Python v0.2.0

Author: martinthomson

python/.gitignore

@@ -0,0 +1,3 @@
+build/
+dist/
+*.egg-info/

python/MANIFEST.in

@@ -0,0 +1 @@
+include README.rst

python/README.rst

@@ -0,0 +1,26 @@
+encrypted-content-encoding
+==========================
+
+A simple implementation of the `HTTP encrypted
+content-encoding <https://tools.ietf.org/html/draft-nottingham-http-encryption-encoding>`_
+
+# Use
+
+```python
+import http_ece
+import os, base64
+
+key = os.urandom(16)
+salt = os.urandom(16)
+data = os.urandom(100)
+
+encrypted = http_ece.encrypt(data, salt=salt, key=key)
+decrypted = http_ece.decrypt(encrypted, salt=salt, key=key)
+assert data == decrypted
+```
+
+This also supports the static-ephemeral ECDH mode.
+
+# TODO
+
+Provide a streaming API

python/http_ece/__init__.py

@@ -56,7 +56,7 @@ def decryptRecord(key, nonce, counter, buffer):
             backend=default_backend()
         ).decryptor()
         data = decryptor.update(buffer[:-16]) + decryptor.finalize()
-        (pad,) = struct.unpack("!B", data[0]);
+        (pad,) = struct.unpack("!B", data[0:1]);
         if data[1:1+pad] != (b"\x00" * pad):
             raise Exception(u"Bad padding")
         data = data[1+pad:]
@@ -71,7 +71,7 @@ def decryptRecord(key, nonce, counter, buffer):
 
     result = b""
     counter = 0
-    for i in xrange(0, len(buffer), rs):
+    for i in list(range(0, len(buffer), rs)):
         result += decryptRecord(key_, nonce_, counter, buffer[i:i+rs])
         ++counter
     return result
@@ -96,7 +96,7 @@ def encryptRecord(key, nonce, counter, buffer):
     counter = 0
     # the extra one ensures that we produce a padding only record if the data
     # length is an exact multiple of rs-1
-    for i in xrange(0, len(buffer) + 1, rs):
+    for i in list(range(0, len(buffer) + 1, rs)):
         result += encryptRecord(key_, nonce_, counter, buffer[i:i+rs])
         ++counter
     return result

python/setup.cfg

@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal=1

python/setup.py

@@ -2,13 +2,20 @@
 
 setup(
     name='http_ece',
-    version='1.0.0',
+    version='0.2.0',
     author='Martin Thomson',
     author_email='martin.thomson@gmail.com',
     scripts=[],
     packages=['http_ece'],
     description='Encrypted Content Encoding for HTTP',
-    long_description='Enciper HTTP Messages',
+    long_description='Encipher HTTP Messages',
+    classifiers=[
+        'Development Status :: 3 - Alpha',
+        'License :: OSI Approved :: MIT License',
+        'Programming Language :: Python :: 2.7',
+        'Programming Language :: Python :: 3.4',
+    ],
+    keywords='crypto http',
     install_requires=[
         'pyelliptic', 'cryptography'
     ],

python/test.py

@@ -1,5 +1,4 @@
 import http_ece as ece
-import base64
 import os
 import struct
 import sys
@@ -14,22 +13,33 @@
 
 def log(arg):
     if (count == 1):
-        print arg
+        print(arg)
+def b64e(arg):
+    import base64
+    return base64.urlsafe_b64encode(arg).decode()
 
 def rlen():
     return struct.unpack_from('=H', os.urandom(2))[0]
 
