diff options
author | Ilya Etingof <etingof@gmail.com> | 2017-12-03 20:46:25 +0100 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2017-12-03 20:46:25 +0100 |
commit | 72f3878be079481c33ed6fdd3cdfc11e35a0956f (patch) | |
tree | 5e76fc2ed2ff1c52b9db6695bf271fbccf8352ce | |
parent | 114e90414d41a5868ace60fd5d2902a0d9b9c732 (diff) | |
download | pysnmp-git-72f3878be079481c33ed6fdd3cdfc11e35a0956f.tar.gz |
added missing SHA2 support for Blumenthal key localization
-rw-r--r-- | CHANGES.txt | 1 | ||||
-rw-r--r-- | pysnmp/proto/secmod/eso/priv/aesbase.py | 22 |
2 files changed, 15 insertions, 8 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 9d29dff1..c0399141 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -3,6 +3,7 @@ Revision 4.4.3, released 2017-12-XX ----------------------------------- - Migrated references from SourceForge +- Added missing SHA2 support for Blumenthal key localization - Fixed named bits handling at rfc1902.Bits Revision 4.4.2, released 2017-11-11 diff --git a/pysnmp/proto/secmod/eso/priv/aesbase.py b/pysnmp/proto/secmod/eso/priv/aesbase.py index 0c94190e..47b68f89 100644 --- a/pysnmp/proto/secmod/eso/priv/aesbase.py +++ b/pysnmp/proto/secmod/eso/priv/aesbase.py @@ -28,19 +28,22 @@ class AbstractAesBlumenthal(aes.Aes): # 3.1.2.1 def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: - localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) - for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - # noinspection PyDeprecation,PyCallingNonCallable - localPrivKey += md5(localPrivKey).digest() + hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: - localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) - # RFC mentions this algo generates 480bit key, but only up to 256 bits are used - for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - localPrivKey += sha1(localPrivKey).digest() + hashAlgo = sha1 + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) ) + + localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo) + + # now extend this key if too short by repeating steps that includes the hashPassphrase step + for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): + localPrivKey += hashAlgo(localPrivKey).digest() + return localPrivKey[:self.keySize] @@ -74,10 +77,13 @@ class AbstractAesReeder(aes.Aes): raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) ) + localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo) + # now extend this key if too short by repeating steps that includes the hashPassphrase step while len(localPrivKey) < self.keySize: # this is the difference between reeder and bluementhal newKey = localkey.hashPassphrase(localPrivKey, hashAlgo) localPrivKey += localkey.localizeKey(newKey, snmpEngineID, hashAlgo) + return localPrivKey[:self.keySize] |