def testSha1HmacSalt(self): self.assertEqual(utils.Sha1Hmac("TguMTA2K", "", salt="abc0"), "4999bf342470eadb11dfcd24ca5680cf9fd7cdce") self.assertEqual(utils.Sha1Hmac("TguMTA2K", "", salt="abc9"), "17a4adc34d69c0d367d4ffbef96fd41d4df7a6e8") self.assertEqual( utils.Sha1Hmac("3YzMxZWE", "Hello World", salt="xyz0"), "7f264f8114c9066afc9bb7636e1786d996d3cc0d")
def testSha1Hmac(self): self.assertEqual(utils.Sha1Hmac("", ""), "fbdb1d1b18aa6c08324b7d64b71fb76370690e1d") self.assertEqual(utils.Sha1Hmac("3YzMxZWE", "Hello World"), "ef4f3bda82212ecb2f7ce868888a19092481f1fd") self.assertEqual(utils.Sha1Hmac("TguMTA2K", ""), "f904c2476527c6d3e6609ab683c66fa0652cb1dc") longtext = 1500 * "The quick brown fox jumps over the lazy dog\n" self.assertEqual(utils.Sha1Hmac("3YzMxZWE", longtext), "35901b9a3001a7cdcf8e0e9d7c2e79df2223af54")
def DumpSignedJson(data, key, salt=None, key_selector=None, private_encoder=None): """Serialize a given object and authenticate it. @param data: the data to serialize @param key: shared hmac key @param key_selector: name/id that identifies the key (in case there are multiple keys in use, e.g. in a multi-cluster environment) @param private_encoder: see L{DumpJson} @return: the string representation of data signed by the hmac key """ txt = DumpJson(data, private_encoder=private_encoder) if salt is None: salt = "" signed_dict = { "msg": txt, "salt": salt, } if key_selector: signed_dict["key_selector"] = key_selector else: key_selector = "" signed_dict["hmac"] = utils.Sha1Hmac(key, txt, salt=salt + key_selector) return DumpJson(signed_dict)
def Exec(self, feedback_fn): """Prepares an instance for an export. """ if self.op.mode == constants.EXPORT_MODE_REMOTE: salt = utils.GenerateSecret(8) feedback_fn("Generating X509 certificate on %s" % self.cfg.GetNodeName(self.instance.primary_node)) result = self.rpc.call_x509_cert_create( self.instance.primary_node, constants.RIE_CERT_VALIDITY) result.Raise("Can't create X509 key and certificate on %s" % self.cfg.GetNodeName(result.node)) (name, cert_pem) = result.payload cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem) return { "handshake": masterd.instance.ComputeRemoteExportHandshake(self._cds), "x509_key_name": (name, utils.Sha1Hmac(self._cds, name, salt=salt), salt), "x509_ca": utils.SignX509Certificate(cert, self._cds, salt), } return None
def testCheckWrongVersion(self): version = 14887 self.assertNotEqual(version, constants.RIE_VERSION) cds = "c28ac99" salt = "a19cf8cc06" msg = "%s:%s" % (version, constants.RIE_HANDSHAKE) hs = (version, utils.Sha1Hmac(cds, msg, salt=salt), salt) self.assert_(CheckRemoteExportHandshake(cds, hs))
def ComputeRemoteExportHandshake(cds): """Computes the remote import/export handshake. @type cds: string @param cds: Cluster domain secret """ salt = utils.GenerateSecret(8) msg = _GetImportExportHandshakeMessage(constants.RIE_VERSION) return (constants.RIE_VERSION, utils.Sha1Hmac(cds, msg, salt=salt), salt)
def ComputeRemoteImportDiskInfo(cds, salt, disk_index, host, port, magic): """Computes the signed disk information for a remote import. @type cds: string @param cds: Cluster domain secret @type salt: string @param salt: HMAC salt @type disk_index: number @param disk_index: Index of disk (included in hash) @type host: string @param host: Hostname @type port: number @param port: Daemon port @type magic: string @param magic: Magic value """ msg = _GetRieDiskInfoMessage(disk_index, host, port, magic) hmac_digest = utils.Sha1Hmac(cds, msg, salt=salt) return (host, port, magic, hmac_digest, salt)