From 1436e1a8520370e03d126a720fe6f491a146bffe Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Wed, 30 Jan 2019 20:04:08 +0100 Subject: [PATCH] replace PyCrypto by cryptography --- Make.bat | 11 -------- requirements.txt | 1 - web/pgadmin/utils/crypto.py | 53 +++++++++++++++++++------------------ 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/Make.bat b/Make.bat index 8dd44a5c..e916ba03 100644 --- a/Make.bat +++ b/Make.bat @@ -181,11 +181,6 @@ REM Main build sequence Ends ECHO Creating virtual environment... IF NOT EXIST "%PGBUILDPATH%" MKDIR "%PGBUILDPATH%" - REM If we're using VC++, and this is Python 3.6+, we need a hack for PyCrypto - IF "%MAKE%" == "nmake" ( - IF %PYTHON_VERSION% GEQ 36 SET CL=-FI"%VCINSTALLDIR%\INCLUDE\stdint.h" - ) - CD "%PGBUILDPATH%" "%PYTHON_HOME%\Scripts\virtualenv.exe" "%VIRTUALENV%" @@ -255,12 +250,6 @@ REM Main build sequence Ends ECHO Removing Sphinx CALL pip uninstall -y sphinx Pygments alabaster colorama docutils imagesize requests snowballstemmer - IF %PYTHON_MAJOR% == 3 ( - ECHO Fixing PyCrypto module for Python 3... - CALL "%PYTHON_HOME%\python" "%WD%\pkg\win32\replace.py" "-i" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py" "-o" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py.new" "-s" "import winrandom" -r "from . import winrandom" - MOVE /Y "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py.new" "%PGBUILDPATH%\%VIRTUALENV%\Lib\site-packages\Crypto\Random\OSRNG\nt.py" - ) - ECHO Assembling runtime environment... CD "%WD%\runtime" diff --git a/requirements.txt b/requirements.txt index 92eae7dd..ad09e06d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,7 +18,6 @@ html5lib==1.0.1 linecache2==1.0.0 passlib==1.7.1 pbr==3.1.1 -pycrypto>=2.6.1 pyrsistent==0.14.2 python-mimeparse==1.6.0 pytz==2018.3 diff --git a/web/pgadmin/utils/crypto.py b/web/pgadmin/utils/crypto.py index 2538c71b..e03755f9 100644 --- a/web/pgadmin/utils/crypto.py +++ b/web/pgadmin/utils/crypto.py @@ -9,14 +9,21 @@ """This File Provides Cryptography.""" +from __future__ import division + import base64 import hashlib +import os -from Crypto import Random -from Crypto.Cipher import AES +import six -padding_string = b'}' +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.ciphers import Cipher +from cryptography.hazmat.primitives.ciphers.algorithms import AES +from cryptography.hazmat.primitives.ciphers.modes import CFB8 +padding_string = b'}' +iv_size = AES.block_size // 8 def encrypt(plaintext, key): """ @@ -27,15 +34,16 @@ def encrypt(plaintext, key): key -- Key for encryption. """ - iv = Random.new().read(AES.block_size) - cipher = AES.new(pad(key), AES.MODE_CFB, iv) + iv = os.urandom(iv_size) + cipher = Cipher(AES(pad(key)), CFB8(iv), default_backend()) + encryptor = cipher.encryptor() + # If user has entered non ascii password (Python2) # we have to encode it first - if hasattr(str, 'decode'): - plaintext = plaintext.encode('utf-8') - encrypted = base64.b64encode(iv + cipher.encrypt(plaintext)) + if isinstance(plaintext, six.text_type): + plaintext = plaintext.encode() - return encrypted + return base64.b64encode(iv + encryptor.update(plaintext) + encryptor.finalize()) def decrypt(ciphertext, key): @@ -47,36 +55,29 @@ def decrypt(ciphertext, key): key -- key to decrypt the encrypted string. """ - global padding_string - ciphertext = base64.b64decode(ciphertext) - iv = ciphertext[:AES.block_size] - cipher = AES.new(pad(key), AES.MODE_CFB, iv) - decrypted = cipher.decrypt(ciphertext[AES.block_size:]) + iv = ciphertext[:iv_size] - return decrypted + cipher = Cipher(AES(pad(key)), CFB8(iv), default_backend()) + decryptor = cipher.decryptor() + return decryptor.update(ciphertext[iv_size:]) + decryptor.finalize() def pad(key): """Add padding to the key.""" - global padding_string - str_len = len(key) + if isinstance(key, six.text_type): + key = key.encode() # Key must be maximum 32 bytes long, so take first 32 bytes - if str_len > 32: - return key[:32] + key = key[:32] - # If key size id 16, 24 or 32 bytes then padding not require - if str_len == 16 or str_len == 24 or str_len == 32: + # If key size is 16, 24 or 32 bytes then padding is not required + if len(key) in (16, 24, 32): return key - # Convert bytes to string (python3) - if not hasattr(str, 'decode'): - padding_string = padding_string.decode() - # Add padding to make key 32 bytes long - return key + ((32 - str_len % 32) * padding_string) + return key.ljust(32, padding_string) def pqencryptpassword(password, user): -- 2.20.1