New version of VaultAES256: no padding, base64 output (plus some cleanups) #12130

As noted in the comments in PR #12112, the cipher_name stored in the VaultLib conflates the desired cipher for encryption with the cipher read from an encrypted file header. This change makes the encryption cipher a parameter to encrypt() and changes _split_header() to return the extracted values so that decrypt() can use the appropriate cipher name (which a new helper transforms into a VaultXXX class). As a consequence, _split_header is renamed to _parse_vault_file, which also becomes more strict about parsing vault headers. (This also means that decrypt() doesn't have to check is_encrypted() separately, since the validation is being done anyway.) We also move b_version from VaultLib to the individual cipher classes so that they can manage their own versioning; we also pass the version from the file header to the cipher's decrypt() method. This doesn't change any functionality, but it paves the way for easier format changes without having to introduce ever more cipher classes.

Now we don't add spurious padding for AES-CTR (which is used as a stream cipher, and doesn't need padding) and we use base64 to encode the output message instead of blowing up its size by hexlify()ing everything twice. We also don't unnecessarily use PBKDF2 to generate the initial value for the encryption counter. We always use the new format for output, but maintain read-compatibility with a few lines of 1.1-specific decoding in decrypt(). (Note that we do not force v1.1 files to be rewritten by ansible-vault edit unless their contents have actually changed, in which case the new cipher version is used automatically). Closes #10634 from graingert (which removed the padding, but added yet another cipher class for backwards compatibility) Fixes #12121 from mgedmin (which reported the double-hexlify() problem)

@abadger

The header now looks like this: $ANSIBLE_VAULT;1.2;AES256;1.2 The vault header version is currently not used to convey any extra information. It's included in the hope that it will help to escape unforeseen problems. The earlier _format_output method is renamed to _add_vault_header, and is no longer responsible for wrapping the output at 80 columns (cipher classes are now responsible for doing their own formatting; GPG would need this anyway). The _parse_vault_file method is renamed to _parse_vault_header, and is no longer responsible for unwrapping the ciphertext (cipher classes are responsible for undoing whatever formatting they originally did). A new decrypt_with_metadata method is introduced primarily so that VaultEditor can find the cipher_name to see if it wants to upgrade to a new cipher or not. These changes were made at the request of @abadger.

* Have internal VaultLib functions dealing with the header return byte strings * Switch finding the Ciphers to use a mapping for safety * If we recognize an invalid vault file while parsing the header, throw an exception there instead of making a higher level decide that. * Make version comparison robust against double digit versions

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New version of VaultAES256: no padding, base64 output (plus some cleanups) #12130

New version of VaultAES256: no padding, base64 output (plus some cleanups) #12130

Commits on Oct 9, 2015

Navigation Menu

New version of VaultAES256: no padding, base64 output (plus some cleanups) #12130

New version of VaultAES256: no padding, base64 output (plus some cleanups) #12130

Commits on Oct 9, 2015