grassrootseconomics/clicada
8
0
Fork 0
Code Issues 6 Pull Requests 2 Projects Releases 2 Wiki Activity

Compare commits

base: grassrootseconomics:lash/response
Branches Tags
grassrootseconomics:master grassrootseconomics:lum/store_path grassrootseconomics:sohail/docs grassrootseconomics:lash/custom-ca grassrootseconomics:lash/0.0.6 grassrootseconomics:lash/encrypt grassrootseconomics:lash/thread grassrootseconomics:lash/store-tx grassrootseconomics:lash/response grassrootseconomics:lash/settable-meta-origin
grassrootseconomics:v0.1.3 grassrootseconomics:v0.1.2 grassrootseconomics:v0.1.1 grassrootseconomics:v0.1.0 grassrootseconomics:v0.0.9 grassrootseconomics:v0.0.8 grassrootseconomics:v0.0.7 grassrootseconomics:v0.0.6
..
compare: grassrootseconomics:v0.0.6
Branches Tags
grassrootseconomics:master grassrootseconomics:lum/store_path grassrootseconomics:sohail/docs grassrootseconomics:lash/custom-ca grassrootseconomics:lash/0.0.6 grassrootseconomics:lash/encrypt grassrootseconomics:lash/thread grassrootseconomics:lash/store-tx grassrootseconomics:lash/response grassrootseconomics:lash/settable-meta-origin
grassrootseconomics:v0.1.3 grassrootseconomics:v0.1.2 grassrootseconomics:v0.1.1 grassrootseconomics:v0.1.0 grassrootseconomics:v0.0.9 grassrootseconomics:v0.0.8 grassrootseconomics:v0.0.7 grassrootseconomics:v0.0.6

11 Commits
lash/respo ... v0.0.6

Author SHA1 Message Date
Mohamed Sohail
2f65aa37ff Merge pull request 'Release 0.0.6' (#13) from lash/0.0.6 into master 
release: v0.0.6
 2022-01-26 06:24:39 +00:00
lash
be7dea24ac Release 0.0.6 2022-01-24 17:03:54 +00:00
Mohamed Sohail
65b3d4d409 Merge pull request 'feat: Add cache encryption' (#9) from lash/encrypt into master 
Reviewed-on: #9
 2022-01-23 06:59:16 +00:00
lash
0bfe054b90 Auto-complete origin on missing port, magic shutil terminal size 2022-01-21 14:38:06 +00:00
lash
fe410e0fc6 Merge remote-tracking branch 'origin/master' into lash/encrypt 2022-01-21 11:29:41 +00:00
lash
3663665d91 Update packaging and deps 2022-01-21 11:28:22 +00:00
lash
b0f8f39d15 usability: WIP Friendly progress output (#4) 
This MR adds colorized progress statements when resolving and retrieving data for user. It disables logging if loglevel is set to default (logging.WARNING at this time).

It also skips metadata lookups that have failed in the same session, speeding up retrievals when same address repeatedly occurs in transaction list.

closes #6
closes #5

Co-authored-by: lash <dev@holbrook.no>
Reviewed-on: #4
Co-authored-by: lash <accounts-grassrootseconomics@holbrook.no>
Co-committed-by: lash <accounts-grassrootseconomics@holbrook.no>
 2022-01-21 11:11:23 +00:00
lash
140df0d1c6 Add pycryptodome dep 2022-01-21 11:09:17 +00:00
lash
c5b4c41db0 Bump version 2022-01-21 11:04:17 +00:00
lash
d302c5754c Add AES CTR with key as iv 2022-01-21 10:59:27 +00:00
lash
36b4fcab93 Add back crypt module 2022-01-21 10:15:43 +00:00
11 changed files with 102 additions and 16 deletions
Expand all files Collapse all files

2
CHANGELOG
View File

@@ -1,3 +1,5 @@
- 0.0.6
* Add cache encryption, with AES-CTR-128
- 0.0.5
* Replace logs with colorized progress output on default loglevel
* Do not repeat already failed metadata lookups

