added work on faster and safer database for blocks and general KV
This commit is contained in:
parent
2eb3e93666
commit
9e01c65c0f
@ -11,7 +11,7 @@ _rinseoff = f"{app_root}/src/rinseoff/rinseoffcli"
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
def generate_secure_string_key_file():
|
def generate_key_file():
|
||||||
if os.path.exists(secure_erase_key_file):
|
if os.path.exists(secure_erase_key_file):
|
||||||
raise FileExistsError
|
raise FileExistsError
|
||||||
|
|
||||||
@ -34,7 +34,7 @@ def generate_secure_string_key_file():
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
def protect_string(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
||||||
"""Create a "secure" string. Dont really rely on this, and dont use for comms
|
"""Create a "secure" string. Dont really rely on this, and dont use for comms
|
||||||
|
|
||||||
This is just to make forensics a little harder"""
|
This is just to make forensics a little harder"""
|
||||||
@ -43,7 +43,6 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
|||||||
except AttributeError:
|
except AttributeError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
process = subprocess.Popen(
|
process = subprocess.Popen(
|
||||||
["dotnet", "run",
|
["dotnet", "run",
|
||||||
"--project", _rinseoff,
|
"--project", _rinseoff,
|
||||||
@ -56,7 +55,27 @@ def secure_string_create(plaintext: Union[bytes, bytearray, str]) -> bytes:
|
|||||||
if res[0] and not res[1]:
|
if res[0] and not res[1]:
|
||||||
return res[0]
|
return res[0]
|
||||||
else:
|
else:
|
||||||
logger.warn("Error when encrypting plaintext", terminal=True)
|
logger.warn("Error when protecting string for database", terminal=True)
|
||||||
for line in res[1].decode('utf-8').split('\n'):
|
for line in res[1].decode('utf-8').split('\n'):
|
||||||
logger.error(line, terminal=True)
|
logger.error(line, terminal=True)
|
||||||
raise subprocess.CalledProcessError
|
raise subprocess.CalledProcessError
|
||||||
|
|
||||||
|
|
||||||
|
def unprotect_string(ciphertext: Union[bytes, bytearray]) -> bytes:
|
||||||
|
process = subprocess.Popen(
|
||||||
|
["dotnet", "run",
|
||||||
|
"--project", _rinseoff,
|
||||||
|
"load", "stdin", f"{secure_erase_key_file}"],
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE,
|
||||||
|
stdin=subprocess.PIPE)
|
||||||
|
res = process.communicate(ciphertext)
|
||||||
|
|
||||||
|
if res[0] and not res[1]:
|
||||||
|
return res[0]
|
||||||
|
else:
|
||||||
|
logger.warn(
|
||||||
|
"Error when decrypting ciphertext from database", terminal=True)
|
||||||
|
for line in res[1].decode('utf-8').split('\n'):
|
||||||
|
logger.error(line, terminal=True)
|
||||||
|
raise subprocess.CalledProcessError
|
||||||
|
@ -11,23 +11,47 @@ import unittest, json
|
|||||||
from utils import identifyhome, createdirs
|
from utils import identifyhome, createdirs
|
||||||
from onionrsetup import setup_config
|
from onionrsetup import setup_config
|
||||||
from safedb import securestring
|
from safedb import securestring
|
||||||
|
import subprocess
|
||||||
|
from nacl.secret import SecretBox
|
||||||
|
|
||||||
import filepaths
|
import filepaths
|
||||||
createdirs.create_dirs()
|
createdirs.create_dirs()
|
||||||
setup_config()
|
setup_config()
|
||||||
|
|
||||||
|
|
||||||
|
_rinseoff = f"{filepaths.app_root}/src/rinseoff/rinseoffcli"
|
||||||
|
|
||||||
class TestSecureString(unittest.TestCase):
|
class TestSecureString(unittest.TestCase):
|
||||||
def test_keyfile_gen(self):
|
def test_keyfile_gen(self):
|
||||||
assert not os.path.exists(filepaths.secure_erase_key_file)
|
assert not os.path.exists(filepaths.secure_erase_key_file)
|
||||||
securestring.generate_secure_string_key_file()
|
securestring.generate_key_file()
|
||||||
assert os.path.exists(filepaths.secure_erase_key_file)
|
assert os.path.exists(filepaths.secure_erase_key_file)
|
||||||
|
|
||||||
def test_secure_string_encrypt(self):
|
def test_protect_string(self):
|
||||||
with open(filepaths.secure_erase_key_file, 'wb') as ef:
|
with open(filepaths.secure_erase_key_file, 'wb') as ef:
|
||||||
ef.write(os.urandom(32))
|
ef.write(os.urandom(32))
|
||||||
pt = "hello world"
|
pt = "hello world"
|
||||||
enc = securestring.secure_string_create(pt)
|
enc = securestring.protect_string(pt)
|
||||||
self.assertTrue(len(enc) > len(pt))
|
self.assertTrue(len(enc) > len(pt))
|
||||||
|
|
||||||
|
def test_unprotect_string(self):
|
||||||
|
key = os.urandom(32)
|
||||||
|
with open(filepaths.secure_erase_key_file, 'wb') as ef:
|
||||||
|
ef.write(key)
|
||||||
|
msg = b"test hello world"
|
||||||
|
box = SecretBox(key)
|
||||||
|
enc = box.encrypt(msg)
|
||||||
|
nonce = enc.nonce
|
||||||
|
enc = nonce + enc.ciphertext
|
||||||
|
p = subprocess.Popen(
|
||||||
|
["dotnet", "run",
|
||||||
|
"--project", _rinseoff,
|
||||||
|
"load", "stdin", f"{filepaths.secure_erase_key_file}"],
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE,
|
||||||
|
stdin=subprocess.PIPE)
|
||||||
|
res = p.communicate(enc)
|
||||||
|
self.assertTrue(res[0] == msg)
|
||||||
|
|
||||||
|
|
||||||
unittest.main()
|
unittest.main()
|
||||||
|
Loading…
Reference in New Issue
Block a user