Acasă Explorează Ajutor
Autentificare
mirrors
/
borg
oglindă de https://github.com/borgbackup/borg
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: ec1be2d48d
Ramuri Etichete
borg
/
dedupestore
/
crypt.py

crypt.py 2.2 KB
Istoric Crud

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. import hashlib
    2. 

  2. import hmac
    3. 

  3. import msgpack
    4. 

  4. import os
    5. 

  5. import zlib
    6. 

  6. 

  7. from Crypto.Cipher import AES
    8. 

  8. 

  9. 

  10. class CryptoManager(object):
    11. 

  11. 

  12.     KEY_CREATE = 1
    13. 

  13.     KEY_READ = 2
    14. 

  14.     KEY_ID = 3
    15. 

  15.     KEY_ARCHIVE = 4
    16. 

  16.     KEY_CINDEX = 5
    17. 

  17. 

  18.     def __init__(self, store):
    19. 

  19.         self.key_cache = {}
    20. 

  20.         self.store = store
    21. 

  21.         self.tid = store.tid
    22. 

  22.         self.id_key = '0' * 32
    23. 

  23.         self.read_key = os.urandom(32)
    24. 

  24.         self.create_key = os.urandom(32)
    25. 

  25. 

  26.     def get_key(self, tid):
    27. 

  27.         try:
    28. 

  28.             return self.key_cache[tid]
    29. 

  29.         except KeyError:
    30. 

  30.             keys = self.load_key(tid)
    31. 

  31.             self.key_cache[tid] = keys
    32. 

  32.             return keys
    33. 

  33. 

  34.     def load_key(self, tid):
    35. 

  35.         data = self.store.get('K', str(tid))
    36. 

  36.         id = data[:32]
    37. 

  37.         if self.id_hash(data[32:]) != id:
    38. 

  38.             raise Exception('Invalid key object found')
    39. 

  39.         key = msgpack.unpackb(data[32:])
    40. 

  40.         return key['create'], key['read']
    41. 

  41. 

  42.     def store_key(self):
    43. 

  43.         key = {
    44. 

  44.             'version': 1,
    45. 

  45.             'read': self.read_key,
    46. 

  46.             'create': self.create_key,
    47. 

  47.         }
    48. 

  48.         data = msgpack.packb(key)
    49. 

  49.         id = self.id_hash(data)
    50. 

  50.         self.store.put('K', str(self.tid), id + data)
    51. 

  51. 

  52.     def id_hash(self, data):
    53. 

  53.         return hmac.new(self.id_key, data, hashlib.sha256).digest()
    54. 

  54. 

  55.     def pack(self, data, key):
    56. 

  56.         data = zlib.compress(msgpack.packb(data))
    57. 

  57.         id = hmac.new(key, data, hashlib.sha256).digest()
    58. 

  58.         data = AES.new(key, AES.MODE_CFB, id[:16]).encrypt(data)
    59. 

  59.         return id + msgpack.packb((1, self.tid, data))
    60. 

  60. 

  61.     def pack_read(self, data):
    62. 

  62.         return self.pack(data, self.read_key)
    63. 

  63. 

  64.     def pack_create(self, data):
    65. 

  65.         return self.pack(data, self.create_key)
    66. 

  66. 

  67.     def unpack(self, data, key_idx):
    68. 

  68.         id = data[:32]
    69. 

  69.         version, tid, data = msgpack.unpackb(data[32:])
    70. 

  70.         assert version == 1
    71. 

  71.         key = self.get_key(tid)[key_idx]
    72. 

  72.         data = AES.new(key, AES.MODE_CFB, id[:16]).decrypt(data)
    73. 

  73.         if hmac.new(key, data, hashlib.sha256).digest() != id:
    74. 

  74.             raise ValueError
    75. 

  75.         return msgpack.unpackb(zlib.decompress(data))
    76. 

  76. 

  77.     def unpack_read(self, data):
    78. 

  78.         return self.unpack(data, 1)
    79. 

  79. 

  80.     def unpack_create(self, data):
    81. 

  81.         return self.unpack(data, 0)
    82. 

  82.