Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur de Jong <arthur@arthurdejong.org>2014-05-29 11:18:04 +0200
committerArthur de Jong <arthur@arthurdejong.org>2014-05-29 11:19:31 +0200
commit28f2c1c14f0b55b79105033e37cc8735e717f745 (patch)
treec416d8d3a973d3a4ab3be221733a998741093124
parent678b127d1e8d8bb9088ea57dd8497456cdb3428c (diff)
Support more AES-CBC encryption schemes
This also moves the crypto imports to the places where they are used to avoid a depenency on pycrypto if no encryption is used.
Diffstat
-rw-r--r--pskc/encryption.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/pskc/encryption.py b/pskc/encryption.py
index a185871..4e6a661 100644
--- a/pskc/encryption.py
+++ b/pskc/encryption.py
@@ -30,9 +30,6 @@ The encryption key can be derived using the KeyDerivation class.
import base64
-from Crypto.Cipher import AES
-from Crypto.Protocol.KDF import PBKDF2
-
def unpad(value):
"""Remove padding from the plaintext."""
@@ -75,7 +72,13 @@ class EncryptedValue(object):
key = self.encryption.key
if key is None:
raise DecryptionError('No key available')
- if self.algorithm.endswith('#aes128-cbc'):
+ if self.algorithm.endswith('#aes128-cbc') or \
+ self.algorithm.endswith('#aes192-cbc') or \
+ self.algorithm.endswith('#aes256-cbc'):
+ from Crypto.Cipher import AES
+ if len(key) * 8 != int(self.algorithm[-7:-4]) or \
+ len(key) not in AES.key_size:
+ raise DecryptionError('Invalid key length')
iv = self.cipher_value[:AES.block_size]
ciphertext = self.cipher_value[AES.block_size:]
cipher = AES.new(key, AES.MODE_CBC, iv)
@@ -134,6 +137,7 @@ class KeyDerivation(object):
def generate(self, password):
"""Derive a key from the password."""
if self.algorithm.endswith('#pbkdf2'):
+ from Crypto.Protocol.KDF import PBKDF2
# TODO: support pseudorandom function (prf)
return PBKDF2(
password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length,