woah

komrade/backend/caller.py

@@ -33,78 +33,6 @@ PATH_CRYPT_DATA = os.path.join(PATH_CALLER,'.ca.db.data.encr')
 
 #     def exists(self,*x,**y): return self.op.exists(*x,**y)
 
-
-class Caller(Keymaker):
-    PATH_CRYPT_KEYS=PATH_CRYPT_KEYS
-    PATH_CRYPT_DATA=PATH_CRYPT_DATA
-
-    ### INIT CODE
-    def __init__(self,name):
-        self.name=name
-        # self.op = TheOperator()
-
-    ## CRYPT BASICS
-
-    @property
-    def crypt_cell(self):
-        pass
-
-    ### CREATION OF KEYS
-    # def exists(self):
-        # return self.op.exists(self.name)
-
-    def get_new_keys(self,pubkey_pass = None, privkey_pass = None, adminkey_pass = None):
-        # Get keys back from The Operator
-        keychain = self.op.forge_keys(self.name)
-        self.log('create_keys() res from Operator? <-',res)
-        
-    def lock_new_keys(self,keychain):
-        # we're not going to store the decryptor keys directly though
-        passphrase=getpass.getpass('Forge the password of memory: ')
-        cell = SCellSeal(passphrase=passphrase)
-        # encrypt the decryptor keys
-        pubkey_decr_encr = cell.encrypt(keychain['pubkey_decr'])
-        privkey_decr_encr = cell.encrypt(keychain['privkey_decr'])
-        adminkey_decr_encr = cell.encrypt(keychain['adminkey_decr'])
-        
-        # set to crypt, like a caller
-        self.crypt_keys.set(self.name,pubkey_decr_encr,prefix='/pubkey_decr_encr/')
-        self.crypt_keys.set(keychain['pubkey_decr'],privkey_decr_encr,prefix='/privkey_decr_encr/')
-        self.crypt_keys.set(keychain['privkey_decr'],adminkey_decr_encr,prefix='/adminkey_decr_encr/')
-        
-        lock_keys_
-
-        assert type(res)==tuple and len(res)==3
-        (pubkey_decr, privkey_decr, adminkey_decr) = res
-
-        # double-encrypt what was received
-        pubkey_decr_decr_key,pubkey_decr_decr_cell = self.pubkey_decr_decr_keycell(passphrase=pubkey_pass)
-        self.log('pubkey_decr_decr_key <--',pubkey_decr_decr_key)
-        self.log('pubkey_decr_decr_cell <--',pubkey_decr_decr_cell)
-        self.log('pubkey_decr <--',pubkey_decr)
-        pubkey_decr_encr = pubkey_decr_decr_cell.encrypt(pubkey_decr)
-        self.log('pubkey_decr_encr <--',pubkey_decr_encr)
-
-        # privkey_decr_encr = privkey_passcell.encrypt(privkey_decr)
-        # self.log('pubkey_decr_encr <--',pubkey_decr_encr)
-
-        # adminkey_decr_encr = adminkey_passcell.encrypt(adminkey_decr)
-        # self.log('pubkey_decr_encr <--',pubkey_decr_encr)
-
-        # store double encrypted keys
-        self.crypt_keys.set(self.name,pubkey_decr_encr,prefix='/pubkey_decr_encr/')
-        # self.crypt_keys.set(pubkey_decr,privkey_decr_encr,prefix='/privkey_decr_encr/')
-        # self.crypt_keys.set(privkey_decr,adminkey_decr_encr,prefix='/adminkey_decr_encr/')
-        
-        # store decryption keys if not passworded?
-        if pubkey_decr_decr_key: self.crypt_keys.set(self.name,pubkey_decr_decr_key,prefix='/pubkey_decr_decr_key/')
-        # if privkey_passkey: self.crypt_keys.set(pubkey_decr,privkey_passkey,prefix='/privkey_decr_decr_key/')
-        # if adminkey_passkey: self.crypt_keys.set(privkey_decr,adminkey_passkey,prefix='/adminkey_decr_decr_key/')
-        
-        # done?
-
-
-
 if __name__ == '__main__':
     #caller = Caller('elon2')
     Op = Caller()

komrade/backend/keymaker.py

@@ -7,19 +7,25 @@ from pythemis.scell import SCellSeal
 from pythemis.exception import ThemisError
 import getpass,os
 
+PATH_KOMRADE = os.path.abspath(os.path.join(os.path.expanduser('~'),'.komrade'))
+PATH_OPERATOR = os.path.join(PATH_KOMRADE,'.operator')
+PATH_OPERATOR_PUBKEY = os.path.join(PATH_OPERATOR,'.op.key.pub.encr')
+PATH_OPERATOR_PRIVKEY = os.path.join(PATH_OPERATOR,'.op.key.priv.encr')
+PATH_CRYPT_KEYS = os.path.join(PATH_OPERATOR,'.op.db.keys.crypt')
+PATH_CRYPT_DATA = os.path.join(PATH_OPERATOR,'.op.db.data.encr')
 
 class Keymaker(Logger):
     ### BASE STORAGE
     @property
     def crypt_keys(self):
         if not hasattr(self,'_crypt_keys'):
-            self._crypt_keys = Crypt(fn=self.PATH_CRYPT_KEYS)
+            self._crypt_keys = Crypt(fn=PATH_CRYPT_KEYS)
         return self._crypt_keys
 
     @property
     def crypt_data(self):
         if not hasattr(self,'_crypt_data'):
-            self._crypt_data = Crypt(fn=self.PATH_CRYPT_DATA)
+            self._crypt_data = Crypt(fn=PATH_CRYPT_DATA)
         return self._crypt_data
 
 
@@ -155,3 +161,110 @@ class Keymaker(Logger):
         self.log(f'pass_cell [{q_name}] <--',pass_cell)
         return (pass_key, pass_cell)
 
+
+
+    def exists(self):
+        return self.crypt_keys.exists(self.name,prefix='/pubkey_encr/') or self.crypt_keys.exists(self.name,prefix='/pubkey_decr/') or self.crypt_keys.exists(self.name,prefix='/pubkey/')
+
+    ### CREATING KEYS
+    
+    def get_new_keys(self,pubkey_pass = None, privkey_pass = None, adminkey_pass = None):
+        # Get decryptor keys back from The Operator (one half of the Keymaker)
+        keychain = self.forge_keys(self.name)
+        self.log('create_keys() res from Operator? <-',res)
+
+        # Now lock the decryptor keys away, sealing it with a password of memory!
+        self.lock_new_keys(keychain)
+
+    def forge_new_keys(self,name,pubkey_is_public=False,return_all_keys=False):
+        self.log('forging new keys...')
+
+        # Create public and private keys
+        keypair = GenerateKeyPair(KEY_PAIR_TYPE.EC)
+        privkey = keypair.export_private_key()
+        pubkey = keypair.export_public_key()
+        adminkey = GenerateSymmetricKey()
+
+        # Create decryption/permission keys
+        pubkey_decr = GenerateSymmetricKey()
+        privkey_decr = GenerateSymmetricKey()
+        adminkey_decr = GenerateSymmetricKey() #SCellSeal(passphrase=passphrase)
+        
+        # Encrypt original keys
+        pubkey_encr = SCellSeal(key=pubkey_decr).encrypt(pubkey)
+        privkey_encr = SCellSeal(key=privkey_decr).encrypt(privkey)
+        adminkey_encr = SCellSeal(key=adminkey_decr).encrypt(adminkey)
+
+        # store encrypted on my hardware
+        self.crypt_keys.set(name,pubkey_encr,prefix='/pubkey_encr/')
+        self.crypt_keys.set(pubkey,privkey_encr,prefix='/privkey_encr/')
+        self.crypt_keys.set(privkey,adminkey_encr,prefix='/adminkey_encr/')
+
+        # store permissions file?
+        secret_admin_val = pubkey_encr + BSEP + b'find,read,admin'
+        if pubkey_is_public: secret_admin_val += b'*'+BSEP+b'find'
+        secret_admin_val_encr = SCellSeal(key=adminkey).encrypt(secret_admin_val)
+        self.crypt_keys.set(adminkey,secret_admin_val_encr,prefix='/permkey_encr/')
+
+        # keep public key?
+        if pubkey_is_public: self.crypt_keys.set(name,pubkey_decr,prefix='/pubkey_decr/')
+        
+        # send back decryption keys to client
+        if not return_all_keys: # default situation
+            keychain = {
+                'pubkey_decr':pubkey_decr,
+                'privkey_decr':privkey_decr,
+                'adminkey_decr':adminkey_decr
+            }
+        else: # only in special case!
+            keychain = {
+                'pubkey':pubkey,'pubkey_encr':pubkey_encr,'pubkey_decr':pubkey_decr,
+                'privkey':privkey,'privkey_encr':privkey_encr,'privkey_decr':privkey_decr,
+                'adminkey':adminkey,'adminkey_encr':adminkey_encr,'adminkey_decr':adminkey_decr
+            }
+        return keychain
+        
+
+        
+    def lock_new_keys(self,keychain):
+        # we're not going to store the decryptor keys directly though
+        passphrase=getpass.getpass('Forge the password of memory: ')
+        cell = SCellSeal(passphrase=passphrase)
+        # encrypt the decryptor keys
+        pubkey_decr_encr = cell.encrypt(keychain['pubkey_decr'])
+        privkey_decr_encr = cell.encrypt(keychain['privkey_decr'])
+        adminkey_decr_encr = cell.encrypt(keychain['adminkey_decr'])
+        
+        # set to crypt, like a caller
+        self.crypt_keys.set(self.name,pubkey_decr_encr,prefix='/pubkey_decr_encr/')
+        self.crypt_keys.set(keychain['pubkey_decr'],privkey_decr_encr,prefix='/privkey_decr_encr/')
+        self.crypt_keys.set(keychain['privkey_decr'],adminkey_decr_encr,prefix='/adminkey_decr_encr/')
+
+        assert type(res)==tuple and len(res)==3
+        (pubkey_decr, privkey_decr, adminkey_decr) = res
+
+        # double-encrypt what was received
+        pubkey_decr_decr_key,pubkey_decr_decr_cell = self.pubkey_decr_decr_keycell(passphrase=pubkey_pass)
+        self.log('pubkey_decr_decr_key <--',pubkey_decr_decr_key)
+        self.log('pubkey_decr_decr_cell <--',pubkey_decr_decr_cell)
+        self.log('pubkey_decr <--',pubkey_decr)
+        pubkey_decr_encr = pubkey_decr_decr_cell.encrypt(pubkey_decr)
+        self.log('pubkey_decr_encr <--',pubkey_decr_encr)
+
+        # privkey_decr_encr = privkey_passcell.encrypt(privkey_decr)
+        # self.log('pubkey_decr_encr <--',pubkey_decr_encr)
+
+        # adminkey_decr_encr = adminkey_passcell.encrypt(adminkey_decr)
+        # self.log('pubkey_decr_encr <--',pubkey_decr_encr)
+
+        # store double encrypted keys
+        self.crypt_keys.set(self.name,pubkey_decr_encr,prefix='/pubkey_decr_encr/')
+        # self.crypt_keys.set(pubkey_decr,privkey_decr_encr,prefix='/privkey_decr_encr/')
+        # self.crypt_keys.set(privkey_decr,adminkey_decr_encr,prefix='/adminkey_decr_encr/')
+        
+        # store decryption keys if not passworded?
+        if pubkey_decr_decr_key: self.crypt_keys.set(self.name,pubkey_decr_decr_key,prefix='/pubkey_decr_decr_key/')
+        # if privkey_passkey: self.crypt_keys.set(pubkey_decr,privkey_passkey,prefix='/privkey_decr_decr_key/')
+        # if adminkey_passkey: self.crypt_keys.set(privkey_decr,adminkey_passkey,prefix='/adminkey_decr_decr_key/')
+        
+        # done?

komrade/backend/operators.py

@@ -0,0 +1,134 @@
+"""
+There is only one operator!
+Running on node prime.
+"""
+import os,sys; sys.path.append(os.path.abspath(os.path.join(os.path.abspath(os.path.join(os.path.dirname(__file__),'..')),'..')))
+from komrade.backend.crypt import Crypt
+from komrade.backend.keymaker import Keymaker
+from flask import Flask
+from flask_classful import FlaskView
+from pythemis.skeygen import KEY_PAIR_TYPE, GenerateKeyPair
+from pythemis.smessage import SMessage, ssign, sverify
+from pythemis.skeygen import GenerateSymmetricKey
+from pythemis.scell import SCellSeal
+from pythemis.exception import ThemisError
+from base64 import b64encode,b64decode
+from komrade import KomradeException,Logger
+import getpass
+PATH_HERE = os.path.dirname(__file__)
+sys.path.append(PATH_HERE)
+from crypt import *
+### Constants
+BSEP=b'||||||||||'
+BSEP2=b'@@@@@@@@@@'
+BSEP3=b'##########'
+
+
+# paths
+PATH_KOMRADE = os.path.abspath(os.path.join(os.path.expanduser('~'),'.komrade'))
+PATH_OPERATOR = os.path.join(PATH_KOMRADE,'.operator')
+PATH_OPERATOR_PUBKEY = os.path.join(PATH_OPERATOR,'.op.key.pub.encr')
+PATH_OPERATOR_PRIVKEY = os.path.join(PATH_OPERATOR,'.op.key.priv.encr')
+PATH_CRYPT_KEYS = os.path.join(PATH_OPERATOR,'.op.db.keys.crypt')
+PATH_CRYPT_DATA = os.path.join(PATH_OPERATOR,'.op.db.data.encr')
+
+# init req paths
+if not os.path.exists(PATH_OPERATOR): os.makedirs(PATH_OPERATOR)
+
+
+
+
+class Operator(Keymaker):
+    ### INIT CODE
+    def __init__(self,name):
+        self.name=name
+        # self.op = TheOperator()
+
+    ## CRYPT BASICS
+    
+class Caller(Operator):
+    @property
+    def crypt_cell(self):
+        pass
+
+
+
+
+class TheOperator(Operator):
+    """
+    The operator.
+    """
+
+    def __init__(self, name = 'TheOperator'):
+        """
+        Boot up the operator. Requires knowing or setting a password of memory.
+        """
+        self.name = name
+
+        # Do I have my keys?
+        have_keys = self.have_keys()
+
+        # If not, forge them -- only once!
+        if not have_keys: self.forge_keys()
+
+        # load keys
+        # self.pubkey,self.privkey = self.get_op_keys()
+        
+        # That's it!
+
+    def login(self, name, keychain_encr):
+        pass
+
+
+
+
+
+
+
+
+
+
+class TheOperatorView(FlaskView):
+    route_prefix = '/'
+    def index(self):
+        print('hello')
+        return "<br>".join(quotes)
+
+    def something(self):
+        return 'something'
+
+
+
+
+
+
+def get_random_id():
+    import uuid
+    return uuid.uuid4().hex
+
+def get_random_binary_id():
+    import base64
+    idstr = get_random_id()
+    return base64.b64encode(idstr.encode())
+
+
+
+
+
+
+## Main
+
+def run_forever():
+    app = Flask(__name__)
+    TheOperator.register(app, route_base='/op/', route_prefix=None)
+    app.run(debug=True)
+
+if __name__ == '__main__':
+    #run_forever()
+
+    op = TheOperator()
+    
+    #print(op.crypt_keys.set('aaaa','1111'))
+
+    # print(op.crypt_keys.get('aaaa'))
+    # print(op.forge_keys())