4
clicada/cli/arg.py
View File

@@ -1,7 +1,7 @@
# import notifier
from clicada.cli.notify import NotifyWriter
notifier = NotifyWriter()
notifier.notify('loading script')
#notifier.notify('loading script')
# standard imports
import os
@@ -22,6 +22,7 @@ from clicada.cli.http import (
HTTPSession,
PGPClientSession,
)
from clicada.crypt.aes import AESCTREncrypt
logg = logging.getLogger()
@@ -150,6 +151,7 @@ class CmdCtrl:
auth_db_path = self.get('AUTH_DB_PATH', default_auth_db_path)
self.__auth = PGPAuthCrypt(auth_db_path, self.get('AUTH_KEY'), self.get('AUTH_KEYRING_PATH'))
self.__auth.get_secret(self.get('AUTH_PASSPHRASE'))
self.encrypter = AESCTREncrypt(auth_db_path, self.__auth.secret)
def get(self, k, default=None):

6
clicada/cli/auth.py
View File

@@ -26,6 +26,7 @@ class PGPAuthCrypt:
raise AuthError('invalid key {}'.format(auth_key))
self.auth_key = auth_key
self.gpg = gnupg.GPG(gnupghome=pgp_dir)
self.secret = None
def get_secret(self, passphrase=''):
@@ -49,10 +50,11 @@ class PGPAuthCrypt:
f.write(secret.data)
f.close()
f = open(p, 'rb')
self.secret = self.gpg.decrypt_file(f, passphrase=passphrase)
if not self.secret.ok:
secret = self.gpg.decrypt_file(f, passphrase=passphrase)
if not secret.ok:
raise AuthError('could not decrypt encryption secret. wrong password?')
f.close()
self.secret = secret.data
self.__passphrase = passphrase

11
clicada/cli/http.py
View File

@@ -3,6 +3,7 @@ import hashlib
import urllib.parse
import os
import logging
from socket import getservbyname
# external imports
from usumbufu.client.base import (
@@ -48,7 +49,15 @@ class HTTPSession:
def __init__(self, url, auth=None, origin=None):
self.base_url = url
url_parts = urllib.parse.urlsplit(self.base_url)
url_parts_origin = (url_parts[0], url_parts[1], '', '', '',)
url_parts_origin_host = url_parts[1].split(":")
host = url_parts_origin_host[0]
try:
host = host + ':' + url_parts_origin_host[1]
except IndexError:
host = host + ':' + str(getservbyname(url_parts[0]))
logg.info('changed origin with missing port number from {} to {}'.format(url_parts[1], host))
url_parts_origin = (url_parts[0], host, '', '', '',)
self.origin = origin
if self.origin == None:
self.origin = urllib.parse.urlunsplit(url_parts_origin)

3
clicada/cli/notify.py
View File

@@ -1,12 +1,13 @@
# standard imports
import os
import sys
import shutil
class NotifyWriter:
def __init__(self, writer=sys.stdout):
(c, r) = os.get_terminal_size()
(c, r) = shutil.get_terminal_size()
self.cols = c
self.fmt = "\r{:" + "<{}".format(c) + "}"
self.w = writer

4
clicada/cli/user.py
View File

@@ -56,7 +56,7 @@ def execute(ctrl):
store_path = '.clicada'
user_phone_file_label = 'phone'
user_phone_store = FileUserStore(ctrl.opener('meta'), ctrl.chain(), user_phone_file_label, store_path, int(ctrl.get('FILESTORE_TTL')))
user_phone_store = FileUserStore(ctrl.opener('meta'), ctrl.chain(), user_phone_file_label, store_path, int(ctrl.get('FILESTORE_TTL')), encrypter=ctrl.encrypter)
ctrl.notify('resolving identifier {} to wallet address'.format(ctrl.get('_IDENTIFIER')))
user_address = user_phone_store.by_phone(ctrl.get('_IDENTIFIER'), update=ctrl.get('_FORCE'))
@@ -78,7 +78,7 @@ def execute(ctrl):
token_store = FileTokenStore(ctrl.chain(), ctrl.conn(), 'token', store_path)
user_address_file_label = 'address'
user_address_store = FileUserStore(ctrl.opener('meta'), ctrl.chain(), user_address_file_label, store_path, int(ctrl.get('FILESTORE_TTL')))
user_address_store = FileUserStore(ctrl.opener('meta'), ctrl.chain(), user_address_file_label, store_path, int(ctrl.get('FILESTORE_TTL')), encrypter=ctrl.encrypter)
ctrl.notify('resolving metadata for address {}'.format(user_address_normal))
try:

