glance/patches/01-nopycrypto.patch

	01-nopycrypto.patch revision 5403
2521N/AIn-house removal of PyCrypto dependency in Glance.  This patch is
2521N/ASolaris-specific and not suitable for upstream.
2521N/A
2521N/AConvert urlsafe_encrypt() and urlsafe_decrypt() to use M2Crypto instead
2521N/Aof PyCrypto.
2521N/A
5403N/A--- glance-2015.1.2/glance/common/crypt.py.~1~  2015-10-13 09:38:23.000000000 -0700
5403N/A+++ glance-2015.1.2/glance/common/crypt.py  2016-01-24 16:48:24.788282369 -0800
5403N/A@@ -20,14 +20,30 @@ Routines for URL-safe encrypting/decrypt
2521N/A """
2521N/A
2521N/A import base64
2521N/A+import os
2521N/A
2521N/A-from Crypto.Cipher import AES
2521N/A-from Crypto import Random
2521N/A-from Crypto.Random import random
5403N/A+from glance.common import exception
5403N/A+
5403N/A+from M2Crypto.EVP import Cipher
5403N/A # NOTE(jokke): simplified transition to py3, behaves like py2 xrange
5403N/A from six.moves import range
5403N/A
5403N/A
2521N/A+def _key_to_alg(key):
2521N/A+    """Return a M2Crypto-compatible AES-CBC algorithm name given a key."""
2521N/A+    aes_algs = {
2521N/A+        128: 'aes_128_cbc',
2521N/A+        192: 'aes_192_cbc',
2521N/A+        256: 'aes_256_cbc'
2521N/A+    }
2521N/A+
2521N/A+    keylen = 8 * len(key)
2521N/A+    if keylen not in aes_algs:
2521N/A+        msg = ('Invalid AES key length, %d bits') % keylen
2521N/A+        raise exception.Invalid(msg)
2521N/A+    return aes_algs[keylen]
5403N/A+
5403N/A+
2521N/A def urlsafe_encrypt(key, plaintext, blocksize=16):
5403N/A     """
5403N/A     Encrypts plaintext. Resulting ciphertext will contain URL-safe characters
5403N/A@@ -37,20 +53,12 @@ def urlsafe_encrypt(key, plaintext, bloc
2521N/A
2521N/A     :returns : Resulting ciphertext
2521N/A     """
2521N/A-    def pad(text):
2521N/A-        """
2521N/A-        Pads text to be encrypted
2521N/A-        """
2521N/A-        pad_length = (blocksize - len(text) % blocksize)
2521N/A-        sr = random.StrongRandom()
2521N/A-        pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
2521N/A-        # We use chr(0) as a delimiter between text and padding
2521N/A-        return text + chr(0) + pad
2521N/A
2521N/A     # random initial 16 bytes for CBC
2521N/A-    init_vector = Random.get_random_bytes(16)
2521N/A-    cypher = AES.new(key, AES.MODE_CBC, init_vector)
2521N/A-    padded = cypher.encrypt(pad(str(plaintext)))
2521N/A+    init_vector = os.urandom(16)
2521N/A+    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=init_vector, op=1)
2521N/A+    padded = cipher.update(str(plaintext))
2521N/A+    padded = padded + cipher.final()
2521N/A     return base64.urlsafe_b64encode(init_vector + padded)
2521N/A
2521N/A
5403N/A@@ -64,6 +72,7 @@ def urlsafe_decrypt(key, ciphertext):
2521N/A     """
2521N/A     # Cast from unicode
2521N/A     ciphertext = base64.urlsafe_b64decode(str(ciphertext))
2521N/A-    cypher = AES.new(key, AES.MODE_CBC, ciphertext[:16])
2521N/A-    padded = cypher.decrypt(ciphertext[16:])
2521N/A-    return padded[:padded.rfind(chr(0))]
2521N/A+    cipher = Cipher(alg=_key_to_alg(key), key=key, iv=ciphertext[:16], op=0)
2521N/A+    padded = cipher.update(ciphertext[16:])
2521N/A+    padded = padded + cipher.final()
2521N/A+    return padded