added work on faster and safer database for blocks and general KV
This commit is contained in:
parent
46041baebb
commit
27085845eb
@ -11,7 +11,7 @@ _rinseoff = f"{app_root}/src/rinseoff/rinseoffcli"
|
||||
|
||||
|
||||
|
||||
def generate_secure_string_key_file():
|
||||
def generate_key_file():
|
||||
if os.path.exists(secure_erase_key_file):
|
||||
raise FileExistsError
|
||||
|
||||
@ -34,7 +34,7 @@ def generate_secure_string_key_file():
|
||||
|
||||
|
||||
|
||||
def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
||||
def protect_string(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
||||
"""Create a "secure" string. Dont really rely on this, and dont use for comms
|
||||
|
||||
This is just to make forensics a little harder"""
|
||||
@ -43,7 +43,6 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
||||
except AttributeError:
|
||||
pass
|
||||
|
||||
|
||||
process = subprocess.Popen(
|
||||
["dotnet", "run",
|
||||
"--project", _rinseoff,
|
||||
@ -56,7 +55,27 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
||||
if res[0] and not res[1]:
|
||||
return res[0]
|
||||
else:
|
||||
logger.warn("Error when encrypting plaintext", terminal=True)
|
||||
logger.warn("Error when protecting string for database", terminal=True)
|
||||
for line in res[1].decode('utf-8').split('\n'):
|
||||
logger.error(line, terminal=True)
|
||||
raise subprocess.CalledProcessError
|
||||
raise subprocess.CalledProcessError
|
||||
|
||||
|
||||
def unprotect_string(ciphertext: Union[bytes, bytearray]) -> bytes:
|
||||
process = subprocess.Popen(
|
||||
["dotnet", "run",
|
||||
"--project", _rinseoff,
|
||||
"load", "stdin", f"{secure_erase_key_file}"],
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE,
|
||||
stdin=subprocess.PIPE)
|
||||
res = process.communicate(ciphertext)
|
||||
|
||||
if res[0] and not res[1]:
|
||||
return res[0]
|
||||
else:
|
||||
logger.warn(
|
||||
"Error when decrypting ciphertext from database", terminal=True)
|
||||
for line in res[1].decode('utf-8').split('\n'):
|
||||
logger.error(line, terminal=True)
|
||||
raise subprocess.CalledProcessError
|
||||
|
@ -11,23 +11,47 @@ import unittest, json
|
||||
from utils import identifyhome, createdirs
|
||||
from onionrsetup import setup_config
|
||||
from safedb import securestring
|
||||
import subprocess
|
||||
from nacl.secret import SecretBox
|
||||
|
||||
import filepaths
|
||||
createdirs.create_dirs()
|
||||
setup_config()
|
||||
|
||||
|
||||
_rinseoff = f"{filepaths.app_root}/src/rinseoff/rinseoffcli"
|
||||
|
||||
class TestSecureString(unittest.TestCase):
|
||||
def test_keyfile_gen(self):
|
||||
assert not os.path.exists(filepaths.secure_erase_key_file)
|
||||
securestring.generate_secure_string_key_file()
|
||||
securestring.generate_key_file()
|
||||
assert os.path.exists(filepaths.secure_erase_key_file)
|
||||
|
||||
def test_secure_string_encrypt(self):
|
||||
def test_protect_string(self):
|
||||
with open(filepaths.secure_erase_key_file, 'wb') as ef:
|
||||
ef.write(os.urandom(32))
|
||||
pt = "hello world"
|
||||
enc = securestring.secure_string_create(pt)
|
||||
enc = securestring.protect_string(pt)
|
||||
self.assertTrue(len(enc) > len(pt))
|
||||
|
||||
def test_unprotect_string(self):
|
||||
key = os.urandom(32)
|
||||
with open(filepaths.secure_erase_key_file, 'wb') as ef:
|
||||
ef.write(key)
|
||||
msg = b"test hello world"
|
||||
box = SecretBox(key)
|
||||
enc = box.encrypt(msg)
|
||||
nonce = enc.nonce
|
||||
enc = nonce + enc.ciphertext
|
||||
p = subprocess.Popen(
|
||||
["dotnet", "run",
|
||||
"--project", _rinseoff,
|
||||
"load", "stdin", f"{filepaths.secure_erase_key_file}"],
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE,
|
||||
stdin=subprocess.PIPE)
|
||||
res = p.communicate(enc)
|
||||
self.assertTrue(res[0] == msg)
|
||||
|
||||
|
||||
unittest.main()
|
||||
|
Loading…
Reference in New Issue
Block a user