/src/rho/crypto.py

https://github.com/weshayutin/rho · Python · 147 lines · 120 code · 11 blank · 16 comment · 2 complexity · 74856bf6dac26f425caa167113622075 MD5 · raw file 

    

  1. #
    2. 

  2. # Copyright (c) 2009 Red Hat, Inc.
    3. 

  3. #
    4. 

  4. # This software is licensed to you under the GNU General Public License,
    5. 

  5. # version 2 (GPLv2). There is NO WARRANTY for this software, express or
    6. 

  6. # implied, including the implied warranties of MERCHANTABILITY or FITNESS
    7. 

  7. # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
    8. 

  8. # along with this software; if not, see
    9. 

  9. # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
    10. 

  10. #
    11. 

  11. 

  12. """ Configuration Encryption Module """
    13. 

  13. 

  14. import os.path
    15. 

  15. 

  16. # From the python-crypto package
    17. 

  17. from Crypto.Cipher import Blowfish
    18. 

  18. 

  19. 

  20. class BadKeyException(Exception):
    21. 

  21.     pass
    22. 

  22. 

  23. 

  24. class NoSuchFileException(Exception):
    25. 

  25.     pass
    26. 

  26. 

  27. 

  28. def pad(plaintext):
    29. 

  29.     """
    30. 

  30.     Pad the given plaintext such that it's length is a multiple of 8 bytes.
    31. 

    32. 

  32.     Padding bytes will be equal to the number of padding bytes that are 
    33. 

  33.     required. (i.e. if the string requires 2 padding bytes, those two bytes
    34. 

  34.     will have the value of 0x02)
    35. 

  35. 

  36.     For more information on why this is done: 
    37. 

  37.         http://www.di-mgt.com.au/cryptopad.html
    38. 

  38.     """
    39. 

    40. 

  40.     # Only works on strings, need to throw exception if for instance we get a unicode
    41. 

  41.     if type(plaintext) != type(''):
    42. 

  42.         raise Exception("Can only pad strings.")
    43. 

  43. 

  44.     return_me = plaintext
    45. 

  45.     if len(return_me) % 8 != 0:
    46. 

  46.         padding_needed = 8 - (len(return_me) % 8)
    47. 

  47.         return_me = return_me + str(padding_needed) * padding_needed
    48. 

  48. 

  49.     return return_me
    50. 

  50. 

  51. 

  52. def unpad(plaintext):
    53. 

  53.     """
    54. 

  54.     Remove any padding present on this decrypted string.
    55. 

  55. 

  56.     There is a known problem here, where if the original string did not 
    57. 

  57.     require padding, but ended with a string like "7777777" or "333", we 
    58. 

  58.     cannot tell if that string is padded or was like that to begin with.
    59. 

  59.     In this method we have to assume it's padded and chop them off, but this
    60. 

  60.     is basically a non-issue as we'll only ever be encrypting/decrypting XML
    61. 

  61.     or JSON here, which will never end with integer sequences.
    62. 

  62.     """
    63. 

    64. 

  64.     # Only works on strings, need to throw exception if for instance we get a unicode
    65. 

  65.     if type(plaintext) != type(''):
    66. 

  66.         raise Exception("Can only pad strings.")
    67. 

  67. 

  68.     if len(plaintext) % 8 != 0:
    69. 

  69.         raise Exception("String length not a multiple of 8")
    70. 

  70. 

  71.     return_me = plaintext
    72. 

  72. 

  73.     if plaintext[-1] in ['1', '2', '3', '4', '5', '6', '7']:
    74. 

  74.         # Indicates there could be padding involved:
    75. 

  75.         chop_count = int(plaintext[-1])
    76. 

  76.         chopped_bytes = plaintext[-chop_count]
    77. 

  77.         # If this is padding, all bytes chopped should equal the count:
    78. 

  78.         all_bytes_match = True
    79. 

  79.         for c in chopped_bytes:
    80. 

  80.             if c != plaintext[-1]:
    81. 

  81.                 all_bytes_match = False
    82. 

  82.                 break
    83. 

  83. 

  84.         if all_bytes_match:
    85. 

  85.             chop_to = len(plaintext) - chop_count
    86. 

  86.             return_me = plaintext[0:chop_to]
    87. 

  87. 

  88.     return return_me
    89. 

  89. 

  90. 

  91. def encrypt(plaintext, key):
    92. 

  92.     """
    93. 

  93.     Encrypt the plaintext using the given key. 
    94. 

  94. 

  95.     Uses the Blowfish algorithm. Plaintext will be padded if required.
    96. 

  96.     """
    97. 

  97.     obj = Blowfish.new(key, Blowfish.MODE_CBC)
    98. 

  98. 

  99.     plaintext = pad(plaintext)
    100. 

  100.     ciphertext = obj.encrypt(plaintext)
    101. 

  101.     return ciphertext
    102. 

  102. 

  103. 

  104. def decrypt(ciphertext, key):
    105. 

  105.     """
    106. 

  106.     Decrypt the ciphertext with the given key. 
    107. 

  107.     
    108. 

  108.     Uses the Blowfish algorithm. Padding bytes (if present) will be removed.
    109. 

  109.     """
    110. 

  110.     obj = Blowfish.new(key, Blowfish.MODE_CBC)
    111. 

  111.     decrypted_plaintext = obj.decrypt(ciphertext)
    112. 

  112.     return_me = unpad(decrypted_plaintext)
    113. 

  113. 

  114.     # TODO: is there a way to know decryption failed?
    115. 

  115.     #if return_me is None:
    116. 

  116.     #    # Looks like decryption failed, probably a bad key:
    117. 

  117.     #    raise BadKeyException
    118. 

  118. 

  119.     return return_me
    120. 

  120. 

  121. 

  122. def write_file(filename, plaintext, key):
    123. 

  123.     """ 
    124. 

  124.     Encrypt plaintext with the given key and write to file. 
    125. 

  125.     
    126. 

  126.     Existing file will be overwritten so be careful. 
    127. 

  127.     """
    128. 

  128.     f = open(filename, 'w')
    129. 

  129.     f.write(encrypt(plaintext, key))
    130. 

  130.     f.close()
    131. 

  131. 

  132. 

  133. def read_file(filename, key):
    134. 

  134.     """
    135. 

  135.     Decrypt contents of file with the given key, and return as a string.
    136. 

  136. 

  137.     Assume that we're reading files that we encrypted. (i.e. we're not trying
    138. 

  138.     to read files encrypted manually with gpg)
    139. 

  139.     """
    140. 

  140.     if not os.path.exists(filename):
    141. 

  141.         raise NoSuchFileException()
    142. 

  142. 

  143.     f = open(filename, 'r')
    144. 

  144.     return_me = decrypt(f.read(), key)
    145. 

  145.     f.close()
    146. 

  146.     return return_me
    147.