42
clicada/crypt/aes.py Normal file
View File

@@ -0,0 +1,42 @@
# standard imports
import os
import logging
import hashlib
from Crypto.Cipher import AES
from Crypto.Util import Counter
from .base import Encrypter
logg = logging.getLogger(__name__)
class AESCTREncrypt(Encrypter):
aes_block_size = 1 << 7
counter_bytes = int(128 / 8)
def __init__(self, db_dir, secret):
self.secret = secret
def key_to_iv(self, k):
h = hashlib.sha256()
h.update(k.encode('utf-8'))
h.update(self.secret)
z = h.digest()
return int.from_bytes(z[:self.counter_bytes], 'big')
def encrypt(self, k, v):
iv = self.key_to_iv(k)
ctr = Counter.new(self.aes_block_size, initial_value=iv)
cipher = AES.new(self.secret, AES.MODE_CTR, counter=ctr)
return cipher.encrypt(v)
def decrypt(self, k, v):
iv = self.key_to_iv(k)
ctr = Counter.new(self.aes_block_size, initial_value=iv)
cipher = AES.new(self.secret, AES.MODE_CTR, counter=ctr)
return cipher.decrypt(v)

8
clicada/crypt/base.py Normal file
View File

@@ -0,0 +1,8 @@
class Encrypter:
def encrypt(self, v):
raise NotImplementedError()
def decrypt(self, v):
raise NotImplementedError()

28
clicada/user/file.py
View File

@@ -65,7 +65,7 @@ class Account(Person):
class FileUserStore:
def __init__(self, metadata_opener, chain_spec, label, store_base_path, ttl):
def __init__(self, metadata_opener, chain_spec, label, store_base_path, ttl, encrypter=None):
invalidate_before = datetime.datetime.now() - datetime.timedelta(seconds=ttl)
self.invalidate_before = int(invalidate_before.timestamp())
self.have_xattr = False
@@ -82,6 +82,7 @@ class FileUserStore:
self.__validate_dir()
self.metadata_opener = metadata_opener
self.failed_entities = {}
self.encrypter = encrypter
def __validate_dir(self):
@@ -108,8 +109,14 @@ class FileUserStore:
if have_file and not its_time and not force:
raise FileExistsError('user resolution already exists for {}'.format(k))
f = open(p, 'w')
f.write(v)
ve = v
f = None
if self.encrypter != None:
ve = self.encrypter.encrypt(k, ve.encode('utf-8'))
f = open(p, 'wb')
else:
f = open(p, 'w')
f.write(ve)
f.close()
logg.info('added user store {} record {} -> {}'.format(self.label, k, v))
@@ -174,12 +181,21 @@ class FileUserStore:
self.__unstick(p)
self.check_expiry(p)
f = open(p, 'r')
r = f.read()
f = None
if self.encrypter != None:
f = open(p, 'rb')
else:
f = open(p, 'r')
v = f.read()
f.close()
if self.encrypter != None:
v = self.encrypter.decrypt(k, v)
logg.debug('>>>>>>>>>>>>< v decoded {}'.format(v))
v = v.decode('utf-8')
logg.debug('retrieved {} from {}'.format(k, p))
return r.strip()
return v.strip()
def by_phone(self, phone, update=False):

7
requirements.txt
View File

@@ -1,7 +1,10 @@
usumbufu~=0.3.4
confini~=0.5.1
usumbufu~=0.3.5
confini~=0.5.3
cic-eth-registry~=0.6.1
cic-types~=0.2.1a8
phonenumbers==8.12.12
eth-erc20~=0.1.2
hexathon~=0.1.0
pycryptodome~=3.10.1
chainlib-eth~=0.0.21
chainlib~=0.0.17

3
setup.cfg
View File

@@ -1,6 +1,6 @@
[metadata]
name = clicada
version = 0.0.5a1
version = 0.0.6
description = CLI CRM tool for the cic-stack custodial wallet system
author = Louis Holbrook
author_email = dev@holbrook.no
@@ -34,3 +34,4 @@ packages =
clicada.cli
clicada.tx
clicada.user
clicada.crypt