openstack/keystonemiddleware
Code Issues Proposed changes

Fix py3 byte/string error

Browse Source 
This patch set corrects a problem when the keystonemiddleware is
executed with memcache encryption enabled.  Currently, the
hmac.new() calls throw exceptions in python3 due to how py2 and py3
handles string vs. byte/bytearray.

Co-Authored-By: Rohan Arora <ra271w@att.com>

Closes-Bug: #1713574
Change-Id: I9bb291be48a094b9f266a8459a3f51ee163d33a3
This commit is contained in:
Tin Lam 2017-10-05 21:47:30 -05:00 committed by Rohan Arora
parent c0918a4caa
commit 74455d8057
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
keystonemiddleware/auth_token/_memcache_crypt.py
View File

@ -33,6 +33,7 @@ import hashlib
import hmac import hmac
import math import math
import os import os
import six
from keystonemiddleware.i18n import _ from keystonemiddleware.i18n import _
from oslo_utils import secretutils from oslo_utils import secretutils
@ -98,6 +99,15 @@ def derive_keys(token, secret, strategy):
This approach is faster than computing a separate hmac as the KDF This approach is faster than computing a separate hmac as the KDF
for each desired key. for each desired key.
""" """
if not isinstance(secret, six.binary_type):
secret = secret.encode()
if not isinstance(token, six.binary_type):
token = token.encode()
if not isinstance(strategy, six.binary_type):
strategy = strategy.encode()
digest = hmac.new(secret, token + strategy, HASH_FUNCTION).digest() digest = hmac.new(secret, token + strategy, HASH_FUNCTION).digest()
return {'CACHE_KEY': digest[:DIGEST_SPLIT], return {'CACHE_KEY': digest[:DIGEST_SPLIT],
'MAC': digest[DIGEST_SPLIT: 2 * DIGEST_SPLIT], 'MAC': digest[DIGEST_SPLIT: 2 * DIGEST_SPLIT],
@ -107,6 +117,12 @@ def derive_keys(token, secret, strategy):
def sign_data(key, data): def sign_data(key, data):
"""Sign the data using the defined function and the derived key.""" """Sign the data using the defined function and the derived key."""
if not isinstance(key, six.binary_type):
key = key.encode()
if not isinstance(data, six.binary_type):
data = data.encode()
mac = hmac.new(key, data, HASH_FUNCTION).digest() mac = hmac.new(key, data, HASH_FUNCTION).digest()
return base64.b64encode(mac) return base64.b64encode(mac)

2
keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py
View File

@ -18,7 +18,7 @@ from keystonemiddleware.tests.unit import utils
class MemcacheCryptPositiveTests(utils.BaseTestCase): class MemcacheCryptPositiveTests(utils.BaseTestCase):
def _setup_keys(self, strategy): def _setup_keys(self, strategy):
return memcache_crypt.derive_keys(b'token', b'secret', strategy) return memcache_crypt.derive_keys('token', 'secret', strategy)
def test_derive_keys(self): def test_derive_keys(self):
keys = self._setup_keys(b'strategy') keys = self._setup_keys(b'strategy')