Skip to content
This repository was archived by the owner on Jan 24, 2025. It is now read-only.

Surya/core 9290/py triplesec v4 #19

Merged
merged 17 commits into from
Dec 4, 2018
Merged

Surya/core 9290/py triplesec v4 #19

merged 17 commits into from
Dec 4, 2018

Conversation

heronhaye
Copy link
Contributor

@heronhaye heronhaye commented Nov 27, 2018
edited
Loading

Resolves https://github.com/keybase/python-triplesec/issues/15 https://github.com/keybase/python-triplesec/issues/14

Wontfix's https://github.com/keybase/python-triplesec/issues/8 due to deprecating py2.6

  • use test vectors from node lib
  • do encryption test vector as well

heronhaye
heronhaye commented Nov 27, 2018
View reviewed changes
triplesec/utils.py Outdated

def __init__(self, string=b''):
self._obj = Crypto.Hash.keccak.new(digest_bits=512)
self.input = b""
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is storing this okay (used in copy)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Holding onto an empty string?

@heronhaye heronhaye requested a review from maxtaco November 27, 2018 20:03
heronhaye
heronhaye commented Nov 30, 2018
View reviewed changes
triplesec/__init__.py
try:
print(plaintext.decode('ascii', 'strict'))
except UnicodeDecodeError:
sys.stderr.write("Aborting: unable to decode plaintext as ASCII. Use -b to output binary.\n")
Copy link
Contributor Author

@heronhaye heronhaye Nov 30, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you think about this change? to avoid printing arbitrary unicode to console

maxtaco
maxtaco approved these changes Dec 3, 2018
View reviewed changes
triplesec/utils.py Outdated

def __init__(self, string=b''):
self._obj = Crypto.Hash.keccak.new(digest_bits=512)
self.input = b""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Holding onto an empty string?

triplesec/utils.py Outdated
def __init__(self, string=b''):
self._obj = Crypto.Hash.keccak.new(digest_bits=512)
self.input = b""
self.input += string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, you mean this....

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it can be called with some of the MAC key data in the HMAC construction, and therefore might be passing a MAC key around. That ok?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I usually assume that anything in the processes' memory is safe. But I saw a lot of scrubbing in the JS repo, is that necessary or just an extra precaution?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was an extra precaution and likely not ineffective since with interpreted languages, you never really know what happens to memory.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense. I got rid of this custom stuff entirely. And I finally figured out what caused the sudden change: pysha3 upgraded to 1.0 and changed the default sha3 function, but we weren't version locked so tests started failing (which I just now did). Still using the library since it provides keccak which the python stdlib doesn't.

@heronhaye heronhaye merged commit f68008a into master Dec 4, 2018
@heronhaye heronhaye deleted the surya/CORE-9290/py-triplesec-v4 branch December 4, 2018 15:33
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@maxtaco maxtaco maxtaco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incompatible with the Node.js version
2 participants
@heronhaye @maxtaco