0001-crypto-ensure-that-aes-cipher-salts-are-bytes-35584.patch
| src/authentic2/crypto.py | ||
|---|---|---|
| 26 | 26 |
from Crypto import Random |
| 27 | 27 | |
| 28 | 28 |
from django.utils.crypto import constant_time_compare |
| 29 |
from django.utils.encoding import force_bytes |
|
| 30 |
from django.utils.six import text_type |
|
| 29 | 31 | |
| 30 | 32 | |
| 31 | 33 |
class DecryptionError(Exception): |
| ... | ... | |
| 118 | 120 |
key_size = 16 |
| 119 | 121 |
hmac_size = key_size |
| 120 | 122 | |
| 123 |
if isinstance(salt, text_type): |
|
| 124 |
salt = force_bytes(salt) |
|
| 121 | 125 |
iv = hashmod.new(salt).digest() |
| 122 | 126 | |
| 123 | 127 |
def prf(secret, salt): |
| ... | ... | |
| 167 | 171 |
if not crypted or not hmac or prf(key, crypted)[:hmac_size] != hmac: |
| 168 | 172 |
raise DecryptionError('invalid HMAC')
|
| 169 | 173 | |
| 174 |
if isinstance(salt, text_type): |
|
| 175 |
salt = force_bytes(salt) |
|
| 170 | 176 |
iv = hashmod.new(salt).digest() |
| 171 | 177 | |
| 172 | 178 |
aes_key = PBKDF2(key, iv, dkLen=key_size, count=count, prf=prf) |
| 173 |
- |
|