Code Duplication - FreeOpcUa/opcua-asyncio - Measure and Improve Code Quality continuously with Scrutinizer

Code Duplication Length = 73-76 lines in 2 locations

asyncua/crypto/security_policies.py 2 locations


        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)


class SecurityPolicyBasic256(SecurityPolicy):
    """
    DEPRECATED, do not use anymore!

    Security Basic 256
    A suite of algorithms that are for 256-Bit (32 bytes) encryption,
    algorithms include:
    - SymmetricSignatureAlgorithm - HmacSha1
      (http://www.w3.org/2000/09/xmldsig#hmac-sha1)
    - SymmetricEncryptionAlgorithm - Aes256
      (http://www.w3.org/2001/04/xmlenc#aes256-cbc)
    - AsymmetricSignatureAlgorithm - RsaSha1
      (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
    - AsymmetricKeyWrapAlgorithm - KwRsaOaep
      (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p)
    - AsymmetricEncryptionAlgorithm - RsaOaep
      (http://www.w3.org/2001/04/xmlenc#rsa-oaep)
    - KeyDerivationAlgorithm - PSha1
      (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
    - DerivedSignatureKeyLength - 192 (24 bytes)
    - MinAsymmetricKeyLength - 1024 (128 bytes)
    - MaxAsymmetricKeyLength - 2048 (256 bytes)
    - CertificateSignatureAlgorithm - Sha1

    If a certificate or any certificate in the chain is not signed with
    a hash that is Sha1 or stronger then the certificate shall be rejected.
    """

    URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
    signature_key_size = 24
    symmetric_key_size = 32
    AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
    AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"

    @staticmethod
    def encrypt_asymmetric(pubkey, data):
        return uacrypto.encrypt_rsa_oaep(pubkey, data)

    def __init__(self, server_cert, client_cert, client_pk, mode):
        logger = logging.getLogger(__name__)
        logger.warning("DEPRECATED! Do not use SecurityPolicyBasic256 anymore!")

        require_cryptography(self)
        if isinstance(server_cert, bytes):
            server_cert = uacrypto.x509_from_der(server_cert)
        # even in Sign mode we need to asymmetrically encrypt secrets
        # transmitted in OpenSecureChannel. So SignAndEncrypt here
        self.asymmetric_cryptography = Cryptography(
            MessageSecurityMode.SignAndEncrypt)
        self.asymmetric_cryptography.Signer = SignerRsa(client_pk)
        self.asymmetric_cryptography.Verifier = VerifierRsa(server_cert)
        self.asymmetric_cryptography.Encryptor = EncryptorRsa(
            server_cert, uacrypto.encrypt_rsa_oaep, 42)
        self.asymmetric_cryptography.Decryptor = DecryptorRsa(
            client_pk, uacrypto.decrypt_rsa_oaep, 42)
        self.symmetric_cryptography = Cryptography(mode)
        self.Mode = mode
        self.server_certificate = uacrypto.der_from_x509(server_cert)
        self.client_certificate = uacrypto.der_from_x509(client_cert)

    def make_local_symmetric_key(self, secret, seed):
        # specs part 6, 6.7.5
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
        self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
        self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)

    def make_remote_symmetric_key(self, secret, seed):

        # specs part 6, 6.7.5
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
        self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)


class SecurityPolicyBasic256Sha256(SecurityPolicy):

            raise uacrypto.InvalidSignature


class SecurityPolicyBasic128Rsa15(SecurityPolicy):
    """
    DEPRECATED, do not use anymore!

    Security Basic 128Rsa15
    A suite of algorithms that uses RSA15 as Key-Wrap-algorithm
    and 128-Bit (16 bytes) for encryption algorithms.
    - SymmetricSignatureAlgorithm - HmacSha1
      (http://www.w3.org/2000/09/xmldsig#hmac-sha1)
    - SymmetricEncryptionAlgorithm - Aes128
      (http://www.w3.org/2001/04/xmlenc#aes128-cbc)
    - AsymmetricSignatureAlgorithm - RsaSha1
      (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
    - AsymmetricKeyWrapAlgorithm - KwRsa15
      (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
    - AsymmetricEncryptionAlgorithm - Rsa15
      (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
    - KeyDerivationAlgorithm - PSha1
      (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
    - DerivedSignatureKeyLength - 128 (16 bytes)
    - MinAsymmetricKeyLength - 1024 (128 bytes)
    - MaxAsymmetricKeyLength - 2048 (256 bytes)
    - CertificateSignatureAlgorithm - Sha1

    If a certificate or any certificate in the chain is not signed with
    a hash that is Sha1 or stronger then the certificate shall be rejected.
    """

    URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15"
    signature_key_size = 16
    symmetric_key_size = 16
    AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
    AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"

