CloudBot/disabled_stuff/encrypt.py

import os
import base64
import json
import hashlib

from Crypto import Random
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2

from util import hook


# helper functions to pad and unpad a string to a specified block size
# <http://stackoverflow.com/questions/12524994/encrypt-decrypt-using-pycrypto-aes-256>
BS = AES.block_size
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
unpad = lambda s: s[0:-ord(s[-1])]

# helper functions to encrypt and encode a string with AES and base64
encode_aes = lambda c, s: base64.b64encode(c.encrypt(pad(s)))
decode_aes = lambda c, s: unpad(c.decrypt(base64.b64decode(s)))

db_ready = False


def db_init(db):
    """check to see that our db has the the encryption table."""
    global db_ready
    if not db_ready:
        db.execute("create table if not exists encryption(encrypted, iv, "
                   "primary key(encrypted))")
        db.commit()
        db_ready = True


def get_salt(bot):
    """generate an encryption salt if none exists, then returns the salt"""
    if not bot.config.get("random_salt", False):
        bot.config["random_salt"] = hashlib.md5(os.urandom(16)).hexdigest()
        json.dump(bot.config, open('config', 'w'), sort_keys=True, indent=2)
    return bot.config["random_salt"]


@hook.command
def encrypt(inp, bot=None, db=None, notice=None):
    """encrypt <pass> <string> -- Encrypts <string> with <pass>. (<string> can only be decrypted using this bot)"""
    db_init(db)

    split = inp.split(" ")

    # if there is only one argument, return the help message
    if len(split) == 1:
        notice(encrypt.__doc__)
        return

    # generate the key from the password and salt
    password = split[0]
    salt = get_salt(bot)
    key = PBKDF2(password, salt)

    # generate the IV and encode it to store in the database
    iv = Random.new().read(AES.block_size)
    iv_encoded = base64.b64encode(iv)

    # create the AES cipher and encrypt/encode the text with it
    text = " ".join(split[1:])
    cipher = AES.new(key, AES.MODE_CBC, iv)
    encoded = encode_aes(cipher, text)

    # store the encoded text and IV in the DB for decoding later
    db.execute("insert or replace into encryption(encrypted, iv)"
               "values(?,?)", (encoded, iv_encoded))
    db.commit()

    return encoded


@hook.command
def decrypt(inp, bot=None, db=None, notice=None):
    """decrypt <pass> <string> -- Decrypts <string> with <pass>. (can only decrypt strings encrypted on this bot)"""
    if not db_ready:
        db_init(db)

    split = inp.split(" ")

    # if there is only one argument, return the help message
    if len(split) == 1:
        notice(decrypt.__doc__)
        return

    # generate the key from the password and salt
    password = split[0]
    salt = get_salt(bot)
    key = PBKDF2(password, salt)

    text = " ".join(split[1:])

    # get the encoded IV from the database and decode it
    iv_encoded = db.execute("select iv from encryption where"
                            " encrypted=?", (text,)).fetchone()[0]
    iv = base64.b64decode(iv_encoded)

    # create AES cipher, decode text, decrypt text, and unpad it
    cipher = AES.new(key, AES.MODE_CBC, iv)
    return decode_aes(cipher, text)
Added prototype plugin 2013-10-01 11:54:09 +13:00			`import os`
			`import base64`
			`import json`
			`import hashlib`

Tidy Imports 2014-02-14 16:36:57 +13:00			`from Crypto import Random`
			`from Crypto.Cipher import AES`
			`from Crypto.Protocol.KDF import PBKDF2`

			`from util import hook`


Tidied code some more 2013-10-01 14:57:02 +13:00			`# helper functions to pad and unpad a string to a specified block size`
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`# <http://stackoverflow.com/questions/12524994/encrypt-decrypt-using-pycrypto-aes-256>`
Tidied code some more 2013-10-01 14:57:02 +13:00			`BS = AES.block_size`
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)`
			`unpad = lambda s: s[0:-ord(s[-1])]`
Added prototype plugin 2013-10-01 11:54:09 +13:00
Tidied code some more 2013-10-01 14:57:02 +13:00			`# helper functions to encrypt and encode a string with AES and base64`
			`encode_aes = lambda c, s: base64.b64encode(c.encrypt(pad(s)))`
			`decode_aes = lambda c, s: unpad(c.decrypt(base64.b64decode(s)))`

OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`db_ready = False`

Tidied code some more 2013-10-01 14:57:02 +13:00
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`def db_init(db):`
Tidied code some more 2013-10-01 14:57:02 +13:00			`"""check to see that our db has the the encryption table."""`
I've been doing this all wrong for a long time 2014-02-14 19:43:36 +13:00			`global db_ready`
			`if not db_ready:`
			`db.execute("create table if not exists encryption(encrypted, iv, "`
			`"primary key(encrypted))")`
			`db.commit()`
			`db_ready = True`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00
Added prototype plugin 2013-10-01 11:54:09 +13:00
			`def get_salt(bot):`
Tidied code some more 2013-10-01 14:57:02 +13:00			`"""generate an encryption salt if none exists, then returns the salt"""`
Comments 2013-10-01 13:38:00 +13:00			`if not bot.config.get("random_salt", False):`
			`bot.config["random_salt"] = hashlib.md5(os.urandom(16)).hexdigest()`
			`json.dump(bot.config, open('config', 'w'), sort_keys=True, indent=2)`
			`return bot.config["random_salt"]`
Added prototype plugin 2013-10-01 11:54:09 +13:00

			`@hook.command`
anti-asshat 2013-10-01 13:18:41 +13:00			`def encrypt(inp, bot=None, db=None, notice=None):`
Comments 2013-10-01 13:38:00 +13:00			`"""encrypt <pass> <string> -- Encrypts <string> with <pass>. (<string> can only be decrypted using this bot)"""`
I've been doing this all wrong for a long time 2014-02-14 19:43:36 +13:00			`db_init(db)`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00
anti-asshat 2013-10-01 13:18:41 +13:00			`split = inp.split(" ")`

Comments 2013-10-01 13:38:00 +13:00			`# if there is only one argument, return the help message`
anti-asshat 2013-10-01 13:18:41 +13:00			`if len(split) == 1:`
Comments 2013-10-01 13:38:00 +13:00			`notice(encrypt.__doc__)`
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`return`
anti-asshat 2013-10-01 13:18:41 +13:00
Comments 2013-10-01 13:38:00 +13:00			`# generate the key from the password and salt`
anti-asshat 2013-10-01 13:18:41 +13:00			`password = split[0]`
Added prototype plugin 2013-10-01 11:54:09 +13:00			`salt = get_salt(bot)`
			`key = PBKDF2(password, salt)`

Comments 2013-10-01 13:38:00 +13:00			`# generate the IV and encode it to store in the database`
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`iv = Random.new().read(AES.block_size)`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`iv_encoded = base64.b64encode(iv)`

Comments 2013-10-01 13:38:00 +13:00			`# create the AES cipher and encrypt/encode the text with it`
anti-asshat 2013-10-01 13:18:41 +13:00			`text = " ".join(split[1:])`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`cipher = AES.new(key, AES.MODE_CBC, iv)`
Tidied code some more 2013-10-01 14:57:02 +13:00			`encoded = encode_aes(cipher, text)`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00
Comments 2013-10-01 13:38:00 +13:00			`# store the encoded text and IV in the DB for decoding later`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`db.execute("insert or replace into encryption(encrypted, iv)"`
			`"values(?,?)", (encoded, iv_encoded))`
			`db.commit()`

			`return encoded`
Added prototype plugin 2013-10-01 11:54:09 +13:00

			`@hook.command`
anti-asshat 2013-10-01 13:18:41 +13:00			`def decrypt(inp, bot=None, db=None, notice=None):`
Comments 2013-10-01 13:38:00 +13:00			`"""decrypt <pass> <string> -- Decrypts <string> with <pass>. (can only decrypt strings encrypted on this bot)"""`
anti-asshat 2013-10-01 13:18:41 +13:00			`if not db_ready:`
Comments 2013-10-01 13:38:00 +13:00			`db_init(db)`
anti-asshat 2013-10-01 13:18:41 +13:00
			`split = inp.split(" ")`

Comments 2013-10-01 13:38:00 +13:00			`# if there is only one argument, return the help message`
anti-asshat 2013-10-01 13:18:41 +13:00			`if len(split) == 1:`
Comments 2013-10-01 13:38:00 +13:00			`notice(decrypt.__doc__)`
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`return`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`# generate the key from the password and salt`
anti-asshat 2013-10-01 13:18:41 +13:00			`password = split[0]`
Added prototype plugin 2013-10-01 11:54:09 +13:00			`salt = get_salt(bot)`
			`key = PBKDF2(password, salt)`

anti-asshat 2013-10-01 13:18:41 +13:00			`text = " ".join(split[1:])`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00
Comments 2013-10-01 13:38:00 +13:00			`# get the encoded IV from the database and decode it`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`iv_encoded = db.execute("select iv from encryption where"`
PEP-8 2014-02-14 17:03:08 +13:00			`" encrypted=?", (text,)).fetchone()[0]`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`iv = base64.b64decode(iv_encoded)`

Comments 2013-10-01 13:38:00 +13:00			`# create AES cipher, decode text, decrypt text, and unpad it`
OTT encryption for silly secret messages 2013-10-01 12:17:08 +13:00			`cipher = AES.new(key, AES.MODE_CBC, iv)`
Format everything to pep8 guidelines 2013-11-12 07:06:06 +01:00			`return decode_aes(cipher, text)`