1 files changed, 37 insertions, 27 deletions

diff --git a/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py b/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py
index 11dd79b3..267db682 100644
--- a/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py
+++ b/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py
@@ -19,19 +19,26 @@ except ImportError:
 
     sha224 = sha256 = sha384 = sha512 = NotAvailable()
 
-from pyasn1.type import univ
 from pysnmp.proto.secmod.rfc3414.auth import base
 from pysnmp.proto.secmod.rfc3414 import localkey
 from pysnmp.proto import errind, error
 
+from pyasn1.type import univ
 
 # 7.2.4
 
 class HmacSha2(base.AbstractAuthenticationService):
-    SHA224_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 4)  # usmHMAC128SHA224AuthProtocol
-    SHA256_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 5)  # usmHMAC192SHA256AuthProtocol
-    SHA384_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 6)  # usmHMAC256SHA384AuthProtocol
-    SHA512_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 7)  # usmHMAC384SHA512AuthProtocol
+    # usmHMAC128SHA224AuthProtocol
+    SHA224_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 4)
+
+    # usmHMAC192SHA256AuthProtocol
+    SHA256_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 5)
+
+    # usmHMAC256SHA384AuthProtocol
+    SHA384_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 6)
+
+    # usmHMAC384SHA512AuthProtocol
+    SHA512_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 7)
 
     KEY_LENGTH = {
         SHA224_SERVICE_ID: 28,
@@ -59,39 +66,43 @@ class HmacSha2(base.AbstractAuthenticationService):
     
     def __init__(self, oid):
         if oid not in self.HASH_ALGORITHM:
-            raise error.ProtocolError('No SHA-2 authentication algorithm %s available' % (oid,))
-        self.__hashAlgo = self.HASH_ALGORITHM[oid]
-        self.__digestLength = self.DIGEST_LENGTH[oid]
-        self.__placeHolder = univ.OctetString((0,) * self.__digestLength).asOctets()
+            raise error.ProtocolError(
+                'No SHA-2 authentication algorithm %s available' % (oid,))
+
+        self._hashAlgo = self.HASH_ALGORITHM[oid]
+        self._digestLength = self.DIGEST_LENGTH[oid]
+        self._placeHolder = univ.OctetString(
+            (0,) * self._digestLength).asOctets()
 
     def hashPassphrase(self, authKey):
-        return localkey.hashPassphrase(authKey, self.__hashAlgo)
+        return localkey.hashPassphrase(authKey, self._hashAlgo)
 
     def localizeKey(self, authKey, snmpEngineID):
-        return localkey.localizeKey(authKey, snmpEngineID, self.__hashAlgo)
+        return localkey.localizeKey(authKey, snmpEngineID, self._hashAlgo)
 
     @property
     def digestLength(self):
-        return self.__digestLength
+        return self._digestLength
 
     # 7.3.1
     def authenticateOutgoingMsg(self, authKey, wholeMsg):
         # 7.3.1.1
-        location = wholeMsg.find(self.__placeHolder)
+        location = wholeMsg.find(self._placeHolder)
         if location == -1:
-            raise error.ProtocolError('Can\'t locate digest placeholder')
+            raise error.ProtocolError('Cannot locate digest placeholder')
+
         wholeHead = wholeMsg[:location]
-        wholeTail = wholeMsg[location + self.__digestLength:]
+        wholeTail = wholeMsg[location + self._digestLength:]
 
         # 7.3.1.2, 7.3.1.3
         try:
-            mac = hmac.new(authKey.asOctets(), wholeMsg, self.__hashAlgo)
+            mac = hmac.new(authKey.asOctets(), wholeMsg, self._hashAlgo)
 
         except errind.ErrorIndication as exc:
             raise error.StatusInformation(errorIndication=exc)
 
         # 7.3.1.4
-        mac = mac.digest()[:self.__digestLength]
+        mac = mac.digest()[:self._digestLength]
 
         # 7.3.1.5 & 6
         return wholeHead + mac + wholeTail
@@ -99,33 +110,32 @@ class HmacSha2(base.AbstractAuthenticationService):
     # 7.3.2
     def authenticateIncomingMsg(self, authKey, authParameters, wholeMsg):
         # 7.3.2.1 & 2
-        if len(authParameters) != self.__digestLength:
+        if len(authParameters) != self._digestLength:
             raise error.StatusInformation(
-                errorIndication=errind.authenticationError
-            )
+                errorIndication=errind.authenticationError)
 
         # 7.3.2.3
         location = wholeMsg.find(authParameters.asOctets())
         if location == -1:
-            raise error.ProtocolError('Can\'t locate digest in wholeMsg')
+            raise error.ProtocolError('Cannot locate digest in wholeMsg')
+
         wholeHead = wholeMsg[:location]
-        wholeTail = wholeMsg[location + self.__digestLength:]
-        authenticatedWholeMsg = wholeHead + self.__placeHolder + wholeTail
+        wholeTail = wholeMsg[location + self._digestLength:]
+        authenticatedWholeMsg = wholeHead + self._placeHolder + wholeTail
 
         # 7.3.2.4
         try:
-            mac = hmac.new(authKey.asOctets(), authenticatedWholeMsg, self.__hashAlgo)
+            mac = hmac.new(authKey.asOctets(), authenticatedWholeMsg, self._hashAlgo)
 
         except errind.ErrorIndication as exc:
             raise error.StatusInformation(errorIndication=exc)
 
         # 7.3.2.5
-        mac = mac.digest()[:self.__digestLength]
+        mac = mac.digest()[:self._digestLength]
 
         # 7.3.2.6
         if mac != authParameters:
             raise error.StatusInformation(
-                errorIndication=errind.authenticationFailure
-            )
+                errorIndication=errind.authenticationFailure)
 
         return authenticatedWholeMsg