Island: Add IEncryptor to __init__

Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor Add comment for review and evaluate the padding function
2021-09-23 17:52:15 +02:00 · 2021-09-23 17:52:15 +02:00 · 071a4eb1a7
parent 1b91616778
commit 071a4eb1a7
3 changed files with 7 additions and 5 deletions
--- a/monkey/monkey_island/cc/server_utils/encryption/init.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/init.py
@ -0,0 +1 @@
+from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor  # noqa: F401
--- a/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/key_based_encryptor.py
@ -6,14 +6,14 @@ import logging
 from Crypto import Random  # noqa: DUO133  # nosec: B413
 from Crypto.Cipher import AES  # noqa: DUO133  # nosec: B413

-from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
+from monkey_island.cc.server_utils.encryption import IEncryptor

 logger = logging.getLogger(__name__)

-# KBE is an encryption method which use random key of specific length
+# KeyBasedEncryptor is an encryption method which use random key of specific length
 # and AES block cipher to encrypt/decrypt the data. The key is more complex
 # one and hard to remember than user provided one. This class provides more secure way of
-# encryption compared to PBE because of the random and complex key.
+# encryption compared to PasswordBasedEncryptor because of the random and complex key.
 # We can merge the two into the one encryption method but then we lose the entropy
 # of the key with whatever key derivation function we use.
 # Note: password != key
@ -37,6 +37,7 @@ class KeyBasedEncryptor(IEncryptor):
        cipher = AES.new(self._key, AES.MODE_CBC, cipher_iv)
        return self._unpad(cipher.decrypt(enc_message[AES.block_size :]).decode())

+    # TODO: Review and evaluate the security of the padding function
    def _pad(self, message):
        return message + (self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)) * chr(
            self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)
--- a/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/password_based_encryption.py
@ -4,11 +4,11 @@ import logging

 import pyAesCrypt

-from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
+from monkey_island.cc.server_utils.encryption import IEncryptor

 logger = logging.getLogger(__name__)

-# PBE as implemented takes low-entropy, user provided password and it adds some
+# PasswordBasedEncryptor as implemented takes low-entropy, user provided password and it adds some
 # entropy to it and encrypts/decrypts the data. This implementation uses AES256-CBC
 # and it is less secure encryption then KeyBasedEncryptor.
 # The security of it depends on what will the user provide as password.
				`@ -0,0 +1 @@`
				`from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor # noqa: F401`