2 Solaris-specific and not suitable for upstream. |
2 Solaris-specific and not suitable for upstream. |
3 |
3 |
4 Convert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead |
4 Convert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead |
5 of PyCrypto. |
5 of PyCrypto. |
6 |
6 |
7 --- glance-2014.2.2/glance/common/crypt.py.~1~ 2014-08-07 12:01:58.000000000 -0700 |
7 --- glance-2015.1.2/glance/common/crypt.py.~1~ 2015-10-13 09:38:23.000000000 -0700 |
8 +++ glance-2014.2.2/glance/common/crypt.py 2014-08-09 21:36:53.351345980 -0700 |
8 +++ glance-2015.1.2/glance/common/crypt.py 2016-01-24 16:48:24.788282369 -0800 |
9 @@ -3,6 +3,8 @@ |
9 @@ -20,14 +20,30 @@ Routines for URL-safe encrypting/decrypt |
10 # Copyright 2011 OpenStack Foundation |
|
11 # All Rights Reserved. |
|
12 # |
|
13 +# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
|
14 +# |
|
15 # Licensed under the Apache License, Version 2.0 (the "License"); you may |
|
16 # not use this file except in compliance with the License. You may obtain |
|
17 # a copy of the License at |
|
18 @@ -20,10 +22,26 @@ |
|
19 """ |
10 """ |
20 |
11 |
21 import base64 |
12 import base64 |
22 +import os |
13 +import os |
23 + |
|
24 +from M2Crypto.EVP import Cipher |
|
25 + |
|
26 +from glance.common import exception |
|
27 + |
|
28 |
14 |
29 -from Crypto.Cipher import AES |
15 -from Crypto.Cipher import AES |
30 -from Crypto import Random |
16 -from Crypto import Random |
31 -from Crypto.Random import random |
17 -from Crypto.Random import random |
|
18 +from glance.common import exception |
|
19 + |
|
20 +from M2Crypto.EVP import Cipher |
|
21 # NOTE(jokke): simplified transition to py3, behaves like py2 xrange |
|
22 from six.moves import range |
|
23 |
|
24 |
32 +def _key_to_alg(key): |
25 +def _key_to_alg(key): |
33 + """Return a M2Crypto-compatible AES-CBC algorithm name given a key.""" |
26 + """Return a M2Crypto-compatible AES-CBC algorithm name given a key.""" |
34 + aes_algs = { |
27 + aes_algs = { |
35 + 128: 'aes_128_cbc', |
28 + 128: 'aes_128_cbc', |
36 + 192: 'aes_192_cbc', |
29 + 192: 'aes_192_cbc', |
40 + keylen = 8 * len(key) |
33 + keylen = 8 * len(key) |
41 + if keylen not in aes_algs: |
34 + if keylen not in aes_algs: |
42 + msg = ('Invalid AES key length, %d bits') % keylen |
35 + msg = ('Invalid AES key length, %d bits') % keylen |
43 + raise exception.Invalid(msg) |
36 + raise exception.Invalid(msg) |
44 + return aes_algs[keylen] |
37 + return aes_algs[keylen] |
45 |
38 + |
46 |
39 + |
47 def urlsafe_encrypt(key, plaintext, blocksize=16): |
40 def urlsafe_encrypt(key, plaintext, blocksize=16): |
48 @@ -35,20 +53,12 @@ |
41 """ |
|
42 Encrypts plaintext. Resulting ciphertext will contain URL-safe characters |
|
43 @@ -37,20 +53,12 @@ def urlsafe_encrypt(key, plaintext, bloc |
49 |
44 |
50 :returns : Resulting ciphertext |
45 :returns : Resulting ciphertext |
51 """ |
46 """ |
52 - def pad(text): |
47 - def pad(text): |
53 - """ |
48 - """ |
68 + padded = cipher.update(str(plaintext)) |
63 + padded = cipher.update(str(plaintext)) |
69 + padded = padded + cipher.final() |
64 + padded = padded + cipher.final() |
70 return base64.urlsafe_b64encode(init_vector + padded) |
65 return base64.urlsafe_b64encode(init_vector + padded) |
71 |
66 |
72 |
67 |
73 @@ -62,6 +72,7 @@ |
68 @@ -64,6 +72,7 @@ def urlsafe_decrypt(key, ciphertext): |
74 """ |
69 """ |
75 # Cast from unicode |
70 # Cast from unicode |
76 ciphertext = base64.urlsafe_b64decode(str(ciphertext)) |
71 ciphertext = base64.urlsafe_b64decode(str(ciphertext)) |
77 - cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16]) |
72 - cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16]) |
78 - padded = cypher.decrypt(ciphertext[16:]) |
73 - padded = cypher.decrypt(ciphertext[16:]) |