jab2870
/
PappyProxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
A fork of pappy proxy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 Commits
1 Branch
0 Tags
1.1 MiB
Tag: Branch: Tree: 772e7ee507
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '772e7ee507'
${ noResults }
PappyProxy/pappyproxy/crypto.py

209 lines
6.5 KiB
Raw Normal View History Unescape

Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
#!/usr/bin/env python
import crochet
import glob
import os
import pappyproxy
import scrypt
import shutil
import twisted
from . import compress
Tested and fixed file copying from `Crypto.decrypt_project` In the function for grabbing project files (`Config.get_project_files`) I was overcomplicating getting the current working directory. Simplified the process and removed the bug!
9 years ago
from .util import PappyException
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
from base64 import b64encode, b64decode
Added exception handling for failure to decrypt When entering the wrong password, fernet throws an 'InvalidToken' exception. This is now handled, but does not fully shutdown pappy. Working on asking for password multiple times, then shutting down completely after reasonable amount of total tries, e.g. 3.
9 years ago
from cryptography.fernet import Fernet, InvalidToken
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
from twisted.internet import reactor, defer
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
class Crypto(object):
def __init__(self, sessconfig):
self.config = sessconfig
Pep8 corrections
9 years ago
self.archive = sessconfig.archive
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
self.compressor = compress.Compress(sessconfig)
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
self.key = None
self.password = None
self.salt = None
Pep8 corrections
9 years ago
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
def encrypt_project(self):
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
"""
Pep8 corrections
9 years ago
Compress and encrypt the project files,
deleting clear-text files afterwards
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
"""
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
# Leave the crypto working directory
os.chdir('../')
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
self.compressor.compress_project()
Pep8 corrections
9 years ago
# Create project and crypto archive
archive_file = open(self.archive, 'rb')
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
archive_crypt = open(self.config.crypt_file, 'wb')
Pep8 corrections
9 years ago
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
# Get the password and salt, then derive the key
self.crypto_ramp_up()
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
# Encrypt the archive read as a bytestring
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
fern = Fernet(self.key)
crypt_token = fern.encrypt(archive_file.read())
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
archive_crypt.write(crypt_token)
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
# Store the salt for the next decryption
self.create_salt_file()
archive_file.close()
archive_crypt.close()
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
# Delete clear-text files
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
self.delete_clear_files()
Pep8 corrections
9 years ago
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
def decrypt_project(self):
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
"""
Decrypt and decompress the project files
"""
Pep8 corrections
9 years ago
# If project hasn't been encrypted before,
# setup crypt working directory
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
if not os.path.isfile(self.config.crypt_file):
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
os.mkdir(self.config.crypt_dir)
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
project_files = self.config.get_project_files()
for pf in project_files:
shutil.copy2(pf, self.config.crypt_dir)
os.chdir(self.config.crypt_dir)
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
return True
Pep8 corrections
9 years ago
# Otherwise, decrypt and decompress the project
else:
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
archive_crypt = open(self.config.crypt_file, 'rb').read()
archive_file = open(self.config.archive, 'wb')
Pep8 corrections
9 years ago
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
retries = 3
while True:
try:
Pep8 corrections
9 years ago
self.crypto_ramp_up()
fern = Fernet(self.key)
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
archive = fern.decrypt(archive_crypt)
break
except InvalidToken:
print "Invalid password"
retries -= 1
# Quit pappy if user doesn't retry
# or if all retries exhuasted
if not self.confirm_password_retry() or retries <= 0:
Fixed error when user fails to enter correct password Pappy would raise exceptions and continued project in clear-text when the user failed to enter the correct decryption password. Added a boolean status variable to config `crypt_success` that gets set to true when project decrypts correctly, otherwise it is set to false.
9 years ago
self.config.crypt_success = False
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
return False
else:
self.password = None
self.key = None
self.salt = None
Pep8 corrections
9 years ago
pass
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
archive_file.write(archive)
archive_file.close()
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
self.compressor.decompress_project()
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
# Force generation of new salt and crypt archive
self.delete_crypt_files()
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
os.chdir(self.config.crypt_dir)
Fixed error when user fails to enter correct password Pappy would raise exceptions and continued project in clear-text when the user failed to enter the correct decryption password. Added a boolean status variable to config `crypt_success` that gets set to true when project decrypts correctly, otherwise it is set to false.
9 years ago
self.config.crypt_success = True
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
return True
Pep8 corrections
9 years ago
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
def confirm_password_retry(self):
Pep8 corrections
9 years ago
answer = raw_input("Re-enter your password? (y/n)").strip()
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
if answer[0] == "y" or answer[0] == "Y":
return True
else:
return False
Pep8 corrections
9 years ago
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
def crypto_ramp_up(self):
if not self.password:
self.get_password()
self.set_salt()
self.derive_key()
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
def get_password(self):
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
"""
Pep8 corrections
9 years ago
Retrieve password from the user. Raise an exception if the
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
password is not capable of utf-8 encoding.
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
"""
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
encoded_passwd = ""
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
try:
Fixed minor bugs in decrypting project Project now decrypts properly and fails out loudly when incorrect password is supplied. Must supply project name via command line now.
9 years ago
passwd = raw_input("Enter a password: ").strip()
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
self.password = passwd.encode("utf-8")
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
except:
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
raise PappyException("Invalid password, try again")
Pep8 corrections
9 years ago
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
def set_salt(self):
if os.path.isfile(self.config.salt_file):
self.set_salt_from_file()
else:
Pep8 corrections
9 years ago
self.salt = os.urandom(16)
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
def set_salt_from_file(self):
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
try:
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
salt_file = open(self.config.salt_file, 'rb')
self.salt = salt_file.readline().strip()
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
except:
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
raise PappyException("Unable to read project.salt")
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
def create_salt_file(self):
salt_file = open(self.config.salt_file, 'wb')
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
salt_file.write(self.salt)
salt_file.close()
Pep8 corrections
9 years ago
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
def derive_key(self):
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
"""
Derive a key sufficient for use as a cryptographic key
used to encrypt the project (currently: cryptography.Fernet).
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
cryptography.Fernet utilizes AES-CBC-128, requiring a 32-byte key.
Parameter notes from the py-scrypt source-code:
https://bitbucket.org/mhallin/py-scrypt/
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
Compute scrypt(password, salt, N, r, p, buflen).
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
The parameters r, p, and buflen must satisfy r * p < 2^30 and
buflen <= (2^32 - 1) * 32. The parameter N must be a power of 2
greater than 1. N, r and p must all be positive.
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
Notes for Python 2:
- `password` and `salt` must be str instances
- The result will be a str instance
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
Notes for Python 3:
- `password` and `salt` can be both str and bytes. If they are str
instances, they wil be encoded with utf-8.
- The result will be a bytes instance
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
Exceptions raised:
- TypeError on invalid input
- scrypt.error if scrypt failed
"""
Pep8 corrections
9 years ago
Drastically restructured the compression and crypto features Converted the crypto and compression plugins to core features, and added the utility variables and functions to the Config class in ``config.py``. Added helper functions in PappySession class in ``pappy.py`` to enable the user to pass in an encrypted project archive. Next moving to testing and debugging!
9 years ago
try:
Debugging Crypto config and temp directory creation Attempting to get stub file creation and copying working. Fixed syntax errors, and now attempting to get password reading working in the test environment.
9 years ago
if not self.key:
Pep8 corrections
9 years ago
shash = scrypt.hash(self.password, self.salt, buflen=32)
self.key = b64encode(shash)
Minor changes, decrypt project within PappySession Changed to decrypting project to within the PappySession object, instead of in main. More maintainable, and makes more sense.
9 years ago
except TypeError as e:
Tested and fixed file copying from `Crypto.decrypt_project` In the function for grabbing project files (`Config.get_project_files`) I was overcomplicating getting the current working directory. Simplified the process and removed the bug!
9 years ago
raise PappyException("Scrypt failed with type error: ", e)
except scrypt.error, e:
raise PappyException("Scrypt failed with internal error: ", e)
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
def delete_clear_files(self):
"""
Deletes all clear-text files left in the project directory.
"""
shutil.rmtree(self.config.crypt_dir)
os.remove(self.config.archive)
Pep8 corrections
9 years ago
Worked out bugs for crypto mode, it works now! Crypto mode for pappy now works. Still need to work out the kinks for not supplying a project file to `pappy -c`, but when supplied encryption and decryption work.
9 years ago
def delete_crypt_files(self):
"""
Deletes all encrypted-text files in the project directory.
Forces generation of new salt after opening and closing the project.
Adds security in the case of a one-time compromise of the system.
"""
os.remove(self.config.crypt_file)