borg/darc/keychain.py

195 lines
6.8 KiB
Python
Raw Normal View History

2010-10-24 19:47:00 +00:00
from getpass import getpass
import hashlib
2010-10-21 22:10:51 +00:00
import os
import msgpack
2010-10-21 22:10:51 +00:00
import zlib
2010-10-24 19:47:00 +00:00
from pbkdf2 import pbkdf2
2010-10-21 22:10:51 +00:00
from Crypto.Cipher import AES
2010-10-23 19:38:42 +00:00
from Crypto.Hash import SHA256, HMAC
from Crypto.PublicKey import RSA
from Crypto.Util import Counter
from Crypto.Util.number import bytes_to_long, long_to_bytes
2010-10-23 19:38:42 +00:00
from .helpers import IntegrityError, zero_pad
2010-10-23 19:38:42 +00:00
from .oaep import OAEP
2010-10-21 22:10:51 +00:00
class Keychain(object):
2010-10-27 18:12:40 +00:00
FILE_ID = 'DARC KEYCHAIN'
CREATE = '\1'
READ = '\2'
def __init__(self, path=None):
self._key_cache = {}
self.read_key = os.urandom(32)
self.create_key = os.urandom(32)
self.counter = Counter.new(64, prefix='\0' * 8)
self.aes_id = self.rsa_read = self.rsa_create = None
2010-10-24 20:13:34 +00:00
self.path = path
if path:
self.open(path)
def get_chunkify_seed(self):
return bytes_to_long(self.aes_id[:4]) & 0x7fffffff
def open(self, path):
2010-10-30 11:44:25 +00:00
print 'Opening keychain "%s"' % path
with open(path, 'rb') as fd:
2010-10-25 18:22:20 +00:00
if fd.read(len(self.FILE_ID)) != self.FILE_ID:
raise ValueError('Not a keychain')
2010-10-24 19:47:00 +00:00
cdata = fd.read()
2010-10-31 20:55:09 +00:00
self.password = ''
2010-11-02 17:33:53 +00:00
data = self.decrypt_keychain(cdata, '')
2010-10-24 19:47:00 +00:00
while not data:
2010-10-24 20:00:46 +00:00
self.password = getpass('Keychain password: ')
if not self.password:
2010-10-24 19:47:00 +00:00
raise Exception('Keychain decryption failed')
2010-11-02 17:33:53 +00:00
data = self.decrypt_keychain(cdata, self.password)
2010-10-24 19:47:00 +00:00
if not data:
2010-10-30 11:44:25 +00:00
print 'Incorrect password'
2010-10-24 19:47:00 +00:00
chain = msgpack.unpackb(data)
assert chain['version'] == 1
self.aes_id = chain['aes_id']
self.rsa_read = RSA.importKey(chain['rsa_read'])
self.rsa_create = RSA.importKey(chain['rsa_create'])
self.read_encrypted = OAEP(256, hash=SHA256).encode(self.read_key, os.urandom(32))
self.read_encrypted = zero_pad(self.rsa_read.encrypt(self.read_encrypted, '')[0], 256)
self.create_encrypted = OAEP(256, hash=SHA256).encode(self.create_key, os.urandom(32))
self.create_encrypted = zero_pad(self.rsa_create.encrypt(self.create_encrypted, '')[0], 256)
def encrypt_keychain(self, data, password):
2010-10-24 19:47:00 +00:00
salt = os.urandom(32)
iterations = 2000
key = pbkdf2(password, salt, 32, iterations, hashlib.sha256)
hash = HMAC.new(key, data, SHA256).digest()
cdata = AES.new(key, AES.MODE_CTR, counter=Counter.new(128)).encrypt(data)
d = {
'version': 1,
'salt': salt,
'iterations': iterations,
'algorithm': 'SHA256',
'hash': hash,
'data': cdata,
}
return msgpack.packb(d)
2010-11-02 17:33:53 +00:00
def decrypt_keychain(self, data, password):
2010-10-24 19:47:00 +00:00
d = msgpack.unpackb(data)
assert d['version'] == 1
assert d['algorithm'] == 'SHA256'
key = pbkdf2(password, d['salt'], 32, d['iterations'], hashlib.sha256)
data = AES.new(key, AES.MODE_CTR, counter=Counter.new(128)).decrypt(d['data'])
if HMAC.new(key, data, SHA256).digest() != d['hash']:
return None
return data
def save(self, path, password):
chain = {
'version': 1,
'aes_id': self.aes_id,
'rsa_read': self.rsa_read.exportKey('PEM'),
'rsa_create': self.rsa_create.exportKey('PEM'),
}
data = self.encrypt_keychain(msgpack.packb(chain), password)
with open(path, 'wb') as fd:
