arista_type_7
Generate Arista Type 7 Passwords in C, Python, and Ruby
A friend had the need to provision Arista Type 7 Passwords on switches. According to Ryan Gelobter, Arista has a Python library to do this.
Apparently this Python Library uses a Cython Module to provide the functions
_DesCrypt.cbcEncrypt( key, data )
_DesCrypt.cbcDecrypt( key, data )
Unfortunately, this code does not run on a regular Linux machine, due to it being 32 bit, for an outdated version of Python (3.7) and dependencies. To make provisioning easier, I reversed the function and provide an independent PoC C implementation of the encryption function.
This now can be turned into a pure Python function.
Build the C
This has been tested on Ubuntu 20.04.
I had to install
- libtirpc-common
- libtirpc-dev
- libtirpc3
to get access to <rpc/des_encrypt>
and I had to link -static
to make it work. For a PoC that is acceptable.
Validation
This has been validated only with the test data provided in the Ryan Gelobter article above.
Build the Python
$ python3 -mvenv venv
$ source venv/bin/activate
(venv) $ pip install -r requirements.txt
(venv) $ python3 pypoc.py
Using the Ruby
The Python proof of concept was ported to Ruby by @supermathie.
No extra libraries beyond OpenSSL are required.
$ ruby -e "require './rubypoc'; puts decrypt(key: '2001:db8:6939::1_passwd', data: '1f2k70WMa17KyMEW72GaNg==')"
swordfish
$ ruby -e "require './rubypoc'; puts encrypt(key: '2001:db8:6939::1_passwd', data: 'swordfish')"
1f2k70WMa17KyMEW72GaNg==