Make encrypted data format handle unicode.

git-svn-id: file:///home/or/svnrepo/updater/trunk@17523 55e972cd-5a19-0410-ae62-a4d7a52db4cd

2 files changed, 15 insertions, 0 deletions

diff --git a/lib/thandy/keys.py b/lib/thandy/keys.py
index aa9bbc8..56273e8 100644
--- a/lib/thandy/keys.py
+++ b/lib/thandy/keys.py
@@ -279,9 +279,14 @@ def encryptSecret(secret, password, difficulty=0x80):
     #       D      -- 32 bytes; SHA256 hash of (salt|secret|salt).
     #
     # This format leaks the secret length, obviously.
+    #
+    # If the secret started out in unicode, we encode it using UTF-8
+    # and prepend the string "utf-8:" before we begin encryption.
     assert 0 <= difficulty < 256
     salt = os.urandom(SALTLEN)+chr(difficulty)
     key = secretToKey(salt, password)
+    if isinstance(secret, unicode):
+        secret = "utf-8:"+secret.encode("utf-8")
 
     d_obj = Crypto.Hash.SHA256.new()
     d_obj.update(salt)
@@ -340,6 +345,9 @@ def decryptSecret(encrypted, password):
     if d.digest() != hash:
         raise thandy.BadPassword()
 
+    if secret.startswith("utf-8:"):
+        secret = secret[6:].decode("utf-8")
+
     return secret
 
 class KeyStore(thandy.formats.KeyDB):
diff --git a/lib/thandy/tests.py b/lib/thandy/tests.py
index 44cbc88..1fbc4d6 100644
--- a/lib/thandy/tests.py
+++ b/lib/thandy/tests.py
@@ -55,6 +55,13 @@ class CryptoTests(unittest.TestCase):
         self.assertRaises(thandy.UnknownFormat, thandy.keys.decryptSecret,
                           "foobar", password)
 
+        s2 = u"The secret word is now unicode frobbish."
+        encrypted = thandy.keys.encryptSecret(s2, password)
+        self.assertNotEquals(encrypted, s2.encode("utf-8"))
+        self.assert_(encrypted.startswith("GKEY1"))
+        self.assertEquals(s2, thandy.keys.decryptSecret(encrypted, password))
+
+
     def test_keystore(self):
         passwd = "umfitty noonah"
         fname = tempfile.mktemp()