crypto: ensure that aes cipher salts are bytes (#35584)
This commit is contained in:
parent
8879c1d83b
commit
5f35895c87
|
@ -26,6 +26,8 @@ from Crypto.Hash import HMAC
|
|||
from Crypto import Random
|
||||
|
||||
from django.utils.crypto import constant_time_compare
|
||||
from django.utils.encoding import force_bytes
|
||||
from django.utils.six import text_type
|
||||
|
||||
|
||||
class DecryptionError(Exception):
|
||||
|
@ -118,6 +120,8 @@ def aes_base64url_deterministic_encrypt(key, data, salt, hash_name='sha256', cou
|
|||
key_size = 16
|
||||
hmac_size = key_size
|
||||
|
||||
if isinstance(salt, text_type):
|
||||
salt = force_bytes(salt)
|
||||
iv = hashmod.new(salt).digest()
|
||||
|
||||
def prf(secret, salt):
|
||||
|
@ -167,6 +171,8 @@ def aes_base64url_deterministic_decrypt(key, urlencoded, salt, raise_on_error=Tr
|
|||
if not crypted or not hmac or prf(key, crypted)[:hmac_size] != hmac:
|
||||
raise DecryptionError('invalid HMAC')
|
||||
|
||||
if isinstance(salt, text_type):
|
||||
salt = force_bytes(salt)
|
||||
iv = hashmod.new(salt).digest()
|
||||
|
||||
aes_key = PBKDF2(key, iv, dkLen=key_size, count=count, prf=prf)
|
||||
|
|
Loading…
Reference in New Issue