/usr/lib/python3/dist-packages/beaker/crypto/nsscrypto.py is in python3-beaker 1.6.4-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | """Encryption module that uses nsscrypto"""
import nss.nss
nss.nss.nss_init_nodb()
# Apparently the rest of beaker doesn't care about the particluar cipher,
# mode and padding used.
# NOTE: A constant IV!!! This is only secure if the KEY is never reused!!!
_mech = nss.nss.CKM_AES_CBC_PAD
_iv = '\0' * nss.nss.get_iv_length(_mech)
def aesEncrypt(data, key):
slot = nss.nss.get_best_slot(_mech)
key_obj = nss.nss.import_sym_key(slot, _mech, nss.nss.PK11_OriginGenerated,
nss.nss.CKA_ENCRYPT, nss.nss.SecItem(key))
param = nss.nss.param_from_iv(_mech, nss.nss.SecItem(_iv))
ctx = nss.nss.create_context_by_sym_key(_mech, nss.nss.CKA_ENCRYPT, key_obj,
param)
l1 = ctx.cipher_op(data)
# Yes, DIGEST. This needs fixing in NSS, but apparently nobody (including
# me :( ) cares enough.
l2 = ctx.digest_final()
return l1 + l2
def aesDecrypt(data, key):
slot = nss.nss.get_best_slot(_mech)
key_obj = nss.nss.import_sym_key(slot, _mech, nss.nss.PK11_OriginGenerated,
nss.nss.CKA_DECRYPT, nss.nss.SecItem(key))
param = nss.nss.param_from_iv(_mech, nss.nss.SecItem(_iv))
ctx = nss.nss.create_context_by_sym_key(_mech, nss.nss.CKA_DECRYPT, key_obj,
param)
l1 = ctx.cipher_op(data)
# Yes, DIGEST. This needs fixing in NSS, but apparently nobody (including
# me :( ) cares enough.
l2 = ctx.digest_final()
return l1 + l2
def getKeyLength():
return 32
|