diff options
author | elie <elie> | 2005-06-14 10:46:51 +0000 |
---|---|---|
committer | elie <elie> | 2005-06-14 10:46:51 +0000 |
commit | 86743be7b0fb79b7cf9a73763999f6ed22e6e60a (patch) | |
tree | fb9f8a7aeb1365970cbc8476d5b350f1535b2cb4 /pysnmp/proto/secmod/rfc3414/priv | |
parent | 3be4e44e65c0ced55b3730af91b2b9b965408c36 (diff) | |
download | pysnmp-git-86743be7b0fb79b7cf9a73763999f6ed22e6e60a.tar.gz |
initial revision
Diffstat (limited to 'pysnmp/proto/secmod/rfc3414/priv')
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/__init__.py | 0 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/base.py | 4 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/des.py | 117 |
3 files changed, 121 insertions, 0 deletions
diff --git a/pysnmp/proto/secmod/rfc3414/priv/__init__.py b/pysnmp/proto/secmod/rfc3414/priv/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/pysnmp/proto/secmod/rfc3414/priv/__init__.py diff --git a/pysnmp/proto/secmod/rfc3414/priv/base.py b/pysnmp/proto/secmod/rfc3414/priv/base.py new file mode 100644 index 00000000..8690d4de --- /dev/null +++ b/pysnmp/proto/secmod/rfc3414/priv/base.py @@ -0,0 +1,4 @@ +class AbstractEncryptionService: + serviceID = None + def encryptData(self, encryptKey, dataToEncrypt): pass + def decryptData(self, decryptKey, privParameters, encryptedData): pass diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py new file mode 100644 index 00000000..aead8cd2 --- /dev/null +++ b/pysnmp/proto/secmod/rfc3414/priv/des.py @@ -0,0 +1,117 @@ +import random, string +from pysnmp.proto.secmod.rfc3414.priv import base +from pyasn1.type import univ +from pysnmp.proto import error + +try: + from Crypto.Cipher import DES +except ImportError: + DES = None + +random.seed() + +# 8.2.4 + +class Des(base.AbstractEncryptionService): + serviceID = (1, 3, 6, 1, 6, 3, 10, 1, 2, 2) # usmDESPrivProtocol + _localInt = long(random.random()*0xffffffff) + # 8.1.1.1 + def __getEncryptionKey(self, mibInstrumController, privKey): + desKey = privKey[:8] + preIV = privKey[8:16] + + snmpEngineBoots, = mibInstrumController.mibBuilder.importSymbols( + 'SNMP-FRAMEWORK-MIB', 'snmpEngineBoots' + ) + securityEngineBoots = long(snmpEngineBoots.syntax) + + salt = [ + securityEngineBoots>>24&0xff, + securityEngineBoots>>16&0xff, + securityEngineBoots>>8&0xff, + securityEngineBoots&0xff, + self._localInt>>24&0xff, + self._localInt>>16&0xff, + self._localInt>>8&0xff, + self._localInt&0xff + ] + if self._localInt == 0xffffffff: + self._localInt = 0 + else: + self._localInt = self._localInt + 1 + + return desKey, \ + string.join(map(lambda x: chr(x), salt), ''), \ + string.join(map(lambda x,y: chr(x^ord(y)), salt, preIV), '') + + def __getDecryptionKey(self, mibInstrumController, privKey, salt): + return privKey[:8], string.join( + map(lambda x,y: chr(ord(x)^ord(y)), salt, privKey[8:16]), '' + ) + + # 8.2.4.1 + def encryptData(self, mibInstrumController, encryptKey, dataToEncrypt): + if DES is None: + raise error.StatusInformation( + errorIndication='encryptionError' + ) + + # 8.3.1.1 + desKey, salt, iv = self.__getEncryptionKey( + mibInstrumController, str(encryptKey) + ) + + # 8.3.1.2 + privParameters = univ.OctetString(salt) + + # 8.1.1.2 + desObj = DES.new(desKey, DES.MODE_CBC, iv) # XXX + plaintext = dataToEncrypt + '\x00' * (8 - len(dataToEncrypt) % 8) + ciphertext = desObj.encrypt(plaintext) + + # 8.3.1.3 & 4 + return univ.OctetString(ciphertext), privParameters + + # 8.2.4.2 + def decryptData(self, mibInstrumController, decryptKey, + privParameters, encryptedData): + if DES is None: + raise error.StatusInformation( + errorIndication='decryptionError' + ) + + # 8.3.2.1 + if len(privParameters) != 8: + raise error.StatusInformation( + errorIndication='decryptionError' + ) + + # 8.3.2.2 + salt = str(privParameters) + + # 8.3.2.3 + desKey, iv = self.__getDecryptionKey( + mibInstrumController, str(decryptKey), salt + ) + + # 8.3.2.4 -> 8.1.1.3 + if len(encryptedData) % 8 != 0: + raise error.StatusInformation( + errorIndication='decryptionError' + ) + + desObj = DES.new(desKey, DES.MODE_CBC, iv) + + # 8.3.2.6 + return desObj.decrypt(str(encryptedData)) + +if __name__ == '__main__': + from pysnmp.smi import builder, instrum + + mibInstrumController = instrum.MibInstrumController( + builder.MibBuilder() + ) + + d = Des() + ct, p = d.encryptData(mibInstrumController, '1234567890123456', 'security? not my problem!') + print d.decryptData(mibInstrumController, '1234567890123456', p, ct) |