Switch to using pycryptodome instead of pycrypto

pycrypto is not being maintained, and pycryptodome is theoretically
a drop-in replacement (in practice, it seems it was close)

pgweb/account/views.py

@@ -14,8 +14,8 @@ from django.db.models import Q
 
 import base64
 import urllib.parse
-from Crypto.Cipher import AES
-from Crypto import Random
+from Cryptodome.Cipher import AES
+from Cryptodome import Random
 import time
 import json
 from datetime import datetime, timedelta
@@ -547,7 +547,7 @@ def communityauth(request, siteid):
     r = Random.new()
     iv = r.read(16)  # Always 16 bytes for AES
     encryptor = AES.new(base64.b64decode(site.cryptkey), AES.MODE_CBC, iv)
-    cipher = encryptor.encrypt(s + ' ' * (16 - (len(s) % 16)))  # Pad to even 16 bytes
+    cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))  # Pad to even 16 bytes
 
     # Generate redirect
     return HttpResponseRedirect("%s?i=%s&d=%s" % (
@@ -594,7 +594,7 @@ def _encrypt_site_response(site, s):
     r = Random.new()
     iv = r.read(16)  # Always 16 bytes for AES
     encryptor = AES.new(base64.b64decode(site.cryptkey), AES.MODE_CBC, iv)
-    cipher = encryptor.encrypt(s + ' ' * (16 - (len(s) % 16)))  # Pad to even 16 bytes
+    cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))  # Pad to even 16 bytes
 
     # Base64-encode the response, just to be consistent
     return "%s&%s" % (

pgweb/util/misc.py

@@ -1,8 +1,8 @@
 from django.db import connection
 from django.conf import settings
 
-from Crypto.Hash import SHA256
-from Crypto import Random
+from Cryptodome.Hash import SHA256
+from Cryptodome import Random
 
 from pgweb.mailqueue.util import send_simple_mail
 from pgweb.util.helpers import template_to_string

requirements.txt

@@ -1,7 +1,7 @@
 Django>=1.11,<1.12
 django-markdown==0.2.1
 psycopg2==2.7.6
-pycrypto==2.6
+pycryptodomex>=3.4.7,<3.5
 django_markwhat==1.4
 requests-oauthlib==0.4.0
 cvss==1.9

tools/communityauth/generate_cryptkey.py

@@ -5,7 +5,7 @@
 # community authentication integration.
 #
 
-from Crypto import Random
+from Cryptodome import Random
 import base64
 
 if __name__ == "__main__":

tools/communityauth/sample/django/auth.py

@@ -30,9 +30,9 @@ import json
 import socket
 from urllib.parse import urlparse, urlencode, parse_qs
 import requests
-from Crypto.Cipher import AES
-from Crypto.Hash import SHA
-from Crypto import Random
+from Cryptodome.Cipher import AES
+from Cryptodome.Hash import SHA
+from Cryptodome import Random
 import time
 
 
@@ -58,7 +58,7 @@ def login(request):
         r = Random.new()
         iv = r.read(16)
         encryptor = AES.new(SHA.new(settings.SECRET_KEY.encode('ascii')).digest()[:16], AES.MODE_CBC, iv)
-        cipher = encryptor.encrypt(s + ' ' * (16 - (len(s) % 16)))  # pad to 16 bytes
+        cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))  # pad to 16 bytes
 
         return HttpResponseRedirect("%s?d=%s$%s" % (
             settings.PGAUTH_REDIRECT,

tools/communityauth/test_auth.py

@@ -6,8 +6,8 @@
 #
 
 import sys
-from Crypto import Random
-from Crypto.Cipher import AES
+from Cryptodome import Random
+from Cryptodome.Cipher import AES
 import base64
 import time
 import urllib.parse
@@ -59,7 +59,7 @@ if __name__ == "__main__":
     r = Random.new()
     iv = r.read(16)
     encryptor = AES.new(base64.b64decode(options.key), AES.MODE_CBC, iv)
-    cipher = encryptor.encrypt(s + ' ' * (16 - (len(s) % 16)))
+    cipher = encryptor.encrypt(s.encode('ascii') + b' ' * (16 - (len(s) % 16)))
 
     print("Paste the following after the receiving url:")
     print("?i=%s&d=%s" % (