From 236178fac0ab7535c1ff619f4cedd5ebb2338b59 Mon Sep 17 00:00:00 2001 From: Ilya Etingof Date: Sun, 21 Aug 2016 23:24:58 +0200 Subject: [PATCH] Reeder key localization refactored --- docs/source/docs/api-reference.rst | 2 ++ pysnmp/entity/config.py | 16 ++++++++-------- pysnmp/hlapi/__init__.py | 1 + pysnmp/hlapi/auth.py | 9 +++++++-- pysnmp/proto/secmod/eso/priv/aes192.py | 6 +++--- pysnmp/proto/secmod/eso/priv/aes256.py | 6 +++--- pysnmp/proto/secmod/eso/priv/aesbase.py | 8 +++++--- pysnmp/proto/secmod/rfc3414/service.py | 8 ++++---- pysnmp/smi/mibs/SNMPv2-SMI.py | 2 +- 9 files changed, 34 insertions(+), 24 deletions(-) diff --git a/docs/source/docs/api-reference.rst b/docs/source/docs/api-reference.rst index 8781df6f3..ad6b7f210 100644 --- a/docs/source/docs/api-reference.rst +++ b/docs/source/docs/api-reference.rst @@ -222,6 +222,8 @@ via constant OIDs: .. autodata:: pysnmp.hlapi.usmAesCfb128Protocol .. autodata:: pysnmp.hlapi.usmAesCfb192Protocol .. autodata:: pysnmp.hlapi.usmAesCfb256Protocol +.. autodata:: pysnmp.hlapi.usmAesBlumenthalCfb192Protocol +.. autodata:: pysnmp.hlapi.usmAesBlumenthalCfb256Protocol Transport configuration is I/O framework specific and is described in respective sections. diff --git a/pysnmp/entity/config.py b/pysnmp/entity/config.py index 13e284f14..80de78edc 100644 --- a/pysnmp/entity/config.py +++ b/pysnmp/entity/config.py @@ -29,10 +29,10 @@ usmDESPrivProtocol = des.Des.serviceID usm3DESEDEPrivProtocol = des3.Des3.serviceID usmAesCfb128Protocol = aes.Aes.serviceID -usmAesBlumenthalCfb192Protocol = aes192.Aes192.serviceID # semi-standard but not widely used -usmAesBlumenthalCfb256Protocol = aes256.Aes256.serviceID # semi-standard but not widely used -usmAesCfb192Protocol = aes192.AesReeder192.serviceID # non-standard but used by many vendors -usmAesCfb256Protocol = aes256.AesReeder256.serviceID # non-standard but used by many vendors +usmAesBlumenthalCfb192Protocol = aes192.AesBlumenthal192.serviceID # semi-standard but not widely used +usmAesBlumenthalCfb256Protocol = aes256.AesBlumenthal256.serviceID # semi-standard but not widely used +usmAesCfb192Protocol = aes192.Aes192.serviceID # non-standard but used by many vendors +usmAesCfb256Protocol = aes256.Aes256.serviceID # non-standard but used by many vendors usmNoPrivProtocol = nopriv.NoPriv.serviceID # Auth services @@ -44,10 +44,10 @@ privServices = {des.Des.serviceID: des.Des(), des3.Des3.serviceID: des3.Des3(), aes.Aes.serviceID: aes.Aes(), - aes192.Aes192.serviceID: aes192.Aes192(), - aes256.Aes256.serviceID: aes256.Aes256(), - aes192.AesReeder192.serviceID: aes192.AesReeder192(), # non-standard - aes256.AesReeder256.serviceID: aes256.AesReeder256(), # non-standard + aes192.AesBlumenthal192.serviceID: aes192.AesBlumenthal192(), + aes256.AesBlumenthal256.serviceID: aes256.AesBlumenthal256(), + aes192.Aes192.serviceID: aes192.Aes192(), # non-standard + aes256.Aes256.serviceID: aes256.Aes256(), # non-standard nopriv.NoPriv.serviceID: nopriv.NoPriv()} diff --git a/pysnmp/hlapi/__init__.py b/pysnmp/hlapi/__init__.py index 4680bd859..3670e87ee 100644 --- a/pysnmp/hlapi/__init__.py +++ b/pysnmp/hlapi/__init__.py @@ -5,6 +5,7 @@ # License: http://pysnmp.sf.net/license.html # from pysnmp.proto.rfc1902 import * +from pysnmp.proto.rfc1905 import NoSuchInstance, NoSuchObject, EndOfMibView from pysnmp.smi.rfc1902 import * from pysnmp.hlapi.auth import * from pysnmp.hlapi.context import * diff --git a/pysnmp/hlapi/auth.py b/pysnmp/hlapi/auth.py index baacb00ae..4f5bd77ab 100644 --- a/pysnmp/hlapi/auth.py +++ b/pysnmp/hlapi/auth.py @@ -11,6 +11,7 @@ __all__ = ['CommunityData', 'UsmUserData', 'usm3DESEDEPrivProtocol', 'usmAesCfb128Protocol', 'usmAesCfb192Protocol', 'usmAesCfb256Protocol', + 'usmAesBlumenthalCfb192Protocol', 'usmAesBlumenthalCfb256Protocol', 'usmDESPrivProtocol', 'usmHMACMD5AuthProtocol', 'usmHMACSHAAuthProtocol', 'usmNoAuthProtocol', 'usmNoPrivProtocol'] @@ -137,10 +138,14 @@ def clone(self, communityIndex=None, communityName=None, usm3DESEDEPrivProtocol = config.usm3DESEDEPrivProtocol #: The CFB128-AES-128 Symmetric Encryption Protocol (:RFC:`3826#section-3`) usmAesCfb128Protocol = config.usmAesCfb128Protocol -#: The CFB128-AES-192 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 `_) +#: The CFB128-AES-192 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 `_) with Reeder key localization usmAesCfb192Protocol = config.usmAesCfb192Protocol -#: The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 `_) +#: The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 `_) with Reeder key