critical error fixed in key localization procedure for AES192/AES256/3DES

cyphers
author: elie <elie> 2014-01-09 21:51:35 +0000
committer: elie <elie> 2014-01-09 21:51:35 +0000
commit: 06bd83b805cd1391aa9f6d930f32d3cca7a14863 (patch)
tree: b2eb5f6328a30bee05f894718bef14976316efd8 /pysnmp/proto/secmod
parent: 0487a659df800dc5cd6a9409942e831394b0b84d (diff)
download: pysnmp-git-06bd83b805cd1391aa9f6d930f32d3cca7a14863.tar.gz
4 files changed, 52 insertions, 54 deletions
diff --git a/pysnmp/proto/secmod/eso/priv/aes192.py b/pysnmp/proto/secmod/eso/priv/aes192.py
index dbde58ca..1d846f8f 100644
--- a/pysnmp/proto/secmod/eso/priv/aes192.py
+++ b/pysnmp/proto/secmod/eso/priv/aes192.py
@@ -1,28 +1,7 @@
 # AES 192/256 bit encryption (Internet draft)
 # http://tools.ietf.org/html/draft-blumenthal-aes-usm-04
-from pysnmp.proto.secmod.rfc3826.priv import aes
-from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
-from pysnmp.proto.secmod.rfc3414 import localkey
-from pysnmp.proto import error
+from pysnmp.proto.secmod.eso.priv import aesbase
 
-class Aes192(aes.Aes):
+class Aes192(aesbase.AbstractAes):
     serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 1)  # cusmAESCfb192PrivProtocol
     keySize = 24
-
-    # 3.1.2.1
-    def localizeKey(self, authProtocol, privKey, snmpEngineID):
-        if authProtocol == hmacmd5.HmacMd5.serviceID:
-            localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
-            localPrivKey = localPrivKey + localkey.localizeKeyMD5(
-                localPrivKey, snmpEngineID
-                )
-        elif authProtocol == hmacsha.HmacSha.serviceID:
-            localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
-            localPrivKey = localPrivKey + localkey.localizeKeySHA(
-                localPrivKey, snmpEngineID
-                )
-        else:
-            raise error.ProtocolError(
-                'Unknown auth protocol %s' % (authProtocol,)
-                )
-        return localPrivKey[:24]
diff --git a/pysnmp/proto/secmod/eso/priv/aes256.py b/pysnmp/proto/secmod/eso/priv/aes256.py
index 13cb134c..040d38bd 100644
--- a/pysnmp/proto/secmod/eso/priv/aes256.py
+++ b/pysnmp/proto/secmod/eso/priv/aes256.py
@@ -1,28 +1,7 @@
 # AES 192/256 bit encryption (Internet draft)
 # http://tools.ietf.org/html/draft-blumenthal-aes-usm-04
-from pysnmp.proto.secmod.rfc3826.priv import aes
-from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
-from pysnmp.proto.secmod.rfc3414 import localkey
-from pysnmp.proto import error
-
-class Aes256(aes.Aes):
+from pysnmp.proto.secmod.eso.priv import aesbase
+    
+class Aes256(aesbase.AbstractAes):
     serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 2)  # cusmAESCfb256PrivProtocol
     keySize = 32
-
-    # 3.1.2.1
-    def localizeKey(self, authProtocol, privKey, snmpEngineID):
-        if authProtocol == hmacmd5.HmacMd5.serviceID:
-            localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
-            localPrivKey = localPrivKey + localkey.localizeKeyMD5(
-                localPrivKey, snmpEngineID
-                )
-        elif authProtocol == hmacsha.HmacSha.serviceID:
-            localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
-            localPrivKey = localPrivKey + localkey.localizeKeySHA(
-                localPrivKey, snmpEngineID
-                )
-        else:
-            raise error.ProtocolError(
-                'Unknown auth protocol %s' % (authProtocol,)
-                )
-        return localPrivKey[:32]
diff --git a/pysnmp/proto/secmod/eso/priv/aesbase.py b/pysnmp/proto/secmod/eso/priv/aesbase.py
new file mode 100644
index 00000000..971fe799
--- /dev/null
+++ b/pysnmp/proto/secmod/eso/priv/aesbase.py
@@ -0,0 +1,33 @@
+# AES 192/256 bit encryption (Internet draft)
+# http://tools.ietf.org/html/draft-blumenthal-aes-usm-04
+from pysnmp.proto.secmod.rfc3826.priv import aes
+from pysnmp.proto.secmod.rfc3414.auth import hmacmd5, hmacsha
+from pysnmp.proto.secmod.rfc3414 import localkey
+from pysnmp.proto import error
+from math import ceil
+try:
+    from hashlib import md5, sha1
+except ImportError:
+    import md5, sha
+    md5 = md5.new
+    sha1 = sha.new
+    
+class AbstractAes(aes.Aes):
+    serviceID = ()
+    keySize = 0
+
+    # 3.1.2.1
+    def localizeKey(self, authProtocol, privKey, snmpEngineID):
+        if authProtocol == hmacmd5.HmacMd5.serviceID:
+            localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
+            while ceil(self.keySize/len(localPrivKey)):
+                localPrivKey = localPrivKey + md5(localPrivKey).digest()
+        elif authProtocol == hmacsha.HmacSha.serviceID:
+            localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
+            while ceil(self.keySize/len(localPrivKey)):
+                localPrivKey = localPrivKey + sha1(localPrivKey).digest()
+        else:
+            raise error.ProtocolError(
+                'Unknown auth protocol %s' % (authProtocol,)
+                )
+        return localPrivKey[:self.keySize]
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py
index 99261112..750c506d 100644
--- a/pysnmp/proto/secmod/eso/priv/des3.py
+++ b/pysnmp/proto/secmod/eso/priv/des3.py
@@ -7,6 +7,14 @@ from pysnmp.proto.secmod.rfc3414 import localkey
 from pysnmp.proto import errind, error
 from pyasn1.type import univ
 from pyasn1.compat.octets import null
+from math import ceil
+
+try:
+    from hashlib import md5, sha1
+except ImportError:
+    import md5, sha
+    md5 = md5.new
+    sha1 = sha.new
 
