public inbox for [email protected]  

help / color / mirror / Atom feed

Replace PyCrypto by cryptography
2+ messages / 2 participants
[nested] [flat]

* Replace PyCrypto by cryptography
@ 2019-01-30 19:54 Cyril Jouve <[email protected]>
  2019-01-31 14:57 ` Re: Replace PyCrypto by cryptography Dave Page <[email protected]>
  0 siblings, 1 reply; 2+ messages in thread

From: Cyril Jouve @ 2019-01-30 19:54 UTC (permalink / raw)
  To: pgadmin-hackers

Hello,

this removes the PyCrypto dependency and replace it by cryptography (3272
<https://redmine.postgresql.org/issues/3272;).

Regards,
Cyril


Attachments:

  [application/octet-stream] 0001-replace-PyCrypto-by-cryptography.patch (4.9K, 3-0001-replace-PyCrypto-by-cryptography.patch)
  download | inline diff:
From 1436e1a8520370e03d126a720fe6f491a146bffe Mon Sep 17 00:00:00 2001
From: Cyril Jouve <[email protected]>
Date: Wed, 30 Jan 2019 20:04:08 +0100
Subject: [PATCH] replace PyCrypto by cryptography

---
 Make.bat                    | 11 --------
 requirements.txt            |  1 -
 web/pgadmin/utils/crypto.py | 53 +++++++++++++++++++------------------
 3 files changed, 27 insertions(+), 38 deletions(-)

diff --git a/Make.bat b/Make.bat
index 8dd44a5c..e916ba03 100644
--- a/Make.bat
+++ b/Make.bat
@@ -181,11 +181,6 @@ REM Main build sequence Ends
     ECHO Creating virtual environment...
     IF NOT EXIST "%PGBUILDPATH%"  MKDIR "%PGBUILDPATH%"
     
-    REM If we're using VC++, and this is Python 3.6+, we need a hack for PyCrypto
-    IF "%MAKE%" == "nmake" (
-        IF %PYTHON_VERSION% GEQ 36 SET CL=-FI"%VCINSTALLDIR%\INCLUDE\stdint.h"
-    )
-
     CD "%PGBUILDPATH%"
     "%PYTHON_HOME%\Scripts\virtualenv.exe" "%VIRTUALENV%"
 
@@ -255,12 +250,6 @@ REM Main build sequence Ends
     ECHO Removing Sphinx
     CALL pip uninstall -y sphinx Pygments alabaster colorama docutils imagesize requests snowballstemmer
 
-    IF %PYTHON_MAJOR% == 3 (
-        ECHO Fixing PyCrypto module for Python 3...
-        CALL "%PYTHON_HOME%\python" "%WD%\pkg\win32\replace.py" "-i" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py" "-o" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py.new" "-s" "import winrandom" -r "from . import winrandom"
-        MOVE /Y "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py.new" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py"
-    )
-
     ECHO Assembling runtime environment...
     CD "%WD%\runtime"
 
diff --git a/requirements.txt b/requirements.txt
index 92eae7dd..ad09e06d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,7 +18,6 @@ html5lib==1.0.1
 linecache2==1.0.0
 passlib==1.7.1
 pbr==3.1.1
-pycrypto>=2.6.1
 pyrsistent==0.14.2
 python-mimeparse==1.6.0
 pytz==2018.3
diff --git a/web/pgadmin/utils/crypto.py b/web/pgadmin/utils/crypto.py
index 2538c71b..e03755f9 100644
--- a/web/pgadmin/utils/crypto.py
+++ b/web/pgadmin/utils/crypto.py
@@ -9,14 +9,21 @@
 
 """This File Provides Cryptography."""
 
+from __future__ import division
+
 import base64
 import hashlib
+import os
 
-from Crypto import Random
-from Crypto.Cipher import AES
+import six
 
-padding_string = b'}'
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.ciphers import Cipher
+from cryptography.hazmat.primitives.ciphers.algorithms import AES
+from cryptography.hazmat.primitives.ciphers.modes import CFB8
 
+padding_string = b'}'
+iv_size = AES.block_size // 8
 
 def encrypt(plaintext, key):
     """
@@ -27,15 +34,16 @@ def encrypt(plaintext, key):
         key       -- Key for encryption.
     """
 
-    iv = Random.new().read(AES.block_size)
-    cipher = AES.new(pad(key), AES.MODE_CFB, iv)
+    iv = os.urandom(iv_size)
+    cipher = Cipher(AES(pad(key)), CFB8(iv), default_backend())
+    encryptor = cipher.encryptor()
+
     # If user has entered non ascii password (Python2)
     # we have to encode it first
-    if hasattr(str, 'decode'):
-        plaintext = plaintext.encode('utf-8')
-    encrypted = base64.b64encode(iv + cipher.encrypt(plaintext))
+    if isinstance(plaintext, six.text_type):
+        plaintext = plaintext.encode()
 
-    return encrypted
+    return base64.b64encode(iv + encryptor.update(plaintext) + encryptor.finalize())
 
 
 def decrypt(ciphertext, key):
@@ -47,36 +55,29 @@ def decrypt(ciphertext, key):
         key        -- key to decrypt the encrypted string.
     """
 
-    global padding_string
-
     ciphertext = base64.b64decode(ciphertext)
-    iv = ciphertext[:AES.block_size]
-    cipher = AES.new(pad(key), AES.MODE_CFB, iv)
-    decrypted = cipher.decrypt(ciphertext[AES.block_size:])
+    iv = ciphertext[:iv_size]
 
-    return decrypted
+    cipher = Cipher(AES(pad(key)), CFB8(iv), default_backend())
+    decryptor = cipher.decryptor()
+    return decryptor.update(ciphertext[iv_size:]) + decryptor.finalize()
 
 
 def pad(key):
     """Add padding to the key."""
 
-    global padding_string
-    str_len = len(key)
+    if isinstance(key, six.text_type):
+        key = key.encode()
 
     # Key must be maximum 32 bytes long, so take first 32 bytes
-    if str_len > 32:
-        return key[:32]
+    key = key[:32]
 
-    # If key size id 16, 24 or 32 bytes then padding not require
-    if str_len == 16 or str_len == 24 or str_len == 32:
+    # If key size is 16, 24 or 32 bytes then padding is not required
+    if len(key) in (16, 24, 32):
         return key
 
-    # Convert bytes to string (python3)
-    if not hasattr(str, 'decode'):
-        padding_string = padding_string.decode()
-
     # Add padding to make key 32 bytes long
-    return key + ((32 - str_len % 32) * padding_string)
+    return key.ljust(32, padding_string)
 
 
 def pqencryptpassword(password, user):
-- 
2.20.1



^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: Replace PyCrypto by cryptography
  2019-01-30 19:54 Replace PyCrypto by cryptography Cyril Jouve <[email protected]>
@ 2019-01-31 14:57 ` Dave Page <[email protected]>
  0 siblings, 0 replies; 2+ messages in thread

From: Dave Page @ 2019-01-31 14:57 UTC (permalink / raw)
  To: Cyril Jouve <[email protected]>; +Cc: pgadmin-hackers

Thanks, patch applied.

On Wed, Jan 30, 2019 at 8:55 PM Cyril Jouve <[email protected]> wrote:
>
> Hello,
>
> this removes the PyCrypto dependency and replace it by cryptography (3272).
>
> Regards,
> Cyril



-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company





^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2019-01-31 14:57 UTC | newest]

Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2019-01-30 19:54 Replace PyCrypto by cryptography Cyril Jouve <[email protected]>
2019-01-31 14:57 ` Dave Page <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox