Reeder key localization refactored

etingof · Aug 21, 2016 · 236178f · 236178f
1 parent 6eed8ef
commit 236178f
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 24 deletions.
diff --git a/docs/source/docs/api-reference.rst b/docs/source/docs/api-reference.rst
@@ -222,6 +222,8 @@ via constant OIDs:
 .. autodata:: pysnmp.hlapi.usmAesCfb128Protocol
 .. autodata:: pysnmp.hlapi.usmAesCfb192Protocol
 .. autodata:: pysnmp.hlapi.usmAesCfb256Protocol
+.. autodata:: pysnmp.hlapi.usmAesBlumenthalCfb192Protocol
+.. autodata:: pysnmp.hlapi.usmAesBlumenthalCfb256Protocol
 
 Transport configuration is I/O framework specific and is described in
 respective sections.

diff --git a/pysnmp/entity/config.py b/pysnmp/entity/config.py
@@ -29,10 +29,10 @@
 usmDESPrivProtocol = des.Des.serviceID
 usm3DESEDEPrivProtocol = des3.Des3.serviceID
 usmAesCfb128Protocol = aes.Aes.serviceID
-usmAesBlumenthalCfb192Protocol = aes192.Aes192.serviceID  # semi-standard but not widely used
-usmAesBlumenthalCfb256Protocol = aes256.Aes256.serviceID  # semi-standard but not widely used
-usmAesCfb192Protocol = aes192.AesReeder192.serviceID  # non-standard but used by many vendors
-usmAesCfb256Protocol = aes256.AesReeder256.serviceID  # non-standard but used by many vendors
+usmAesBlumenthalCfb192Protocol = aes192.AesBlumenthal192.serviceID  # semi-standard but not widely used
+usmAesBlumenthalCfb256Protocol = aes256.AesBlumenthal256.serviceID  # semi-standard but not widely used
+usmAesCfb192Protocol = aes192.Aes192.serviceID  # non-standard but used by many vendors
+usmAesCfb256Protocol = aes256.Aes256.serviceID  # non-standard but used by many vendors
 usmNoPrivProtocol = nopriv.NoPriv.serviceID
 
 # Auth services
@@ -44,10 +44,10 @@
 privServices = {des.Des.serviceID: des.Des(),
                 des3.Des3.serviceID: des3.Des3(),
                 aes.Aes.serviceID: aes.Aes(),
-                aes192.Aes192.serviceID: aes192.Aes192(),
-                aes256.Aes256.serviceID: aes256.Aes256(),
-                aes192.AesReeder192.serviceID: aes192.AesReeder192(),  # non-standard
-                aes256.AesReeder256.serviceID: aes256.AesReeder256(),  # non-standard
+                aes192.AesBlumenthal192.serviceID: aes192.AesBlumenthal192(),
+                aes256.AesBlumenthal256.serviceID: aes256.AesBlumenthal256(),
+                aes192.Aes192.serviceID: aes192.Aes192(),  # non-standard
+                aes256.Aes256.serviceID: aes256.Aes256(),  # non-standard
                 nopriv.NoPriv.serviceID: nopriv.NoPriv()}
 
 

diff --git a/pysnmp/hlapi/__init__.py b/pysnmp/hlapi/__init__.py
@@ -5,6 +5,7 @@
 # License: http://pysnmp.sf.net/license.html
 #
 from pysnmp.proto.rfc1902 import *
+from pysnmp.proto.rfc1905 import NoSuchInstance, NoSuchObject, EndOfMibView
 from pysnmp.smi.rfc1902 import *
 from pysnmp.hlapi.auth import *
 from pysnmp.hlapi.context import *

diff --git a/pysnmp/hlapi/auth.py b/pysnmp/hlapi/auth.py
@@ -11,6 +11,7 @@
 __all__ = ['CommunityData', 'UsmUserData',
            'usm3DESEDEPrivProtocol', 'usmAesCfb128Protocol',
            'usmAesCfb192Protocol', 'usmAesCfb256Protocol',
+           'usmAesBlumenthalCfb192Protocol', 'usmAesBlumenthalCfb256Protocol',
            'usmDESPrivProtocol', 'usmHMACMD5AuthProtocol',
            'usmHMACSHAAuthProtocol', 'usmNoAuthProtocol',
            'usmNoPrivProtocol']
@@ -137,10 +138,14 @@ def clone(self, communityIndex=None, communityName=None,
 usm3DESEDEPrivProtocol = config.usm3DESEDEPrivProtocol
 #: The CFB128-AES-128 Symmetric Encryption Protocol (:RFC:`3826#section-3`)
 usmAesCfb128Protocol = config.usmAesCfb128Protocol
-#: The CFB128-AES-192 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)
+#: The CFB128-AES-192 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_) with Reeder key localization
 usmAesCfb192Protocol = config.usmAesCfb192Protocol
-#: The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)
+#: The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_) with Reeder key localization
 usmAesCfb256Protocol = config.usmAesCfb256Protocol
+#: The CFB128-AES-192 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)
+usmAesBlumenthalCfb192Protocol = config.usmAesBlumenthalCfb192Protocol
+#: The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 <https://tools.ietf.org/html/draft-blumenthal-aes-usm-04#section-3>`_)
+usmAesBlumenthalCfb256Protocol = config.usmAesBlumenthalCfb256Protocol
 
 
 class UsmUserData(object):

diff --git a/pysnmp/proto/secmod/eso/priv/aes192.py b/pysnmp/proto/secmod/eso/priv/aes192.py
@@ -7,7 +7,7 @@
 from pysnmp.proto.secmod.eso.priv import aesbase
 
