Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cubicweb/crypto.py
author Jérémy Bobbio <jeremy.bobbio@irq7.fr>
Wed, 19 Jun 2019 15:44:17 +0200
changeset 12655 5b0ce10a7046
parent 12626 32ee89340e59
permissions -rw-r--r--
[crypto] Use Cryptodome namespace instead of Crypto PyCryptodome comes in two flavors: “an almost drop-in replacement for the old PyCrypto library” and “a library independent of the old PyCrypto”. The former uses the Crypto namespace, and is shipped as `pycryptodome` while the latter uses Cryptodome instead and lies in the `pycryptodomex` package. Given the reason to switch to PyCryptodome is that PyCrypto in unmaintained, its probably better to avoid any mistake and mandate the specific usage of the Cryptodome namespace by requiring `pycryptodomex` instead of `pycryptodome`. A more present reason is that Debian buster will only provide a package with the separate namespace flavor. The current Recommends is not working with the current code. Although it's important to note that the package name will probably have to be changed to `python3-pycryptodomex` once https://bugs.debian.org/886291 is solved.

# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
#
# This file is part of CubicWeb.
#
# CubicWeb is free software: you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
#
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
"""Simple cryptographic routines, based on python-crypto."""


from base64 import b64encode, b64decode
import pickle

from Cryptodome.Cipher import Blowfish


_CYPHERERS = {}


def _cypherer(seed):
    if isinstance(seed, str):
        seed = seed.encode('utf-8')
    try:
        return _CYPHERERS[seed]
    except KeyError:
        _CYPHERERS[seed] = Blowfish.new(seed, Blowfish.MODE_ECB)
        return _CYPHERERS[seed]


def encrypt(data, seed):
    string = pickle.dumps(data)
    string = string + b'*' * (8 - len(string) % 8)
    string = b64encode(_cypherer(seed).encrypt(string))
    return string.decode('utf-8')


def decrypt(string, seed):
    string = string.encode('utf-8')
    # pickle ignores trailing characters so we do not need to strip them off
    string = _cypherer(seed).decrypt(b64decode(string))
    return pickle.loads(string)
cubicweb