    @staticmethod
    def encrypt_asymmetric(pubkey, data):
        return uacrypto.encrypt_rsa15(pubkey, data)

    def __init__(self, server_cert, client_cert, client_pk, mode):
        logger = logging.getLogger(__name__)
        logger.warning("DEPRECATED! Do not use SecurityPolicyBasic128Rsa15 anymore!")

        require_cryptography(self)
        if isinstance(server_cert, bytes):
            server_cert = uacrypto.x509_from_der(server_cert)
        # even in Sign mode we need to asymmetrically encrypt secrets
        # transmitted in OpenSecureChannel. So SignAndEncrypt here
        self.asymmetric_cryptography = Cryptography(
            MessageSecurityMode.SignAndEncrypt)
        self.asymmetric_cryptography.Signer = SignerRsa(client_pk)
        self.asymmetric_cryptography.Verifier = VerifierRsa(server_cert)
        self.asymmetric_cryptography.Encryptor = EncryptorRsa(
            server_cert, uacrypto.encrypt_rsa15, 11)
        self.asymmetric_cryptography.Decryptor = DecryptorRsa(
            client_pk, uacrypto.decrypt_rsa15, 11)
        self.symmetric_cryptography = Cryptography(mode)
        self.Mode = mode
        self.server_certificate = uacrypto.der_from_x509(server_cert)
        self.client_certificate = uacrypto.der_from_x509(client_cert)

    def make_local_symmetric_key(self, secret, seed):
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
        self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
        self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)

    def make_remote_symmetric_key(self, secret, seed):
        key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)

        (sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
        self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
        self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)


class SecurityPolicyBasic256(SecurityPolicy):

