public inbox for [email protected]
help / color / mirror / Atom feedFrom: Cyril Jouve <[email protected]>
To: [email protected]
Subject: Replace PyCrypto by cryptography
Date: Wed, 30 Jan 2019 20:54:53 +0100
Message-ID: <CANhjAHztpj=yvbyq0x8+G+aZcZsm+drJTD9Kenyt+ALgCNAjTw@mail.gmail.com> (raw)
Hello,
this removes the PyCrypto dependency and replace it by cryptography (3272
<https://redmine.postgresql.org/issues/3272;).
Regards,
Cyril
Attachments:
[application/octet-stream] 0001-replace-PyCrypto-by-cryptography.patch (4.9K, 3-0001-replace-PyCrypto-by-cryptography.patch)
download | inline diff:
From 1436e1a8520370e03d126a720fe6f491a146bffe Mon Sep 17 00:00:00 2001
From: Cyril Jouve <[email protected]>
Date: Wed, 30 Jan 2019 20:04:08 +0100
Subject: [PATCH] replace PyCrypto by cryptography
---
Make.bat | 11 --------
requirements.txt | 1 -
web/pgadmin/utils/crypto.py | 53 +++++++++++++++++++------------------
3 files changed, 27 insertions(+), 38 deletions(-)
diff --git a/Make.bat b/Make.bat
index 8dd44a5c..e916ba03 100644
--- a/Make.bat
+++ b/Make.bat
@@ -181,11 +181,6 @@ REM Main build sequence Ends
ECHO Creating virtual environment...
IF NOT EXIST "%PGBUILDPATH%" MKDIR "%PGBUILDPATH%"
- REM If we're using VC++, and this is Python 3.6+, we need a hack for PyCrypto
- IF "%MAKE%" == "nmake" (
- IF %PYTHON_VERSION% GEQ 36 SET CL=-FI"%VCINSTALLDIR%\INCLUDE\stdint.h"
- )
-
CD "%PGBUILDPATH%"
"%PYTHON_HOME%\Scripts\virtualenv.exe" "%VIRTUALENV%"
@@ -255,12 +250,6 @@ REM Main build sequence Ends
ECHO Removing Sphinx
CALL pip uninstall -y sphinx Pygments alabaster colorama docutils imagesize requests snowballstemmer
- IF %PYTHON_MAJOR% == 3 (
- ECHO Fixing PyCrypto module for Python 3...
- CALL "%PYTHON_HOME%\python" "%WD%\pkg\win32\replace.py" "-i" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py" "-o" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py.new" "-s" "import winrandom" -r "from . import winrandom"
- MOVE /Y "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py.new" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py"
- )
-
ECHO Assembling runtime environment...
CD "%WD%\runtime"
diff --git a/requirements.txt b/requirements.txt
index 92eae7dd..ad09e06d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,7 +18,6 @@ html5lib==1.0.1
linecache2==1.0.0
passlib==1.7.1
pbr==3.1.1
-pycrypto>=2.6.1
pyrsistent==0.14.2
python-mimeparse==1.6.0
pytz==2018.3
diff --git a/web/pgadmin/utils/crypto.py b/web/pgadmin/utils/crypto.py
index 2538c71b..e03755f9 100644
--- a/web/pgadmin/utils/crypto.py
+++ b/web/pgadmin/utils/crypto.py
@@ -9,14 +9,21 @@
"""This File Provides Cryptography."""
+from __future__ import division
+
import base64
import hashlib
+import os
-from Crypto import Random
-from Crypto.Cipher import AES
+import six
-padding_string = b'}'
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.ciphers import Cipher
+from cryptography.hazmat.primitives.ciphers.algorithms import AES
+from cryptography.hazmat.primitives.ciphers.modes import CFB8
+padding_string = b'}'
+iv_size = AES.block_size // 8
def encrypt(plaintext, key):
"""
@@ -27,15 +34,16 @@ def encrypt(plaintext, key):
key -- Key for encryption.
"""
- iv = Random.new().read(AES.block_size)
- cipher = AES.new(pad(key), AES.MODE_CFB, iv)
+ iv = os.urandom(iv_size)
+ cipher = Cipher(AES(pad(key)), CFB8(iv), default_backend())
+ encryptor = cipher.encryptor()
+
# If user has entered non ascii password (Python2)
# we have to encode it first
- if hasattr(str, 'decode'):
- plaintext = plaintext.encode('utf-8')
- encrypted = base64.b64encode(iv + cipher.encrypt(plaintext))
+ if isinstance(plaintext, six.text_type):
+ plaintext = plaintext.encode()
- return encrypted
+ return base64.b64encode(iv + encryptor.update(plaintext) + encryptor.finalize())
def decrypt(ciphertext, key):
@@ -47,36 +55,29 @@ def decrypt(ciphertext, key):
key -- key to decrypt the encrypted string.
"""
- global padding_string
-
ciphertext = base64.b64decode(ciphertext)
- iv = ciphertext[:AES.block_size]
- cipher = AES.new(pad(key), AES.MODE_CFB, iv)
- decrypted = cipher.decrypt(ciphertext[AES.block_size:])
+ iv = ciphertext[:iv_size]
- return decrypted
+ cipher = Cipher(AES(pad(key)), CFB8(iv), default_backend())
+ decryptor = cipher.decryptor()
+ return decryptor.update(ciphertext[iv_size:]) + decryptor.finalize()
def pad(key):
"""Add padding to the key."""
- global padding_string
- str_len = len(key)
+ if isinstance(key, six.text_type):
+ key = key.encode()
# Key must be maximum 32 bytes long, so take first 32 bytes
- if str_len > 32:
- return key[:32]
+ key = key[:32]
- # If key size id 16, 24 or 32 bytes then padding not require
- if str_len == 16 or str_len == 24 or str_len == 32:
+ # If key size is 16, 24 or 32 bytes then padding is not required
+ if len(key) in (16, 24, 32):
return key
- # Convert bytes to string (python3)
- if not hasattr(str, 'decode'):
- padding_string = padding_string.decode()
-
# Add padding to make key 32 bytes long
- return key + ((32 - str_len % 32) * padding_string)
+ return key.ljust(32, padding_string)
def pqencryptpassword(password, user):
--
2.20.1
view thread (2+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: Replace PyCrypto by cryptography
In-Reply-To: <CANhjAHztpj=yvbyq0x8+G+aZcZsm+drJTD9Kenyt+ALgCNAjTw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox