added work on faster and safer database for blocks and general KV

This commit is contained in:
Kevin Froman 2020-12-30 07:48:19 +00:00
parent 46041baebb
commit 27085845eb
2 changed files with 51 additions and 8 deletions

View File

@ -11,7 +11,7 @@ _rinseoff = f"{app_root}/src/rinseoff/rinseoffcli"
def generate_secure_string_key_file(): def generate_key_file():
if os.path.exists(secure_erase_key_file): if os.path.exists(secure_erase_key_file):
raise FileExistsError raise FileExistsError
@ -34,7 +34,7 @@ def generate_secure_string_key_file():
def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes: def protect_string(plaintext: Union[bytes, bytearray, str]) -> bytes:
"""Create a "secure" string. Dont really rely on this, and dont use for comms """Create a "secure" string. Dont really rely on this, and dont use for comms
This is just to make forensics a little harder""" This is just to make forensics a little harder"""
@ -43,7 +43,6 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
except AttributeError: except AttributeError:
pass pass
process = subprocess.Popen( process = subprocess.Popen(
["dotnet", "run", ["dotnet", "run",
"--project", _rinseoff, "--project", _rinseoff,
@ -56,7 +55,27 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
if res[0] and not res[1]: if res[0] and not res[1]:
return res[0] return res[0]
else: else:
logger.warn("Error when encrypting plaintext", terminal=True) logger.warn("Error when protecting string for database", terminal=True)
for line in res[1].decode('utf-8').split('\n'): for line in res[1].decode('utf-8').split('\n'):
logger.error(line, terminal=True) logger.error(line, terminal=True)
raise subprocess.CalledProcessError raise subprocess.CalledProcessError
def unprotect_string(ciphertext: Union[bytes, bytearray]) -> bytes:
process = subprocess.Popen(
["dotnet", "run",
"--project", _rinseoff,
"load", "stdin", f"{secure_erase_key_file}"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
res = process.communicate(ciphertext)
if res[0] and not res[1]:
return res[0]
else:
logger.warn(
"Error when decrypting ciphertext from database", terminal=True)
for line in res[1].decode('utf-8').split('\n'):
logger.error(line, terminal=True)
raise subprocess.CalledProcessError

View File

@ -11,23 +11,47 @@ import unittest, json
from utils import identifyhome, createdirs from utils import identifyhome, createdirs
from onionrsetup import setup_config from onionrsetup import setup_config
from safedb import securestring from safedb import securestring
import subprocess
from nacl.secret import SecretBox
import filepaths import filepaths
createdirs.create_dirs() createdirs.create_dirs()
setup_config() setup_config()
_rinseoff = f"{filepaths.app_root}/src/rinseoff/rinseoffcli"
class TestSecureString(unittest.TestCase): class TestSecureString(unittest.TestCase):
def test_keyfile_gen(self): def test_keyfile_gen(self):
assert not os.path.exists(filepaths.secure_erase_key_file) assert not os.path.exists(filepaths.secure_erase_key_file)
securestring.generate_secure_string_key_file() securestring.generate_key_file()
assert os.path.exists(filepaths.secure_erase_key_file) assert os.path.exists(filepaths.secure_erase_key_file)
def test_secure_string_encrypt(self): def test_protect_string(self):
with open(filepaths.secure_erase_key_file, 'wb') as ef: with open(filepaths.secure_erase_key_file, 'wb') as ef:
ef.write(os.urandom(32)) ef.write(os.urandom(32))
pt = "hello world" pt = "hello world"
enc = securestring.secure_string_create(pt) enc = securestring.protect_string(pt)
self.assertTrue(len(enc) > len(pt)) self.assertTrue(len(enc) > len(pt))
def test_unprotect_string(self):
key = os.urandom(32)
with open(filepaths.secure_erase_key_file, 'wb') as ef:
ef.write(key)
msg = b"test hello world"
box = SecretBox(key)
enc = box.encrypt(msg)
nonce = enc.nonce
enc = nonce + enc.ciphertext
p = subprocess.Popen(
["dotnet", "run",
"--project", _rinseoff,
"load", "stdin", f"{filepaths.secure_erase_key_file}"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
res = p.communicate(enc)
self.assertTrue(res[0] == msg)
unittest.main() unittest.main()