From 9306d4b04006b52772208b2b84ad6117f9ee7288 Mon Sep 17 00:00:00 2001
From: mattsb42-aws <bullocm@amazon.com>
Date: Tue, 6 Feb 2018 23:22:48 -0800
Subject: initial migration to backend-selecting crypto

---
 pysnmp/proto/secmod/eso/priv/des3.py    | 24 +++---------------------
 pysnmp/proto/secmod/rfc3414/priv/des.py | 22 +++-------------------
 pysnmp/proto/secmod/rfc3826/priv/aes.py | 23 +++--------------------
 3 files changed, 9 insertions(+), 60 deletions(-)

(limited to 'pysnmp/proto')

diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py
index 426df633..2edfa7a7 100644
--- a/pysnmp/proto/secmod/eso/priv/des3.py
+++ b/pysnmp/proto/secmod/eso/priv/des3.py
@@ -5,6 +5,7 @@
 # License: http://snmplabs.com/pysnmp/license.html
 #
 import random
+from pysnmp.crypto.des3 import decrypt, encrypt
 from pysnmp.proto.secmod.rfc3414.priv import base
 from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
 from pysnmp.proto.secmod.rfc3414 import localkey
@@ -12,7 +13,6 @@ from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
 from pysnmp.proto import errind, error
 from pyasn1.type import univ
 from pyasn1.compat.octets import null
-from math import ceil
 
 try:
     from hashlib import md5, sha1
@@ -23,11 +23,6 @@ except ImportError:
     md5 = md5.new
     sha1 = sha.new
 
-try:
-    from Cryptodome.Cipher import DES3
-except ImportError:
-    DES3 = None
-
 random.seed()
 
 
@@ -113,32 +108,21 @@ class Des3(base.AbstractEncryptionService):
 
     # 5.1.1.2
     def encryptData(self, encryptKey, privParameters, dataToEncrypt):
-        if DES3 is None:
-            raise error.StatusInformation(
-                errorIndication=errind.encryptionError
-            )
-
         snmpEngineBoots, snmpEngineTime, salt = privParameters
 
         des3Key, salt, iv = self.__getEncryptionKey(
             encryptKey, snmpEngineBoots
         )
 
-        des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv)
-
         privParameters = univ.OctetString(salt)
 
         plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets()
-        ciphertext = des3Obj.encrypt(plaintext)
+        ciphertext = encrypt(plaintext, des3Key, iv)
 
         return univ.OctetString(ciphertext), privParameters
 
     # 5.1.1.3
     def decryptData(self, decryptKey, privParameters, encryptedData):
-        if DES3 is None:
-            raise error.StatusInformation(
-                errorIndication=errind.decryptionError
-            )
         snmpEngineBoots, snmpEngineTime, salt = privParameters
 
         if len(salt) != 8:
@@ -153,9 +137,7 @@ class Des3(base.AbstractEncryptionService):
                 errorIndication=errind.decryptionError
             )
 
-        des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv)
-
         ciphertext = encryptedData.asOctets()
-        plaintext = des3Obj.decrypt(ciphertext)
+        plaintext = decrypt(ciphertext, des3Key, iv)
 
         return plaintext
diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py
index b66889e2..7a46e2af 100644
--- a/pysnmp/proto/secmod/rfc3414/priv/des.py
+++ b/pysnmp/proto/secmod/rfc3414/priv/des.py
@@ -5,6 +5,7 @@
 # License: http://snmplabs.com/pysnmp/license.html
 #
 import random
+from pysnmp.crypto.des import decrypt, encrypt
 from pysnmp.proto.secmod.rfc3414.priv import base
 from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
 from pysnmp.proto.secmod.rfc3414 import localkey
@@ -13,10 +14,6 @@ from pysnmp.proto import errind, error
 from pyasn1.type import univ
 from sys import version_info
 
-try:
-    from Cryptodome.Cipher import DES
-except ImportError:
-    DES = None
 try:
     from hashlib import md5, sha1
 except ImportError:
@@ -98,11 +95,6 @@ class Des(base.AbstractEncryptionService):
 
     # 8.2.4.1
     def encryptData(self, encryptKey, privParameters, dataToEncrypt):
-        if DES is None:
-            raise error.StatusInformation(
-                errorIndication=errind.encryptionError
-            )
-
         snmpEngineBoots, snmpEngineTime, salt = privParameters
 
         # 8.3.1.1
@@ -114,20 +106,14 @@ class Des(base.AbstractEncryptionService):
         privParameters = univ.OctetString(salt)
 
         # 8.1.1.2
-        desObj = DES.new(desKey, DES.MODE_CBC, iv)
         plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets()
-        ciphertext = desObj.encrypt(plaintext)
+        ciphertext = encrypt(plaintext, desKey, iv)
 
         # 8.3.1.3 & 4
         return univ.OctetString(ciphertext), privParameters
 
     # 8.2.4.2
     def decryptData(self, decryptKey, privParameters, encryptedData):
-        if DES is None:
-            raise error.StatusInformation(
-                errorIndication=errind.decryptionError
-            )
-
         snmpEngineBoots, snmpEngineTime, salt = privParameters
 
         # 8.3.2.1
@@ -147,7 +133,5 @@ class Des(base.AbstractEncryptionService):
                 errorIndication=errind.decryptionError
             )
 
-        desObj = DES.new(desKey, DES.MODE_CBC, iv)
-
         # 8.3.2.6
-        return desObj.decrypt(encryptedData.asOctets())
+        return decrypt(encryptedData.asOctets(), desKey, iv)
diff --git a/pysnmp/proto/secmod/rfc3826/priv/aes.py b/pysnmp/proto/secmod/rfc3826/priv/aes.py
index c702a418..6ee351ce 100644
--- a/pysnmp/proto/secmod/rfc3826/priv/aes.py
+++ b/pysnmp/proto/secmod/rfc3826/priv/aes.py
@@ -6,16 +6,13 @@
 #
 import random
 from pyasn1.type import univ
+from pysnmp.crypto.aes import decrypt, encrypt
 from pysnmp.proto.secmod.rfc3414.priv import base
 from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
 from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
 from pysnmp.proto.secmod.rfc3414 import localkey
 from pysnmp.proto import errind, error
 
-try:
-    from Cryptodome.Cipher import AES
-except ImportError:
-    AES = None
 try:
     from hashlib import md5, sha1
 except ImportError:
@@ -102,11 +99,6 @@ class Aes(base.AbstractEncryptionService):
 
     # 3.2.4.1
     def encryptData(self, encryptKey, privParameters, dataToEncrypt):
-        if AES is None:
-            raise error.StatusInformation(
-                errorIndication=errind.encryptionError
-            )
-
         snmpEngineBoots, snmpEngineTime, salt = privParameters
 
         # 3.3.1.1
@@ -115,23 +107,16 @@ class Aes(base.AbstractEncryptionService):
         )
 
         # 3.3.1.3
-        aesObj = AES.new(aesKey, AES.MODE_CFB, iv, segment_size=128)
-
         # PyCrypto seems to require padding
         dataToEncrypt = dataToEncrypt + univ.OctetString((0,) * (16 - len(dataToEncrypt) % 16)).asOctets()
 
-        ciphertext = aesObj.encrypt(dataToEncrypt)
+        ciphertext = encrypt(dataToEncrypt, aesKey, iv)
 
         # 3.3.1.4
         return univ.OctetString(ciphertext), univ.OctetString(salt)
 
     # 3.2.4.2
     def decryptData(self, decryptKey, privParameters, encryptedData):
-        if AES is None:
-            raise error.StatusInformation(
-                errorIndication=errind.decryptionError
-            )
-
         snmpEngineBoots, snmpEngineTime, salt = privParameters
 
         # 3.3.2.1
@@ -145,10 +130,8 @@ class Aes(base.AbstractEncryptionService):
             decryptKey, snmpEngineBoots, snmpEngineTime, salt
         )
 
-        aesObj = AES.new(aesKey, AES.MODE_CFB, iv, segment_size=128)
-
         # PyCrypto seems to require padding
         encryptedData = encryptedData + univ.OctetString((0,) * (16 - len(encryptedData) % 16)).asOctets()
 
         # 3.3.2.4-6
-        return aesObj.decrypt(encryptedData.asOctets())
+        return decrypt(encryptedData.asOctets(), aesKey, iv)
-- 
cgit v1.2.1