File: crypto_helpers.py

package info (click to toggle)
swift 2.35.1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 22,760 kB
  • sloc: python: 281,901; javascript: 1,059; sh: 619; pascal: 295; makefile: 81; xml: 32
file content (73 lines) | stat: -rw-r--r-- 2,596 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# Copyright (c) 2015-2016 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import base64

from swift.common.exceptions import UnknownSecretIdError
from swift.common.middleware.crypto.crypto_utils import Crypto
from swift.common.utils import md5


def fetch_crypto_keys(key_id=None):
    id_to_keys = {None: {'account': b'This is an account key 012345678',
                         'container': b'This is a container key 01234567',
                         'object': b'This is an object key 0123456789'},
                  'myid': {'account': b'This is an account key 123456789',
                           'container': b'This is a container key 12345678',
                           'object': b'This is an object key 1234567890'}}
    key_id = key_id or {}
    secret_id = key_id.get('secret_id') or None
    try:
        keys = dict(id_to_keys[secret_id])
    except KeyError:
        raise UnknownSecretIdError(secret_id)
    keys['id'] = {'v': 'fake', 'path': '/a/c/fake'}
    if secret_id:
        keys['id']['secret_id'] = secret_id
    keys['all_ids'] = [{'v': 'fake', 'path': '/a/c/fake'},
                       {'v': 'fake', 'path': '/a/c/fake', 'secret_id': 'myid'}]
    return keys


def md5hex(s):
    return md5(s, usedforsecurity=False).hexdigest()


def encrypt(val, key=None, iv=None, ctxt=None):
    if ctxt is None:
        ctxt = Crypto({}).create_encryption_ctxt(key, iv)
    enc_val = ctxt.update(val)
    return enc_val


def decrypt(key, iv, enc_val):
    dec_ctxt = Crypto({}).create_decryption_ctxt(key, iv, 0)
    dec_val = dec_ctxt.update(enc_val)
    return dec_val


FAKE_IV = b"This is an IV123"
# do not use this example encryption_root_secret in production, use a randomly
# generated value with high entropy
TEST_KEYMASTER_CONF = {
    'encryption_root_secret': base64.b64encode(b'x' * 32),
    'encryption_root_secret_1': base64.b64encode(b'y' * 32),
    'encryption_root_secret_2': base64.b64encode(b'z' * 32)
}


def fake_get_crypto_meta(**kwargs):
    meta = {'iv': FAKE_IV, 'cipher': Crypto.cipher}
    meta.update(kwargs)
    return meta