Code Duplication - FreeOpcUa/opcua-asyncio - Measure and Improve Code Quality continuously with Scrutinizer

Code Duplication Length = 70-76 lines in 2 locations

asyncua/crypto/security_policies.py 2 locations


        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)


class SecurityPolicyBasic256(SecurityPolicy):
    """
    DEPRECATED, do not use anymore!

    Security Basic 256
    A suite of algorithms that are for 256-Bit (32 bytes) encryption,
    algorithms include:
    - SymmetricSignatureAlgorithm - HmacSha1
      (http://www.w3.org/2000/09/xmldsig#hmac-sha1)
    - SymmetricEncryptionAlgorithm - Aes256
      (http://www.w3.org/2001/04/xmlenc#aes256-cbc)
    - AsymmetricSignatureAlgorithm - RsaSha1
      (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
    - AsymmetricKeyWrapAlgorithm - KwRsaOaep
      (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p)
    - AsymmetricEncryptionAlgorithm - RsaOaep
      (http://www.w3.org/2001/04/xmlenc#rsa-oaep)
    - KeyDerivationAlgorithm - PSha1
      (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
    - DerivedSignatureKeyLength - 192 (24 bytes)
    - MinAsymmetricKeyLength - 1024 (128 bytes)
    - MaxAsymmetricKeyLength - 2048 (256 bytes)
    - CertificateSignatureAlgorithm - Sha1

    If a certificate or any certificate in the chain is not signed with
    a hash that is Sha1 or stronger then the certificate shall be rejected.
    """

    URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
    signature_key_size = 24
    symmetric_key_size = 32
    AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
    AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"

    @staticmethod
    def encrypt_asymmetric(pubkey, data):
        return uacrypto.encrypt_rsa_oaep(pubkey, data)

    def __init__(self, server_cert, client_cert, client_pk, mode):
        logger = logging.getLogger(__name__)
        logger.warning("DEPRECATED! Do not use SecurityPolicyBasic256 anymore!")

        require_cryptography(self)
        if isinstance(server_cert, bytes):
            server_cert = uacrypto.x509_from_der(server_cert)
        # even in Sign mode we need to asymmetrically encrypt secrets
        # transmitted in OpenSecureChannel. So SignAndEncrypt here
        self.asymmetric_cryptography = Cryptography(
            MessageSecurityMode.SignAndEncrypt)
        self.asymmetric_cryptography.Signer = SignerRsa(client_pk)
        self.asymmetric_cryptography.Verifier = VerifierRsa(server_cert)
        self.asymmetric_cryptography.Encryptor = EncryptorRsa(
            server_cert, uacrypto.encrypt_rsa_oaep, 42)
        self.asymmetric_cryptography.Decryptor = DecryptorRsa(
            client_pk, uacrypto.decrypt_rsa_oaep, 42)
        self.symmetric_cryptography = Cryptography(mode)
        self.Mode = mode
        self.server_certificate = uacrypto.der_from_x509(server_cert)
        self.client_certificate = uacrypto.der_from_x509(client_cert)

    def make_local_symmetric_key(self, secret, seed):
        # specs part 6, 6.7.5
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
        self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
        self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)

    def make_remote_symmetric_key(self, secret, seed):

        # specs part 6, 6.7.5
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
        self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)

class SecurityPolicyBasic256Sha256(SecurityPolicy):
    """

        self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)

class SecurityPolicyBasic256Sha256(SecurityPolicy):
    """
    Security Basic 256Sha256
    A suite of algorithms that uses Sha256 as Key-Wrap-algorithm
    and 256-Bit (32 bytes) for encryption algorithms.

    - SymmetricSignatureAlgorithm_HMAC-SHA2-256
      https://tools.ietf.org/html/rfc4634
    - SymmetricEncryptionAlgorithm_AES256-CBC
      http://www.w3.org/2001/04/xmlenc#aes256-cbc
    - AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
    - AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1
      http://www.w3.org/2001/04/xmlenc#rsa-oaep
    - KeyDerivationAlgorithm_P-SHA2-256
      http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256
    - CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256
      http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
    - Basic256Sha256_Limits
        -> DerivedSignatureKeyLength: 256 bits
        -> MinAsymmetricKeyLength: 2048 bits
        -> MaxAsymmetricKeyLength: 4096 bits
        -> SecureChannelNonceLength: 32 bytes
    """

    URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
    signature_key_size = 32
    symmetric_key_size = 32
    AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
    AsymmetricSignatureURI = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

