Show More
@@ -30,15 +30,15 b' def encrypt_value(value: bytes, enc_key:' | |||||
30 |
|
30 | |||
31 |
|
31 | |||
32 | def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False): |
|
32 | def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False): | |
|
33 | enc_key = safe_bytes(enc_key) | |||
|
34 | value = safe_bytes(value) | |||
33 |
|
35 | |||
34 | if not algo: |
|
36 | if not algo: | |
35 | # not explicit algo, just use what's set by config |
|
37 | # not explicit algo, just use what's set by config | |
36 | algo = get_default_algo() |
|
38 | algo = Encryptor.detect_enc_algo(value) or get_default_algo() | |
37 | if algo not in ALLOWED_ALGOS: |
|
39 | if algo not in ALLOWED_ALGOS: | |
38 | ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}') |
|
40 | ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}') | |
39 |
|
41 | |||
40 | enc_key = safe_bytes(enc_key) |
|
|||
41 | value = safe_bytes(value) |
|
|||
42 | safe = not strict_mode |
|
42 | safe = not strict_mode | |
43 |
|
43 | |||
44 | if algo == 'aes': |
|
44 | if algo == 'aes': |
@@ -23,8 +23,21 b' class InvalidDecryptedValue(str):' | |||||
23 |
|
23 | |||
24 | class Encryptor(object): |
|
24 | class Encryptor(object): | |
25 | key_format = b'enc2$salt:{1}$data:{2}' |
|
25 | key_format = b'enc2$salt:{1}$data:{2}' | |
|
26 | ||||
26 | pref_len = 5 # salt:, data: |
|
27 | pref_len = 5 # salt:, data: | |
27 |
|
28 | |||
|
29 | @classmethod | |||
|
30 | def detect_enc_algo(cls, enc_data: bytes): | |||
|
31 | parts = enc_data.split(b'$', 3) | |||
|
32 | if len(parts) != 3: | |||
|
33 | raise ValueError(f'Encrypted Data has invalid format, expected {cls.key_format}, got {parts}') | |||
|
34 | ||||
|
35 | if b'enc$aes_hmac$' in enc_data: | |||
|
36 | return 'aes' | |||
|
37 | elif b'enc2$salt' in enc_data: | |||
|
38 | return 'fernet' | |||
|
39 | return None | |||
|
40 | ||||
28 | def __init__(self, enc_key: bytes): |
|
41 | def __init__(self, enc_key: bytes): | |
29 | self.enc_key = enc_key |
|
42 | self.enc_key = enc_key | |
30 |
|
43 |
General Comments 0
You need to be logged in to leave comments.
Login now