MCPcopy Index your code
hub / github.com/saltstack/salt / decrypt_aes

Method decrypt_aes

salt/crypt.py:1454–1510  ·  view source on GitHub ↗

This function is used to decrypt the AES seed phrase returned from the master server. The seed phrase is decrypted with the SSH RSA host key. Pass in the encrypted AES key. Returns the decrypted AES seed key, a string :param dict payload: The incomi

(self, payload, master_pub=True)

Source from the content-addressed store, hash-verified

1452 return payload
1453
1454 def decrypt_aes(self, payload, master_pub=True):
1455 """
1456 This function is used to decrypt the AES seed phrase returned from
1457 the master server. The seed phrase is decrypted with the SSH RSA
1458 host key.
1459
1460 Pass in the encrypted AES key.
1461 Returns the decrypted AES seed key, a string
1462
1463 :param dict payload: The incoming payload. This is a dictionary which may have the following keys:
1464 'aes': The shared AES key
1465 'enc': The format of the message. ('clear', 'pub', etc)
1466 'sig': The message signature
1467 'publish_port': The TCP port which published the message
1468 'token': The encrypted token used to verify the message.
1469 'pub_key': The public key of the sender.
1470
1471 :rtype: str
1472 :return: The decrypted token that was provided, with padding.
1473
1474 :rtype: str
1475 :return: The decrypted AES seed key
1476 """
1477 if self.opts.get("auth_trb", False):
1478 log.warning("Auth Called: %s", "".join(traceback.format_stack()))
1479 else:
1480 log.debug("Decrypting the current master AES key")
1481
1482 key = self.get_keys()
1483 key_str = key.decrypt(payload["aes"], self.opts["encryption_algorithm"])
1484 if "sig" in payload:
1485 m_path = os.path.join(self.opts["pki_dir"], self.mpub)
1486 if os.path.exists(m_path):
1487 try:
1488 mkey = PublicKey.from_file(m_path)
1489 except Exception: # pylint: disable=broad-except
1490 log.exception("Something unexpected occured loading master pub-key")
1491 return "", ""
1492 digest = hashlib.sha256(key_str).hexdigest()
1493 digest = salt.utils.stringutils.to_bytes(digest)
1494 m_digest = mkey.decrypt(payload["sig"])
1495 if m_digest != digest:
1496 return "", ""
1497 else:
1498 return "", ""
1499
1500 key_str = salt.utils.stringutils.to_str(key_str)
1501
1502 if "_|-" in key_str:
1503 return key_str.split("_|-")
1504 else:
1505 if "token" in payload:
1506 token = key.decrypt(payload["token"], self.opts["encryption_algorithm"])
1507 return key_str, token
1508 elif not master_pub:
1509 return key_str, ""
1510 return "", ""
1511

Callers 1

extract_aesMethod · 0.95

Calls 7

get_keysMethod · 0.95
warningMethod · 0.80
debugMethod · 0.80
from_fileMethod · 0.80
getMethod · 0.45
decryptMethod · 0.45
existsMethod · 0.45

Tested by

no test coverage detected