/usr/lib/python3/dist-packages/pysnmp/proto/secmod/eso/priv/des3.py is in python3-pysnmp4 4.3.2-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 | #
# This file is part of pysnmp software.
#
# Copyright (c) 2005-2016, Ilya Etingof <ilya@glas.net>
# License: http://pysnmp.sf.net/license.html
#
import random
from pysnmp.proto.secmod.rfc3414.priv import base
from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
from pysnmp.proto.secmod.rfc3414 import localkey
from pysnmp.proto import errind, error
from pyasn1.type import univ
from pyasn1.compat.octets import null
from math import ceil
try:
from hashlib import md5, sha1
except ImportError:
import md5, sha
md5 = md5.new
sha1 = sha.new
try:
from Crypto.Cipher import DES3
except ImportError:
DES3 = None
random.seed()
# 5.1.1
class Des3(base.AbstractEncryptionService):
"""Reeder 3DES-EDE for USM (Internet draft).
http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt
"""
serviceID = (1, 3, 6, 1, 6, 3, 10, 1, 2, 3) # usm3DESEDEPrivProtocol
keySize = 32
_localInt = random.randrange(0, 0xffffffff)
def hashPassphrase(self, authProtocol, privKey):
if authProtocol == hmacmd5.HmacMd5.serviceID:
return localkey.hashPassphraseMD5(privKey)
elif authProtocol == hmacsha.HmacSha.serviceID:
return localkey.hashPassphraseSHA(privKey)
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
while ceil(self.keySize//len(localPrivKey)):
localPrivKey = localPrivKey + md5(localPrivKey).digest()
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
while ceil(self.keySize//len(localPrivKey)):
localPrivKey = localPrivKey + sha1(localPrivKey).digest()
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localPrivKey[:self.keySize] # key+IV
# 5.1.1.1
def __getEncryptionKey(self, privKey, snmpEngineBoots):
# 5.1.1.1.1
des3Key = privKey[:24]
preIV = privKey[24:32]
securityEngineBoots = int(snmpEngineBoots)
salt = [
securityEngineBoots>>24&0xff,
securityEngineBoots>>16&0xff,
securityEngineBoots>>8&0xff,
securityEngineBoots&0xff,
self._localInt>>24&0xff,
self._localInt>>16&0xff,
self._localInt>>8&0xff,
self._localInt&0xff
]
if self._localInt == 0xffffffff:
self._localInt = 0
else:
self._localInt = self._localInt + 1
# salt not yet hashed XXX
return des3Key.asOctets(), \
univ.OctetString(salt).asOctets(), \
univ.OctetString(map(lambda x, y: x^y, salt, preIV.asNumbers())).asOctets()
def __getDecryptionKey(self, privKey, salt):
return privKey[:24].asOctets(), \
univ.OctetString(map(lambda x, y: x^y, salt.asNumbers(), privKey[24:32].asNumbers())).asOctets()
# 5.1.1.2
def encryptData(self, encryptKey, privParameters, dataToEncrypt):
if DES3 is None:
raise error.StatusInformation(
errorIndication=errind.encryptionError
)
snmpEngineBoots, snmpEngineTime, salt = privParameters
des3Key, salt, iv = self.__getEncryptionKey(
encryptKey, snmpEngineBoots
)
des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv)
privParameters = univ.OctetString(salt)
plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets()
cipherblock = iv
ciphertext = null
while plaintext:
cipherblock = des3Obj.encrypt(
univ.OctetString(map(lambda x, y: x^y, univ.OctetString(cipherblock).asNumbers(), univ.OctetString(plaintext[:8]).asNumbers())).asOctets()
)
ciphertext = ciphertext + cipherblock
plaintext = plaintext[8:]
return univ.OctetString(ciphertext), privParameters
# 5.1.1.3
def decryptData(self, decryptKey, privParameters, encryptedData):
if DES3 is None:
raise error.StatusInformation(
errorIndication=errind.decryptionError
)
snmpEngineBoots, snmpEngineTime, salt = privParameters
if len(salt) != 8:
raise error.StatusInformation(
errorIndication=errind.decryptionError
)
des3Key, iv = self.__getDecryptionKey(decryptKey, salt)
if len(encryptedData) % 8 != 0:
raise error.StatusInformation(
errorIndication=errind.decryptionError
)
des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv)
plaintext = null
ciphertext = encryptedData.asOctets()
cipherblock = iv
while ciphertext:
plaintext = plaintext + univ.OctetString(map(lambda x, y: x ^ y, univ.OctetString(cipherblock).asNumbers(), univ.OctetString(des3Obj.decrypt(ciphertext[:8])).asNumbers())).asOctets()
cipherblock = ciphertext[:8]
ciphertext = ciphertext[8:]
return plaintext
|