Anonplus

Merge lp:~aj00200/anonplus/bug-901058 into lp:anonplus

  1. bug-901058
  2. Merge into anonplus
Proposed by aj00200
Status: Merged
Merged at revision: 201
Proposed branch: lp:~aj00200/anonplus/bug-901058
Merge into: lp:anonplus
Diff against target: 59 lines (+13/-28)
1 file modified
src/libs/encryption/otp.py (+13/-28)
To merge this branch: bzr merge lp:~aj00200/anonplus/bug-901058
Reviewer Review Type Date Requested Status
al1ce (community) security Approve
aj00200 security Approve
Review via email: mp+92401@code.launchpad.net

Commit message

Fixed bug #901058 by making the OTP encryption use PyCryptos XOR function.

Description of the change

Fixed bug #901058 with the one-time-pad encryption. The encryption now uses PyCrypto's XOR rather than the addition and modulo devision method.

To post a comment you must log in.
Revision history for this message
aj00200 (aj00200) wrote :

Crypto.Cipher.XOR should be used instead of Crypto.Util.strxor. Make sure to manage the pad length.

review: Needs Fixing
lp:~aj00200/anonplus/bug-901058 updated
202. By aj00200

Changed the PyCrypto XOR function to Crypto.Cipher.XOR. Also, raise an exception if the pad is over-used.

Revision history for this message
aj00200 (aj00200) wrote :

> Crypto.Cipher.XOR should be used instead of Crypto.Util.strxor. Make sure to
> manage the pad length.

The code has been updated to reflect this change.

review: Approve (security)
Revision history for this message
al1ce (al1ce) wrote :

Seems to be fine. :-)

review: Approve (security)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/libs/encryption/otp.py'
2--- src/libs/encryption/otp.py 2011-10-23 15:41:09 +0000
3+++ src/libs/encryption/otp.py 2012-02-10 02:36:20 +0000
4@@ -3,42 +3,27 @@
5 an attacker being able to know anything about the data other than its length.
6 However, pad exchanges need to be done via a different encryption methods such
7 as GPG encryption.'''
8+from Crypto.Cipher import XOR
9 import libs.encryption.base
10 from libs.errors import UsageError
11
12 class Encryption(libs.encryption.base.Encryption):
13 '''One-time pad encryption class.'''
14- ord_range = 255 # Maximum value of the ord function
15-
16 def encrypt(self, data):
17 '''Encrypt data using a one-time pad.'''
18- encrypted = ''
19- for character in data:
20- num = ord(character) + self.pad[-1]
21- num = num % self.ord_range
22- encrypted += str(num)
23+ if self.pad_len < len(data):
24+ raise Exception('The pad is to short for this data')
25+
26+ encrypted = self.pad.encrypt(data)
27+ self.pad_len -= len(data)
28+
29 return encrypted
30
31+ def decrypt(self, data):
32+ '''Decrypt data using a one-time pad.'''
33+ return self.encrypt(data)
34+
35 def set_pad(self, pad):
36 '''Set the pad to given pad object.'''
37- if isinstance(pad, Pad):
38- self.pad = pad
39- else:
40- raise UsageError('The pad object must be an instance of Pad')
41-
42-class Pad(object):
43- '''Stores the current pad state and offers methods like pop()'''
44- def __init__(self, pad):
45- self.pad = pad
46-
47- def __len__(self):
48- return len(self.pad)
49-
50- def pop(self):
51- '''Remove the last character from the pad and return it.
52- Yes, we are reading the pad backwards!
53- '''
54- last_char = self.pad[-1]
55- self.pad = self.pad[0:-1]
56- return last_char
57-
58+ self.pad = XOR.new(pad)
59+ self.pad_len = len(pad)

Subscribers

People subscribed via source and target branches

to all changes: