added work on faster and safer database for blocks and general KV

src/safedb/securestring/__init__.py

@@ -11,7 +11,7 @@ _rinseoff = f"{app_root}/src/rinseoff/rinseoffcli"
 
 
 
-def generate_secure_string_key_file():
+def generate_key_file():
     if os.path.exists(secure_erase_key_file):
         raise FileExistsError
 
@@ -34,7 +34,7 @@ def generate_secure_string_key_file():
 
 
 
-def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
+def protect_string(plaintext: Union[bytes, bytearray, str]) -> bytes:
     """Create a "secure" string. Dont really rely on this, and dont use for comms
 
     This is just to make forensics a little harder"""
@@ -43,7 +43,6 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
     except AttributeError:
         pass
 
-
     process = subprocess.Popen(
                            ["dotnet", "run",
                             "--project", _rinseoff,
@@ -56,7 +55,27 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
     if res[0] and not res[1]:
         return res[0]
     else:
-        logger.warn("Error when encrypting plaintext", terminal=True)
+        logger.warn("Error when protecting string for database", terminal=True)
+        for line in res[1].decode('utf-8').split('\n'):
+            logger.error(line, terminal=True)
+        raise subprocess.CalledProcessError
+
+
+def unprotect_string(ciphertext: Union[bytes, bytearray]) -> bytes:
+    process = subprocess.Popen(
+                           ["dotnet", "run",
+                            "--project", _rinseoff,
+                            "load", "stdin", f"{secure_erase_key_file}"],
+                           stdout=subprocess.PIPE,
+                           stderr=subprocess.PIPE,
+                           stdin=subprocess.PIPE)
+    res = process.communicate(ciphertext)
+
+    if res[0] and not res[1]:
+        return res[0]
+    else:
+        logger.warn(
+            "Error when decrypting ciphertext from database", terminal=True)
         for line in res[1].decode('utf-8').split('\n'):
             logger.error(line, terminal=True)
         raise subprocess.CalledProcessError

tests/test_secure_string.py

@@ -11,23 +11,47 @@ import unittest, json
 from utils import identifyhome, createdirs
 from onionrsetup import setup_config
 from safedb import securestring
+import subprocess
+from nacl.secret import SecretBox
 
 import filepaths
 createdirs.create_dirs()
 setup_config()
 
+
+_rinseoff = f"{filepaths.app_root}/src/rinseoff/rinseoffcli"
+
 class TestSecureString(unittest.TestCase):
     def test_keyfile_gen(self):
         assert not os.path.exists(filepaths.secure_erase_key_file)
-        securestring.generate_secure_string_key_file()
+        securestring.generate_key_file()
         assert os.path.exists(filepaths.secure_erase_key_file)
 
-    def test_secure_string_encrypt(self):
+    def test_protect_string(self):
         with open(filepaths.secure_erase_key_file, 'wb') as ef:
             ef.write(os.urandom(32))
         pt = "hello world"
-        enc = securestring.secure_string_create(pt)
+        enc = securestring.protect_string(pt)
         self.assertTrue(len(enc) > len(pt))
 
+    def test_unprotect_string(self):
+        key = os.urandom(32)
+        with open(filepaths.secure_erase_key_file, 'wb') as ef:
+            ef.write(key)
+        msg = b"test hello world"
+        box = SecretBox(key)
+        enc = box.encrypt(msg)
+        nonce = enc.nonce
+        enc = nonce + enc.ciphertext
+        p = subprocess.Popen(
+                            ["dotnet", "run",
+                                "--project", _rinseoff,
+                                "load", "stdin", f"{filepaths.secure_erase_key_file}"],
+                            stdout=subprocess.PIPE,
+                            stderr=subprocess.PIPE,
+                            stdin=subprocess.PIPE)
+        res = p.communicate(enc)
+        self.assertTrue(res[0] == msg)
+
 
 unittest.main()