fixed 3DES key localization bug

3 files changed, 14 insertions, 1 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 1e9332ba..5661c95d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,10 @@
 
+Revision 4.4.4, released 2017-12-XX
+-----------------------------------
+
+- Fixed short local key expansion at 3DES key localization
+  implementation.
+
 Revision 4.4.3, released 2017-12-22
 -----------------------------------
 
diff --git a/pysnmp/__init__.py b/pysnmp/__init__.py
index 2e607091..168d8d7c 100644
--- a/pysnmp/__init__.py
+++ b/pysnmp/__init__.py
@@ -1,5 +1,5 @@
 # http://www.python.org/dev/peps/pep-0396/
-__version__ = '4.4.3'
+__version__ = '4.4.4'
 # backward compatibility
 version = tuple([int(x) for x in __version__.split('.')])
 majorVersionId = version[0]
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py
index d5022089..97ba156d 100644
--- a/pysnmp/proto/secmod/eso/priv/des3.py
+++ b/pysnmp/proto/secmod/eso/priv/des3.py
@@ -68,6 +68,13 @@ class Des3(base.AbstractEncryptionService):
                 'Unknown auth protocol %s' % (authProtocol,)
             )
         localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo)
+
+        # now extend this key if too short by repeating steps that includes the hashPassphrase step
+        while len(localPrivKey) < self.keySize:
+            # this is the difference between reeder and bluementhal
+            newKey = localkey.hashPassphrase(localPrivKey, hashAlgo)
+            localPrivKey += localkey.localizeKey(newKey, snmpEngineID, hashAlgo)
+
         return localPrivKey[:self.keySize]
 
     # 5.1.1.1