diff options
author | mattsb42-aws <bullocm@amazon.com> | 2018-02-14 11:19:29 -0800 |
---|---|---|
committer | mattsb42-aws <bullocm@amazon.com> | 2018-02-14 11:19:29 -0800 |
commit | eed17d7cf8f24acce069725a0ee2ff740cf4e946 (patch) | |
tree | a67c5aa5eb6f3a81edeec41fc4c9678b7fc69ae3 | |
parent | 5907ed57cc38b7df3553a8d66b44d7b0625f4d81 (diff) | |
download | pysnmp-git-eed17d7cf8f24acce069725a0ee2ff740cf4e946.tar.gz |
reworking DES module to fit the same pattern a DES3 and AES modules
-rw-r--r-- | pysnmp/crypto/des.py | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/pysnmp/crypto/des.py b/pysnmp/crypto/des.py index 373be8fa..12ce611b 100644 --- a/pysnmp/crypto/des.py +++ b/pysnmp/crypto/des.py @@ -3,9 +3,12 @@ Crypto logic for RFC3414. https://tools.ietf.org/html/rfc3414 """ -from pysnmp.crypto import backend, CRYPTODOME, CRYPTOGRAPHY, des3, generic_decrypt, generic_encrypt +from pysnmp.crypto import backend, CRYPTODOME, CRYPTOGRAPHY, generic_decrypt, generic_encrypt -if backend == CRYPTODOME: +if backend == CRYPTOGRAPHY: + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes +elif backend == CRYPTODOME: from Cryptodome.Cipher import DES @@ -19,17 +22,33 @@ def _cryptodome_cipher(key, iv): return DES.new(key, DES.MODE_CBC, iv) +def _cryptography_cipher(key, iv): + """Build a cryptography DES(-like) Cipher object. + + .. note:: + + pyca/cryptography does not support DES directly because it is a seriously old, insecure, + and deprecated algorithm. However, triple DES is just three rounds of DES (encrypt, + decrypt, encrypt) done by taking a key three times the size of a DES key and breaking + it into three pieces. So triple DES with des_key * 3 is equivalent to DES. + + :param bytes key: Encryption key + :param bytes IV: Initialization vector + :returns: TripleDES Cipher instance providing DES behavior by using provided DES key + :rtype: cryptography.hazmat.primitives.ciphers.Cipher + """ + return Cipher( + algorithm=algorithms.TripleDES(key * 3), + mode=modes.CBC(iv), + backend=default_backend() + ) + + _CIPHER_FACTORY_MAP = { + CRYPTOGRAPHY: _cryptography_cipher, CRYPTODOME: _cryptodome_cipher } -# Cryptography does not support DES directly because it is a seriously old, insecure, -# and deprecated algorithm. However, triple DES is just three rounds of DES (encrypt, -# decrypt, encrypt) done by taking a key three times the size of a DES key and breaking -# it into three pieces. So triple DES with des_key * 3 is equivalent to DES. -# Pycryptodome's triple DES implementation will actually throw an error if it receives -# a key that reduces to DES. - def encrypt(plaintext, key, iv): """Encrypt data using DES on the available backend. @@ -40,8 +59,6 @@ def encrypt(plaintext, key, iv): :returns: Encrypted ciphertext :rtype: bytes """ - if backend == CRYPTOGRAPHY: - return des3.encrypt(plaintext, key * 3, iv) return generic_encrypt(_CIPHER_FACTORY_MAP, plaintext, key, iv) @@ -54,6 +71,4 @@ def decrypt(ciphertext, key, iv): :returns: Decrypted plaintext :rtype: bytes """ - if backend == CRYPTOGRAPHY: - return des3.decrypt(ciphertext, key * 3, iv) return generic_decrypt(_CIPHER_FACTORY_MAP, ciphertext, key, iv) |