From f8eeda1e6fcdc4bcaa923c983e140b4515232260 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Fri, 15 Jul 2022 11:51:15 +0530 Subject: [PATCH] Island: Use cryptography.fernet to generate key in DataStoreEncryptor and RepositoryEncryptor We changed our encryption code to use cryptography.fernet instead of pycryptodome. Using secrets.token_bytes() with fernet was causing padding and encoding issues. This is a quicker and easier solution, and also probably more reliable since everything to do with encryption is from the same module now. --- .../cc/server_utils/encryption/data_store_encryptor.py | 5 +++-- .../cc/server_utils/encryption/repository_encryptor.py | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py index c5af78cbd..79f07e6c6 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py @@ -1,8 +1,9 @@ import os -import secrets from pathlib import Path from typing import Union +from cryptography.fernet import Fernet + from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from .i_encryptor import IEncryptor @@ -37,7 +38,7 @@ class DataStoreEncryptor(IEncryptor): return KeyBasedEncryptor(plaintext_key) def _create_key(self) -> KeyBasedEncryptor: - plaintext_key = secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES) + plaintext_key = Fernet.generate_key() encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: diff --git a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py index c53d6e38b..7d1686c82 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py @@ -1,6 +1,7 @@ -import secrets from pathlib import Path +from cryptography.fernet import Fernet + from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError @@ -37,7 +38,7 @@ class RepositoryEncryptor(ILockableEncryptor): return KeyBasedEncryptor(plaintext_key) def _create_key(self) -> KeyBasedEncryptor: - plaintext_key = secrets.token_bytes(RepositoryEncryptor._KEY_LENGTH_BYTES) + plaintext_key = Fernet.generate_key() encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: