diff options
author | Ilya Etingof <etingof@gmail.com> | 2019-08-03 13:40:49 +0200 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-08-03 15:18:03 +0200 |
commit | 65e92864a32600019a24e61594c4f996c1f2d411 (patch) | |
tree | da1e8c32277e14fd5cc911ba3cf300fb576d8d37 /docs | |
parent | 450943ab97d4a4ae48d0b71e119eae23a2686a61 (diff) | |
download | pysnmp-git-65e92864a32600019a24e61594c4f996c1f2d411.tar.gz |
Add USM master and localized keys configuration support (#295)
Added new optional parameters to `addUsmUser()` and
`hlapi.UsmUserData()` functions allowing specifying key material
type being passed to the respective routines.
Plain-text pass-phrase remains the default, while user can change that
to `master` or `localized` types.
Refer to RFC3414 for technical details on SNMP USM key localization
algorithm.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/mibs/PYSNMP-USM-MIB.txt | 15 | ||||
-rw-r--r-- | docs/source/docs/api-reference.rst | 12 |
2 files changed, 24 insertions, 3 deletions
diff --git a/docs/mibs/PYSNMP-USM-MIB.txt b/docs/mibs/PYSNMP-USM-MIB.txt index 81e112c7..739ca08e 100644 --- a/docs/mibs/PYSNMP-USM-MIB.txt +++ b/docs/mibs/PYSNMP-USM-MIB.txt @@ -21,6 +21,8 @@ pysnmpUsmMIB MODULE-IDENTITY DESCRIPTION "This MIB module defines objects specific to User Security Model (USM) implementation at PySNMP." + REVISION "201908300000Z" + DESCRIPTION "Added USM key types" REVISION "201707300000Z" DESCRIPTION "Extended authentication key size" REVISION "201704140000Z" @@ -56,6 +58,19 @@ pysnmpUsmDiscovery OBJECT-TYPE DEFVAL { doDiscover } ::= { pysnmpUsmCfg 2 } +pysnmpUsmKeyType OBJECT-TYPE + SYNTAX INTEGER { passphrase (0), master(1), localized(2) } + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "When configuring USM user, the value of this enumeration + determines how the keys should be treated. The default + value "passphrase" means that given keys are plain-text + pass-phrases, "master" indicates that the keys are pre-hashed + pass-phrases, while "localized" stands for pre-hashed + pass-phrases mixed with SNMP Security Engine ID value." + DEFVAL { passphrase } + ::= { pysnmpUsmCfg 3 } + -- The usmUser Group ************************************************ pysnmpUsmUser OBJECT IDENTIFIER ::= { pysnmpUsmMIBObjects 3 } diff --git a/docs/source/docs/api-reference.rst b/docs/source/docs/api-reference.rst index 78c3e1ed..d2a799f7 100644 --- a/docs/source/docs/api-reference.rst +++ b/docs/source/docs/api-reference.rst @@ -213,7 +213,7 @@ User-based The :py:class:`~pysnmp.hlapi.v3arch.UsmUserData` class provides SNMPv3 User-Based Security Model configuration for SNMP v3 systems. -.. autoclass:: pysnmp.hlapi.v3arch.UsmUserData(userName, authKey=None, privKey=None, authProtocol=USM_AUTH_NONE, privProtocol=USM_PRIV_NONE, securityEngineId=None) +.. autoclass:: pysnmp.hlapi.v3arch.UsmUserData(userName, authKey=None, privKey=None, authProtocol=USM_AUTH_NONE, privProtocol=USM_PRIV_NONE, securityEngineId=None, authKeyType=USM_KEY_TYPE_PASSPHRASE, privKeyType=USM_KEY_TYPE_PASSPHRASE) **Authentication protocol identifiers** @@ -236,10 +236,16 @@ Security Model configuration for SNMP v3 systems. .. autodata:: pysnmp.hlapi.v3arch.USM_PRIV_CFB192_AES_BLUMENTHAL .. autodata:: pysnmp.hlapi.v3arch.USM_PRIV_CFB256_AES_BLUMENTHAL +**Key material types** + +.. autodata:: pysnmp.hlapi.USM_KEY_TYPE_PASSPHRASE +.. autodata:: pysnmp.hlapi.USM_KEY_TYPE_MASTER +.. autodata:: pysnmp.hlapi.USM_KEY_TYPE_LOCALIZED + .. note:: - SNMP authentication and encryption keys must be at least *eight* - octets long. + SNMP authentication and encryption keys must be at least *8* + and at most *32* octets long. Transport configuration is I/O framework specific and is described in respective sections. |