Add old crypto engine back again

 This is required for the pure python implementation

pwman/util/crypto/crypto_engine.py

@@ -0,0 +1,261 @@
+# ============================================================================
+# This file is part of Pwman3.
+#
+# Pwman3 is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License, version 2
+# as published by the Free Software Foundation;
+#
+# Pwman3 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Pwman3; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# ============================================================================
+# Copyright (C) 2016 Oz N Tiram <oz.tiram@gmail.com>
+# ============================================================================
+
+from __future__ import print_function
+import base64
+import binascii
+import ctypes
+import os
+import random
+import string
+import sys
+import time
+
+# PyCrypto not found, we use a compatible implementation
+# in pure Python.
+# This is good for Windows where software installation suck
+# or embeded devices where compilation is a bit harder
+from pwman.util.crypto import AES
+from pwman.util.crypto.pypbkdf2 import PBKDF2
+
+
+from pwman.util.callback import Callback
+
+if sys.version_info.major > 2:  # pragma: no cover
+    raw_input = input
+
+
+def encode_AES(cipher, clear_text):
+    return base64.b64encode(cipher.encrypt(clear_text))
+
+
+def decode_AES(cipher, encoded_text):
+    return cipher.decrypt(base64.b64decode(encoded_text)).rstrip()
+
+
+def generate_password(pass_len=8, uppercase=True, lowercase=True, digits=True,
+                      special_chars=True):
+    allowed = ''
+    if lowercase:
+        allowed = allowed + string.ascii_lowercase
+    if uppercase:
+        allowed = allowed + string.ascii_uppercase
+    if digits:
+        allowed = allowed + string.digits
+    if special_chars:
+        allowed = allowed + string.punctuation
+
+    password = ''.join(random.SystemRandom().choice(allowed)
+                       for _ in range(pass_len))
+    return password
+
+
+def zerome(string):
+    """
+    securely erase strings ...
+    for windows: ctypes.cdll.msvcrt.memset
+    """
+    bufsize = len(string) + 1
+    offset = sys.getsizeof(string) - bufsize
+    ctypes.memset(id(string) + offset, 0, bufsize)
+
+
+class CryptoException(Exception):
+    pass
+
+
+def get_digest(password, salt):
+    """
+    Get a digest based on clear text password
+    """
+    iterations = 5000
+    if isinstance(password, bytes):
+        password = password.decode()
+    try:
+        return PBKDF2(password, salt, dkLen=32, count=iterations)
+    except TypeError:
+        return PBKDF2(password, salt, iterations=iterations).read(32)
+
+
+def get_cipher(password, salt):
+    """
+    Create a chiper object from a hashed password
+    """
+    iv = os.urandom(AES.block_size)
+    dig = get_digest(password, salt)
+    chiper = AES.new(dig, AES.MODE_ECB, iv)
+    return chiper
+
+
+def prepare_data(text, block_size):
+    """
+    prepare data before encryption so the lenght matches the expected
+    lenght by the algorithm.
+    """
+    num_blocks = len(text)//block_size + 1
+    newdatasize = block_size*num_blocks
+    return text.ljust(newdatasize)
+
+
+class CryptoEngine(object):  # pagma: no cover
+    _timeoutcount = 0
+    _instance = None
+    _callback = None
+
+    @classmethod
+    def get(cls, timeout=-1):
+        if CryptoEngine._instance:
+            return CryptoEngine._instance
+
+        CryptoEngine._instance = CryptoEngine(timeout)
+        return CryptoEngine._instance
+
+    def __init__(self, salt=None, digest=None, algorithm='AES',
+                 timeout=-1, reader=None):
+        """
+        Initialise the Cryptographic Engine
+        """
+        self._algo = algorithm
+        self._digest = digest if digest else None
+        self._salt = salt if salt else None
+        self._timeout = timeout
+        self._cipher = None
+        self._reader = reader
+        self._callback = None
+        self._getsecret = None  # This is set in callback.setter
+
+    def authenticate(self, password):
+        """
+        salt and digest are stored in a file or a database
+        """
+        dig = get_digest(password, self._salt)
+        if binascii.hexlify(dig) == self._digest or dig == self._digest:
+            CryptoEngine._timeoutcount = time.time()
+            self._cipher = get_cipher(password, self._salt)
+            return True
+        return False
+
+    def _auth(self):
+        """
+        Read password from the user, if the password is correct,
+        finish the execution an return the password and salt which
+        are read from the file.
+        """
+        salt = self._salt
+        tries = 0
+        while tries < 5:
+            password = self._getsecret("Please type in your master password"
+                                       ).encode('utf-8')
+            if self.authenticate(password):
+                return password, salt
+
+            print("You entered a wrong password...")
+            tries += 1
+        raise CryptoException("You entered wrong password 5 times..")
+
+    def encrypt(self, text):
+        if not self._is_authenticated():
+            p, s = self._auth()
+            cipher = get_cipher(p, s)
+            self._cipher = cipher
+            del(p)
+
+        return encode_AES(self._cipher, prepare_data(text, AES.block_size))
+
+    def decrypt(self, cipher_text):
+        if not self._is_authenticated():
+            p, s = self._auth()
+            cipher = get_cipher(p, s)
+            self._cipher = cipher
+            del(p)
+
+        return decode_AES(self._cipher, prepare_data(cipher_text,
+                                                     AES.block_size))
+
+    def forget(self):
+        """
+        discard cipher
+        """
+        self._cipher = None
+
+    def _is_authenticated(self):
+        if not self._digest and not self._salt:
+            self._create_password()
+        if not self._is_timedout() and self._cipher is not None:
+            return True
+        return False
+
+    def _is_timedout(self):
+        if self._timeout > 0:
+            if (time.time() - CryptoEngine._timeoutcount) > self._timeout:
+                self._cipher = None
+            return True
+        return False
+
+    def changepassword(self, reader=raw_input):
+        if self._callback is None:
+            raise CryptoException("No callback class has been specified")
+
+        # if you change the password of the database you have to Change
+        # all the cipher texts in the databse!!!
+        self._keycrypted = self._create_password()
+        self.set_cryptedkey(self._keycrypted)
+        return self._keycrypted
+
+    @property
+    def callback(self):
+        """
+        return call back function
+        """
+        return self._callback
+
+    @callback.setter
+    def callback(self, callback):
+        if isinstance(callback, Callback):
+            self._callback = callback
+            self._getsecret = callback.getsecret
+        else:
+            raise Exception("callback must be an instance of Callback!")
+
+    def _create_password(self):
+        """
+        Create a secret password as a hash and the salt used for this hash.
+        Change reader to manipulate how input is given.
+        """
+        salt = base64.b64encode(os.urandom(32))
+        passwd = self._getsecret("Please type in the master password")
+        key = get_digest(passwd, salt)
+        hpk = salt+'$6$'.encode('utf8')+binascii.hexlify(key)
+        self._digest = key
+        self._salt = salt
+        self._cipher = get_cipher(passwd, salt)
+        return hpk.decode('utf-8')
+
+    def set_cryptedkey(self, key):
+        # TODO: rename this method!
+        salt, digest = key.split('$6$')
+        self._digest = digest.encode('utf-8')
+        self._salt = salt.encode('utf-8')
+
+    def get_cryptedkey(self):
+        # TODO: rename this method!
+        """
+        return _keycrypted
+        """
+        return self._salt.decode() + u'$6$' + self._digest.decode()