p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Island: Wrap encryption keys with EncryptionKey32Bytes in RepositoryEncryptor and DataStoreEncryptor

This commit is contained in:
Shreya Malviya 2022-07-19 18:58:55 +05:30
parent 72222105d6
commit 7f60fb4419
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
View File

@ -3,6 +3,7 @@ import secrets
from pathlib import Path from pathlib import Path
from typing import Union from typing import Union
from monkey_island.cc.server_utils.encryption.encryption_key_types import EncryptionKey32Bytes
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from .i_encryptor import IEncryptor from .i_encryptor import IEncryptor
@ -35,7 +36,7 @@ class DataStoreEncryptor(IEncryptor):
return KeyBasedEncryptor(plaintext_key) return KeyBasedEncryptor(plaintext_key)
def _create_key(self) -> KeyBasedEncryptor: def _create_key(self) -> KeyBasedEncryptor:
plaintext_key = secrets.token_bytes(32) plaintext_key = EncryptionKey32Bytes(secrets.token_bytes(32))
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: with open_new_securely_permissioned_file(str(self._key_file), "wb") as f:

5
monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py
View File

@ -1,6 +1,7 @@
import secrets import secrets
from pathlib import Path from pathlib import Path
from monkey_island.cc.server_utils.encryption.encryption_key_types import EncryptionKey32Bytes
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError
@ -31,11 +32,11 @@ class RepositoryEncryptor(ILockableEncryptor):
with open(self._key_file, "rb") as f: with open(self._key_file, "rb") as f:
encrypted_key = f.read() encrypted_key = f.read()
plaintext_key = self._password_based_encryptor.decrypt(encrypted_key) plaintext_key = EncryptionKey32Bytes(self._password_based_encryptor.decrypt(encrypted_key))
return KeyBasedEncryptor(plaintext_key) return KeyBasedEncryptor(plaintext_key)
def _create_key(self) -> KeyBasedEncryptor: def _create_key(self) -> KeyBasedEncryptor:
plaintext_key = secrets.token_bytes(32) plaintext_key = EncryptionKey32Bytes(secrets.token_bytes(32))
encrypted_key = self._password_based_encryptor.encrypt(plaintext_key) encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: