Permalink
Browse files

[crypto] crypto upgrade

Change crypto library from OpenSSL to an embedded NaCl (TweetNaCl). This
changes the algorithms from:

 - RSA (encrypt) -> Curve25519 + symmetric
 - RSA (sign) -> Ed25519
 - HMAC (password verify) -> Poly1305 (maybe revert this)
 - AES -> XSalsa20
  • Loading branch information...
geertj committed Jun 2, 2014
1 parent ed60084 commit 039863d701f171f29981a43d5ac8d029f2a73c64
Showing with 2,893 additions and 1,000 deletions.
  1. +0 −616 bluepass/_openssl.c
  2. +5 −36 bluepass/crypto.py
  3. +126 −113 bluepass/model.py
  4. +385 −0 bluepass/nacl.py
  5. +100 −0 bluepass/nacl_ffi.py
  6. +62 −0 bluepass/scrypt.py
  7. +29 −0 bluepass/scrypt_ffi.py
  8. +22 −29 bluepass/syncapi.py
  9. +4 −4 setup.py
  10. +283 −0 src/crypto_scrypt-ref.c
  11. +46 −0 src/crypto_scrypt.h
  12. +27 −0 src/randombytes.c
  13. +411 −0 src/sha256.c
  14. +62 −0 src/sha256.h
  15. +126 −0 src/sysendian.h
  16. +809 −0 src/tweetnacl.c
  17. +272 −0 src/tweetnacl.h
  18. +12 −0 src/xor.c
  19. +0 −198 tests/test_crypto.py
  20. +4 −4 tests/test_model.py
  21. +80 −0 tests/test_nacl.py
  22. +28 −0 tests/test_scrypt.py
View

This file was deleted.

Oops, something went wrong.
View
@@ -7,47 +7,13 @@
# licensing terms.
import os
import time
import random
import hashlib
import uuid
import string
import hmac as hmaclib
import math
from bluepass import logging, base64
from bluepass._openssl import *
__all__ = []
_pbkdf2_speed = {}
def measure_pbkdf2_speed(prf='hmac-sha1'):
"""Measure the speed of PBKDF2 on this system."""
salt = password = '0123456789abcdef'
length = 1; count = 1000
log = logging.get_logger()
log.debug('starting PBKDF2 speed measurement')
start = time.time()
while True:
startrun = time.time()
pbkdf2(password, salt, count, length, prf)
endrun = time.time()
if endrun - startrun > 0.2:
break
count *= 2
end = time.time()
speed = int(count / (endrun - startrun))
log.debug('PBKDF2 speed is {:,} iterations/second', speed)
log.debug('PBKDF2 speed measurement took {:.2f} secs', (end - start))
return speed
def pbkdf2_speed(prf='hmac-sha1'):
"""Return the speed in rounds/second for generating a key
with PBKDF2 of up to the hash length size of `prf`."""
if prf not in _pbkdf2_speed:
_pbkdf2_speed[prf] = measure_pbkdf2_speed(prf)
return _pbkdf2_speed[prf]
from bluepass.nacl import *
from bluepass.scrypt import *
def random_bytes(count):
@@ -75,6 +41,9 @@ def random_element(elements):
return random.choice(elements)
import hashlib
import hmac as hmaclib
def _get_hash(name):
if not hasattr(hashlib, name):
raise ValueError('no such hash function: %s' % name)
View

Large diffs are not rendered by default.

Oops, something went wrong.
Oops, something went wrong.

0 comments on commit 039863d

Please sign in to comment.