strong crypto moved to pysnmpcrypto

4 files changed, 94 insertions, 36 deletions

diff --git a/pysnmp/proto/errind.py b/pysnmp/proto/errind.py
index d660af54..1629ecce 100644
--- a/pysnmp/proto/errind.py
+++ b/pysnmp/proto/errind.py
@@ -175,13 +175,13 @@ authenticationFailure = AuthenticationFailure('Authenticator mismatched')
 class UnsupportedAuthProtocol(ErrorIndication):
     pass
 
-unsupportedAuthProtocol = UnsupportedAuthProtocol('Authentication protocol is not supprted')
+unsupportedAuthProtocol = UnsupportedAuthProtocol('Authentication protocol is not supported')
 
 
 class UnsupportedPrivProtocol(ErrorIndication):
     pass
 
-unsupportedPrivProtocol = UnsupportedPrivProtocol('Privacy protocol is not supprted')
+unsupportedPrivProtocol = UnsupportedPrivProtocol('Privacy protocol is not supported')
 
 
 class UnknownSecurityName(ErrorIndication):
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py
index bf39a8ff..51f7ad75 100644
--- a/pysnmp/proto/secmod/eso/priv/des3.py
+++ b/pysnmp/proto/secmod/eso/priv/des3.py
@@ -5,15 +5,6 @@
 # License: http://snmplabs.com/pysnmp/license.html
 #
 import random
-from pysnmp.crypto import des3
-from pysnmp.proto.secmod.rfc3414.priv import base
-from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
-from pysnmp.proto.secmod.rfc3414 import localkey
-from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
-from pysnmp.proto import errind, error
-from pyasn1.type import univ
-from pyasn1.compat.octets import null
-
 try:
     from hashlib import md5, sha1
 except ImportError:
@@ -23,6 +14,21 @@ except ImportError:
     md5 = md5.new
     sha1 = sha.new
 
+try:
+    from pysnmpcrypto import des3, PysnmpCryptoError
+
+except ImportError:
+    PysnmpCryptoError = AttributeError
+    des3 = None
+
+from pysnmp.proto.secmod.rfc3414.priv import base
+from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
+from pysnmp.proto.secmod.rfc3414 import localkey
+from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
+from pysnmp.proto import errind, error
+from pyasn1.type import univ
+from pyasn1.compat.octets import null
+
 random.seed()
 
 
@@ -117,7 +123,14 @@ class Des3(base.AbstractEncryptionService):
         privParameters = univ.OctetString(salt)
 
         plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets()
-        ciphertext = des3.encrypt(plaintext, des3Key, iv)
+
+        try:
+            ciphertext = des3.encrypt(plaintext, des3Key, iv)
+
+        except PysnmpCryptoError:
+            raise error.StatusInformation(
+                errorIndication=errind.unsupportedPrivProtocol
+            )
 
         return univ.OctetString(ciphertext), privParameters
 
@@ -138,6 +151,13 @@ class Des3(base.AbstractEncryptionService):
             )
 
         ciphertext = encryptedData.asOctets()
-        plaintext = des3.decrypt(ciphertext, des3Key, iv)
+
+        try:
+            plaintext = des3.decrypt(ciphertext, des3Key, iv)
+
+        except PysnmpCryptoError:
+            raise error.StatusInformation(
+                errorIndication=errind.unsupportedPrivProtocol
+            )
 
         return plaintext
diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py
index b874162a..f64abc8a 100644
--- a/pysnmp/proto/secmod/rfc3414/priv/des.py
+++ b/pysnmp/proto/secmod/rfc3414/priv/des.py
@@ -5,15 +5,6 @@
 # License: http://snmplabs.com/pysnmp/license.html
 #
 import random
-from pysnmp.crypto import des
-from pysnmp.proto.secmod.rfc3414.priv import base
-from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
-from pysnmp.proto.secmod.rfc3414 import localkey
-from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
-from pysnmp.proto import errind, error
-from pyasn1.type import univ
-from sys import version_info
-
 try:
     from hashlib import md5, sha1
 except ImportError:
@@ -23,6 +14,22 @@ except ImportError:
     md5 = md5.new
     sha1 = sha.new
 
+from sys import version_info
+
+try:
+    from pysnmpcrypto import des, PysnmpCryptoError
+
+except ImportError:
+    PysnmpCryptoError = AttributeError
+    des = None
+
+from pysnmp.proto.secmod.rfc3414.priv import base
+from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
+from pysnmp.proto.secmod.rfc3414 import localkey
+from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
+from pysnmp.proto import errind, error
+from pyasn1.type import univ
+
 random.seed()
 
 
@@ -107,7 +114,14 @@ class Des(base.AbstractEncryptionService):
 
         # 8.1.1.2
         plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets()
-        ciphertext = des.encrypt(plaintext, desKey, iv)
+
+        try:
+            ciphertext = des.encrypt(plaintext, desKey, iv)
+
+        except PysnmpCryptoError:
+            raise error.StatusInformation(
+                errorIndication=errind.unsupportedPrivProtocol
+            )
 
         # 8.3.1.3 & 4
         return univ.OctetString(ciphertext), privParameters
@@ -133,5 +147,11 @@ class Des(base.AbstractEncryptionService):
                 errorIndication=errind.decryptionError
             )
 
-        # 8.3.2.6
-        return des.decrypt(encryptedData.asOctets(), desKey, iv)
+        try:
+            # 8.3.2.6
+            return des.decrypt(encryptedData.asOctets(), desKey, iv)
+
+        except PysnmpCryptoError:
+            raise error.StatusInformation(
+                errorIndication=errind.unsupportedPrivProtocol
+            )
diff --git a/pysnmp/proto/secmod/rfc3826/priv/aes.py b/pysnmp/proto/secmod/rfc3826/priv/aes.py
index 82fa0da5..7d796b1a 100644
--- a/pysnmp/proto/secmod/rfc3826/priv/aes.py
+++ b/pysnmp/proto/secmod/rfc3826/priv/aes.py
@@ -5,14 +5,6 @@
 # License: http://snmplabs.com/pysnmp/license.html
 #
 import random
-from pyasn1.type import univ
-from pysnmp.crypto import aes
-from pysnmp.proto.secmod.rfc3414.priv import base
-from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
-from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
-from pysnmp.proto.secmod.rfc3414 import localkey
-from pysnmp.proto import errind, error
-
 try:
     from hashlib import md5, sha1
 except ImportError:
@@ -22,6 +14,20 @@ except ImportError:
     md5 = md5.new
     sha1 = sha.new
 
+try:
+    from pysnmpcrypto import aes, PysnmpCryptoError
+
+except ImportError:
+    PysnmpCryptoError = AttributeError
+    aes = None
+
+from pyasn1.type import univ
+from pysnmp.proto.secmod.rfc3414.priv import base
+from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
+from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
+from pysnmp.proto.secmod.rfc3414 import localkey
+from pysnmp.proto import errind, error
+
 random.seed()
 
 
@@ -110,7 +116,13 @@ class Aes(base.AbstractEncryptionService):
         # PyCrypto seems to require padding
         dataToEncrypt = dataToEncrypt + univ.OctetString((0,) * (16 - len(dataToEncrypt) % 16)).asOctets()
 
-        ciphertext = aes.encrypt(dataToEncrypt, aesKey, iv)
+        try:
+            ciphertext = aes.encrypt(dataToEncrypt, aesKey, iv)
+
+        except PysnmpCryptoError:
+            raise error.StatusInformation(
+                errorIndication=errind.unsupportedPrivProtocol
+            )
 
         # 3.3.1.4
         return univ.OctetString(ciphertext), univ.OctetString(salt)
@@ -133,5 +145,11 @@ class Aes(base.AbstractEncryptionService):
         # PyCrypto seems to require padding
         encryptedData = encryptedData + univ.OctetString((0,) * (16 - len(encryptedData) % 16)).asOctets()
 
-        # 3.3.2.4-6
-        return aes.decrypt(encryptedData.asOctets(), aesKey, iv)
+        try:
+            # 3.3.2.4-6
+            return aes.decrypt(encryptedData.asOctets(), aesKey, iv)
+
+        except PysnmpCryptoError:
+            raise error.StatusInformation(
+                errorIndication=errind.unsupportedPrivProtocol
+            )