diff options
Diffstat (limited to 'pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py')
-rw-r--r-- | pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py | 64 |
1 files changed, 37 insertions, 27 deletions
diff --git a/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py b/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py index 11dd79b3..267db682 100644 --- a/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py +++ b/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py @@ -19,19 +19,26 @@ except ImportError: sha224 = sha256 = sha384 = sha512 = NotAvailable() -from pyasn1.type import univ from pysnmp.proto.secmod.rfc3414.auth import base from pysnmp.proto.secmod.rfc3414 import localkey from pysnmp.proto import errind, error +from pyasn1.type import univ # 7.2.4 class HmacSha2(base.AbstractAuthenticationService): - SHA224_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 4) # usmHMAC128SHA224AuthProtocol - SHA256_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 5) # usmHMAC192SHA256AuthProtocol - SHA384_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 6) # usmHMAC256SHA384AuthProtocol - SHA512_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 7) # usmHMAC384SHA512AuthProtocol + # usmHMAC128SHA224AuthProtocol + SHA224_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 4) + + # usmHMAC192SHA256AuthProtocol + SHA256_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 5) + + # usmHMAC256SHA384AuthProtocol + SHA384_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 6) + + # usmHMAC384SHA512AuthProtocol + SHA512_SERVICE_ID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 7) KEY_LENGTH = { SHA224_SERVICE_ID: 28, @@ -59,39 +66,43 @@ class HmacSha2(base.AbstractAuthenticationService): def __init__(self, oid): if oid not in self.HASH_ALGORITHM: - raise error.ProtocolError('No SHA-2 authentication algorithm %s available' % (oid,)) - self.__hashAlgo = self.HASH_ALGORITHM[oid] - self.__digestLength = self.DIGEST_LENGTH[oid] - self.__placeHolder = univ.OctetString((0,) * self.__digestLength).asOctets() + raise error.ProtocolError( + 'No SHA-2 authentication algorithm %s available' % (oid,)) + + self._hashAlgo = self.HASH_ALGORITHM[oid] + self._digestLength = self.DIGEST_LENGTH[oid] + self._placeHolder = univ.OctetString( + (0,) * self._digestLength).asOctets() def hashPassphrase(self, authKey): - return localkey.hashPassphrase(authKey, self.__hashAlgo) + return localkey.hashPassphrase(authKey, self._hashAlgo) def localizeKey(self, authKey, snmpEngineID): - return localkey.localizeKey(authKey, snmpEngineID, self.__hashAlgo) + return localkey.localizeKey(authKey, snmpEngineID, self._hashAlgo) @property def digestLength(self): - return self.__digestLength + return self._digestLength # 7.3.1 def authenticateOutgoingMsg(self, authKey, wholeMsg): # 7.3.1.1 - location = wholeMsg.find(self.__placeHolder) + location = wholeMsg.find(self._placeHolder) if location == -1: - raise error.ProtocolError('Can\'t locate digest placeholder') + raise error.ProtocolError('Cannot locate digest placeholder') + wholeHead = wholeMsg[:location] - wholeTail = wholeMsg[location + self.__digestLength:] + wholeTail = wholeMsg[location + self._digestLength:] # 7.3.1.2, 7.3.1.3 try: - mac = hmac.new(authKey.asOctets(), wholeMsg, self.__hashAlgo) + mac = hmac.new(authKey.asOctets(), wholeMsg, self._hashAlgo) except errind.ErrorIndication as exc: raise error.StatusInformation(errorIndication=exc) # 7.3.1.4 - mac = mac.digest()[:self.__digestLength] + mac = mac.digest()[:self._digestLength] # 7.3.1.5 & 6 return wholeHead + mac + wholeTail @@ -99,33 +110,32 @@ class HmacSha2(base.AbstractAuthenticationService): # 7.3.2 def authenticateIncomingMsg(self, authKey, authParameters, wholeMsg): # 7.3.2.1 & 2 - if len(authParameters) != self.__digestLength: + if len(authParameters) != self._digestLength: raise error.StatusInformation( - errorIndication=errind.authenticationError - ) + errorIndication=errind.authenticationError) # 7.3.2.3 location = wholeMsg.find(authParameters.asOctets()) if location == -1: - raise error.ProtocolError('Can\'t locate digest in wholeMsg') + raise error.ProtocolError('Cannot locate digest in wholeMsg') + wholeHead = wholeMsg[:location] - wholeTail = wholeMsg[location + self.__digestLength:] - authenticatedWholeMsg = wholeHead + self.__placeHolder + wholeTail + wholeTail = wholeMsg[location + self._digestLength:] + authenticatedWholeMsg = wholeHead + self._placeHolder + wholeTail # 7.3.2.4 try: - mac = hmac.new(authKey.asOctets(), authenticatedWholeMsg, self.__hashAlgo) + mac = hmac.new(authKey.asOctets(), authenticatedWholeMsg, self._hashAlgo) except errind.ErrorIndication as exc: raise error.StatusInformation(errorIndication=exc) # 7.3.2.5 - mac = mac.digest()[:self.__digestLength] + mac = mac.digest()[:self._digestLength] # 7.3.2.6 if mac != authParameters: raise error.StatusInformation( - errorIndication=errind.authenticationFailure - ) + errorIndication=errind.authenticationFailure) return authenticatedWholeMsg |