From 65e92864a32600019a24e61594c4f996c1f2d411 Mon Sep 17 00:00:00 2001
From: Ilya Etingof <etingof@gmail.com>
Date: Sat, 3 Aug 2019 13:40:49 +0200
Subject: Add USM master and localized keys configuration support (#295)

Added new optional parameters to `addUsmUser()` and
`hlapi.UsmUserData()` functions allowing specifying key material
type being passed to the respective routines.

Plain-text pass-phrase remains the default, while user can change that
to `master` or `localized` types.

Refer to RFC3414 for technical details on SNMP USM key localization
algorithm.
---
 pysnmp/smi/mibs/PYSNMP-USM-MIB.py             | 73 +++++++++++++++++++++------
 pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py | 15 ++++--
 2 files changed, 69 insertions(+), 19 deletions(-)

(limited to 'pysnmp/smi')

diff --git a/pysnmp/smi/mibs/PYSNMP-USM-MIB.py b/pysnmp/smi/mibs/PYSNMP-USM-MIB.py
index 7b1686aa..17ed7f63 100644
--- a/pysnmp/smi/mibs/PYSNMP-USM-MIB.py
+++ b/pysnmp/smi/mibs/PYSNMP-USM-MIB.py
@@ -132,35 +132,39 @@ pysnmpUsmCfg = _PysnmpUsmCfg_ObjectIdentity(
 )
 
 
-class _PysnmpUsmDiscoverable_Type(Integer32):
-    defaultValue = 1
+class _PysnmpUsmKeyType_Type(Integer32):
+    defaultValue = 0
 
     subtypeSpec = Integer32.subtypeSpec
     subtypeSpec += ConstraintsUnion(
         SingleValueConstraint(
             *(0,
-              1)
+              2)
         )
     )
     namedValues = NamedValues(
-        *(("discoverable", 1),
-          ("notDiscoverable", 0))
+        *(("passphrase", 0),
+          ("master", 1),
+          ("localized", 2))
     )
 
-
-_PysnmpUsmDiscoverable_Type.__name__ = "Integer32"
-_PysnmpUsmDiscoverable_Object = MibScalar
-pysnmpUsmDiscoverable = _PysnmpUsmDiscoverable_Object(
-    (1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 1, 1),
-    _PysnmpUsmDiscoverable_Type()
+_PysnmpUsmKeyType_Type.__name__ = "Integer32"
+_PysnmpUsmKeyType_Object = MibScalar
+pysnmpUsmKeyType = _PysnmpUsmKeyType_Object(
+    (1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 1, 3),
+    _PysnmpUsmKeyType_Type()
 )
-pysnmpUsmDiscoverable.setMaxAccess("read-write")
+pysnmpUsmKeyType.setMaxAccess("not-accessible")
 if mibBuilder.loadTexts:
-    pysnmpUsmDiscoverable.setStatus("current")
+    pysnmpUsmKeyType.setStatus("current")
 if mibBuilder.loadTexts:
-    pysnmpUsmDiscoverable.setDescription("""\
-Whether SNMP engine would support its discovery by responding to unknown
-clients.
+    pysnmpUsmKeyType.setDescription("""\
+When configuring USM user, the value of this enumeration
+determines how the keys should be treated. The default
+value "passphrase" means that given keys are plain-text
+pass-phrases, "master" indicates that the keys are pre-hashed
+pass-phrases, while "localized" stands for pre-hashed
+pass-phrases mixed with SNMP Security Engine ID value.
 """)
 
 
@@ -194,6 +198,42 @@ if mibBuilder.loadTexts:
 Whether SNMP engine would try to figure out the EngineIDs of its peers by
 sending discover requests.
 """)
+
+
+class _PysnmpUsmDiscoverable_Type(Integer32):
+    defaultValue = 1
+
+    subtypeSpec = Integer32.subtypeSpec
+    subtypeSpec += ConstraintsUnion(
+        SingleValueConstraint(
+            *(0,
+              1)
+        )
+    )
+    namedValues = NamedValues(
+        *(("discoverable", 1),
+          ("notDiscoverable", 0))
+    )
+
+
+_PysnmpUsmDiscoverable_Type.__name__ = "Integer32"
+_PysnmpUsmDiscoverable_Object = MibScalar
+pysnmpUsmDiscoverable = _PysnmpUsmDiscoverable_Object(
+    (1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 1, 1),
+    _PysnmpUsmDiscoverable_Type()
+)
+pysnmpUsmDiscoverable.setMaxAccess("read-write")
+if mibBuilder.loadTexts:
+    pysnmpUsmDiscoverable.setStatus("current")
+if mibBuilder.loadTexts:
+    pysnmpUsmDiscoverable.setDescription("""\
+Whether SNMP engine would support its discovery by responding to unknown
+clients.
+""")
+
+
+
+
 _PysnmpUsmSecretTable_Object = MibTable
 pysnmpUsmSecretTable = _PysnmpUsmSecretTable_Object(
     (1, 3, 6, 1, 4, 1, 20408, 3, 1, 1, 1, 2)
@@ -441,6 +481,7 @@ mibBuilder.exportSymbols(
        "pysnmpUsmCfg": pysnmpUsmCfg,
        "pysnmpUsmDiscoverable": pysnmpUsmDiscoverable,
        "pysnmpUsmDiscovery": pysnmpUsmDiscovery,
+       "pysnmpUsmKeyType": pysnmpUsmKeyType,
        "pysnmpUsmSecretTable": pysnmpUsmSecretTable,
        "pysnmpUsmSecretEntry": pysnmpUsmSecretEntry,
        "pysnmpUsmSecretUserName": pysnmpUsmSecretUserName,
diff --git a/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py b/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py
index 5ee026d0..261ee401 100644
--- a/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py
+++ b/pysnmp/smi/mibs/instances/__PYSNMP-USM-MIB.py
@@ -19,10 +19,12 @@ MibScalarInstance, = mibBuilder.importSymbols(
 )
 
 (pysnmpUsmDiscoverable,
- pysnmpUsmDiscovery) = mibBuilder.importSymbols(
+ pysnmpUsmDiscovery,
+ pysnmpUsmKeyType) = mibBuilder.importSymbols(
     'PYSNMP-USM-MIB',
     'pysnmpUsmDiscoverable',
-    'pysnmpUsmDiscovery'
+    'pysnmpUsmDiscovery',
+    'pysnmpUsmKeyType'
 )
 
 _pysnmpUsmDiscoverable = MibScalarInstance(
@@ -35,8 +37,15 @@ _pysnmpUsmDiscovery = MibScalarInstance(
     pysnmpUsmDiscovery.syntax
 )
 
+_pysnmpUsmKeyType = MibScalarInstance(
+    pysnmpUsmKeyType.name, (0,),
+    pysnmpUsmKeyType.syntax
+)
+
+
 mibBuilder.exportSymbols(
     "__PYSNMP-USM-MIB",
     pysnmpUsmDiscoverable=_pysnmpUsmDiscoverable,
-    pysnmpUsmDiscovery=_pysnmpUsmDiscovery
+    pysnmpUsmDiscovery=_pysnmpUsmDiscovery,
+    pysnmpUsmKeyType = _pysnmpUsmKeyType
 )
-- 
cgit v1.2.1