##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
fix(encryptor): use a failsafe mechanism of detecting old algo for encryption to NOT crash the app when switching to fernet
super-admin -
r5363:7bfb02ec default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -30,15 +30,15 b' def encrypt_value(value: bytes, enc_key:'
30 30
31 31
32 32 def decrypt_value(value: bytes, enc_key: bytes, algo: str = '', strict_mode: bool = False):
33 enc_key = safe_bytes(enc_key)
34 value = safe_bytes(value)
33 35
34 36 if not algo:
35 37 # not explicit algo, just use what's set by config
36 algo = get_default_algo()
38 algo = Encryptor.detect_enc_algo(value) or get_default_algo()
37 39 if algo not in ALLOWED_ALGOS:
38 40 ValueError(f'Bad encryption algorithm, should be {ALLOWED_ALGOS}, got: {algo}')
39 41
40 enc_key = safe_bytes(enc_key)
41 value = safe_bytes(value)
42 42 safe = not strict_mode
43 43
44 44 if algo == 'aes':
Show file before | Show file after | Hide comments
@@ -23,8 +23,21 b' class InvalidDecryptedValue(str):'
23 23
24 24 class Encryptor(object):
25 25 key_format = b'enc2$salt:{1}$data:{2}'
26
26 27 pref_len = 5 # salt:, data:
27 28
29 @classmethod
30 def detect_enc_algo(cls, enc_data: bytes):
31 parts = enc_data.split(b'$', 3)
32 if len(parts) != 3:
33 raise ValueError(f'Encrypted Data has invalid format, expected {cls.key_format}, got {parts}')
34
35 if b'enc$aes_hmac$' in enc_data:
36 return 'aes'
37 elif b'enc2$salt' in enc_data:
38 return 'fernet'
39 return None
40
28 41 def __init__(self, enc_key: bytes):
29 42 self.enc_key = enc_key
30 43
General Comments 0
You need to be logged in to leave comments. Login now