[or-cvs] r17523: {updater} Make encrypted data format handle unicode. (updater/trunk/lib/thandy)

nickm at seul.org nickm at seul.org
Mon Dec 8 20:18:47 UTC 2008 

Author: nickm
Date: 2008-12-08 15:18:46 -0500 (Mon, 08 Dec 2008)
New Revision: 17523

Modified:
   updater/trunk/lib/thandy/keys.py
   updater/trunk/lib/thandy/tests.py
Log:
Make encrypted data format handle unicode.

Modified: updater/trunk/lib/thandy/keys.py
===================================================================
--- updater/trunk/lib/thandy/keys.py	2008-12-08 19:52:26 UTC (rev 17522)
+++ updater/trunk/lib/thandy/keys.py	2008-12-08 20:18:46 UTC (rev 17523)
@@ -279,9 +279,14 @@
     #       D      -- 32 bytes; SHA256 hash of (salt|secret|salt).
     #
     # This format leaks the secret length, obviously.
+    #
+    # If the secret started out in unicode, we encode it using UTF-8
+    # and prepend the string "utf-8:" before we begin encryption.
     assert 0 <= difficulty < 256
     salt = os.urandom(SALTLEN)+chr(difficulty)
     key = secretToKey(salt, password)
+    if isinstance(secret, unicode):
+        secret = "utf-8:"+secret.encode("utf-8")
 
     d_obj = Crypto.Hash.SHA256.new()
     d_obj.update(salt)
@@ -340,6 +345,9 @@
     if d.digest() != hash:
         raise thandy.BadPassword()
 
+    if secret.startswith("utf-8:"):
+        secret = secret[6:].decode("utf-8")
+
     return secret
 
 class KeyStore(thandy.formats.KeyDB):

Modified: updater/trunk/lib/thandy/tests.py
===================================================================
--- updater/trunk/lib/thandy/tests.py	2008-12-08 19:52:26 UTC (rev 17522)
+++ updater/trunk/lib/thandy/tests.py	2008-12-08 20:18:46 UTC (rev 17523)
@@ -55,6 +55,13 @@
         self.assertRaises(thandy.UnknownFormat, thandy.keys.decryptSecret,
                           "foobar", password)
 
+        s2 = u"The secret word is now unicode frobbish."
+        encrypted = thandy.keys.encryptSecret(s2, password)
+        self.assertNotEquals(encrypted, s2.encode("utf-8"))
+        self.assert_(encrypted.startswith("GKEY1"))
+        self.assertEquals(s2, thandy.keys.decryptSecret(encrypted, password))
+
+
     def test_keystore(self):
         passwd = "umfitty noonah"
         fname = tempfile.mktemp()

More information about the tor-commits mailing list