2010-10-25 18:22:20 +00:00
fd.write(self.FILE_ID)
2010-10-24 19:47:00 +00:00
fd.write(data)
2010-10-30 11:44:25 +00:00
print 'Key chain "%s" saved' % path
2010-10-24 20:00:46 +00:00
def restrict(self, path):
if os.path.exists(path):
2010-10-30 11:44:25 +00:00
print '%s already exists' % path
2010-10-24 20:00:46 +00:00
return 1
self.rsa_read = self.rsa_read.publickey()
self.save(path, self.password)
return 0
2010-10-24 20:13:34 +00:00
def chpass(self):
password, password2 = 1, 2
while password != password2:
password = getpass('New password: ')
password2 = getpass('New password again: ')
if password != password2:
2010-10-30 11:44:25 +00:00
print 'Passwords do not match'
2010-10-24 20:13:34 +00:00
self.save(self.path, password)
return 0
@staticmethod
2010-10-24 20:00:46 +00:00
def generate(path):
if os.path.exists(path):
2010-10-30 11:44:25 +00:00
print '%s already exists' % path
2010-10-24 20:00:46 +00:00
return 1
2010-10-24 20:13:34 +00:00
password, password2 = 1, 2
2010-10-24 20:00:46 +00:00
while password != password2:
password = getpass('Keychain password: ')
password2 = getpass('Keychain password again: ')
if password != password2:
2010-10-30 11:44:25 +00:00
print 'Passwords do not match'
chain = Keychain()
2010-10-30 11:44:25 +00:00
print 'Generating keychain'
chain.aes_id = os.urandom(32)
chain.rsa_read = RSA.generate(2048)
chain.rsa_create = RSA.generate(2048)
2010-10-24 19:47:00 +00:00
chain.save(path, password)
2010-10-24 20:00:46 +00:00
return 0
2010-10-21 22:10:51 +00:00
def id_hash(self, data):
"""Return HMAC hash using the "id" AES key
"""
return HMAC.new(self.aes_id, data, SHA256).digest()
2010-10-23 19:38:42 +00:00
def _encrypt(self, id, rsa_key, key, data):
"""Helper function used by `encrypt_read` and `encrypt_create`
"""
2010-10-23 19:38:42 +00:00
data = zlib.compress(data)
nonce = long_to_bytes(self.counter.next_value(), 8)
data = nonce + rsa_key + AES.new(key, AES.MODE_CTR, '', counter=self.counter).encrypt(data)
hash = self.id_hash(data)
return ''.join((id, hash, data)), hash
2010-10-23 19:38:42 +00:00
def encrypt_read(self, data):
"""Encrypt `data` using the AES "read" key
An RSA encrypted version of the AES key is included in the header
"""
return self._encrypt(self.READ, self.read_encrypted, self.read_key, data)
def encrypt_create(self, data, iv=None):
"""Encrypt `data` using the AES "create" key
An RSA encrypted version of the AES key is included in the header
"""
return self._encrypt(self.CREATE, self.create_encrypted, self.create_key, data)
2010-10-23 19:38:42 +00:00
def _decrypt_key(self, data, rsa_key):
"""Helper function used by `decrypt`
"""
try:
return self._key_cache[data]
except KeyError:
self._key_cache[data] = OAEP(256, hash=SHA256).decode(rsa_key.decrypt(data))
return self._key_cache[data]
2010-10-23 19:38:42 +00:00
def decrypt(self, data):
"""Decrypt `data` previously encrypted by `encrypt_create` or `encrypt_read`
"""
2010-10-23 19:38:42 +00:00
type = data[0]
hash = data[1:33]
if self.id_hash(data[33:]) != hash:
raise IntegrityError('Encryption integrity error')
nonce = bytes_to_long(data[33:41])
counter = Counter.new(64, prefix='\0' * 8, initial_value=nonce)
2010-10-23 19:38:42 +00:00
if type == self.READ:
key = self._decrypt_key(data[41:297], self.rsa_read)
2010-10-23 19:38:42 +00:00
elif type == self.CREATE:
2010-11-09 19:48:20 +00:00
key = self._decrypt_key(data[41:297], self.rsa_create)
2010-10-23 19:38:42 +00:00
else:
raise Exception('Unknown pack type %d found' % ord(type))
data = AES.new(key, AES.MODE_CTR, counter=counter).decrypt(data[297:])
return zlib.decompress(data), hash