entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

crypto: ensure that aes cipher salts are bytes (#35584)

This commit is contained in:
Paul Marillonnet 2019-08-27 12:03:11 +02:00
parent 8879c1d83b
commit 5f35895c87
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/authentic2/crypto.py
View File

@ -26,6 +26,8 @@ from Crypto.Hash import HMAC
from Crypto import Random
from django.utils.crypto import constant_time_compare
from django.utils.encoding import force_bytes
from django.utils.six import text_type
class DecryptionError(Exception):
@ -118,6 +120,8 @@ def aes_base64url_deterministic_encrypt(key, data, salt, hash_name='sha256', cou
key_size = 16
hmac_size = key_size
if isinstance(salt, text_type):
salt = force_bytes(salt)
iv = hashmod.new(salt).digest()
def prf(secret, salt):
@ -167,6 +171,8 @@ def aes_base64url_deterministic_decrypt(key, urlencoded, salt, raise_on_error=Tr
if not crypted or not hmac or prf(key, crypted)[:hmac_size] != hmac:
raise DecryptionError('invalid HMAC')
if isinstance(salt, text_type):
salt = force_bytes(salt)
iv = hashmod.new(salt).digest()
aes_key = PBKDF2(key, iv, dkLen=key_size, count=count, prf=prf)