aes_field.py 3.06 KB
Newer Older
1
# coding:utf-8
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017  Gabriel Détraz
# Copyright © 2017  Goulven Kermarec
# Copyright © 2017  Augustin Lemesle
# Copyright © 2018  Maël Kervella
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

# App de gestion des machines pour re2o
# Gabriel Détraz, Augustin Lemesle
# Gplv2
"""preferences.aes_field
Module defining a AESEncryptedField object that can be used in forms
to handle the use of properly encrypting and decrypting AES keys
"""

33 34 35 36 37 38 39 40 41 42 43 44
import string
import binascii
from random import choice
from Crypto.Cipher import AES

from django.db import models
from django.conf import settings

EOD = '`%EofD%`'  # This should be something that will not occur in strings


def genstring(length=16, chars=string.printable):
45 46
    """ Generate a random string of length `length` and composed of
    the characters in `chars` """
47 48 49 50
    return ''.join([choice(chars) for i in range(length)])


def encrypt(key, s):
51
    """ AES Encrypt a secret `s` with the key `key` """
52 53 54 55 56 57 58 59 60 61 62
    obj = AES.new(key)
    datalength = len(s) + len(EOD)
    if datalength < 16:
        saltlength = 16 - datalength
    else:
        saltlength = 16 - datalength % 16
    ss = ''.join([s, EOD, genstring(saltlength)])
    return obj.encrypt(ss)


def decrypt(key, s):
63
    """ AES Decrypt a secret `s` with the key `key` """
64 65 66 67 68 69
    obj = AES.new(key)
    ss = obj.decrypt(s)
    return ss.split(bytes(EOD, 'utf-8'))[0]


class AESEncryptedField(models.CharField):
70 71
    """ A Field that can be used in forms for adding the support
    of AES ecnrypted fields """
72 73 74 75 76 77 78 79 80 81
    def save_form_data(self, instance, data):
        setattr(instance, self.name,
                binascii.b2a_base64(encrypt(settings.AES_KEY, data)))

    def to_python(self, value):
        if value is None:
            return None
        return decrypt(settings.AES_KEY,
                       binascii.a2b_base64(value)).decode('utf-8')

Hugo LEVY-FALK's avatar
Hugo LEVY-FALK committed
82 83 84 85 86 87
    def from_db_value(self, value, *args, **kwargs):
        if value is None:
            return value
        return decrypt(settings.AES_KEY,
                       binascii.a2b_base64(value)).decode('utf-8')

88
    def get_prep_value(self, value):
Gabriel Detraz's avatar
Gabriel Detraz committed
89 90
        if value is None:
            return value
91
        return binascii.b2a_base64(encrypt(
92 93
            settings.AES_KEY,
            value
94
        ))