openstack/trove
Code Issues Proposed changes
trove/trove/common/crypto_utils.py
Amrith Kumar a7115e22f7 secure oslo_messaging.rpc 
This is an interim commit of the changes for secure
oslo-messaging.rpc. In this commit we introduce the code for
serializers that will encrypt all traffic being sent on
oslo_messaging.rpc.

Each guest communicates with the control plane with traffic encrypted
using a per-instance key. This includes both traffic from the
taskmanager to the guest as well as the guest and the conductor.

Per-instance keys are stored in the infrastructure database. These
keys are further encrypted in the database.

Tests that got annoyed have been placated.

Upgrade related changes have been proposed. If an instance has no key,
no encryption is performed. If the guest gets no key, it won't
encrypt, just pass through. When an instance is upgraded, keys are
added.

The output of the trove show command (and the show API) have been
augmented to show which instances are using secure RPC communication
** if the requestor is an administrator **.

A simple caching mechanism for encryption keys has been proposed; this
will avoid the frequent database access to get the encryption
keys. For Ocata, to handle the upgrade case, None as an encryption_key
is a valid one, and is therefore not cached. This is why we can't use
something like lrucache.

A brief writeup has been included in dev docs
(dev/secure_oslo_messaging.rst) which shows how the feature can be
used and would help the documentation team write up the documentation
for this capability.

Change-Id: Iad03f190c99039fd34cbfb0e6aade23de8654b28
DocImpact: see dev/secure_oslo_messaging.rst
Blueprint: secure-oslo-messaging-messages
Related: If0146f08b3c5ad49a277963fcc685f5192d92edb
Related: I04cb76793cbb8b7e404841e9bb864fda93d06504
2017-01-11 07:56:35 -05:00

79 lines
2.4 KiB
Python
Raw Blame History

# Copyright 2016 Tesora, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Encryption/decryption handling
from Crypto.Cipher import AES
from Crypto import Random
import hashlib
from oslo_utils import encodeutils
import random
import six
import string
from trove.common import stream_codecs
IV_BIT_COUNT = 16
def encode_data(data):
if isinstance(data, six.text_type):
data = data.encode('utf-8')
return stream_codecs.Base64Codec().serialize(data)
def decode_data(data):
return stream_codecs.Base64Codec().deserialize(data)
# Pad the data string to an multiple of pad_size
def pad_for_encryption(data, pad_size=IV_BIT_COUNT):
pad_count = pad_size - (len(data) % pad_size)
return data + six.int2byte(pad_count) * pad_count
# Unpad the data string by stripping off excess characters
def unpad_after_decryption(data):
return data[:len(data) - six.indexbytes(data, -1)]
def encrypt_data(data, key, iv_bit_count=IV_BIT_COUNT):
data = encodeutils.to_utf8(data)
key = encodeutils.to_utf8(key)
md5_key = hashlib.md5(key).hexdigest()
iv = Random.new().read(iv_bit_count)
iv = iv[:iv_bit_count]
aes = AES.new(md5_key, AES.MODE_CBC, iv)
data = pad_for_encryption(data, iv_bit_count)
encrypted = aes.encrypt(data)
return iv + encrypted
def decrypt_data(data, key, iv_bit_count=IV_BIT_COUNT):
key = encodeutils.to_utf8(key)
md5_key = hashlib.md5(key).hexdigest()
iv = data[:iv_bit_count]
aes = AES.new(md5_key, AES.MODE_CBC, bytes(iv))
decrypted = aes.decrypt(bytes(data[iv_bit_count:]))
return unpad_after_decryption(decrypted)
def generate_random_key(length=32, chars=None):
chars = chars if chars else (string.ascii_uppercase +
string.ascii_lowercase + string.digits)
return ''.join(random.choice(chars) for _ in range(length))
View Git Blame Copy Permalink