		@@ 453-528 (lines=76) @@
450		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
451
452
453		class SecurityPolicyBasic256(SecurityPolicy):
454		"""
455		DEPRECATED, do not use anymore!
456
457		Security Basic 256
458		A suite of algorithms that are for 256-Bit (32 bytes) encryption,
459		algorithms include:
460		- SymmetricSignatureAlgorithm - HmacSha1
461		(http://www.w3.org/2000/09/xmldsig#hmac-sha1)
462		- SymmetricEncryptionAlgorithm - Aes256
463		(http://www.w3.org/2001/04/xmlenc#aes256-cbc)
464		- AsymmetricSignatureAlgorithm - RsaSha1
465		(http://www.w3.org/2000/09/xmldsig#rsa-sha1)
466		- AsymmetricKeyWrapAlgorithm - KwRsaOaep
467		(http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p)
468		- AsymmetricEncryptionAlgorithm - RsaOaep
469		(http://www.w3.org/2001/04/xmlenc#rsa-oaep)
470		- KeyDerivationAlgorithm - PSha1
471		(http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
472		- DerivedSignatureKeyLength - 192 (24 bytes)
473		- MinAsymmetricKeyLength - 1024 (128 bytes)
474		- MaxAsymmetricKeyLength - 2048 (256 bytes)
475		- CertificateSignatureAlgorithm - Sha1
476
477		If a certificate or any certificate in the chain is not signed with
478		a hash that is Sha1 or stronger then the certificate shall be rejected.
479		"""
480
481		URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic256"
482		signature_key_size = 24
483		symmetric_key_size = 32
484		AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep"
485		AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
486
487		@staticmethod
488		def encrypt_asymmetric(pubkey, data):
489		return uacrypto.encrypt_rsa_oaep(pubkey, data)
490
491		def __init__(self, server_cert, client_cert, client_pk, mode):
492		logger = logging.getLogger(__name__)
493		logger.warning("DEPRECATED! Do not use SecurityPolicyBasic256 anymore!")
494
495		require_cryptography(self)
496		if isinstance(server_cert, bytes):
497		server_cert = uacrypto.x509_from_der(server_cert)
498		# even in Sign mode we need to asymmetrically encrypt secrets
499		# transmitted in OpenSecureChannel. So SignAndEncrypt here
500		self.asymmetric_cryptography = Cryptography(
501		MessageSecurityMode.SignAndEncrypt)
502		self.asymmetric_cryptography.Signer = SignerRsa(client_pk)
503		self.asymmetric_cryptography.Verifier = VerifierRsa(server_cert)
504		self.asymmetric_cryptography.Encryptor = EncryptorRsa(
505		server_cert, uacrypto.encrypt_rsa_oaep, 42)
506		self.asymmetric_cryptography.Decryptor = DecryptorRsa(
507		client_pk, uacrypto.decrypt_rsa_oaep, 42)
508		self.symmetric_cryptography = Cryptography(mode)
509		self.Mode = mode
510		self.server_certificate = uacrypto.der_from_x509(server_cert)
511		self.client_certificate = uacrypto.der_from_x509(client_cert)
512
513		def make_local_symmetric_key(self, secret, seed):
514		# specs part 6, 6.7.5
515		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
516
517		(sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
518		self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
519		self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
520
521		def make_remote_symmetric_key(self, secret, seed):
522
523		# specs part 6, 6.7.5
524		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
525
526		(sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
527		self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
528		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
529
530
531		class SecurityPolicyBasic256Sha256(SecurityPolicy):
		@@ 378-450 (lines=73) @@
375		raise uacrypto.InvalidSignature
376
377
378		class SecurityPolicyBasic128Rsa15(SecurityPolicy):
379		"""
380		DEPRECATED, do not use anymore!
381
382		Security Basic 128Rsa15
383		A suite of algorithms that uses RSA15 as Key-Wrap-algorithm
384		and 128-Bit (16 bytes) for encryption algorithms.
385		- SymmetricSignatureAlgorithm - HmacSha1
386		(http://www.w3.org/2000/09/xmldsig#hmac-sha1)
387		- SymmetricEncryptionAlgorithm - Aes128
388		(http://www.w3.org/2001/04/xmlenc#aes128-cbc)
389		- AsymmetricSignatureAlgorithm - RsaSha1
390		(http://www.w3.org/2000/09/xmldsig#rsa-sha1)
391		- AsymmetricKeyWrapAlgorithm - KwRsa15
392		(http://www.w3.org/2001/04/xmlenc#rsa-1_5)
393		- AsymmetricEncryptionAlgorithm - Rsa15
394		(http://www.w3.org/2001/04/xmlenc#rsa-1_5)
395		- KeyDerivationAlgorithm - PSha1
396		(http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
397		- DerivedSignatureKeyLength - 128 (16 bytes)
398		- MinAsymmetricKeyLength - 1024 (128 bytes)
399		- MaxAsymmetricKeyLength - 2048 (256 bytes)
400		- CertificateSignatureAlgorithm - Sha1
401
402		If a certificate or any certificate in the chain is not signed with
403		a hash that is Sha1 or stronger then the certificate shall be rejected.
404		"""
405
406		URI = "http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15"
407		signature_key_size = 16
408		symmetric_key_size = 16
409		AsymmetricEncryptionURI = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
410		AsymmetricSignatureURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
411
412		@staticmethod
413		def encrypt_asymmetric(pubkey, data):
414		return uacrypto.encrypt_rsa15(pubkey, data)
415
416		def __init__(self, server_cert, client_cert, client_pk, mode):
417		logger = logging.getLogger(__name__)
418		logger.warning("DEPRECATED! Do not use SecurityPolicyBasic128Rsa15 anymore!")
419
420		require_cryptography(self)
421		if isinstance(server_cert, bytes):
422		server_cert = uacrypto.x509_from_der(server_cert)
423		# even in Sign mode we need to asymmetrically encrypt secrets
424		# transmitted in OpenSecureChannel. So SignAndEncrypt here
425		self.asymmetric_cryptography = Cryptography(
426		MessageSecurityMode.SignAndEncrypt)
427		self.asymmetric_cryptography.Signer = SignerRsa(client_pk)
428		self.asymmetric_cryptography.Verifier = VerifierRsa(server_cert)
429		self.asymmetric_cryptography.Encryptor = EncryptorRsa(
430		server_cert, uacrypto.encrypt_rsa15, 11)
431		self.asymmetric_cryptography.Decryptor = DecryptorRsa(
432		client_pk, uacrypto.decrypt_rsa15, 11)
433		self.symmetric_cryptography = Cryptography(mode)
434		self.Mode = mode
435		self.server_certificate = uacrypto.der_from_x509(server_cert)
436		self.client_certificate = uacrypto.der_from_x509(client_cert)
437
438		def make_local_symmetric_key(self, secret, seed):
439		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
440
441		(sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
442		self.symmetric_cryptography.Signer = SignerAesCbc(sigkey)
443		self.symmetric_cryptography.Encryptor = EncryptorAesCbc(key, init_vec)
444
445		def make_remote_symmetric_key(self, secret, seed):
446		key_sizes = (self.signature_key_size, self.symmetric_key_size, 16)
447
448		(sigkey, key, init_vec) = uacrypto.p_sha1(secret, seed, key_sizes)
449		self.symmetric_cryptography.Verifier = VerifierAesCbc(sigkey)
450		self.symmetric_cryptography.Decryptor = DecryptorAesCbc(key, init_vec)
451
452
453		class SecurityPolicyBasic256(SecurityPolicy):

FreeOpcUa / opcua-asyncio

Code Duplication Length = 73-76 lines in 2 locations

asyncua/crypto/security_policies.py 2 locations