8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-23 07:23:46 +00:00
re2o/re2o/aes_field.py

114 lines
3.8 KiB
Python

# coding:utf-8
# Re2o est un logiciel d'administration développé initiallement au Rézo Metz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017 Gabriel Détraz
# Copyright © 2017 Lara Kermarec
# Copyright © 2017 Augustin Lemesle
# Copyright © 2018 Maël Kervella
# Copyright © 2018 Hugo Levy-Falk
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
"""
Module defining a AESEncryptedField object that can be used in forms
to handle the use of properly encrypting and decrypting AES keys
"""
import binascii
import string
from random import choice
from Crypto.Cipher import AES
from django import forms
from django.conf import settings
from django.db import models
EOD_asbyte = b"`%EofD%`" # This should be something that will not occur in strings
EOD = EOD_asbyte.decode("utf-8")
def genstring(length=16, chars=string.printable):
"""Generate a random string of length `length` and composed of
the characters in `chars`"""
return "".join([choice(chars) for i in range(length)])
def encrypt(key, secret):
""" AES Encrypt a secret with the key `key` """
obj = AES.new(key)
datalength = len(secret) + len(EOD)
if datalength < 16:
saltlength = 16 - datalength
else:
saltlength = 16 - datalength % 16
encrypted_secret = "".join([secret, EOD, genstring(saltlength)])
return obj.encrypt(encrypted_secret)
def decrypt(key, secret):
""" AES Decrypt a secret with the key `key` """
obj = AES.new(key)
uncrypted_secret = obj.decrypt(secret)
return uncrypted_secret.split(EOD_asbyte)[0]
class AESEncryptedFormField(forms.CharField):
widget = forms.PasswordInput(render_value=True)
class AESEncryptedField(models.CharField):
"""A Field that can be used in forms for adding the support
of AES ecnrypted fields"""
def save_form_data(self, instance, data):
setattr(
instance,
self.name,
binascii.b2a_base64(encrypt(settings.AES_KEY, data)).decode("utf-8"),
)
def to_python(self, value):
if value is None:
return None
try:
return decrypt(settings.AES_KEY, binascii.a2b_base64(value)).decode("utf-8")
except UnicodeDecodeError as e:
raise ValueError(
"Could not decode your field %s, your settings.AES_KEY "
"is probably wrong." % self.name
)
def from_db_value(self, value, *args, **kwargs):
if value is None:
return value
try:
return decrypt(settings.AES_KEY, binascii.a2b_base64(value)).decode("utf-8")
except UnicodeDecodeError as e:
raise ValueError(
"Could not decode your field %s, your settings.AES_KEY "
"is probably wrong." % self.name
)
def get_prep_value(self, value):
if value is None:
return value
return binascii.b2a_base64(encrypt(settings.AES_KEY, value)).decode("utf-8")
def formfield(self, **kwargs):
defaults = {"form_class": AESEncryptedFormField}
defaults.update(kwargs)
return super().formfield(**defaults)