upstream/oracle/userland-gate: components/openstack/heat/patches/02-nopycrypto.patch@f8d3bc724af7 (annotated)

2025 8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	In-house removal of PyCrypto dependency in Heat. This patch is
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2	Solaris-specific and not suitable for upstream.
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3
6850 f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	4	--- heat-5e1c8cb19eaee7570c2e1ca96c330b8d7d77a719/heat/common/crypt.py.~2~ 2016-02-02 01:40:32.301153073 -0800
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	5	+++ heat-5e1c8cb19eaee7570c2e1ca96c330b8d7d77a719/heat/common/crypt.py 2016-02-02 01:40:52.942307172 -0800
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	6	@@ -14,7 +14,6 @@
2025 8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	import base64
6850 f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	8	import sys
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	9
2025 8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	-from Crypto.Cipher import AES
6850 f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	11	from cryptography import fernet
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	12	from oslo_config import cfg
6850 f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	13	from oslo_utils import encodeutils
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	14	@@ -88,9 +87,11 @@ def heat_decrypt(value, encryption_key=N
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	15	"""
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	16	encryption_key = get_valid_encryption_key(encryption_key)
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	17	auth = base64.b64decode(value)
2025 8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	18	- iv = auth[:AES.block_size]
6850 f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	19	- cipher = AES.new(encryption_key, AES.MODE_CFB, iv)
2025 8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20	- res = cipher.decrypt(auth[AES.block_size:])
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	21	+ iv = auth[:16]
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	+ cipher = Cipher(alg='aes_256_cfb', key=cfg.CONF.auth_encryption_key[:32],
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23	+ iv=iv, op=0)
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	24	+ padded = cipher.update(auth[16:])
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	25	+ res = padded + cipher.final()
8dbf23e740f2 PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26	return res
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	27
66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	28
6850 f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	29	--- heat-5e1c8cb19eaee7570c2e1ca96c330b8d7d77a719/heat/openstack/common/crypto/utils.py.~2~ 2016-02-02 01:41:07.005491185 -0800
f8d3bc724af7 24465652 Update Heat for the Mitaka release Laszlo Peter <laszlo.peter@oracle.com> parents: 5405 diff changeset	30	+++ heat-5e1c8cb19eaee7570c2e1ca96c330b8d7d77a719/heat/openstack/common/crypto/utils.py 2016-02-02 01:50:03.227200903 -0800
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	31	@@ -27,8 +27,8 @@
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	32
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	33	import base64
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	34
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	35	-from Crypto.Hash import HMAC
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	36	-from Crypto import Random
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	37	+from M2Crypto import EVP
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	38	+from M2Crypto import Rand
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	39	from oslo_utils import importutils
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	40	import six
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	41
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	42	@@ -36,6 +36,24 @@ from heat.openstack.common._i18n import
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	43
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	44	bchr = six.int2byte
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	45
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	46	+# Provide a mapping between the names of hash types used by PyCrypto to
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	47	+# their digest sizes and the corresponding algorithm name used by
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	48	+# M2Crypto/OpenSSL.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	49	+hashmap = {
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	50	+ 'SHA224': (28, 'sha224'),
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	51	+ 'SHA256': (32, 'sha256'),
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	52	+ 'SHA384': (48, 'sha384'),
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	53	+ 'SHA512': (64, 'sha512')
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	54	+}
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	55	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	56	+# Provide a mapping between the length of a key and the algorithm name
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	57	+# used by M2Crypto/OpenSSL.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	58	+algomap = {
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	59	+ 16: 'aes_128_cbc',
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	60	+ 24: 'aes_192_cbc',
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	61	+ 32: 'aes_256_cbc'
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	62	+}
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	63	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	64
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	65	class CryptoutilsException(Exception):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	66	"""Generic Exception for Crypto utilities."""
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	67	@@ -52,6 +70,33 @@ class CipherBlockLengthTooBig(Cryptoutil
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	68	super(CryptoutilsException, self).__init__(message)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	69
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	70
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	71	+class CipherKeyLengthInvalid(CryptoutilsException):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	72	+ """The encryption key length is invalid for AES-CBC."""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	73	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	74	+ def __init__(self, keylen):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	75	+ msg = _("Encryption key length of %d is invalid for AES-CBC.")
