diff --git a/darc/key.py b/darc/key.py index b7d49fdc6..a87b2afda 100644 --- a/darc/key.py +++ b/darc/key.py @@ -1,7 +1,8 @@ -from binascii import hexlify, a2b_base64, b2a_base64 +from binascii import hexlify, unhexlify, a2b_base64, b2a_base64 from getpass import getpass import os import msgpack +import re import shutil import tempfile import textwrap @@ -135,7 +136,7 @@ class AESKeyBase(KeyBase): class PassphraseKey(AESKeyBase): TYPE = PASSPHRASE - iterations = 10000 + iterations = 100000 @classmethod def create(cls, repository, args): @@ -303,6 +304,25 @@ class KeyfileKey(AESKeyBase): class KeyTestCase(unittest.TestCase): + class MockArgs(object): + repository = Location(tempfile.mkstemp()[1]) + + keyfile2_key_file = """ + DARC KEY 0000000000000000000000000000000000000000000000000000000000000000 + hqppdGVyYXRpb25zzgABhqCkaGFzaNoAIMyonNI+7Cjv0qHi0AOBM6bLGxACJhfgzVD2oq + bIS9SFqWFsZ29yaXRobaZzaGEyNTakc2FsdNoAINNK5qqJc1JWSUjACwFEWGTdM7Nd0a5l + 1uBGPEb+9XM9p3ZlcnNpb24BpGRhdGHaANAYDT5yfPpU099oBJwMomsxouKyx/OG4QIXK2 + hQCG2L2L/9PUu4WIuKvGrsXoP7syemujNfcZws5jLp2UPva4PkQhQsrF1RYDEMLh2eF9Ol + rwtkThq1tnh7KjWMG9Ijt7/aoQtq0zDYP/xaFF8XXSJxiyP5zjH5+spB6RL0oQHvbsliSh + /cXJq7jrqmrJ1phd6dg4SHAM/i+hubadZoS6m25OQzYAW09wZD/phG8OVa698Z5ed3HTaT + SmrtgJL3EoOKgUI9d6BLE4dJdBqntifo""".strip() + + keyfile2_cdata = unhexlify(re.sub('\W', '', """ + 0055f161493fcfc16276e8c31493c4641e1eb19a79d0326fad0291e5a9c98e5933 + 00000000000003e8d21eaf9b86c297a8cd56432e1915bb + """)) + keyfile2_id = unhexlify('c3fbf14bc001ebcc3cd86e696c13482ed071740927cd7cbe1b01b4bfcee49314') + def setUp(self): self.tmppath = tempfile.mkdtemp() os.environ['DARC_KEYS_DIR'] = self.tmppath @@ -315,7 +335,7 @@ class KeyTestCase(unittest.TestCase): orig = '/some/place' _location = _Location() - id = b'\0' * 32 + id = bytes(32) def setUp(self): self.tmpdir = tempfile.mkdtemp() @@ -331,10 +351,8 @@ class KeyTestCase(unittest.TestCase): self.assertEqual(data, key.decrypt(key.id_hash(data), key.encrypt(data))) def test_keyfile(self): - class MockArgs(object): - repository = Location(tempfile.mkstemp()[1]) os.environ['DARC_PASSPHRASE'] = 'test' - key = KeyfileKey.create(self.MockRepository(), MockArgs()) + key = KeyfileKey.create(self.MockRepository(), self.MockArgs()) self.assertEqual(bytes_to_long(key.enc_cipher.iv, 8), 0) manifest = key.encrypt(b'') iv = key.extract_iv(manifest) @@ -346,14 +364,21 @@ class KeyTestCase(unittest.TestCase): data = b'foo' self.assertEqual(data, key2.decrypt(key.id_hash(data), key.encrypt(data))) + def test_keyfile2(self): + with open(os.path.join(os.environ['DARC_KEYS_DIR'], 'keyfile'), 'w') as fd: + fd.write(self.keyfile2_key_file) + os.environ['DARC_PASSPHRASE'] = 'passphrase' + key = KeyfileKey.detect(self.MockRepository(), self.keyfile2_cdata) + self.assertEqual(key.decrypt(self.keyfile2_id, self.keyfile2_cdata), b'payload') + def test_passphrase(self): os.environ['DARC_PASSPHRASE'] = 'test' key = PassphraseKey.create(self.MockRepository(), None) self.assertEqual(bytes_to_long(key.enc_cipher.iv, 8), 0) - self.assertEqual(hexlify(key.id_key), b'f28e915da78a972786da47fee6c4bd2960a421b9bdbdb35a7942eb82552e9a72') - self.assertEqual(hexlify(key.enc_hmac_key), b'169c6082f209e524ea97e2c75318936f6e93c101b9345942a95491e9ae1738ca') - self.assertEqual(hexlify(key.enc_key), b'c05dd423843d4dd32a52e4dc07bb11acabe215917fc5cf3a3df6c92b47af79ba') - self.assertEqual(key.chunk_seed, -324662077) + self.assertEqual(hexlify(key.id_key), b'793b0717f9d8fb01c751a487e9b827897ceea62409870600013fbc6b4d8d7ca6') + self.assertEqual(hexlify(key.enc_hmac_key), b'b885a05d329a086627412a6142aaeb9f6c54ab7950f996dd65587251f6bc0901') + self.assertEqual(hexlify(key.enc_key), b'2ff3654c6daf7381dbbe718d2b20b4f1ea1e34caa6cc65f6bb3ac376b93fed2a') + self.assertEqual(key.chunk_seed, -775740477) manifest = key.encrypt(b'') iv = key.extract_iv(manifest) key2 = PassphraseKey.detect(self.MockRepository(), manifest) @@ -363,7 +388,7 @@ class KeyTestCase(unittest.TestCase): self.assertEqual(key.enc_key, key2.enc_key) self.assertEqual(key.chunk_seed, key2.chunk_seed) data = b'foo' - self.assertEqual(hexlify(key.id_hash(data)), b'016c27cd40dc8e84f196f3b43a9424e8472897e09f6935d0d3a82fb41664bad7') + self.assertEqual(hexlify(key.id_hash(data)), b'818217cf07d37efad3860766dcdf1d21e401650fed2d76ed1d797d3aae925990') self.assertEqual(data, key2.decrypt(key2.id_hash(data), key.encrypt(data)))