ChCh/CloudBot
Archived
11
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

OTT encryption for silly secret messages

Browse source
This commit is contained in:
Luke Rogers 2013-10-01 12:17:08 +13:00
parent b38c540bf3
commit 2ae2a8575a
1 changed files with 34 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

39
plugins/encrypt.py
View file

@ -1,4 +1,5 @@
from util import hook from util import hook
from Crypto import Random
from Crypto.Cipher import AES from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2 from Crypto.Protocol.KDF import PBKDF2
@ -11,6 +12,15 @@ BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS) pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
unpad = lambda s : s[0:-ord(s[-1])] unpad = lambda s : s[0:-ord(s[-1])]
db_ready = False
def db_init(db):
"""check to see that our db has the the encryption table and return a connection."""
db.execute("create table if not exists encryption(encrypted, iv, "
"primary key(encrypted))")
db.commit()
db_ready = True
def get_salt(bot): def get_salt(bot):
if not bot.config.get("random_salt", False): if not bot.config.get("random_salt", False):
@ -20,24 +30,43 @@ def get_salt(bot):
@hook.command @hook.command
def encrypt(inp, bot=None): def encrypt(inp, bot=None, db=None):
"""encrypt <pass> <string> -- Encrypts <string> with <pass>.""" """encrypt <pass> <string> -- Encrypts <string> with <pass>."""
db_init(db)
password = inp.split(" ")[0] password = inp.split(" ")[0]
salt = get_salt(bot) salt = get_salt(bot)
key = PBKDF2(password, salt) key = PBKDF2(password, salt)
iv = Random.new().read(AES.block_size);
iv_encoded = base64.b64encode(iv)
text = " ".join(inp.split(" ")[1:]) text = " ".join(inp.split(" ")[1:])
cipher = AES.new(key, AES.MODE_ECB) # never use ECB in strong systems obviously cipher = AES.new(key, AES.MODE_CBC, iv)
return base64.b64encode(cipher.encrypt(pad(text))) encrypted = cipher.encrypt(pad(text))
encoded = base64.b64encode(encrypted)
db.execute("insert or replace into encryption(encrypted, iv)"
"values(?,?)", (encoded, iv_encoded))
db.commit()
return encoded
@hook.command @hook.command
def decrypt(inp, bot=None): def decrypt(inp, bot=None, db=None):
"""decrypt <pass> <string> -- Decrypts <string> with <pass>.""" """decrypt <pass> <string> -- Decrypts <string> with <pass>."""
db_init(db)
password = inp.split(" ")[0] password = inp.split(" ")[0]
salt = get_salt(bot) salt = get_salt(bot)
key = PBKDF2(password, salt) key = PBKDF2(password, salt)
text = " ".join(inp.split(" ")[1:]) text = " ".join(inp.split(" ")[1:])
cipher = AES.new(key, AES.MODE_ECB) # never use ECB in strong systems obviously
iv_encoded = db.execute("select iv from encryption where"
" encrypted=?", (text,)).fetchone()[0]
iv = base64.b64decode(iv_encoded)
cipher = AES.new(key, AES.MODE_CBC, iv)
return unpad(cipher.decrypt(base64.b64decode(text))) return unpad(cipher.decrypt(base64.b64decode(text)))