diff options
| author | mattsb42-aws <bullocm@amazon.com> | 2018-02-06 23:22:48 -0800 |
|---|---|---|
| committer | mattsb42-aws <bullocm@amazon.com> | 2018-02-09 11:12:29 -0800 |
| commit | 9306d4b04006b52772208b2b84ad6117f9ee7288 (patch) | |
| tree | ef0816afdfa2f439b91d4466866ea4ef2ab287c4 /pysnmp/proto | |
| parent | 1fba74577361e941151c46f2c9b23923a23b1a0a (diff) | |
| download | pysnmp-git-9306d4b04006b52772208b2b84ad6117f9ee7288.tar.gz | |
initial migration to backend-selecting crypto
Diffstat (limited to 'pysnmp/proto')
| -rw-r--r-- | pysnmp/proto/secmod/eso/priv/des3.py | 24 | ||||
| -rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/des.py | 22 | ||||
| -rw-r--r-- | pysnmp/proto/secmod/rfc3826/priv/aes.py | 23 |
3 files changed, 9 insertions, 60 deletions
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py index 426df633..2edfa7a7 100644 --- a/pysnmp/proto/secmod/eso/priv/des3.py +++ b/pysnmp/proto/secmod/eso/priv/des3.py @@ -5,6 +5,7 @@ # License: http://snmplabs.com/pysnmp/license.html # import random +from pysnmp.crypto.des3 import decrypt, encrypt from pysnmp.proto.secmod.rfc3414.priv import base from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha from pysnmp.proto.secmod.rfc3414 import localkey @@ -12,7 +13,6 @@ from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 from pysnmp.proto import errind, error from pyasn1.type import univ from pyasn1.compat.octets import null -from math import ceil try: from hashlib import md5, sha1 @@ -23,11 +23,6 @@ except ImportError: md5 = md5.new sha1 = sha.new -try: - from Cryptodome.Cipher import DES3 -except ImportError: - DES3 = None - random.seed() @@ -113,32 +108,21 @@ class Des3(base.AbstractEncryptionService): # 5.1.1.2 def encryptData(self, encryptKey, privParameters, dataToEncrypt): - if DES3 is None: - raise error.StatusInformation( - errorIndication=errind.encryptionError - ) - snmpEngineBoots, snmpEngineTime, salt = privParameters des3Key, salt, iv = self.__getEncryptionKey( encryptKey, snmpEngineBoots ) - des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv) - privParameters = univ.OctetString(salt) plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() - ciphertext = des3Obj.encrypt(plaintext) + ciphertext = encrypt(plaintext, des3Key, iv) return univ.OctetString(ciphertext), privParameters # 5.1.1.3 def decryptData(self, decryptKey, privParameters, encryptedData): - if DES3 is None: - raise error.StatusInformation( - errorIndication=errind.decryptionError - ) snmpEngineBoots, snmpEngineTime, salt = privParameters if len(salt) != 8: @@ -153,9 +137,7 @@ class Des3(base.AbstractEncryptionService): errorIndication=errind.decryptionError ) - des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv) - ciphertext = encryptedData.asOctets() - plaintext = des3Obj.decrypt(ciphertext) + plaintext = decrypt(ciphertext, des3Key, iv) return plaintext diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py index b66889e2..7a46e2af 100644 --- a/pysnmp/proto/secmod/rfc3414/priv/des.py +++ b/pysnmp/proto/secmod/rfc3414/priv/des.py @@ -5,6 +5,7 @@ # License: http://snmplabs.com/pysnmp/license.html # import random +from pysnmp.crypto.des import decrypt, encrypt from pysnmp.proto.secmod.rfc3414.priv import base from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha from pysnmp.proto.secmod.rfc3414 import localkey @@ -14,10 +15,6 @@ from pyasn1.type import univ from sys import version_info try: - from Cryptodome.Cipher import DES -except ImportError: - DES = None -try: from hashlib import md5, sha1 except ImportError: import md5 @@ -98,11 +95,6 @@ class Des(base.AbstractEncryptionService): # 8.2.4.1 def encryptData(self, encryptKey, privParameters, dataToEncrypt): - if DES is None: - raise error.StatusInformation( - errorIndication=errind.encryptionError - ) - snmpEngineBoots, snmpEngineTime, salt = privParameters # 8.3.1.1 @@ -114,20 +106,14 @@ class Des(base.AbstractEncryptionService): privParameters = univ.OctetString(salt) # 8.1.1.2 - desObj = DES.new(desKey, DES.MODE_CBC, iv) plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() - ciphertext = desObj.encrypt(plaintext) + ciphertext = encrypt(plaintext, desKey, iv) # 8.3.1.3 & 4 return univ.OctetString(ciphertext), privParameters # 8.2.4.2 def decryptData(self, decryptKey, privParameters, encryptedData): - if DES is None: - raise error.StatusInformation( - errorIndication=errind.decryptionError - ) - snmpEngineBoots, snmpEngineTime, salt = privParameters # 8.3.2.1 @@ -147,7 +133,5 @@ class Des(base.AbstractEncryptionService): errorIndication=errind.decryptionError ) - desObj = DES.new(desKey, DES.MODE_CBC, iv) - # 8.3.2.6 - return desObj.decrypt(encryptedData.asOctets()) + return decrypt(encryptedData.asOctets(), desKey, iv) diff --git a/pysnmp/proto/secmod/rfc3826/priv/aes.py b/pysnmp/proto/secmod/rfc3826/priv/aes.py index c702a418..6ee351ce 100644 --- a/pysnmp/proto/secmod/rfc3826/priv/aes.py +++ b/pysnmp/proto/secmod/rfc3826/priv/aes.py @@ -6,6 +6,7 @@ # import random from pyasn1.type import univ +from pysnmp.crypto.aes import decrypt, encrypt from pysnmp.proto.secmod.rfc3414.priv import base from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha from pysnmp.proto.secmod.rfc7860.auth import hmacsha2 @@ -13,10 +14,6 @@ from pysnmp.proto.secmod.rfc3414 import localkey from pysnmp.proto import errind, error try: - from Cryptodome.Cipher import AES -except ImportError: - AES = None -try: from hashlib import md5, sha1 except ImportError: import md5 @@ -102,11 +99,6 @@ class Aes(base.AbstractEncryptionService): # 3.2.4.1 def encryptData(self, encryptKey, privParameters, dataToEncrypt): - if AES is None: - raise error.StatusInformation( - errorIndication=errind.encryptionError - ) - snmpEngineBoots, snmpEngineTime, salt = privParameters # 3.3.1.1 @@ -115,23 +107,16 @@ class Aes(base.AbstractEncryptionService): ) # 3.3.1.3 - aesObj = AES.new(aesKey, AES.MODE_CFB, iv, segment_size=128) - # PyCrypto seems to require padding dataToEncrypt = dataToEncrypt + univ.OctetString((0,) * (16 - len(dataToEncrypt) % 16)).asOctets() - ciphertext = aesObj.encrypt(dataToEncrypt) + ciphertext = encrypt(dataToEncrypt, aesKey, iv) # 3.3.1.4 return univ.OctetString(ciphertext), univ.OctetString(salt) # 3.2.4.2 def decryptData(self, decryptKey, privParameters, encryptedData): - if AES is None: - raise error.StatusInformation( - errorIndication=errind.decryptionError - ) - snmpEngineBoots, snmpEngineTime, salt = privParameters # 3.3.2.1 @@ -145,10 +130,8 @@ class Aes(base.AbstractEncryptionService): decryptKey, snmpEngineBoots, snmpEngineTime, salt ) - aesObj = AES.new(aesKey, AES.MODE_CFB, iv, segment_size=128) - # PyCrypto seems to require padding encryptedData = encryptedData + univ.OctetString((0,) * (16 - len(encryptedData) % 16)).asOctets() # 3.3.2.4-6 - return aesObj.decrypt(encryptedData.asOctets()) + return decrypt(encryptedData.asOctets(), aesKey, iv) |