Modernize Tool Config credential encryption to AES-256-GCM

[Maffooch]

Summary

Modernizes the encryption used for Tool Config credentials (and any other secret routed through dojo_crypto_encrypt/prepare_for_view) from AES-256-OFB to AES-256-GCM, in a fully backward-compatible way, and bumps the cryptography stack now that the code is safe for it:

• cryptography 46.0.7 → 49.0.0 (supersedes chore(deps): bump cryptography from 46.0.7 to 49.0.0 #15029)
• pyopenssl 26.2.0 → 26.3.0, which requires cryptography ≥ 49 (supersedes chore(deps): bump pyopenssl from 26.2.0 to 26.3.0 #15032)

The legacy scheme used cryptography.hazmat.primitives.ciphers.modes.OFB. OFB has been moved to the decrepit module and is scheduled for removal from primitives, so the current usage emits a deprecation warning and would eventually break under the bump above — which is exactly why the code change and the bump land together here.

What changed (dojo/utils.py)

• New "AES.2" format = AES-256-GCM, written by dojo_crypto_encrypt() as AES.2:<nonce_hex>:<ct_hex> (12-byte random nonce, authenticated, no padding).
• prepare_for_view() reads both formats — branches on the version prefix; AES.2 → GCM, anything else → the legacy OFB path. Existing DB values keep decrypting unchanged.
• Same key — reuses the existing get_db_key() value (valid 32-byte AES-256 key for both schemes), so no key rotation or settings change.
• Lazy upgrade — AES.1 values transparently re-encrypt to AES.2 the next time a Tool Config is saved (decrypt-on-GET + encrypt-on-save). No data migration.
• Legacy path future-proofed — OFB is now imported from cryptography.hazmat.decrepit.ciphers.modes (with an ImportError fallback to primitives), silencing the deprecation warning and surviving the eventual removal.
• Hardened error handling — hex decoding moved inside the try; catches InvalidTag/ValueError/IndexError so a tampered or malformed secret returns "" instead of raising.

The four callers (tool_config/views.py, api_sonarqube/api_client.py, display_tags.py get_pwd) go through these helpers and need no changes. DefectDojo does not import pyopenssl directly — it is a transitive/pinned dependency, so its bump carries no code impact.

Testing

New unit tests in unittests/test_utils.py cover: AES.2 round-trips (ascii/unicode/long/empty), backward-compatible decryption of a legacy AES.1 value, the new AES.2: format prefix, and tampered/garbage input returning "".

Verified the edited helpers against cryptography 49.0.0 with DeprecationWarning promoted to errors: AES.2 round-trips, legacy AES.1 decrypts with no deprecation warnings, and tamper/garbage/None all degrade to "".

🤖 Generated with Claude Code

[valentijnscholten]

No migration? At some point we'll have to I think?

[Maffooch]

Sure I can add a migration. The prepare_for_view reads both formats, and dojo_crypto_encrypt writes with the new algo. A migration felt a little extra to me, but happy to add one

[valentijnscholten]

As far as I can see it only reencrypts whenever the user changes or saves the value. Which may never happen for many entries.