1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Check for hash availability during vault operations

This commit is contained in:
James Tanner 2014-03-12 09:38:20 -04:00
parent e4805fe411
commit 0e38f5dfdc

View file

@ -182,7 +182,7 @@ class VaultEditor(object):
def create_file(self): def create_file(self):
""" create a new encrypted file """ """ create a new encrypted file """
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE) raise errors.AnsibleError(CRYPTO_UPGRADE)
if os.path.isfile(self.filename): if os.path.isfile(self.filename):
@ -199,7 +199,7 @@ class VaultEditor(object):
def decrypt_file(self): def decrypt_file(self):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE) raise errors.AnsibleError(CRYPTO_UPGRADE)
if not os.path.isfile(self.filename): if not os.path.isfile(self.filename):
@ -215,7 +215,7 @@ class VaultEditor(object):
def edit_file(self): def edit_file(self):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE) raise errors.AnsibleError(CRYPTO_UPGRADE)
# decrypt to tmpfile # decrypt to tmpfile
@ -245,7 +245,7 @@ class VaultEditor(object):
def encrypt_file(self): def encrypt_file(self):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE) raise errors.AnsibleError(CRYPTO_UPGRADE)
if not os.path.isfile(self.filename): if not os.path.isfile(self.filename):
@ -262,7 +262,7 @@ class VaultEditor(object):
def rekey_file(self, new_password): def rekey_file(self, new_password):
if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2 or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE) raise errors.AnsibleError(CRYPTO_UPGRADE)
# decrypt # decrypt
@ -420,6 +420,11 @@ class VaultAES256(object):
# http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html # http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
def __init__(self):
if not HAS_PBKDF2 or not HAS_COUNTER or not HAS_HASH:
raise errors.AnsibleError(CRYPTO_UPGRADE)
def gen_key_initctr(self, password, salt): def gen_key_initctr(self, password, salt):
# 16 for AES 128, 32 for AES256 # 16 for AES 128, 32 for AES256
keylength = 32 keylength = 32
@ -432,8 +437,6 @@ class VaultAES256(object):
# make two keys and one iv # make two keys and one iv
pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest() pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest()
if not HAS_PBKDF2:
raise errors.AnsibleError(CRYPTO_UPGRADE)
derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength, derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength,
count=10000, prf=pbkdf2_prf) count=10000, prf=pbkdf2_prf)
@ -460,8 +463,6 @@ class VaultAES256(object):
# 1) nbits (integer) - Length of the counter, in bits. # 1) nbits (integer) - Length of the counter, in bits.
# 2) initial_value (integer) - initial value of the counter. "iv" from gen_key_initctr # 2) initial_value (integer) - initial value of the counter. "iv" from gen_key_initctr
if not HAS_COUNTER:
raise errors.AnsibleError(CRYPTO_UPGRADE)
ctr = Counter.new(128, initial_value=long(iv, 16)) ctr = Counter.new(128, initial_value=long(iv, 16))
# AES.new PARAMETERS # AES.new PARAMETERS
@ -497,8 +498,6 @@ class VaultAES256(object):
return None return None
# SET THE COUNTER AND THE CIPHER # SET THE COUNTER AND THE CIPHER
if not HAS_COUNTER:
raise errors.AnsibleError(CRYPTO_UPGRADE)
ctr = Counter.new(128, initial_value=long(iv, 16)) ctr = Counter.new(128, initial_value=long(iv, 16))
cipher = AES.new(key1, AES.MODE_CTR, counter=ctr) cipher = AES.new(key1, AES.MODE_CTR, counter=ctr)