The cinder.openstack.common.crypto.utils Module

exception CipherBlockLengthTooBig(requested, permitted)

Bases: cinder.openstack.common.crypto.utils.CryptoutilsException

The block size is too big.

exception CryptoutilsException

Bases: exceptions.Exception

Generic Exception for Crypto utilities.

message = u'An unknown error occurred in crypto utils.'
class HKDF(hashtype='SHA256')

Bases: object

An HMAC-based Key Derivation Function implementation (RFC5869)

This class creates an object that allows to use HKDF to derive keys.

expand(prk, info, length)

An expand function that will return arbitrary length output that can be used as keys. Returns a buffer usable as key material.

Parameters:
  • prk – a pseudorandom key of at least HashLen octets
  • info – optional string (can be a zero-length string)
  • length – length of output keying material (<= 255 * HashLen)
extract(ikm, salt=None)

An extract function that can be used to derive a robust key given weak Input Key Material (IKM) which could be a password. Returns a pseudorandom key (of HashLen octets)

Parameters:
  • ikm – input keying material (ex a password)
  • salt – optional salt value (a non-secret random value)
exception HKDFOutputLengthTooLong(requested, permitted)

Bases: cinder.openstack.common.crypto.utils.CryptoutilsException

The amount of Key Material asked is too much.

class SymmetricCrypto(enctype='AES', hashtype='SHA256')

Bases: object

Symmetric Key Crypto object.

This class creates a Symmetric Key Crypto object that can be used to encrypt, decrypt, or sign arbitrary data.

Parameters:
  • enctype – Encryption Cipher name (default: AES)
  • hashtype – Hash/HMAC type name (default: SHA256)
decrypt(key, msg, b64decode=True)

Decrypts the provided ciphertext, optionally base 64 encoded, and returns the plaintext message, after padding is removed.

Uses AES-128-CBC with an IV by default.

Parameters:
  • key – The Encryption key.
  • msg – the ciphetext, the first block is the IV
encrypt(key, msg, b64encode=True)

Encrypt the provided msg and returns the cyphertext optionally base64 encoded.

Uses AES-128-CBC with a Random IV by default.

The plaintext is padded to reach blocksize length. The last byte of the block is the length of the padding. The length of the padding does not include the length byte itself.

Parameters:
  • key – The Encryption key.
  • msg – the plain text.
Returns encblock:
 

a block of encrypted data.

new_key(size)
sign(key, msg, b64encode=True)

Signs a message string and returns a base64 encoded signature.

Uses HMAC-SHA-256 by default.

Parameters:
  • key – The Signing key.
  • msg – the message to sign.

Previous topic

The cinder.openstack.common.context Module

Next topic

The cinder.openstack.common.db.api Module

This Page