    @staticmethod
    def encrypt_asymmetric(pubkey, data):
        return uacrypto.encrypt_rsa_oaep(pubkey, data)

    def __init__(self, server_cert, client_cert, client_pk, mode):
        require_cryptography(self)
        if isinstance(server_cert, bytes):
            server_cert = uacrypto.x509_from_der(server_cert)
        # even in Sign mode we need to asymmetrically encrypt secrets
        # transmitted in OpenSecureChannel. So SignAndEncrypt here
        self.asymmetric_cryptography = Cryptography(
            MessageSecurityMode.SignAndEncrypt)
        self.asymmetric_cryptography.Signer = SignerSha256(client_pk)
        self.asymmetric_cryptography.Verifier = VerifierSha256(server_cert)
        self.asymmetric_cryptography.Encryptor = EncryptorRsa(
            server_cert, uacrypto.encrypt_rsa_oaep, 42)
        self.asymmetric_cryptography.Decryptor = DecryptorRsa(
            client_pk, uacrypto.decrypt_rsa_oaep, 42)
        self.symmetric_cryptography = Cryptography(mode)
        self.Mode = mode
        self.server_certificate = uacrypto.der_from_x509(server_cert)
        self.client_certificate = uacrypto.der_from_x509(client_cert)

    def make_local_symmetric_key(self, secret, seed):
        # specs part 6, 6.7.5
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha256(secret, seed, key_sizes)
        self.symmetric_cryptography.Signer = SignerHMac256(sigkey)
        self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)

    def make_remote_symmetric_key(self, secret, seed):

        # specs part 6, 6.7.5
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha256(secret, seed, key_sizes)
        self.symmetric_cryptography.Verifier = VerifierHMac256(sigkey)
        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)

def encrypt_asymmetric(pubkey, data, policy_uri):
    """