 try:
     from Crypto.Cipher import DES3
@@ -19,6 +27,7 @@ random.seed()
 
 class Des3(base.AbstractEncryptionService):
     serviceID = (1, 3, 6, 1, 6, 3, 10, 1, 2, 3) # usm3DESEDEPrivProtocol
+    keySize = 32
     _localInt = random.randrange(0, 0xffffffff)
 
     def hashPassphrase(self, authProtocol, privKey):
@@ -34,19 +43,17 @@ class Des3(base.AbstractEncryptionService):
     def localizeKey(self, authProtocol, privKey, snmpEngineID):
         if authProtocol == hmacmd5.HmacMd5.serviceID:
             localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
-            localPrivKey = localPrivKey + localkey.localizeKeyMD5(
-                localPrivKey, snmpEngineID
-                )
+            while ceil(self.keySize/len(localPrivKey)):
+                localPrivKey = localPrivKey + md5(localPrivKey).digest()
         elif authProtocol == hmacsha.HmacSha.serviceID:
             localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
-            localPrivKey = localPrivKey + localkey.localizeKeySHA(
-                localPrivKey, snmpEngineID
-                )
+            while ceil(self.keySize/len(localPrivKey)):
+                localPrivKey = localPrivKey + sha1(localPrivKey).digest()
         else:
             raise error.ProtocolError(
                 'Unknown auth protocol %s' % (authProtocol,)
                 )
-        return localPrivKey[:32] # key+IV
+        return localPrivKey[:self.keySize] # key+IV
         
     # 5.1.1.1
     def __getEncryptionKey(self, privKey, snmpEngineBoots):
author	elie <elie>	2014-01-09 21:51:35 +0000
committer	elie <elie>	2014-01-09 21:51:35 +0000
commit	06bd83b805cd1391aa9f6d930f32d3cca7a14863 (patch)
tree	b2eb5f6328a30bee05f894718bef14976316efd8 /pysnmp/proto/secmod
parent	0487a659df800dc5cd6a9409942e831394b0b84d (diff)
download	pysnmp-git-06bd83b805cd1391aa9f6d930f32d3cca7a14863.tar.gz