diff options
author | Ilya Etingof <etingof@gmail.com> | 2018-02-19 00:41:28 +0100 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2018-02-19 00:41:28 +0100 |
commit | 24a7988766551038be2c65a33f10173a7a6d559d (patch) | |
tree | 60fbb40e681f20579611e83e6a2d445d27076bfb /pysnmp/proto | |
parent | bc2654205b7b566bd4e2caa8c5c703ec03a140a0 (diff) | |
download | pysnmp-git-24a7988766551038be2c65a33f10173a7a6d559d.tar.gz |
strong crypto moved to pysnmpcrypto
Diffstat (limited to 'pysnmp/proto')
-rw-r--r-- | pysnmp/proto/errind.py | 4 | ||||
-rw-r--r-- | pysnmp/proto/secmod/eso/priv/des3.py | 42 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/des.py | 44 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3826/priv/aes.py | 40 |
4 files changed, 94 insertions, 36 deletions
diff --git a/pysnmp/proto/errind.py b/pysnmp/proto/errind.py index d660af54..1629ecce 100644 --- a/pysnmp/proto/errind.py +++ b/pysnmp/proto/errind.py @@ -175,13 +175,13 @@ authenticationFailure = AuthenticationFailure('Authenticator mismatched') class UnsupportedAuthProtocol(ErrorIndication): pass -unsupportedAuthProtocol = UnsupportedAuthProtocol('Authentication protocol is not supprted') +unsupportedAuthProtocol = UnsupportedAuthProtocol('Authentication protocol is not supported') class UnsupportedPrivProtocol(ErrorIndication): pass -unsupportedPrivProtocol = UnsupportedPrivProtocol('Privacy protocol is not supprted') +unsupportedPrivProtocol = UnsupportedPrivProtocol('Privacy protocol is not supported') class UnknownSecurityName(ErrorIndication): diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py index bf39a8ff..51f7ad75 100644 --- a/pysnmp/proto/secmod/eso/priv/des3.py +++ b/pysnmp/proto/secmod/eso/priv/des3.py @@ -5,15 +5,6 @@ # License: http://snmplabs.com/pysnmp/license.html # import random -from pysnmp.crypto import des3 -from pysnmp.proto.secmod.rfc3414.priv import base -from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha -from pysnmp.proto.secmod.rfc3414 import localkey -from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 -from pysnmp.proto import errind, error -from pyasn1.type import univ -from pyasn1.compat.octets import null - try: from hashlib import md5, sha1 except ImportError: @@ -23,6 +14,21 @@ except ImportError: md5 = md5.new sha1 = sha.new +try: + from pysnmpcrypto import des3, PysnmpCryptoError + +except ImportError: + PysnmpCryptoError = AttributeError + des3 = None + +from pysnmp.proto.secmod.rfc3414.priv import base +from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha +from pysnmp.proto.secmod.rfc3414 import localkey +from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 +from pysnmp.proto import errind, error +from pyasn1.type import univ +from pyasn1.compat.octets import null + random.seed() @@ -117,7 +123,14 @@ class Des3(base.AbstractEncryptionService): privParameters = univ.OctetString(salt) plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() - ciphertext = des3.encrypt(plaintext, des3Key, iv) + + try: + ciphertext = des3.encrypt(plaintext, des3Key, iv) + + except PysnmpCryptoError: + raise error.StatusInformation( + errorIndication=errind.unsupportedPrivProtocol + ) return univ.OctetString(ciphertext), privParameters @@ -138,6 +151,13 @@ class Des3(base.AbstractEncryptionService): ) ciphertext = encryptedData.asOctets() - plaintext = des3.decrypt(ciphertext, des3Key, iv) + + try: + plaintext = des3.decrypt(ciphertext, des3Key, iv) + + except PysnmpCryptoError: + raise error.StatusInformation( + errorIndication=errind.unsupportedPrivProtocol + ) return plaintext diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py index b874162a..f64abc8a 100644 --- a/pysnmp/proto/secmod/rfc3414/priv/des.py +++ b/pysnmp/proto/secmod/rfc3414/priv/des.py @@ -5,15 +5,6 @@ # License: http://snmplabs.com/pysnmp/license.html # import random -from pysnmp.crypto import des -from pysnmp.proto.secmod.rfc3414.priv import base -from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha -from pysnmp.proto.secmod.rfc3414 import localkey -from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 -from pysnmp.proto import errind, error -from pyasn1.type import univ -from sys import version_info - try: from hashlib import md5, sha1 except ImportError: @@ -23,6 +14,22 @@ except ImportError: md5 = md5.new sha1 = sha.new +from sys import version_info + +try: + from pysnmpcrypto import des, PysnmpCryptoError + +except ImportError: + PysnmpCryptoError = AttributeError + des = None + +from pysnmp.proto.secmod.rfc3414.priv import base +from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha +from pysnmp.proto.secmod.rfc3414 import localkey +from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 +from pysnmp.proto import errind, error +from pyasn1.type import univ + random.seed() @@ -107,7 +114,14 @@ class Des(base.AbstractEncryptionService): # 8.1.1.2 plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() - ciphertext = des.encrypt(plaintext, desKey, iv) + + try: + ciphertext = des.encrypt(plaintext, desKey, iv) + + except PysnmpCryptoError: + raise error.StatusInformation( + errorIndication=errind.unsupportedPrivProtocol + ) # 8.3.1.3 & 4 return univ.OctetString(ciphertext), privParameters @@ -133,5 +147,11 @@ class Des(base.AbstractEncryptionService): errorIndication=errind.decryptionError ) - # 8.3.2.6 - return des.decrypt(encryptedData.asOctets(), desKey, iv) + try: + # 8.3.2.6 + return des.decrypt(encryptedData.asOctets(), desKey, iv) + + except PysnmpCryptoError: + raise error.StatusInformation( + errorIndication=errind.unsupportedPrivProtocol + ) diff --git a/pysnmp/proto/secmod/rfc3826/priv/aes.py b/pysnmp/proto/secmod/rfc3826/priv/aes.py index 82fa0da5..7d796b1a 100644 --- a/pysnmp/proto/secmod/rfc3826/priv/aes.py +++ b/pysnmp/proto/secmod/rfc3826/priv/aes.py @@ -5,14 +5,6 @@ # License: http://snmplabs.com/pysnmp/license.html # import random -from pyasn1.type import univ -from pysnmp.crypto import aes -from pysnmp.proto.secmod.rfc3414.priv import base -from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha -from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 -from pysnmp.proto.secmod.rfc3414 import localkey -from pysnmp.proto import errind, error - try: from hashlib import md5, sha1 except ImportError: @@ -22,6 +14,20 @@ except ImportError: md5 = md5.new sha1 = sha.new +try: + from pysnmpcrypto import aes, PysnmpCryptoError + +except ImportError: + PysnmpCryptoError = AttributeError + aes = None + +from pyasn1.type import univ +from pysnmp.proto.secmod.rfc3414.priv import base +from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha +from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 +from pysnmp.proto.secmod.rfc3414 import localkey +from pysnmp.proto import errind, error + random.seed() @@ -110,7 +116,13 @@ class Aes(base.AbstractEncryptionService): # PyCrypto seems to require padding dataToEncrypt = dataToEncrypt + univ.OctetString((0,) * (16 - len(dataToEncrypt) % 16)).asOctets() - ciphertext = aes.encrypt(dataToEncrypt, aesKey, iv) + try: + ciphertext = aes.encrypt(dataToEncrypt, aesKey, iv) + + except PysnmpCryptoError: + raise error.StatusInformation( + errorIndication=errind.unsupportedPrivProtocol + ) # 3.3.1.4 return univ.OctetString(ciphertext), univ.OctetString(salt) @@ -133,5 +145,11 @@ class Aes(base.AbstractEncryptionService): # PyCrypto seems to require padding encryptedData = encryptedData + univ.OctetString((0,) * (16 - len(encryptedData) % 16)).asOctets() - # 3.3.2.4-6 - return aes.decrypt(encryptedData.asOctets(), aesKey, iv) + try: + # 3.3.2.4-6 + return aes.decrypt(encryptedData.asOctets(), aesKey, iv) + + except PysnmpCryptoError: + raise error.StatusInformation( + errorIndication=errind.unsupportedPrivProtocol + ) |