From b250e05d84d6f914289a13e92285d1190c64636b Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 8 Dec 2008 20:18:46 +0000 Subject: Make encrypted data format handle unicode. git-svn-id: file:///home/or/svnrepo/updater/trunk@17523 55e972cd-5a19-0410-ae62-a4d7a52db4cd --- lib/thandy/keys.py | 8 ++++++++ lib/thandy/tests.py | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/lib/thandy/keys.py b/lib/thandy/keys.py index aa9bbc8..56273e8 100644 --- a/lib/thandy/keys.py +++ b/lib/thandy/keys.py @@ -279,9 +279,14 @@ def encryptSecret(secret, password, difficulty=0x80): # D -- 32 bytes; SHA256 hash of (salt|secret|salt). # # This format leaks the secret length, obviously. + # + # If the secret started out in unicode, we encode it using UTF-8 + # and prepend the string "utf-8:" before we begin encryption. assert 0 <= difficulty < 256 salt = os.urandom(SALTLEN)+chr(difficulty) key = secretToKey(salt, password) + if isinstance(secret, unicode): + secret = "utf-8:"+secret.encode("utf-8") d_obj = Crypto.Hash.SHA256.new() d_obj.update(salt) @@ -340,6 +345,9 @@ def decryptSecret(encrypted, password): if d.digest() != hash: raise thandy.BadPassword() + if secret.startswith("utf-8:"): + secret = secret[6:].decode("utf-8") + return secret class KeyStore(thandy.formats.KeyDB): diff --git a/lib/thandy/tests.py b/lib/thandy/tests.py index 44cbc88..1fbc4d6 100644 --- a/lib/thandy/tests.py +++ b/lib/thandy/tests.py @@ -55,6 +55,13 @@ class CryptoTests(unittest.TestCase): self.assertRaises(thandy.UnknownFormat, thandy.keys.decryptSecret, "foobar", password) + s2 = u"The secret word is now unicode frobbish." + encrypted = thandy.keys.encryptSecret(s2, password) + self.assertNotEquals(encrypted, s2.encode("utf-8")) + self.assert_(encrypted.startswith("GKEY1")) + self.assertEquals(s2, thandy.keys.decryptSecret(encrypted, password)) + + def test_keystore(self): passwd = "umfitty noonah" fname = tempfile.mktemp() -- cgit v1.2.3