summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIlya Etingof <etingof@gmail.com>2017-12-03 20:46:25 +0100
committerIlya Etingof <etingof@gmail.com>2017-12-03 20:46:25 +0100
commit72f3878be079481c33ed6fdd3cdfc11e35a0956f (patch)
tree5e76fc2ed2ff1c52b9db6695bf271fbccf8352ce
parent114e90414d41a5868ace60fd5d2902a0d9b9c732 (diff)
downloadpysnmp-git-72f3878be079481c33ed6fdd3cdfc11e35a0956f.tar.gz
added missing SHA2 support for Blumenthal key localization
-rw-r--r--CHANGES.txt1
-rw-r--r--pysnmp/proto/secmod/eso/priv/aesbase.py22
2 files changed, 15 insertions, 8 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 9d29dff1..c0399141 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -3,6 +3,7 @@ Revision 4.4.3, released 2017-12-XX
-----------------------------------
- Migrated references from SourceForge
+- Added missing SHA2 support for Blumenthal key localization
- Fixed named bits handling at rfc1902.Bits
Revision 4.4.2, released 2017-11-11
diff --git a/pysnmp/proto/secmod/eso/priv/aesbase.py b/pysnmp/proto/secmod/eso/priv/aesbase.py
index 0c94190e..47b68f89 100644
--- a/pysnmp/proto/secmod/eso/priv/aesbase.py
+++ b/pysnmp/proto/secmod/eso/priv/aesbase.py
@@ -28,19 +28,22 @@ class AbstractAesBlumenthal(aes.Aes):
# 3.1.2.1
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
- localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
- for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
- # noinspection PyDeprecation,PyCallingNonCallable
- localPrivKey += md5(localPrivKey).digest()
+ hashAlgo = md5
elif authProtocol == hmacsha.HmacSha.serviceID:
- localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
- # RFC mentions this algo generates 480bit key, but only up to 256 bits are used
- for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
- localPrivKey += sha1(localPrivKey).digest()
+ hashAlgo = sha1
+ elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms:
+ hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol]
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
+
+ localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo)
+
+ # now extend this key if too short by repeating steps that includes the hashPassphrase step
+ for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
+ localPrivKey += hashAlgo(localPrivKey).digest()
+
return localPrivKey[:self.keySize]
@@ -74,10 +77,13 @@ class AbstractAesReeder(aes.Aes):
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
+
localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo)
+
# now extend this key if too short by repeating steps that includes the hashPassphrase step
while len(localPrivKey) < self.keySize:
# this is the difference between reeder and bluementhal
newKey = localkey.hashPassphrase(localPrivKey, hashAlgo)
localPrivKey += localkey.localizeKey(newKey, snmpEngineID, hashAlgo)
+
return localPrivKey[:self.keySize]