##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet
super-admin -
r5363:7bfb02ec default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -30,15 +30,15 b' def encrypt_value(value: bytes, enc_key:'
30
30
31
31
32 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
32 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
33 enc_key = safe_bytes(enc_key)
34 value = safe_bytes(value)
33
35
34 if not algo:
36 if not algo:
35 # not explicit algo, just use what's set by config
37 # not explicit algo, just use what's set by config
36 algo = get_default_algo()
38 algo = Encryptor.detect_enc_algo(value) or get_default_algo()
37 if algo not in ALLOWED_ALGOS:
39 if algo not in ALLOWED_ALGOS:
38 ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
40 ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
39
41
40 enc_key = safe_bytes(enc_key)
41 value = safe_bytes(value)
42 safe = not strict_mode
42 safe = not strict_mode
43
43
44 if algo == 'aes':
44 if algo == 'aes':
Show file before | Show file after | Hide comments
@@ -23,8 +23,21 b' class InvalidDecryptedValue(str):'
23
23
24 class Encryptor(object):
24 class Encryptor(object):
25 key_format = b'enc2$salt:{1}$data:{2}'
25 key_format = b'enc2$salt:{1}$data:{2}'
26
26 pref_len = 5 # salt:, data:
27 pref_len = 5 # salt:, data:
27
28
29 @classmethod
30 def detect_enc_algo(cls, enc_data: bytes):
31 parts = enc_data.split(b'$', 3)
32 if len(parts) != 3:
33 raise ValueError(f'Encrypted Data has invalid format, expected {cls.key_format}, got {parts}')
34
35 if b'enc$aes_hmac$' in enc_data:
36 return 'aes'
37 elif b'enc2$salt' in enc_data:
38 return 'fernet'
39 return None
40
28 def __init__(self, enc_key: bytes):
41 def __init__(self, enc_key: bytes):
29 self.enc_key = enc_key
42 self.enc_key = enc_key
30
43
General Comments 0
You need to be logged in to leave comments. Login now