mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Check for hash availability during vault operations
This commit is contained in:
parent
e4805fe411
commit
0e38f5dfdc
1 changed files with 10 additions and 11 deletions
|
@ -182,7 +182,7 @@ class VaultEditor(object):
|
||||||
def create_file(self):
|
def create_file(self):
|
||||||
""" create a new encrypted file """
|
""" create a new encrypted file """
|
||||||
|
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
||||||
|
|
||||||
if os.path.isfile(self.filename):
|
if os.path.isfile(self.filename):
|
||||||
|
@ -199,7 +199,7 @@ class VaultEditor(object):
|
||||||
|
|
||||||
def decrypt_file(self):
|
def decrypt_file(self):
|
||||||
|
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
||||||
|
|
||||||
if not os.path.isfile(self.filename):
|
if not os.path.isfile(self.filename):
|
||||||
|
@ -215,7 +215,7 @@ class VaultEditor(object):
|
||||||
|
|
||||||
def edit_file(self):
|
def edit_file(self):
|
||||||
|
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
||||||
|
|
||||||
# decrypt to tmpfile
|
# decrypt to tmpfile
|
||||||
|
@ -245,7 +245,7 @@ class VaultEditor(object):
|
||||||
|
|
||||||
def encrypt_file(self):
|
def encrypt_file(self):
|
||||||
|
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
||||||
|
|
||||||
if not os.path.isfile(self.filename):
|
if not os.path.isfile(self.filename):
|
||||||
|
@ -262,7 +262,7 @@ class VaultEditor(object):
|
||||||
|
|
||||||
def rekey_file(self, new_password):
|
def rekey_file(self, new_password):
|
||||||
|
|
||||||
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
|
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
||||||
|
|
||||||
# decrypt
|
# decrypt
|
||||||
|
@ -420,6 +420,11 @@ class VaultAES256(object):
|
||||||
|
|
||||||
# http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
|
# http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
|
||||||
|
if not HAS_PBKDF2 or not HAS_COUNTER or not HAS_HASH:
|
||||||
|
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
||||||
|
|
||||||
def gen_key_initctr(self, password, salt):
|
def gen_key_initctr(self, password, salt):
|
||||||
# 16 for AES 128, 32 for AES256
|
# 16 for AES 128, 32 for AES256
|
||||||
keylength = 32
|
keylength = 32
|
||||||
|
@ -432,8 +437,6 @@ class VaultAES256(object):
|
||||||
# make two keys and one iv
|
# make two keys and one iv
|
||||||
pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest()
|
pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest()
|
||||||
|
|
||||||
if not HAS_PBKDF2:
|
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
|
||||||
|
|
||||||
derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength,
|
derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength,
|
||||||
count=10000, prf=pbkdf2_prf)
|
count=10000, prf=pbkdf2_prf)
|
||||||
|
@ -460,8 +463,6 @@ class VaultAES256(object):
|
||||||
# 1) nbits (integer) - Length of the counter, in bits.
|
# 1) nbits (integer) - Length of the counter, in bits.
|
||||||
# 2) initial_value (integer) - initial value of the counter. "iv" from gen_key_initctr
|
# 2) initial_value (integer) - initial value of the counter. "iv" from gen_key_initctr
|
||||||
|
|
||||||
if not HAS_COUNTER:
|
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
|
||||||
ctr = Counter.new(128, initial_value=long(iv, 16))
|
ctr = Counter.new(128, initial_value=long(iv, 16))
|
||||||
|
|
||||||
# AES.new PARAMETERS
|
# AES.new PARAMETERS
|
||||||
|
@ -497,8 +498,6 @@ class VaultAES256(object):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# SET THE COUNTER AND THE CIPHER
|
# SET THE COUNTER AND THE CIPHER
|
||||||
if not HAS_COUNTER:
|
|
||||||
raise errors.AnsibleError(CRYPTO_UPGRADE)
|
|
||||||
ctr = Counter.new(128, initial_value=long(iv, 16))
|
ctr = Counter.new(128, initial_value=long(iv, 16))
|
||||||
cipher = AES.new(key1, AES.MODE_CTR, counter=ctr)
|
cipher = AES.new(key1, AES.MODE_CTR, counter=ctr)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue