diff options
Diffstat (limited to 'django/srpproject/srp')
| -rw-r--r-- | django/srpproject/srp/views.py | 47 | 
1 files changed, 16 insertions, 31 deletions
| diff --git a/django/srpproject/srp/views.py b/django/srpproject/srp/views.py index cbf1389..a55805a 100644 --- a/django/srpproject/srp/views.py +++ b/django/srpproject/srp/views.py @@ -15,6 +15,20 @@ def generate_salt():      salt_chars = "./" + string.ascii_letters + string.digits      return "".join([randomgen.choice(salt_chars) for i in range(0,16)]) +# In upgrades, we'll need to decrypt some AES data +def decrypt(c, key, plen): +    from srp import aes +    import base64 +    moo = aes.AESModeOfOperation() +    cypherkey = map(ord, key.decode("hex")) +    try: +        ciphertext = base64.b64decode(c.replace("_", "+")) +    except TypeError: +        return HttpResponse("<error>%s</error>" % request.POST["c"], mimetype="text/xml" ) +    iv = map(ord, ciphertext[:16]) +    ciphertext= map(ord, ciphertext[16:]) +    return moo.decrypt(ciphertext, 0, moo.modeOfOperation["CFB"], cypherkey, len(cypherkey), iv)[:plen] +  # We want to avoid information leakage. For users that don't exist, we need salts to be consistent.  # These "fake" salts are seeded with the username and the django secret_key. They're not as random  # as true salts should be, but they should be indistinguishable to a hacker who isn't sure whether @@ -32,11 +46,11 @@ def test_aes(request):  def login_page(request):      from django.shortcuts import render_to_response -    return render_to_response('login.html',{'static_files': "http://%s/srp-test/javascript" % request.get_host()}) +    return render_to_response('login.html',{'static_files': "http://%s/srp-test/javascript" % request.get_host(), 'srp_url': "http://%s/srp/" % request.get_host()})  def register_page(request):      from django.shortcuts import render_to_response -    return render_to_response('register.html',{'static_files': "http://%s/srp-test/javascript" % request.get_host()}) +    return render_to_response('register.html',{'static_files': "http://%s/srp-test/javascript" % request.get_host(), 'srp_url': "http://%s/srp/" % request.get_host()})  ###  ### User Registration @@ -164,32 +178,3 @@ def upgrade_add_verifier(request):      srpuser.password = ""      srpuser.save()      return HttpResponse("<ok/>", mimetype="text/xml") - -def decrypt(c, key, plen): -    from srp import aes -    import base64 -    moo = aes.AESModeOfOperation() -    cypherkey = map(ord, key.decode("hex")) -    try: -        ciphertext = base64.b64decode(c.replace("_", "+")) -    except TypeError: -        return HttpResponse("<error>%s</error>" % request.POST["c"], mimetype="text/xml" ) -    iv = map(ord, ciphertext[:16]) -    ciphertext= map(ord, ciphertext[16:]) -    return moo.decrypt(ciphertext, 0, moo.modeOfOperation["CFB"], cypherkey, len(cypherkey), iv)[:plen] - - -def doaes(request): -    from srp import aes -    import base64 -    moo = aes.AESModeOfOperation() -    cypherkey = map(ord, "6754c921b8dcbd1f8b58748cd87ac60ce857314687a65df05c470a46f438842c".decode("hex")) -    try: -        ciphertext = base64.b64decode(request.POST["c"].replace("_", "+")) -    except TypeError: -        return HttpResponse("<error>%s</error>" % request.POST["c"], mimetype="text/xml" ) -    iv = map(ord, ciphertext[:16]) -    ciphertext= map(ord, ciphertext[16:]) -    # (self, cipherIn, originalsize, mode, key, size, IV): -    plaintext = moo.decrypt(ciphertext, int(request.POST["l"]), moo.modeOfOperation["OFB"], cypherkey, len(cypherkey), iv)[:int(request.POST["l"])] -    return HttpResponse("<P>%s</P>" % plaintext, mimetype="text/xml" ) | 
