docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
3fd695cf8627bddf04ad83e8ddcc4e6ca89bfb08
quay/data/encryption.py
Kurtis Mullins 38be6d05d0 Python 3 (#153) 
* Convert all Python2 to Python3 syntax.

* Removes oauth2lib dependency

* Replace mockredis with fakeredis

* byte/str conversions

* Removes nonexisting __nonzero__ in Python3

* Python3 Dockerfile and related

* [PROJQUAY-98] Replace resumablehashlib with rehash

* PROJQUAY-123 - replace gpgme with python3-gpg

* [PROJQUAY-135] Fix unhashable class error

* Update external dependencies for Python 3

- Move github.com/app-registry/appr to github.com/quay/appr
- github.com/coderanger/supervisor-stdout
- github.com/DevTable/container-cloud-config
- Update to latest mockldap with changes applied from coreos/mockldap
- Update dependencies in requirements.txt and requirements-dev.txt

* Default FLOAT_REPR function to str in json encoder and removes keyword assignment

True, False, and str were not keywords in Python2...

* [PROJQUAY-165] Replace package `bencode` with `bencode.py`

- Bencode is not compatible with Python 3.x and is no longer
  maintained. Bencode.py appears to be a drop-in replacement/fork
  that is compatible with Python 3.

* Make sure monkey.patch is called before anything else (

* Removes anunidecode dependency and replaces it with text_unidecode

* Base64 encode/decode pickle dumps/loads when storing value in DB

Base64 encodes/decodes the serialized values when storing them in the
DB. Also make sure to return a Python3 string instead of a Bytes when
coercing for db, otherwise, Postgres' TEXT field will convert it into
a hex representation when storing the value.

* Implement __hash__ on Digest class

In Python 3, if a class defines __eq__() but not __hash__(), its
instances will not be usable as items in hashable collections (e.g sets).

* Remove basestring check

* Fix expected message in credentials tests

* Fix usage of Cryptography.Fernet for Python3 (#219)

- Specifically, this addresses the issue where Byte<->String
  conversions weren't being applied correctly.

* Fix utils

- tar+stream layer format utils
- filelike util

* Fix storage tests

* Fix endpoint tests

* Fix workers tests

* Fix docker's empty layer bytes

* Fix registry tests

* Appr

* Enable CI for Python 3.6

* Skip buildman tests

Skip buildman tests while it's being rewritten to allow ci to pass.

* Install swig for CI

* Update expected exception type in redis validation test

* Fix gpg signing calls

Fix gpg calls for updated gpg wrapper, and add signing tests.

* Convert / to // for Python3 integer division

* WIP: Update buildman to use asyncio instead of trollius.

This dependency is considered deprecated/abandoned and was only
used as an implementation/backport of asyncio on Python 2.x
This is a work in progress, and is included in the PR just to get the
rest of the tests passing. The builder is actually being rewritten.

* Target Python 3.8

* Removes unused files

- Removes unused files that were added accidentally while rebasing
- Small fixes/cleanup
- TODO tasks comments

* Add TODO to verify rehash backward compat with resumablehashlib

* Revert "[PROJQUAY-135] Fix unhashable class error" and implements __hash__ instead.

This reverts commit 735e38e3c1d072bf50ea864bc7e119a55d3a8976.
Instead, defines __hash__ for encryped fields class, using the parent
field's implementation.

* Remove some unused files ad imports

Co-authored-by: Kenny Lee Sin Cheong <kenny.lee@redhat.com>
Co-authored-by: Tom McKay <thomasmckay@redhat.com>
2020-06-05 16:50:13 -04:00

98 lines
3.2 KiB
Python
Raw Blame History

import os
import logging
import base64
from collections import namedtuple
from cryptography.hazmat.primitives.ciphers.aead import AESCCM
from util.security.secret import convert_secret_key
class DecryptionFailureException(Exception):
"""
Exception raised if a field could not be decrypted.
"""
EncryptionVersion = namedtuple("EncryptionVersion", ["prefix", "encrypt", "decrypt"])
logger = logging.getLogger(__name__)
_SEPARATOR = "$$"
AES_CCM_NONCE_LENGTH = 13
def _encrypt_ccm(secret_key, value, field_max_length=None):
aesccm = AESCCM(secret_key)
nonce = os.urandom(AES_CCM_NONCE_LENGTH)
ct = aesccm.encrypt(nonce, value.encode("utf-8"), None)
encrypted = base64.b64encode(nonce + ct).decode("utf-8")
if field_max_length:
msg = "Tried to encode a value too large for this field"
assert (len(encrypted) + _RESERVED_FIELD_SPACE) <= field_max_length, msg
return encrypted
def _decrypt_ccm(secret_key, value):
aesccm = AESCCM(secret_key)
try:
decoded = base64.b64decode(value)
nonce = decoded[:AES_CCM_NONCE_LENGTH]
ct = decoded[AES_CCM_NONCE_LENGTH:]
decrypted = aesccm.decrypt(nonce, ct, None)
return decrypted.decode("utf-8")
except Exception:
logger.exception("Got exception when trying to decrypt value `%s`", value)
raise DecryptionFailureException()
# Defines the versions of encryptions we support. This will allow us to upgrade to newer encryption
# protocols (fairly seamlessly) if need be in the future.
_VERSIONS = {
"v0": EncryptionVersion("v0", _encrypt_ccm, _decrypt_ccm),
}
_RESERVED_FIELD_SPACE = len(_SEPARATOR) + max([len(k) for k in list(_VERSIONS.keys())])
class FieldEncrypter(object):
"""
Helper object for defining how fields are encrypted and decrypted between the database and the
application.
"""
def __init__(self, secret_key, version="v0"):
# NOTE: secret_key will be None when the system is being first initialized, so we allow that
# case here, but make sure to assert that it is *not* None below if any encryption is actually
# needed.
self._secret_key = convert_secret_key(secret_key) if secret_key is not None else None
self._encryption_version = _VERSIONS[version]
def encrypt_value(self, value, field_max_length=None):
"""
Encrypts the value using the current version of encryption.
"""
assert self._secret_key is not None
encrypted_value = self._encryption_version.encrypt(
self._secret_key, value, field_max_length
)
return "%s%s%s" % (self._encryption_version.prefix, _SEPARATOR, encrypted_value)
def decrypt_value(self, value):
"""
Decrypts the value, returning it.
If the value cannot be decrypted raises a DecryptionFailureException.
"""
assert self._secret_key is not None
if _SEPARATOR not in value:
raise DecryptionFailureException("Invalid encrypted value")
version_prefix, data = value.split(_SEPARATOR, 1)
if version_prefix not in _VERSIONS:
raise DecryptionFailureException("Unknown version prefix %s" % version_prefix)
return _VERSIONS[version_prefix].decrypt(self._secret_key, data)
View Git Blame Copy Permalink