		@@ 440-515 (lines=76) @@
437		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
438
439
440		class SecurityPolicyBasic256(SecurityPolicy):
441		"""
442		DEPRECATED, do not use anymore!
443
444		Security Basic 256
445		A suite of algorithms that are for 256-Bit (32 bytes) encryption,
446		algorithms include:
447		- SymmetricSignatureAlgorithm - HmacSha1
448		(http://www.w3.org/2000/09/xmldsig#hmac-sha1)
449		- SymmetricEncryptionAlgorithm - Aes256
450		(http://www.w3.org/2001/04/xmlenc#aes256-cbc)
451		- AsymmetricSignatureAlgorithm - RsaSha1
452		(http://www.w3.org/2000/09/xmldsig#rsa-sha1)
453		- AsymmetricKeyWrapAlgorithm - KwRsaOaep
454		(http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p)
455		- AsymmetricEncryptionAlgorithm - RsaOaep
456		(http://www.w3.org/2001/04/xmlenc#rsa-oaep)
457		- KeyDerivationAlgorithm - PSha1
458		(http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
459		- DerivedSignatureKeyLength - 192 (24 bytes)
460		- MinAsymmetricKeyLength - 1024 (128 bytes)
461		- MaxAsymmetricKeyLength - 2048 (256 bytes)
462		- CertificateSignatureAlgorithm - Sha1
463
464		If a certificate or any certificate in the chain is not signed with
465		a hash that is Sha1 or stronger then the certificate shall be rejected.
466		"""
467
468		URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
469		signature_key_size = 24
470		symmetric_key_size = 32
471		AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
472		AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
473
474		@staticmethod
475		def encrypt_asymmetric(pubkey, data):
476		return uacrypto.encrypt_rsa_oaep(pubkey, data)
477
478		def __init__(self, server_cert, client_cert, client_pk, mode):
479		logger = logging.getLogger(__name__)
480		logger.warning("DEPRECATED! Do not use SecurityPolicyBasic256 anymore!")
481
482		require_cryptography(self)
483		if isinstance(server_cert, bytes):
484		server_cert = uacrypto.x509_from_der(server_cert)
485		# even in Sign mode we need to asymmetrically encrypt secrets
486		# transmitted in OpenSecureChannel. So SignAndEncrypt here
487		self.asymmetric_cryptography = Cryptography(
488		MessageSecurityMode.SignAndEncrypt)
489		self.asymmetric_cryptography.Signer = SignerRsa(client_pk)
490		self.asymmetric_cryptography.Verifier = VerifierRsa(server_cert)
491		self.asymmetric_cryptography.Encryptor = EncryptorRsa(
492		server_cert, uacrypto.encrypt_rsa_oaep, 42)
493		self.asymmetric_cryptography.Decryptor = DecryptorRsa(
494		client_pk, uacrypto.decrypt_rsa_oaep, 42)
495		self.symmetric_cryptography = Cryptography(mode)
496		self.Mode = mode
497		self.server_certificate = uacrypto.der_from_x509(server_cert)
498		self.client_certificate = uacrypto.der_from_x509(client_cert)
499
500		def make_local_symmetric_key(self, secret, seed):
501		# specs part 6, 6.7.5
502		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
503
504		(sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
505		self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
506		self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
507
508		def make_remote_symmetric_key(self, secret, seed):
509
510		# specs part 6, 6.7.5
511		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
512
513		(sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
514		self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
515		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
516
517		class SecurityPolicyBasic256Sha256(SecurityPolicy):
518		"""
		@@ 517-586 (lines=70) @@
514		self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
515		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
516
517		class SecurityPolicyBasic256Sha256(SecurityPolicy):
518		"""
519		Security Basic 256Sha256
520		A suite of algorithms that uses Sha256 as Key-Wrap-algorithm
521		and 256-Bit (32 bytes) for encryption algorithms.
522
523		- SymmetricSignatureAlgorithm_HMAC-SHA2-256
524		https://tools.ietf.org/html/rfc4634
525		- SymmetricEncryptionAlgorithm_AES256-CBC
526		http://www.w3.org/2001/04/xmlenc#aes256-cbc
527		- AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256
528		http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
529		- AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1
530		http://www.w3.org/2001/04/xmlenc#rsa-oaep
531		- KeyDerivationAlgorithm_P-SHA2-256
532		http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256
533		- CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256
534		http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
535		- Basic256Sha256_Limits
536		-> DerivedSignatureKeyLength: 256 bits
537		-> MinAsymmetricKeyLength: 2048 bits
538		-> MaxAsymmetricKeyLength: 4096 bits
539		-> SecureChannelNonceLength: 32 bytes
540		"""
541
542		URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256"
543		signature_key_size = 32
544		symmetric_key_size = 32
545		AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
546		AsymmetricSignatureURI = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
547
548		@staticmethod
549		def encrypt_asymmetric(pubkey, data):
550		return uacrypto.encrypt_rsa_oaep(pubkey, data)
551
552		def __init__(self, server_cert, client_cert, client_pk, mode):
553		require_cryptography(self)
554		if isinstance(server_cert, bytes):
555		server_cert = uacrypto.x509_from_der(server_cert)
556		# even in Sign mode we need to asymmetrically encrypt secrets
557		# transmitted in OpenSecureChannel. So SignAndEncrypt here
558		self.asymmetric_cryptography = Cryptography(
559		MessageSecurityMode.SignAndEncrypt)
560		self.asymmetric_cryptography.Signer = SignerSha256(client_pk)
561		self.asymmetric_cryptography.Verifier = VerifierSha256(server_cert)
562		self.asymmetric_cryptography.Encryptor = EncryptorRsa(
563		server_cert, uacrypto.encrypt_rsa_oaep, 42)
564		self.asymmetric_cryptography.Decryptor = DecryptorRsa(
565		client_pk, uacrypto.decrypt_rsa_oaep, 42)
566		self.symmetric_cryptography = Cryptography(mode)
567		self.Mode = mode
568		self.server_certificate = uacrypto.der_from_x509(server_cert)
569		self.client_certificate = uacrypto.der_from_x509(client_cert)
570
571		def make_local_symmetric_key(self, secret, seed):
572		# specs part 6, 6.7.5
573		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
574
575		(sigkey, key, init_vec) = uacrypto.p_sha256(secret, seed, key_sizes)
576		self.symmetric_cryptography.Signer = SignerHMac256(sigkey)
577		self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
578
579		def make_remote_symmetric_key(self, secret, seed):
580
581		# specs part 6, 6.7.5
582		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
583
584		(sigkey, key, init_vec) = uacrypto.p_sha256(secret, seed, key_sizes)
585		self.symmetric_cryptography.Verifier = VerifierHMac256(sigkey)
586		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
587
588		def encrypt_asymmetric(pubkey, data, policy_uri):
589		"""

FreeOpcUa / opcua-asyncio

Code Duplication Length = 70-76 lines in 2 locations

asyncua/crypto/security_policies.py 2 locations