summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/leap/common/crypto.py14
-rw-r--r--src/leap/common/events/component.py6
-rw-r--r--src/leap/common/events/server.py4
3 files changed, 12 insertions, 12 deletions
diff --git a/src/leap/common/crypto.py b/src/leap/common/crypto.py
index 8a2ff20..7f80a8a 100644
--- a/src/leap/common/crypto.py
+++ b/src/leap/common/crypto.py
@@ -15,13 +15,13 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
+import binascii
from Crypto.Cipher import AES
-from Crypto.Random import random
from Crypto.Util import Counter
from leap.common.check import leap_assert, leap_assert_type
-
#
# encryption methods
#
@@ -70,10 +70,10 @@ def encrypt_sym(data, key, method=EncryptionMethods.AES_256_CTR):
leap_assert(
len(key) == 32, # 32 x 8 = 256 bits.
'Wrong key size: %s bits (must be 256 bits long).' % (len(key)*8))
- iv = random.getrandbits(256)
- ctr = Counter.new(128, initial_value=iv)
+ iv = os.urandom(8)
+ ctr = Counter.new(64, prefix=iv)
cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
- return iv, cipher.encrypt(data)
+ return binascii.b2a_base64(iv), cipher.encrypt(data)
# raise if method is unknown
raise UnknownEncryptionMethod('Unkwnown method: %s' % method)
@@ -106,8 +106,8 @@ def decrypt_sym(data, key, method=EncryptionMethods.AES_256_CTR, **kwargs):
leap_assert(
'iv' in kwargs,
'AES-256-CTR needs an initial value given as.')
- ctr = Counter.new(128, initial_value=kwargs['iv'])
- cipher = AES.new(key, AES.MODE_CTR, counter=ctr)
+ ctr = Counter.new(64, prefix=binascii.a2b_base64(kwargs['iv']))
+ cipher = AES.new(key=key, mode=AES.MODE_CTR, counter=ctr)
return cipher.decrypt(data)
# raise if method is unknown
diff --git a/src/leap/common/events/component.py b/src/leap/common/events/component.py
index 1669356..9932190 100644
--- a/src/leap/common/events/component.py
+++ b/src/leap/common/events/component.py
@@ -137,7 +137,7 @@ def register(signal, callback, uid=None, replace=False, reqcbk=None,
logger.info(
"Sending registration request to server on port %s: %s",
server.SERVER_PORT,
- str(request))
+ str(request)[:40])
return service.register(request, callback=reqcbk, timeout=timeout)
@@ -178,7 +178,7 @@ def signal(signal, content="", mac_method="", mac="", reqcbk=None,
request.mac = mac
service = RpcService(proto.EventsServerService_Stub, server.SERVER_PORT,
'localhost')
- logger.info("Sending signal to server: %s", str(request))
+ logger.info("Sending signal to server: %s", str(request)[:40])
return service.signal(request, callback=reqcbk, timeout=timeout)
@@ -204,7 +204,7 @@ class EventsComponentService(proto.EventsComponentService):
:param done: callback to be called when done
:type done: protobuf.socketrpc.server.Callback
"""
- logger.info('Received signal from server: %s' % str(request))
+ logger.info('Received signal from server: %s...' % str(request)[:40])
# run registered callbacks
# TODO: verify authentication using mac in incoming message
diff --git a/src/leap/common/events/server.py b/src/leap/common/events/server.py
index 33ba580..1f3a874 100644
--- a/src/leap/common/events/server.py
+++ b/src/leap/common/events/server.py
@@ -88,7 +88,7 @@ class EventsServerService(proto.EventsServerService):
:param done: callback to be called when done
:type done: protobuf.socketrpc.server.Callback
"""
- logger.info("Received registration request: %s" % str(request))
+ logger.info("Received registration request: %s..." % str(request)[:40])
# add component port to signal list
if request.event not in registered_components:
registered_components[request.event] = set([])
@@ -112,7 +112,7 @@ class EventsServerService(proto.EventsServerService):
:param done: callback to be called when done
:type done: protobuf.socketrpc.server.Callback
"""
- logger.info('Received signal from component: %s', str(request))
+ logger.info('Received signal from component: %s...', str(request)[:40])
# send signal to all registered components
# TODO: verify signal auth
if request.event in registered_components: