MCPcopy
hub / github.com/saltstack/salt / decrypt

Method decrypt

salt/crypt.py:2015–2039  ·  view source on GitHub ↗

verify HMAC-SHA256 signature and decrypt data with AES-CBC

(self, data)

Source from the content-addressed store, hash-verified

2013 return data + sig
2014
2015 def decrypt(self, data):
2016 """
2017 verify HMAC-SHA256 signature and decrypt data with AES-CBC
2018 """
2019 aes_key, hmac_key = self.keys
2020 sig = data[-self.SIG_SIZE :]
2021 data = data[: -self.SIG_SIZE]
2022 if not isinstance(data, bytes):
2023 data = salt.utils.stringutils.to_bytes(data)
2024 mac_bytes = hmac.new(hmac_key, data, hashlib.sha256).digest()
2025 if len(mac_bytes) != len(sig):
2026 log.debug("Failed to authenticate message")
2027 raise AuthenticationError("message authentication failed")
2028 result = 0
2029 for zipped_x, zipped_y in zip(mac_bytes, sig):
2030 result |= zipped_x ^ zipped_y
2031 if result != 0:
2032 log.debug("Failed to authenticate message")
2033 raise AuthenticationError("message authentication failed")
2034 iv_bytes = data[: self.AES_BLOCK_SIZE]
2035 data = data[self.AES_BLOCK_SIZE :]
2036 cipher = Cipher(algorithms.AES(aes_key), modes.CBC(iv_bytes))
2037 decryptor = cipher.decryptor()
2038 data = decryptor.update(data) + decryptor.finalize()
2039 return data[: -data[-1]]
2040
2041 def dumps(self, obj, nonce=None):
2042 """

Callers 6

_extract_commandMethod · 0.95
loadsMethod · 0.95
handle_pool_publishMethod · 0.95
test_legacy_aes_encryptFunction · 0.95

Calls 5

AuthenticationErrorClass · 0.90
digestMethod · 0.80
debugMethod · 0.80
finalizeMethod · 0.80
updateMethod · 0.45

Tested by 3

test_legacy_aes_encryptFunction · 0.76