encrypt.py
113 lines
| 3.9 KiB
| text/x-python
|
PythonLexer
| r1 | # -*- coding: utf-8 -*- | ||
| r1271 | # Copyright (C) 2014-2017 RhodeCode GmbH | ||
| r1 | # | ||
| # This program is free software: you can redistribute it and/or modify | |||
| # it under the terms of the GNU Affero General Public License, version 3 | |||
| # (only), as published by the Free Software Foundation. | |||
| # | |||
| # This program is distributed in the hope that it will be useful, | |||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
| # GNU General Public License for more details. | |||
| # | |||
| # You should have received a copy of the GNU Affero General Public License | |||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
| # | |||
| # This program is dual-licensed. If you wish to learn more about the | |||
| # RhodeCode Enterprise Edition, including its added features, Support services, | |||
| # and proprietary license terms, please see https://rhodecode.com/licenses/ | |||
| """ | |||
| Generic encryption library for RhodeCode | |||
| """ | |||
| import base64 | |||
| from Crypto.Cipher import AES | |||
| from Crypto import Random | |||
| r281 | from Crypto.Hash import HMAC, SHA256 | ||
| r1 | |||
| from rhodecode.lib.utils2 import safe_str | |||
| r281 | class SignatureVerificationError(Exception): | ||
| pass | |||
| class InvalidDecryptedValue(str): | |||
| def __new__(cls, content): | |||
| """ | |||
| This will generate something like this:: | |||
| <InvalidDecryptedValue(QkWusFgLJXR6m42v...)> | |||
| And represent a safe indicator that encryption key is broken | |||
| """ | |||
| content = '<{}({}...)>'.format(cls.__name__, content[:16]) | |||
| return str.__new__(cls, content) | |||
| r1 | class AESCipher(object): | ||
| r281 | def __init__(self, key, hmac=False, strict_verification=True): | ||
| r1 | if not key: | ||
| raise ValueError('passed key variable is empty') | |||
| r281 | self.strict_verification = strict_verification | ||
| r1 | self.block_size = 32 | ||
| r281 | self.hmac_size = 32 | ||
| self.hmac = hmac | |||
| self.key = SHA256.new(safe_str(key)).digest() | |||
| self.hmac_key = SHA256.new(self.key).digest() | |||
| def verify_hmac_signature(self, raw_data): | |||
| org_hmac_signature = raw_data[-self.hmac_size:] | |||
| data_without_sig = raw_data[:-self.hmac_size] | |||
| recomputed_hmac = HMAC.new( | |||
| self.hmac_key, data_without_sig, digestmod=SHA256).digest() | |||
| return org_hmac_signature == recomputed_hmac | |||
| r1 | |||
| def encrypt(self, raw): | |||
| raw = self._pad(raw) | |||
| iv = Random.new().read(AES.block_size) | |||
| cipher = AES.new(self.key, AES.MODE_CBC, iv) | |||
| r281 | enc_value = cipher.encrypt(raw) | ||
| hmac_signature = '' | |||
| if self.hmac: | |||
| # compute hmac+sha256 on iv + enc text, we use | |||
| # encrypt then mac method to create the signature | |||
| hmac_signature = HMAC.new( | |||
| self.hmac_key, iv + enc_value, digestmod=SHA256).digest() | |||
| return base64.b64encode(iv + enc_value + hmac_signature) | |||
| r1 | |||
| def decrypt(self, enc): | |||
| r281 | enc_org = enc | ||
| r1 | enc = base64.b64decode(enc) | ||
| r281 | |||
| if self.hmac and len(enc) > self.hmac_size: | |||
| if self.verify_hmac_signature(enc): | |||
| # cut off the HMAC verification digest | |||
| enc = enc[:-self.hmac_size] | |||
| else: | |||
| if self.strict_verification: | |||
| raise SignatureVerificationError( | |||
| "Encryption signature verification failed. " | |||
| "Please check your secret key, and/or encrypted value. " | |||
| "Secret key is stored as " | |||
| "`rhodecode.encrypted_values.secret` or " | |||
| "`beaker.session.secret` inside .ini file") | |||
| return InvalidDecryptedValue(enc_org) | |||
| r1 | iv = enc[:AES.block_size] | ||
| cipher = AES.new(self.key, AES.MODE_CBC, iv) | |||
| return self._unpad(cipher.decrypt(enc[AES.block_size:])) | |||
| def _pad(self, s): | |||
| return (s + (self.block_size - len(s) % self.block_size) | |||
| * chr(self.block_size - len(s) % self.block_size)) | |||
| @staticmethod | |||
| def _unpad(s): | |||
| return s[:-ord(s[len(s)-1:])] |
