|
|
|
|
@ -465,39 +465,7 @@ class VaultAES:
|
|
|
|
|
|
|
|
|
|
""" Read plaintext data from in_file and write encrypted to out_file """
|
|
|
|
|
|
|
|
|
|
# combine sha + data
|
|
|
|
|
this_sha = to_bytes(sha256(data).hexdigest())
|
|
|
|
|
tmp_data = this_sha + b"\n" + data
|
|
|
|
|
|
|
|
|
|
in_file = BytesIO(tmp_data)
|
|
|
|
|
in_file.seek(0)
|
|
|
|
|
out_file = BytesIO()
|
|
|
|
|
|
|
|
|
|
bs = AES.block_size
|
|
|
|
|
|
|
|
|
|
# Get a block of random data. EL does not have Crypto.Random.new()
|
|
|
|
|
# so os.urandom is used for cross platform purposes
|
|
|
|
|
salt = os.urandom(bs - len(b'Salted__'))
|
|
|
|
|
|
|
|
|
|
key, iv = self.aes_derive_key_and_iv(password, salt, key_length, bs)
|
|
|
|
|
cipher = AES.new(key, AES.MODE_CBC, iv)
|
|
|
|
|
full = to_bytes(b'Salted__' + salt)
|
|
|
|
|
out_file.write(full)
|
|
|
|
|
finished = False
|
|
|
|
|
while not finished:
|
|
|
|
|
chunk = in_file.read(1024 * bs)
|
|
|
|
|
if len(chunk) == 0 or len(chunk) % bs != 0:
|
|
|
|
|
padding_length = (bs - len(chunk) % bs) or bs
|
|
|
|
|
chunk += to_bytes(padding_length * chr(padding_length), errors='strict', encoding='ascii')
|
|
|
|
|
finished = True
|
|
|
|
|
out_file.write(cipher.encrypt(chunk))
|
|
|
|
|
|
|
|
|
|
out_file.seek(0)
|
|
|
|
|
enc_data = out_file.read()
|
|
|
|
|
tmp_data = hexlify(enc_data)
|
|
|
|
|
|
|
|
|
|
return tmp_data
|
|
|
|
|
|
|
|
|
|
raise AnsibleError("Encryption disabled for deprecated VaultAES class")
|
|
|
|
|
|
|
|
|
|
def decrypt(self, data, password, key_length=32):
|
|
|
|
|
|
|
|
|
|
|
Brian Coca
9 years ago