diff options
| author | Ilya Etingof <etingof@gmail.com> | 2016-08-21 17:58:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-21 17:58:11 +0200 |
| commit | 89bfb93e9a923e6a403fe5ad79a034a3cb051978 (patch) | |
| tree | 0b795dbdff96ca8d346f35a2f93605f6e36eb490 | |
| parent | f63149c9385bd42bb71bfea490ee526a422660ac (diff) | |
| parent | be1fc26cdc2dcde8c5e6ff2f99e21e6c77193b56 (diff) | |
| download | pysnmp-git-89bfb93e9a923e6a403fe5ad79a034a3cb051978.tar.gz | |
Merge pull request #11 from rbreesems/snmpv3_3des_fix
This fixes two errors SNMPV3 des3 privacy support.
| -rw-r--r-- | pysnmp/proto/secmod/eso/priv/des3.py | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py index 2388c364..b4d2af2a 100644 --- a/pysnmp/proto/secmod/eso/priv/des3.py +++ b/pysnmp/proto/secmod/eso/priv/des3.py @@ -51,17 +51,19 @@ class Des3(base.AbstractEncryptionService): 'Unknown auth protocol %s' % (authProtocol,) ) - # 2.1 + #key localization as per https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00 def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) - for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - # noinspection PyDeprecation,PyCallingNonCallable - localPrivKey += localkey.localizeKeyMD5(localPrivKey, snmpEngineID) + #now extend this key if too short by repeating steps that includes the hashPassphrase step + while len(localPrivKey) < self.keySize: + newKey = localkey.hashPassphraseMD5(localPrivKey) + localPrivKey += localkey.localizeKeyMD5(newKey, snmpEngineID) elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) - for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - localPrivKey += localkey.localizeKeySHA(localPrivKey, snmpEngineID) + while len(localPrivKey) < self.keySize: + newKey = localkey.hashPassphraseSHA(localPrivKey) + localPrivKey += localkey.localizeKeySHA(newKey, snmpEngineID) else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) @@ -120,15 +122,7 @@ class Des3(base.AbstractEncryptionService): privParameters = univ.OctetString(salt) plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() - cipherblock = iv - ciphertext = null - while plaintext: - cipherblock = des3Obj.encrypt( - univ.OctetString(map(lambda x, y: x ^ y, univ.OctetString(cipherblock).asNumbers(), - univ.OctetString(plaintext[:8]).asNumbers())).asOctets() - ) - ciphertext = ciphertext + cipherblock - plaintext = plaintext[8:] + ciphertext = des3Obj.encrypt(plaintext) return univ.OctetString(ciphertext), privParameters @@ -156,12 +150,6 @@ class Des3(base.AbstractEncryptionService): plaintext = null ciphertext = encryptedData.asOctets() - cipherblock = iv - while ciphertext: - plaintext = plaintext + univ.OctetString(map(lambda x, y: x ^ y, univ.OctetString(cipherblock).asNumbers(), - univ.OctetString( - des3Obj.decrypt(ciphertext[:8])).asNumbers())).asOctets() - cipherblock = ciphertext[:8] - ciphertext = ciphertext[8:] + plaintext = des3Obj.decrypt(ciphertext) return plaintext |