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	76	+ message = msg % keylen
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	77	+ super(CryptoutilsException, self).__init__(message)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	78	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	79	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	80	+class CipherTypeNotSupported(CryptoutilsException):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	81	+ """The encryption cipher type is not supported."""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	82	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	83	+ def __init__(self, enctype):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	84	+ msg = _("Encryption cipher type %s is not supported")
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	85	+ message = msg % enctype
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	86	+ super(CryptoutilsException, self).__init__(message)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	87	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	88	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	89	+class HashTypeNotSupported(CryptoutilsException):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	90	+ """The message authentication hash function is not supported."""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	91	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	92	+ def __init__(self, hashtype):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	93	+ msg = _("Message authentication hash function %s is not supported")
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	94	+ message = msg % hashtype
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	95	+ super(CryptoutilsException, self).__init__(message)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	96	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	97	+
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	98	class HKDFOutputLengthTooLong(CryptoutilsException):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	99	"""The amount of Key Material asked is too much."""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	100
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	101	@@ -68,8 +113,10 @@ class HKDF(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	102	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	103
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	104	def __init__(self, hashtype='SHA256'):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	105	- self.hashfn = importutils.import_module('Crypto.Hash.' + hashtype)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	106	- self.max_okm_length = 255 * self.hashfn.digest_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	107	+ if hashtype not in hashmap:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	108	+ raise HashTypeNotSupported(hashtype)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	109	+ (self.digest_size, self.algo) = hashmap[hashtype]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	110	+ self.max_okm_length = 255 * self.digest_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	111
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	112	def extract(self, ikm, salt=None):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	113	"""An extract function that can be used to derive a robust key given
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	114	@@ -80,9 +127,9 @@ class HKDF(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	115	:param salt: optional salt value (a non-secret random value)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	116	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	117	if salt is None:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	118	- salt = b'\x00' * self.hashfn.digest_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	119	+ salt = b'\x00' * self.digest_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	120
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	121	- return HMAC.new(salt, ikm, self.hashfn).digest()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	122	+ return EVP.hmac(salt, ikm, self.algo)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	123
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	124	def expand(self, prk, info, length):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	125	"""An expand function that will return arbitrary length output that can
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	126	@@ -96,12 +143,12 @@ class HKDF(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	127	if length > self.max_okm_length:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	128	raise HKDFOutputLengthTooLong(length, self.max_okm_length)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	129
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	130	- N = (length + self.hashfn.digest_size - 1) // self.hashfn.digest_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	131	+ N = (length + self.digest_size - 1) // self.digest_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	132
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	133	okm = b""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	134	tmp = b""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	135	for block in range(1, N + 1):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	136	- tmp = HMAC.new(prk, tmp + info + bchr(block), self.hashfn).digest()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	137	+ tmp = EVP.hmac(prk, tmp + info + bchr(block), self.algo)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	138	okm += tmp
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	139
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	140	return okm[:length]
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	141	@@ -121,11 +168,15 @@ class SymmetricCrypto(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	142	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	143
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	144	def __init__(self, enctype='AES', hashtype='SHA256'):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	145	- self.cipher = importutils.import_module('Crypto.Cipher.' + enctype)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	146	- self.hashfn = importutils.import_module('Crypto.Hash.' + hashtype)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	147	+ if enctype != 'AES':
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	148	+ raise CipherTypeNotSupported(enctype)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	149	+ if hashtype not in hashmap:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	150	+ raise HashTypeNotSupported(hashtype)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	151	+ self.algo = hashmap[hashtype][1]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	152	+ self.block_size = 16
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	153
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	154	def new_key(self, size):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	155	- return Random.new().read(size)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	156	+ return Rand.rand_bytes(size)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	157
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	158	def encrypt(self, key, msg, b64encode=True):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	159	"""Encrypt the provided msg and returns the cyphertext optionally
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	160	@@ -142,19 +193,14 @@ class SymmetricCrypto(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	161
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	162	:returns enc: a block of encrypted data.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	163	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	164	- iv = Random.new().read(self.cipher.block_size)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	165	- cipher = self.cipher.new(key, self.cipher.MODE_CBC, iv)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	166	-
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	167	- # CBC mode requires a fixed block size. Append padding and length of
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	168	- # padding.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	169	- if self.cipher.block_size > MAX_CB_SIZE:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	170	- raise CipherBlockLengthTooBig(self.cipher.block_size, MAX_CB_SIZE)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	171	- r = len(msg) % self.cipher.block_size
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	172	- padlen = self.cipher.block_size - r - 1
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	173	- msg += b'\x00' * padlen
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	174	- msg += bchr(padlen)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	175	+ keylen = len(key)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	176	+ if keylen not in algomap:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	177	+ raise CipherKeyLengthInvalid(keylen)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	178	+ iv = Rand.rand_bytes(self.block_size)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	179	+ cipher = EVP.Cipher(algomap[keylen], key, iv, 1)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	180
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	181	- enc = iv + cipher.encrypt(msg)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	182	+ enc = iv + cipher.update(msg)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	183	+ enc += cipher.final()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	184	if b64encode:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	185	enc = base64.b64encode(enc)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	186	return enc
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	187	@@ -170,14 +216,16 @@ class SymmetricCrypto(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	188
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	189	:returns plain: the plaintext message.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	190	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	191	+ keylen = len(key)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	192	+ if keylen not in algomap:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	193	+ raise CipherKeyLengthInvalid(keylen)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	194	if b64decode:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	195	msg = base64.b64decode(msg)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	196	- iv = msg[:self.cipher.block_size]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	197	- cipher = self.cipher.new(key, self.cipher.MODE_CBC, iv)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	198	+ iv = msg[:self.block_size]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	199	+ cipher = EVP.Cipher(algomap[keylen], key, iv, 0)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	200
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	201	- padded = cipher.decrypt(msg[self.cipher.block_size:])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	202	- l = ord(padded[-1:]) + 1
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	203	- plain = padded[:-l]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	204	+ padded = cipher.update(msg[self.block_size:])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	205	+ plain = padded + cipher.final()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	206	return plain
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	207
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	208	def sign(self, key, msg, b64encode=True):
5405 66fd59fecd68 PSARC 2015/535 OpenStack service updates for Kilo Devjani Ray <devjani.ray@oracle.com> parents: 3998 diff changeset	209	@@ -190,8 +238,7 @@ class SymmetricCrypto(object):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	210
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	211	:returns out: a base64 encoded signature.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	212	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	213	- h = HMAC.new(key, msg, self.hashfn)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	214	- out = h.digest()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	215	+ out = EVP.hmac(key, msg, self.algo)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	216	if b64encode:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	217	out = base64.b64encode(out)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2025 diff changeset	218	return out

author	Laszlo Peter <laszlo.peter@oracle.com>
	Wed, 07 Sep 2016 14:48:41 -0700
changeset 6850	f8d3bc724af7
parent 5405	66fd59fecd68
permissions	-rw-r--r--