diff options
Diffstat (limited to 'pysnmp/proto/secmod/rfc3414/priv/des.py')
| -rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/des.py | 53 |
1 files changed, 31 insertions, 22 deletions
diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py index 5128a662..10058aeb 100644 --- a/pysnmp/proto/secmod/rfc3414/priv/des.py +++ b/pysnmp/proto/secmod/rfc3414/priv/des.py @@ -38,32 +38,39 @@ class Des(base.AbstractEncryptionService): def hashPassphrase(self, authProtocol, privKey): if authProtocol == hmacmd5.HmacMd5.SERVICE_ID: hashAlgo = md5 + elif authProtocol == hmacsha.HmacSha.SERVICE_ID: hashAlgo = sha1 + elif authProtocol in hmacsha2.HmacSha2.HASH_ALGORITHM: hashAlgo = hmacsha2.HmacSha2.HASH_ALGORITHM[authProtocol] + else: raise error.ProtocolError( - 'Unknown auth protocol %s' % (authProtocol,) - ) + 'Unknown auth protocol %s' % (authProtocol,)) + return localkey.hashPassphrase(privKey, hashAlgo) def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.SERVICE_ID: hashAlgo = md5 + elif authProtocol == hmacsha.HmacSha.SERVICE_ID: hashAlgo = sha1 + elif authProtocol in hmacsha2.HmacSha2.HASH_ALGORITHM: hashAlgo = hmacsha2.HmacSha2.HASH_ALGORITHM[authProtocol] + else: raise error.ProtocolError( - 'Unknown auth protocol %s' % (authProtocol,) - ) + 'Unknown auth protocol %s' % (authProtocol,)) + localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo) + return localPrivKey[:self.KEY_SIZE] # 8.1.1.1 - def __getEncryptionKey(self, privKey, snmpEngineBoots): + def _getEncryptionKey(self, privKey, snmpEngineBoots): desKey = privKey[:8] preIV = privKey[8:16] @@ -77,42 +84,47 @@ class Des(base.AbstractEncryptionService): self.local_int >> 16 & 0xff, self.local_int >> 8 & 0xff, self.local_int & 0xff] + if self.local_int == 0xffffffff: self.local_int = 0 + else: self.local_int += 1 + iv = map(lambda x, y: x ^ y, salt, preIV.asNumbers()) + return (desKey.asOctets(), univ.OctetString(salt).asOctets(), - univ.OctetString(map(lambda x, y: x ^ y, salt, preIV.asNumbers())).asOctets()) + univ.OctetString(iv).asOctets()) @staticmethod - def __getDecryptionKey(privKey, salt): - return (privKey[:8].asOctets(), - univ.OctetString(map(lambda x, y: x ^ y, salt.asNumbers(), privKey[8:16].asNumbers())).asOctets()) + def _getDecryptionKey(privKey, salt): + iv = map(lambda x, y: x ^ y, salt.asNumbers(), + privKey[8:16].asNumbers()) + + return privKey[:8].asOctets(), univ.OctetString(iv).asOctets() # 8.2.4.1 def encryptData(self, encryptKey, privParameters, dataToEncrypt): snmpEngineBoots, snmpEngineTime, salt = privParameters # 8.3.1.1 - desKey, salt, iv = self.__getEncryptionKey( - encryptKey, snmpEngineBoots - ) + desKey, salt, iv = self._getEncryptionKey(encryptKey, snmpEngineBoots) # 8.3.1.2 privParameters = univ.OctetString(salt) # 8.1.1.2 - plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() + plaintext = dataToEncrypt + plaintext += univ.OctetString( + (0,) * (8 - len(dataToEncrypt) % 8)).asOctets() try: ciphertext = des.encrypt(plaintext, desKey, iv) except PysnmpCryptoError: raise error.StatusInformation( - errorIndication=errind.unsupportedPrivProtocol - ) + errorIndication=errind.unsupportedPrivProtocol) # 8.3.1.3 & 4 return univ.OctetString(ciphertext), privParameters @@ -124,19 +136,17 @@ class Des(base.AbstractEncryptionService): # 8.3.2.1 if len(salt) != 8: raise error.StatusInformation( - errorIndication=errind.decryptionError - ) + errorIndication=errind.decryptionError) # 8.3.2.2 no-op # 8.3.2.3 - desKey, iv = self.__getDecryptionKey(decryptKey, salt) + desKey, iv = self._getDecryptionKey(decryptKey, salt) # 8.3.2.4 -> 8.1.1.3 if len(encryptedData) % 8 != 0: raise error.StatusInformation( - errorIndication=errind.decryptionError - ) + errorIndication=errind.decryptionError) try: # 8.3.2.6 @@ -144,5 +154,4 @@ class Des(base.AbstractEncryptionService): except PysnmpCryptoError: raise error.StatusInformation( - errorIndication=errind.unsupportedPrivProtocol - ) + errorIndication=errind.unsupportedPrivProtocol) |