From e8ef050bd37c2cdf7b47d5cd2b4ed1d4359898b6 Mon Sep 17 00:00:00 2001 From: Stanislaw Pitucha Date: Sat, 4 Aug 2012 19:50:54 +0100 Subject: [PATCH] Drop AES functions and pycrypto dependency At some point IV parameter has been removed making these functions dangerous to use unless keys are unique on every message. Since the functions were added the original consumer has disappeared too. With no more users it's better to get rid of the incomplete encryption system entirely. These were the only functions using pycrypto module directly, so it was also removed from the dependency list. Fixes bug: 1033178 Change-Id: I57b0a0a42dac455d5baae3d726aea1507121aa4d (cherry picked from commit 56d3d29ad2451bd0e753e7878827a08b458b726b) --- nova/crypto.py | 40 --------------------------------------- nova/tests/test_crypto.py | 17 ----------------- tools/pip-requires | 1 - 3 files changed, 58 deletions(-) diff --git a/nova/crypto.py b/nova/crypto.py index efbb14d4f4b..4d5e7bfff86 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -29,8 +29,6 @@ import os import string -import Crypto.Cipher.AES - from nova import context from nova import db from nova import exception @@ -308,44 +306,6 @@ def _sign_csr(csr_text, ca_folder): return (serial, crtfile.read()) -def _build_cipher(key, iv): - """Make a 128bit AES CBC encode/decode Cipher object. - Padding is handled internally.""" - return Crypto.Cipher.AES.new(key, IV=iv) - - -def encryptor(key): - """Simple symmetric key encryption.""" - key = base64.b64decode(key) - iv = '\0' * 16 - - def encrypt(data): - cipher = _build_cipher(key, iv) - # Must pad string to multiple of 16 chars - padding = (16 - len(data) % 16) * " " - v = cipher.encrypt(data + padding) - del cipher - v = base64.b64encode(v) - return v - - return encrypt - - -def decryptor(key): - """Simple symmetric key decryption.""" - key = base64.b64decode(key) - iv = '\0' * 16 - - def decrypt(data): - data = base64.b64decode(data) - cipher = _build_cipher(key, iv) - v = cipher.decrypt(data).rstrip() - del cipher - return v - - return decrypt - - # Copyright (c) 2006-2009 Mitch Garnaat http://garnaat.org/ # # Permission is hereby granted, free of charge, to any person obtaining a diff --git a/nova/tests/test_crypto.py b/nova/tests/test_crypto.py index 89de1247f99..c9ee6ca0220 100644 --- a/nova/tests/test_crypto.py +++ b/nova/tests/test_crypto.py @@ -29,23 +29,6 @@ FLAGS = flags.FLAGS -class SymmetricKeyTestCase(test.TestCase): - """Test case for Encrypt/Decrypt""" - def test_encrypt_decrypt(self): - key = 'c286696d887c9aa0611bbb3e2025a45a' - plain_text = "The quick brown fox jumped over the lazy dog." - - # No IV supplied (all 0's) - encrypt = crypto.encryptor(key) - cipher_text = encrypt(plain_text) - self.assertNotEquals(plain_text, cipher_text) - - decrypt = crypto.decryptor(key) - plain = decrypt(cipher_text) - - self.assertEquals(plain_text, plain) - - class X509Test(test.TestCase): def test_can_generate_x509(self): with utils.tempdir() as tmpdir: diff --git a/tools/pip-requires b/tools/pip-requires index 8949428f2e1..3359f640ee4 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -23,6 +23,5 @@ glance>=2011.3.1 suds==0.4 paramiko feedparser -pycrypto Babel>=0.9.6 iso8601>=0.1.4