 def encryptDecrypt(length, encryptParams, decryptParams=None):
     if decryptParams is None:
         decryptParams = encryptParams
-    log('Salt: ' + base64.urlsafe_b64encode(encryptParams['salt']))
+    log('Salt: ' + b64e(encryptParams['salt']))
     input = os.urandom(min(length, maxLen))
     # input = new Buffer('I am the walrus')
-    log('Input: ' + base64.urlsafe_b64encode(input))
-    encrypted = ece.encrypt(input, salt=encryptParams.get('salt'), key=encryptParams.get('key'), keyid=encryptParams.get('keyid'), dh=encryptParams.get('dh'), rs=encryptParams.get('rs'))
-    log('Encrypted: ' + base64.urlsafe_b64encode(encrypted))
-    decrypted = ece.decrypt(encrypted, salt=decryptParams.get('salt'), key=decryptParams.get('key'), keyid=decryptParams.get('keyid'), dh=decryptParams.get('dh'), rs=decryptParams.get('rs'))
-    log('Decrypted: ' + base64.urlsafe_b64encode(decrypted))
+    log('Input: ' + b64e(input))
+    encrypted = ece.encrypt(input, salt=encryptParams.get('salt'),
+                            key=encryptParams.get('key'),
+                            keyid=encryptParams.get('keyid'),
+                            dh=encryptParams.get('dh'),
+                            rs=encryptParams.get('rs'))
+    log('Encrypted: ' + b64e(encrypted))
+    decrypted = ece.decrypt(encrypted, salt=decryptParams.get('salt'),
+                            key=decryptParams.get('key'),
+                            keyid=decryptParams.get('keyid'),
+                            dh=decryptParams.get('dh'),
+                            rs=decryptParams.get('rs'))
+    log('Decrypted: ' + b64e(decrypted))
     assert input == decrypted
     log("----- OK");
 
@@ -40,7 +50,7 @@ def useExplicitKey():
         'salt': os.urandom(16),
         'rs': rlen() + 1
     }
-    log('Key: ' + base64.urlsafe_b64encode(params['key']))
+    log('Key: ' + b64e(params['key']))
     encryptDecrypt(rlen() + 1, params)
 
 
@@ -75,7 +85,7 @@ def detectTruncation():
 
 
 def useKeyId():
-    keyid = base64.urlsafe_b64encode(os.urandom(16))
+    keyid = b64e(os.urandom(16))
     key = os.urandom(16)
     ece.keys[keyid] = key
     params = {
@@ -90,26 +100,26 @@ def useKeyId():
 # doesn't even do ECDH; so this doesn't actually work
 def useDH():
     def isUncompressed(k):
-        b1 = k.get_pubkey()[0]
+        b1 = k.get_pubkey()[0:1]
         assert struct.unpack("B", b1)[0] == 4, 'is an uncompressed point'
 
     # the static key is used by the receiver
     staticKey = pyelliptic.ECC(curve='prime256v1')
     isUncompressed(staticKey)
-    staticKeyId = base64.urlsafe_b64encode(staticKey.get_pubkey()[1:])
+    staticKeyId = b64e(staticKey.get_pubkey()[1:])
     ece.keys[staticKeyId] = staticKey
 
-    log('Receiver private: ' + base64.urlsafe_b64encode(staticKey.get_privkey()))
-    log('Receiver public: ' + base64.urlsafe_b64encode(staticKey.get_pubkey()))
+    log('Receiver private: ' + b64e(staticKey.get_privkey()))
+    log('Receiver public: ' + b64e(staticKey.get_pubkey()))
 
     # the ephemeral key is used by the sender
     ephemeralKey = pyelliptic.ECC(curve='prime256v1')
     isUncompressed(ephemeralKey)
-    ephemeralKeyId = base64.urlsafe_b64encode(ephemeralKey.get_pubkey()[1:])
+    ephemeralKeyId = b64e(ephemeralKey.get_pubkey()[1:])
     ece.keys[ephemeralKeyId] = ephemeralKey
 
-    log('Sender private: ' + base64.urlsafe_b64encode(ephemeralKey.get_privkey()))
-    log('Sender public: ' + base64.urlsafe_b64encode(ephemeralKey.get_pubkey()))
+    log('Sender private: ' + b64e(ephemeralKey.get_privkey()))
+    log('Sender public: ' + b64e(ephemeralKey.get_pubkey()))
 
     encryptParams = {
         'keyid': ephemeralKeyId,
@@ -127,11 +137,11 @@ def isUncompressed(k):
     encryptDecrypt(rlen(), encryptParams, decryptParams)
 
 if __name__ == '__main__':
-    for i in range(0,count):
+    for i in list(range(0,count)):
         useExplicitKey()
         exactlyOneRecord()
         detectTruncation()
         useKeyId()
         useDH()
 
-    print 'All tests passed.'
+    print('All tests passed.')