From 071a4eb1a7de7ae40601c0c6d5ac8faa7e59b381 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 23 Sep 2021 17:52:15 +0200 Subject: [PATCH] Island: Add IEncryptor to __init__ Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor Add comment for review and evaluate the padding function --- .../monkey_island/cc/server_utils/encryption/__init__.py | 1 + .../cc/server_utils/encryption/key_based_encryptor.py | 7 ++++--- .../server_utils/encryption/password_based_encryption.py | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/monkey/monkey_island/cc/server_utils/encryption/__init__.py b/monkey/monkey_island/cc/server_utils/encryption/__init__.py index e69de29bb..d15968ca7 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/__init__.py +++ b/monkey/monkey_island/cc/server_utils/encryption/__init__.py @@ -0,0 +1 @@ +from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor # noqa: F401 diff --git a/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py index 0331c7e70..b5fe92d96 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py +++ b/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py @@ -6,14 +6,14 @@ import logging from Crypto import Random # noqa: DUO133 # nosec: B413 from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413 -from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor +from monkey_island.cc.server_utils.encryption import IEncryptor logger = logging.getLogger(__name__) -# KBE is an encryption method which use random key of specific length +# KeyBasedEncryptor is an encryption method which use random key of specific length # and AES block cipher to encrypt/decrypt the data. The key is more complex # one and hard to remember than user provided one. This class provides more secure way of -# encryption compared to PBE because of the random and complex key. +# encryption compared to PasswordBasedEncryptor because of the random and complex key. # We can merge the two into the one encryption method but then we lose the entropy # of the key with whatever key derivation function we use. # Note: password != key @@ -37,6 +37,7 @@ class KeyBasedEncryptor(IEncryptor): cipher = AES.new(self._key, AES.MODE_CBC, cipher_iv) return self._unpad(cipher.decrypt(enc_message[AES.block_size :]).decode()) + # TODO: Review and evaluate the security of the padding function def _pad(self, message): return message + (self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)) * chr( self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE) diff --git a/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py b/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py index d699c4e5a..20708ce31 100644 --- a/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py +++ b/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py @@ -4,11 +4,11 @@ import logging import pyAesCrypt -from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor +from monkey_island.cc.server_utils.encryption import IEncryptor logger = logging.getLogger(__name__) -# PBE as implemented takes low-entropy, user provided password and it adds some +# PasswordBasedEncryptor as implemented takes low-entropy, user provided password and it adds some # entropy to it and encrypts/decrypts the data. This implementation uses AES256-CBC # and it is less secure encryption then KeyBasedEncryptor. # The security of it depends on what will the user provide as password.