises(TypeError):
scell.scell_seal(None)
with self.assertRaises(TypeError):
scell.scell_seal(112233)
enc = scell.scell_seal(self.key)
with self.assertRaises(themis_exception):
enc.encrypt("", self.context)
with self.assertRaises(TypeError):
enc.encrypt(None, self.context)
encrypted_message = enc.encrypt(self.message, self.context)
with self.assertRaises(themis_exception):
enc.decrypt(b"".join([encrypted_message, b"11"]), self.context)
with self.assertRaises(themis_exception):
enc.decrypt(encrypted_message)
with self.assertRaises(themis_exception):
enc.decrypt(encrypted_message, None)
with self.assertRaises(themis_exception):
enc.decrypt(encrypted_message, b"".join([self.context, b"11"]))
decrypted_message = enc.decrypt(encrypted_message, self.context)
self.assertEqual(self.message, decrypted_message)
else:
if node.text != None:
node.text = base64.b64encode(
enc.encrypt(node.text, context + "/" + node.tag))
#encrypt leaf data and replace it in file by base64 encoding
def dec_children(node, context):
if len(node) != 0:
for i in range(0, len(node)):
dec_children(node[i], context + "/" + node.tag)
else:
if node.text != None:
node.text = enc.decrypt(base64.b64decode(node.text),
context + "/" + node.tag)
#decrypt base64 encoded leaf data and replace it by plain value
#encoding file data.xml and save result to encoded_data.xml
tree = ET.parse('data.xml')
root = tree.getroot()
enc = scell.scell_seal(password)
enc_children(root, "")
tree.write("encoded_data.xml")
#decoding file encoded_data.xml and save result to decoded_data.xml
tree2 = ET.parse('encoded_data.xml')
root2 = tree2.getroot()
dec_children(root2, "")
tree2.write("decoded_data.xml")
import sqlite3
import sys
from pythemis import scell
import binascii
import base64
if len(sys.argv) != 3:
print("Usage: add_user.py <username> <password>");
exit();
dbconn = sqlite3.connect('sesto.db');
c = dbconn.cursor()
try:
c = dbconn.cursor()
# Create table
c.execute('''CREATE TABLE users (user text, password text, root_id blob)''');
c.execute('''CREATE TABLE data (id INTEGER PRIMARY KEY AUTOINCREMENT, data blob)''');
dbconn.commit()
except sqlite3.OperationalError:
a=1;
c.execute('SELECT user FROM users WHERE user=?', [sys.argv[1]]);
if c.fetchone() is not None:
print("User with name \"{}\" is always present in db".format(sys.argv[1]))
else:
enc=scell.scell_seal(sys.argv[2].encode('utf8'))
c.execute("INSERT INTO data (data) VALUES (?)", [sqlite3.Binary(enc.encrypt(base64.b64encode(b"{ \"type\":\"folder\",\"name\": \"root\", \"desc\":\"root folder\",\"context\": []}"), sys.argv[1].encode('utf8'))), ] );
c.execute("Insert INTO users (user, password, root_id) VALUES (?, ?, ?)", [sys.argv[1], sys.argv[2], sqlite3.Binary(enc.encrypt(c.lastrowid.to_bytes(4, byteorder='big'), sys.argv[1].encode('utf8'))), ]);
dbconn.commit()
print("user \"{}\" added successfully".format(sys.argv[1]));
def enc_children(node, context):
if len(node)!=0:
for i in range(0, len(node)):
enc_children(node[i], context+"/"+node.tag);
else:
if node.text!=None:
node.text=base64.b64encode(enc.encrypt(node.text, context+"/"+node.tag)); #encrypt leaf data and replace it in file by base64 encoding
def dec_children(node, context):
if len(node)!=0:
for i in range(0, len(node)):
dec_children(node[i], context+"/"+node.tag);
else:
if node.text!=None:
node.text=enc.decrypt(base64.b64decode(node.text), context+"/"+node.tag); #decrypt base64 encoded leaf data and replace it by plain value
#encoding file data.xml and save result to encoded_data.xml
tree = ET.parse('data.xml');
root = tree.getroot();
enc=scell.scell_seal(password);
enc_children(root, "");
tree.write("encoded_data.xml");
#decoding file encoded_data.xml and save result to decoded_data.xml
tree2 = ET.parse('encoded_data.xml');
root2 = tree2.getroot();
dec_children(root2, "");
tree2.write("decoded_data.xml");
import postgresql
from pythemis import scell
#connect to bd
db = postgresql.open('pq://localhost:5432/test')
#load module
db.execute("CREATE EXTENSION IF NOT EXISTS pg_themis")
#scell encrypt by pg_themis
stmt = db.prepare("select pg_themis_scell_encrypt_seal($1::bytea, $2::bytea)")
enc_data = stmt.first(b"data", b"password")
print(enc_data)
#scell decrypt by pythemis
enc = scell.scell_seal(b"password")
data = enc.decrypt(enc_data)
print(data)
#scell encrypt by pythemis
enc_data = enc.encrypt(b"data2")
print(enc_data)
#scell decrypt by pg_themis
stmt = db.prepare("select pg_themis_scell_decrypt_seal($1::bytea, $2::bytea)")
print(stmt.first(enc_data, b"password"))
#smessage encrypt
stmt = db.prepare("select pg_themis_smessage_encrypt($1::bytea, $2::bytea)")
enc_data = stmt.first(b"data", b"\x55\x45\x43\x32\x00\x00\x00\x2d\x6b\xbb\x79\x79\x03\xfa\xb7\x33\x3a\x4d\x6e\xb7\xc2\x59\xde\x78\x96\xfa\x69\xe6\x63\x86\x91\xc2\x65\xa0\x92\xf6\x5a\x22\x3c\xa9\x8e\xc9\xa7\x35\x42")
