Augment references of pkcs1 with oaep

Rightly the system in use is RSAES-OAEP, part of the PKCS#1 standard. "PKCS#1" is not enough information to communicate to someone the encryption scheme in use. Refer to the scheme Zuul uses as "PKCS#1-OAEP" or "pkcs1-oaep" to clarify. Change-Id: I74dcde6fa3756354ce65233c64c6189d1b241e90
2017-03-17 11:03:27 -07:00 · 2017-03-17 11:03:27 -07:00 · 717e8e928d
parent bf1a4f2192
commit 717e8e928d
6 changed files with 19 additions and 19 deletions
--- a/tests/encrypt_secret.py
+++ b/tests/encrypt_secret.py
@ -27,7 +27,7 @@ def main():
        private_key, public_key = \
            encryption.deserialize_rsa_keypair(f.read())
-    ciphertext = encryption.encrypt_pkcs1(sys.argv[1], public_key)
+    ciphertext = encryption.encrypt_pkcs1_oaep(sys.argv[1], public_key)
    print(ciphertext.encode('base64'))
 if __name__ == '__main__':
--- a/tests/fixtures/config/ansible/git/common-config/zuul.yaml
+++ b/tests/fixtures/config/ansible/git/common-config/zuul.yaml
@ -38,7 +38,7 @@
    name: test_secret
    data:
      username: test-username
-      password: !encrypted/pkcs1 |
+      password: !encrypted/pkcs1-oaep |
        BFhtdnm8uXx7kn79RFL/zJywmzLkT1GY78P3bOtp4WghUFWobkifSu7ZpaV4NeO0s71YUsi1wGZZ
        L0LveZjUN0t6OU1VZKSG8R5Ly7urjaSo1pPVIq5Rtt/H7W14Lecd+cUeKb4joeusC9drN3AA8a4o
        ykcVpt1wVqUnTbMGC9ARMCQP6eopcs1l7tzMseprW4RDNhIuz3CRgd0QBMPl6VDoFgBPB8vxtJw+
--- a/tests/unit/test_encryption.py
+++ b/tests/unit/test_encryption.py
@ -39,14 +39,14 @@ class TestEncryption(BaseTestCase):
        self.assertEqual(self.public.public_numbers(),
                         public2.public_numbers())
-    def test_pkcs1(self):
+    def test_pkcs1_oaep(self):
        "Verify encryption and decryption"
        orig_plaintext = "some text to encrypt"
-        ciphertext = encryption.encrypt_pkcs1(orig_plaintext, self.public)
+        ciphertext = encryption.encrypt_pkcs1_oaep(orig_plaintext, self.public)
-        plaintext = encryption.decrypt_pkcs1(ciphertext, self.private)
+        plaintext = encryption.decrypt_pkcs1_oaep(ciphertext, self.private)
        self.assertEqual(orig_plaintext, plaintext)
-    def test_openssl_pkcs1(self):
+    def test_openssl_pkcs1_oaep(self):
        "Verify that we can decrypt something encrypted with OpenSSL"
        orig_plaintext = "some text to encrypt"
        pem_public = encryption.serialize_rsa_public_key(self.public)
@ -65,5 +65,5 @@ class TestEncryption(BaseTestCase):
        finally:
            os.unlink(public_file.name)
-        plaintext = encryption.decrypt_pkcs1(ciphertext, self.private)
+        plaintext = encryption.decrypt_pkcs1_oaep(ciphertext, self.private)
        self.assertEqual(orig_plaintext, plaintext)
--- a/tests/unit/test_model.py
+++ b/tests/unit/test_model.py
@ -313,7 +313,7 @@ class TestJob(BaseTestCase):
    name: pypi-credentials
    data:
      username: test-username
-      password: !encrypted/pkcs1 |
+      password: !encrypted/pkcs1-oaep |
        BFhtdnm8uXx7kn79RFL/zJywmzLkT1GY78P3bOtp4WghUFWobkifSu7ZpaV4NeO0s71YUsi1wGZZ
        L0LveZjUN0t6OU1VZKSG8R5Ly7urjaSo1pPVIq5Rtt/H7W14Lecd+cUeKb4joeusC9drN3AA8a4o
        ykcVpt1wVqUnTbMGC9ARMCQP6eopcs1l7tzMseprW4RDNhIuz3CRgd0QBMPl6VDoFgBPB8vxtJw+
--- a/zuul/configloader.py
+++ b/zuul/configloader.py
@ -123,8 +123,8 @@ repo {repo} on branch {branch}.  The error was:
        loader.dispose()
-class EncryptedPKCS1(yaml.YAMLObject):
+class EncryptedPKCS1_OAEP(yaml.YAMLObject):
-    yaml_tag = u'!encrypted/pkcs1'
+    yaml_tag = u'!encrypted/pkcs1-oaep'
    yaml_loader = yaml.SafeLoader
    def __init__(self, ciphertext):
@ -134,7 +134,7 @@ class EncryptedPKCS1(yaml.YAMLObject):
        return not self.__eq__(other)
    def __eq__(self, other):
-        if not isinstance(other, EncryptedPKCS1):
+        if not isinstance(other, EncryptedPKCS1_OAEP):
            return False
        return (self.ciphertext == other.ciphertext)
@ -143,7 +143,7 @@ class EncryptedPKCS1(yaml.YAMLObject):
        return cls(node.value)
    def decrypt(self, private_key):
-        return encryption.decrypt_pkcs1(self.ciphertext, private_key)
+        return encryption.decrypt_pkcs1_oaep(self.ciphertext, private_key)
 class NodeSetParser(object):
@ -175,7 +175,7 @@ class NodeSetParser(object):
 class SecretParser(object):
    @staticmethod
    def getSchema():
-        data = {str: vs.Any(str, EncryptedPKCS1)}
+        data = {str: vs.Any(str, EncryptedPKCS1_OAEP)}
        secret = {vs.Required('name'): str,
                  vs.Required('data'): data,
--- a/zuul/lib/encryption.py
+++ b/zuul/lib/encryption.py
@ -95,10 +95,10 @@ def deserialize_rsa_keypair(data):
 # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#decryption
-def decrypt_pkcs1(ciphertext, private_key):
+def decrypt_pkcs1_oaep(ciphertext, private_key):
-    """Decrypt PKCS1 (RSAES-OAEP) encoded ciphertext
+    """Decrypt PKCS#1 (RSAES-OAEP) encoded ciphertext
-    :arg ciphertext: A string previously encrypted with PKCS1
+    :arg ciphertext: A string previously encrypted with PKCS#1
        (RSAES-OAEP).
    :arg private_key: A private key object as returned by
        :func:generate_rsa_keypair()
@ -117,10 +117,10 @@ def decrypt_pkcs1(ciphertext, private_key):
 # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#encryption
-def encrypt_pkcs1(plaintext, public_key):
+def encrypt_pkcs1_oaep(plaintext, public_key):
-    """Encrypt data with PKCS1 (RSAES-OAEP)
+    """Encrypt data with PKCS#1 (RSAES-OAEP)
-    :arg plaintext: A string to encrypt with PKCS1 (RSAES-OAEP).
+    :arg plaintext: A string to encrypt with PKCS#1 (RSAES-OAEP).
    :arg public_key: A public key object as returned by
        :func:generate_rsa_keypair()