 
-class Aes192(aesbase.AbstractAes):
+class AesBlumenthal192(aesbase.AbstractAesBlumenthal):
     """AES 192 bit encryption (Internet draft)
 
        Reeder AES encryption:
@@ -18,7 +18,7 @@ class Aes192(aesbase.AbstractAes):
     keySize = 24
 
 
-class AesReeder192(aesbase.AbstractAesReeder):
+class Aes192(aesbase.AbstractAesReeder):
     """AES 192 bit encryption (Internet draft)
 
     Reeder AES encryption with non-standard key localization algorithm
@@ -29,5 +29,5 @@ class AesReeder192(aesbase.AbstractAesReeder):
 
     Known to be used by many vendors including Cisco and others.
     """
-    serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 101)  # cusmAESCfb192PrivProtocol (non-standard)
+    serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 101)  # cusmAESCfb192PrivProtocol (non-standard OID)
     keySize = 24
diff --git a/pysnmp/proto/secmod/eso/priv/aes256.py b/pysnmp/proto/secmod/eso/priv/aes256.py
@@ -7,7 +7,7 @@
 from pysnmp.proto.secmod.eso.priv import aesbase
 
 
-class Aes256(aesbase.AbstractAes):
+class AesBlumenthal256(aesbase.AbstractAesBlumenthal):
     """AES 256 bit encryption (Internet draft)
 
        http://tools.ietf.org/html/draft-blumenthal-aes-usm-04
@@ -16,7 +16,7 @@ class Aes256(aesbase.AbstractAes):
     keySize = 32
 
 
-class AesReeder256(aesbase.AbstractAesReeder):
+class Aes256(aesbase.AbstractAesReeder):
     """AES 256 bit encryption (Internet draft)
 
     Reeder AES encryption with non-standard key localization algorithm
@@ -27,5 +27,5 @@ class AesReeder256(aesbase.AbstractAesReeder):
 
     Known to be used by many vendors including Cisco and others.
     """
-    serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 102)  # cusmAESCfb256PrivProtocol (non-standard)
+    serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 102)  # cusmAESCfb256PrivProtocol (non-standard OID)
     keySize = 32
diff --git a/pysnmp/proto/secmod/eso/priv/aesbase.py b/pysnmp/proto/secmod/eso/priv/aesbase.py
@@ -20,7 +20,7 @@
     sha1 = sha.new
 
 
-class AbstractAes(aes.Aes):
+class AbstractAesBlumenthal(aes.Aes):
     serviceID = ()
     keySize = 0
 
@@ -43,10 +43,10 @@ def localizeKey(self, authProtocol, privKey, snmpEngineID):
         return localPrivKey[:self.keySize]
 
 
-class AbstractAesReeder(AbstractAes):
+class AbstractAesReeder(aes.Aes):
     """AES encryption with non-standard key localization.
 
-    Cisco devices do not use:
+    Many vendors (including Cisco) do not use:
 
     https://tools.itef.org/pdf/draft_bluementhal-aes-usm-04.txt
 
@@ -58,6 +58,8 @@ class AbstractAesReeder(AbstractAes):
     The difference between the two is that the Reeder draft does key extension by repeating
     the steps in the password to key algorithm (hash phrase, then localize with SNMPEngine ID).
     """
+    serviceID = ()
+    keySize = 0
 
     # 2.1 of https://tools.itef.org/pdf/draft_bluementhal-aes-usm-04.txt
     def localizeKey(self, authProtocol, privKey, snmpEngineID):

diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py
@@ -44,10 +44,10 @@ class SnmpUSMSecurityModel(AbstractSecurityModel):
     privServices = {des.Des.serviceID: des.Des(),
                     des3.Des3.serviceID: des3.Des3(),
                     aes.Aes.serviceID: aes.Aes(),
-                    aes192.Aes192.serviceID: aes192.Aes192(),
-                    aes256.Aes256.serviceID: aes256.Aes256(),
-                    aes192.AesReeder192.serviceID: aes192.AesReeder192(),  # non-standard
-                    aes256.AesReeder256.serviceID: aes256.AesReeder256(),  # non-standard
+                    aes192.AesBlumenthal192.serviceID: aes192.AesBlumenthal192(),
+                    aes256.AesBlumenthal256.serviceID: aes256.AesBlumenthal256(),
+                    aes192.Aes192.serviceID: aes192.Aes192(),  # non-standard
+                    aes256.Aes256.serviceID: aes256.Aes256(),  # non-standard
                     nopriv.NoPriv.serviceID: nopriv.NoPriv()}
 
     def __init__(self):

diff --git a/pysnmp/smi/mibs/SNMPv2-SMI.py b/pysnmp/smi/mibs/SNMPv2-SMI.py
@@ -577,7 +577,7 @@ def readTestNext(self, name, val, idx, acInfo, oName=None):
 
     def readGetNext(self, name, val, idx, acInfo, oName=None):
         (acFun, acCtx) = acInfo
-        # have to dublicate AC here as *Next code above treats
+        # have to duplicate AC here as *Next code above treats
         # noAccess as a noSuchObject at the Test stage, goes on
         # to Reading
         if acFun: