/usr/lib/python3/dist-packages/pysnmp/proto/secmod/eso/priv/des3.py is in python3-pysnmp4 4.4.3-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 | #
# This file is part of pysnmp software.
#
# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
# License: http://snmplabs.com/pysnmp/license.html
#
import random
from pysnmp.proto.secmod.rfc3414.priv import base
from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
from pysnmp.proto.secmod.rfc3414 import localkey
from pysnmp.proto.secmod.rfc7860.auth import hmacsha2
from pysnmp.proto import errind, error
from pyasn1.type import univ
from pyasn1.compat.octets import null
from math import ceil
try:
from hashlib import md5, sha1
except ImportError:
import md5
import sha
md5 = md5.new
sha1 = sha.new
try:
from Cryptodome.Cipher import DES3
except ImportError:
DES3 = None
random.seed()
# 5.1.1
class Des3(base.AbstractEncryptionService):
"""Reeder 3DES-EDE for USM (Internet draft).
https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00
"""
serviceID = (1, 3, 6, 1, 6, 3, 10, 1, 2, 3) # usm3DESEDEPrivProtocol
keySize = 32
_localInt = random.randrange(0, 0xffffffff)
def hashPassphrase(self, authProtocol, privKey):
if authProtocol == hmacmd5.HmacMd5.serviceID:
hashAlgo = md5
elif authProtocol == hmacsha.HmacSha.serviceID:
hashAlgo = sha1
elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms:
hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol]
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localkey.hashPassphrase(privKey, hashAlgo)
# 2.1
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
hashAlgo = md5
elif authProtocol == hmacsha.HmacSha.serviceID:
hashAlgo = sha1
elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms:
hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol]
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo)
return localPrivKey[:self.keySize]
# 5.1.1.1
def __getEncryptionKey(self, privKey, snmpEngineBoots):
# 5.1.1.1.1
des3Key = privKey[:24]
preIV = privKey[24:32]
securityEngineBoots = int(snmpEngineBoots)
salt = [
securityEngineBoots >> 24 & 0xff,
securityEngineBoots >> 16 & 0xff,
securityEngineBoots >> 8 & 0xff,
securityEngineBoots & 0xff,
self._localInt >> 24 & 0xff,
self._localInt >> 16 & 0xff,
self._localInt >> 8 & 0xff,
self._localInt & 0xff
]
if self._localInt == 0xffffffff:
self._localInt = 0
else:
self._localInt += 1
# salt not yet hashed XXX
return (des3Key.asOctets(),
univ.OctetString(salt).asOctets(),
univ.OctetString(map(lambda x, y: x ^ y, salt, preIV.asNumbers())).asOctets())
@staticmethod
def __getDecryptionKey(privKey, salt):
return (privKey[:24].asOctets(),
univ.OctetString(map(lambda x, y: x ^ y, salt.asNumbers(), privKey[24:32].asNumbers())).asOctets())
# 5.1.1.2
def encryptData(self, encryptKey, privParameters, dataToEncrypt):
if DES3 is None:
raise error.StatusInformation(
errorIndication=errind.encryptionError
)
snmpEngineBoots, snmpEngineTime, salt = privParameters
des3Key, salt, iv = self.__getEncryptionKey(
encryptKey, snmpEngineBoots
)
des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv)
privParameters = univ.OctetString(salt)
plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets()
ciphertext = des3Obj.encrypt(plaintext)
return univ.OctetString(ciphertext), privParameters
# 5.1.1.3
def decryptData(self, decryptKey, privParameters, encryptedData):
if DES3 is None:
raise error.StatusInformation(
errorIndication=errind.decryptionError
)
snmpEngineBoots, snmpEngineTime, salt = privParameters
if len(salt) != 8:
raise error.StatusInformation(
errorIndication=errind.decryptionError
)
des3Key, iv = self.__getDecryptionKey(decryptKey, salt)
if len(encryptedData) % 8 != 0:
raise error.StatusInformation(
errorIndication=errind.decryptionError
)
des3Obj = DES3.new(des3Key, DES3.MODE_CBC, iv)
ciphertext = encryptedData.asOctets()
plaintext = des3Obj.decrypt(ciphertext)
return plaintext
|