diff options
-rw-r--r-- | pysnmp/proto/secmod/eso/priv/des3.py | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py index 2388c364..b4d2af2a 100644 --- a/pysnmp/proto/secmod/eso/priv/des3.py +++ b/pysnmp/proto/secmod/eso/priv/des3.py @@ -51,17 +51,19 @@ class Des3(base.AbstractEncryptionService): 'Unknown auth protocol %s' % (authProtocol,) ) - # 2.1 + #key localization as per https://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00 def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) - for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - # noinspection PyDeprecation,PyCallingNonCallable - localPrivKey += localkey.localizeKeyMD5(localPrivKey, snmpEngineID) + #now extend this key if too short by repeating steps that includes the hashPassphrase step + while len(localPrivKey) < self.keySize: + newKey = localkey.hashPassphraseMD5(localPrivKey) + localPrivKey += localkey.localizeKeyMD5(newKey, snmpEngineID) elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) - for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): - localPrivKey += localkey.localizeKeySHA(localPrivKey, snmpEngineID) + while len(localPrivKey) < self.keySize: + newKey = localkey.hashPassphraseSHA(localPrivKey) + localPrivKey += localkey.localizeKeySHA(newKey, snmpEngineID) else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) @@ -120,15 +122,7 @@ class Des3(base.AbstractEncryptionService): privParameters = univ.OctetString(salt) plaintext = dataToEncrypt + univ.OctetString((0,) * (8 - len(dataToEncrypt) % 8)).asOctets() - cipherblock = iv - ciphertext = null - while plaintext: - cipherblock = des3Obj.encrypt( - univ.OctetString(map(lambda x, y: x ^ y, univ.OctetString(cipherblock).asNumbers(), - univ.OctetString(plaintext[:8]).asNumbers())).asOctets() - ) - ciphertext = ciphertext + cipherblock - plaintext = plaintext[8:] + ciphertext = des3Obj.encrypt(plaintext) return univ.OctetString(ciphertext), privParameters @@ -156,12 +150,6 @@ class Des3(base.AbstractEncryptionService): plaintext = null ciphertext = encryptedData.asOctets() - cipherblock = iv - while ciphertext: - plaintext = plaintext + univ.OctetString(map(lambda x, y: x ^ y, univ.OctetString(cipherblock).asNumbers(), - univ.OctetString( - des3Obj.decrypt(ciphertext[:8])).asNumbers())).asOctets() - cipherblock = ciphertext[:8] - ciphertext = ciphertext[8:] + plaintext = des3Obj.decrypt(ciphertext) return plaintext |