0001-crypto-ensure-that-aes-cipher-salts-are-bytes-35584.patch
src/authentic2/crypto.py | ||
---|---|---|
26 | 26 |
from Crypto import Random |
27 | 27 | |
28 | 28 |
from django.utils.crypto import constant_time_compare |
29 |
from django.utils.encoding import force_bytes |
|
30 |
from django.utils.six import text_type |
|
29 | 31 | |
30 | 32 | |
31 | 33 |
class DecryptionError(Exception): |
... | ... | |
118 | 120 |
key_size = 16 |
119 | 121 |
hmac_size = key_size |
120 | 122 | |
123 |
if isinstance(salt, text_type): |
|
124 |
salt = force_bytes(salt) |
|
121 | 125 |
iv = hashmod.new(salt).digest() |
122 | 126 | |
123 | 127 |
def prf(secret, salt): |
... | ... | |
167 | 171 |
if not crypted or not hmac or prf(key, crypted)[:hmac_size] != hmac: |
168 | 172 |
raise DecryptionError('invalid HMAC') |
169 | 173 | |
174 |
if isinstance(salt, text_type): |
|
175 |
salt = force_bytes(salt) |
|
170 | 176 |
iv = hashmod.new(salt).digest() |
171 | 177 | |
172 | 178 |
aes_key = PBKDF2(key, iv, dkLen=key_size, count=count, prf=prf) |
173 |
- |