From 46e2f530184cacc7455d9464201f199b91102013 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 17 Jul 2019 08:51:06 -0400
Subject: [PATCH] Always use GCM on encrypt

Continue to support read using the old scheme, but even when
an integrity key is available, only use it to aid in decrypting
classic format, and always write in new format.
---
 .../confluent/config/configmanager.py         | 36 ++++++-------------
 1 file changed, 11 insertions(+), 25 deletions(-)

diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py
index 341e817f..4a8fc3c0 100644
--- a/confluent_server/confluent/config/configmanager.py
+++ b/confluent_server/confluent/config/configmanager.py
@@ -351,7 +351,7 @@ def init_masterkey(password=None, autogen=True):
     if cfgn:
         _masterkey = _get_protected_key(cfgn, password, 'master_privacy_key')
     elif autogen:
-        _masterkey = os.urandom(16)
+        _masterkey = os.urandom(32)
         set_global('master_privacy_key', _format_key(
             _masterkey,
             password=password))
@@ -384,9 +384,9 @@ def decrypt_value(cryptvalue,
         key = _masterkey
         integritykey = _masterintegritykey
     if len(cryptvalue) == 3:
-        check_hmac = HMAC.new(integritykey, cipherdata + iv, SHA256).digest()
+        check_hmac = HMAC.new(integritykey, cipherdata, SHA256).digest()
         if hmac != check_hmac:
-            check_hmac = HMAC.new(integritykey, cipherdata, SHA256).digest()
+            check_hmac = HMAC.new(integritykey, cipherdata + iv, SHA256).digest()
         if hmac != check_hmac:
             raise Exception("bad HMAC value on crypted value")
         decrypter = AES.new(key, AES.MODE_CBC, iv)
@@ -460,27 +460,13 @@ def crypt_value(value,
         if _masterkey is None:
             init_masterkey()
         key = _masterkey
-        integritykey = _masterintegritykey
-    if integritykey:
-        iv = os.urandom(16)
-        crypter = AES.new(key, AES.MODE_CBC, iv)
-        neededpad = 16 - (len(value) % 16)
-        pad = chr(neededpad) * neededpad
-        value += pad
-        try:
-            cryptval = crypter.encrypt(value)
-        except TypeError:
-            cryptval = crypter.encrypt(value.encode('utf-8'))
-        hmac = HMAC.new(integritykey, cryptval + iv, SHA256).digest()
-        return iv, cryptval, hmac
-    else:
-        iv = os.urandom(12)
-        crypter = AES.new(key, AES.MODE_GCM, nonce=iv)
-        try:
-            cryptval, hmac = crypter.encrypt_and_digest(value)
-        except TypeError:
-            cryptval, hmac = crypter.encrypt_and_digest(value.encode('utf-8'))
-        return iv, cryptval, hmac, '\x02'
+    iv = os.urandom(12)
+    crypter = AES.new(key, AES.MODE_GCM, nonce=iv)
+    try:
+        cryptval, hmac = crypter.encrypt_and_digest(value)
+    except TypeError:
+        cryptval, hmac = crypter.encrypt_and_digest(value.encode('utf-8'))
+    return iv, cryptval, hmac, '\x02'
 
 
 def _load_dict_from_dbm(dpath, tdb):
@@ -1639,7 +1625,7 @@ class ConfigManager(object):
                     del attribmap[group][attr]
             if 'noderange' in attribmap[group]:
                 if len(attribmap[group]) > 1:
-                    raise ValueError('noderange attribute must be set by itself')            
+                    raise ValueError('noderange attribute must be set by itself')
             for attr in attribmap[group]:
                 if attr in _attraliases:
                     newattr = _attraliases[attr]