From 28f2c1c14f0b55b79105033e37cc8735e717f745 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Thu, 29 May 2014 11:18:04 +0200 Subject: Support more AES-CBC encryption schemes This also moves the crypto imports to the places where they are used to avoid a depenency on pycrypto if no encryption is used. --- pskc/encryption.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/pskc/encryption.py b/pskc/encryption.py index a185871..4e6a661 100644 --- a/pskc/encryption.py +++ b/pskc/encryption.py @@ -30,9 +30,6 @@ The encryption key can be derived using the KeyDerivation class. import base64 -from Crypto.Cipher import AES -from Crypto.Protocol.KDF import PBKDF2 - def unpad(value): """Remove padding from the plaintext.""" @@ -75,7 +72,13 @@ class EncryptedValue(object): key = self.encryption.key if key is None: raise DecryptionError('No key available') - if self.algorithm.endswith('#aes128-cbc'): + if self.algorithm.endswith('#aes128-cbc') or \ + self.algorithm.endswith('#aes192-cbc') or \ + self.algorithm.endswith('#aes256-cbc'): + from Crypto.Cipher import AES + if len(key) * 8 != int(self.algorithm[-7:-4]) or \ + len(key) not in AES.key_size: + raise DecryptionError('Invalid key length') iv = self.cipher_value[:AES.block_size] ciphertext = self.cipher_value[AES.block_size:] cipher = AES.new(key, AES.MODE_CBC, iv) @@ -134,6 +137,7 @@ class KeyDerivation(object): def generate(self, password): """Derive a key from the password.""" if self.algorithm.endswith('#pbkdf2'): + from Crypto.Protocol.KDF import PBKDF2 # TODO: support pseudorandom function (prf) return PBKDF2( password, self.pbkdf2_salt, dkLen=self.pbkdf2_key_length, -- cgit v1.2.3