localization usmAesCfb256Protocol = config.usmAesCfb256Protocol +#: The CFB128-AES-192 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 `_) +usmAesBlumenthalCfb192Protocol = config.usmAesBlumenthalCfb192Protocol +#: The CFB128-AES-256 Symmetric Encryption Protocol (`draft-blumenthal-aes-usm-04 `_) +usmAesBlumenthalCfb256Protocol = config.usmAesBlumenthalCfb256Protocol class UsmUserData(object): diff --git a/pysnmp/proto/secmod/eso/priv/aes192.py b/pysnmp/proto/secmod/eso/priv/aes192.py index 7ff2fb25a..734b87690 100644 --- a/pysnmp/proto/secmod/eso/priv/aes192.py +++ b/pysnmp/proto/secmod/eso/priv/aes192.py @@ -7,7 +7,7 @@ from pysnmp.proto.secmod.eso.priv import aesbase -class Aes192(aesbase.AbstractAes): +class AesBlumenthal192(aesbase.AbstractAesBlumenthal): """AES 192 bit encryption (Internet draft) Reeder AES encryption: @@ -18,7 +18,7 @@ class Aes192(aesbase.AbstractAes): keySize = 24 -class AesReeder192(aesbase.AbstractAesReeder): +class Aes192(aesbase.AbstractAesReeder): """AES 192 bit encryption (Internet draft) Reeder AES encryption with non-standard key localization algorithm @@ -29,5 +29,5 @@ class AesReeder192(aesbase.AbstractAesReeder): Known to be used by many vendors including Cisco and others. """ - serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 101) # cusmAESCfb192PrivProtocol (non-standard) + serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 101) # cusmAESCfb192PrivProtocol (non-standard OID) keySize = 24 diff --git a/pysnmp/proto/secmod/eso/priv/aes256.py b/pysnmp/proto/secmod/eso/priv/aes256.py index 6a3885fac..0240441aa 100644 --- a/pysnmp/proto/secmod/eso/priv/aes256.py +++ b/pysnmp/proto/secmod/eso/priv/aes256.py @@ -7,7 +7,7 @@ from pysnmp.proto.secmod.eso.priv import aesbase -class Aes256(aesbase.AbstractAes): +class AesBlumenthal256(aesbase.AbstractAesBlumenthal): """AES 256 bit encryption (Internet draft) http://tools.ietf.org/html/draft-blumenthal-aes-usm-04 @@ -16,7 +16,7 @@ class Aes256(aesbase.AbstractAes): keySize = 32 -class AesReeder256(aesbase.AbstractAesReeder): +class Aes256(aesbase.AbstractAesReeder): """AES 256 bit encryption (Internet draft) Reeder AES encryption with non-standard key localization algorithm @@ -27,5 +27,5 @@ class AesReeder256(aesbase.AbstractAesReeder): Known to be used by many vendors including Cisco and others. """ - serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 102) # cusmAESCfb256PrivProtocol (non-standard) + serviceID = (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 102) # cusmAESCfb256PrivProtocol (non-standard OID) keySize = 32 diff --git a/pysnmp/proto/secmod/eso/priv/aesbase.py b/pysnmp/proto/secmod/eso/priv/aesbase.py index fd4842654..1693064f5 100644 --- a/pysnmp/proto/secmod/eso/priv/aesbase.py +++ b/pysnmp/proto/secmod/eso/priv/aesbase.py @@ -20,7 +20,7 @@ sha1 = sha.new -class AbstractAes(aes.Aes): +class AbstractAesBlumenthal(aes.Aes): serviceID = () keySize = 0 @@ -43,10 +43,10 @@ def localizeKey(self, authProtocol, privKey, snmpEngineID): return localPrivKey[:self.keySize] -class AbstractAesReeder(AbstractAes): +class AbstractAesReeder(aes.Aes): """AES encryption with non-standard key localization. - Cisco devices do not use: + Many vendors (including Cisco) do not use: https://tools.itef.org/pdf/draft_bluementhal-aes-usm-04.txt @@ -58,6 +58,8 @@ class AbstractAesReeder(AbstractAes): The difference between the two is that the Reeder draft does key extension by repeating the steps in the password to key algorithm (hash phrase, then localize with SNMPEngine ID). """ + serviceID = () + keySize = 0 # 2.1 of https://tools.itef.org/pdf/draft_bluementhal-aes-usm-04.txt def localizeKey(self, authProtocol, privKey, snmpEngineID): diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index 401558f57..9dab7dacd 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -44,10 +44,10 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): privServices = {des.Des.serviceID: des.Des(), des3.Des3.serviceID: des3.Des3(), aes.Aes.serviceID: aes.Aes(), - aes192.Aes192.serviceID: aes192.Aes192(), - aes256.Aes256.serviceID: aes256.Aes256(), - aes192.AesReeder192.serviceID: aes192.AesReeder192(), # non-standard - aes256.AesReeder256.serviceID: aes256.AesReeder256(), # non-standard + aes192.AesBlumenthal192.serviceID: aes192.AesBlumenthal192(), + aes256.AesBlumenthal256.serviceID: aes256.AesBlumenthal256(), + aes192.Aes192.serviceID: aes192.Aes192(), # non-standard + aes256.Aes256.serviceID: aes256.Aes256(), # non-standard nopriv.NoPriv.serviceID: nopriv.NoPriv()} def __init__(self): diff --git a/pysnmp/smi/mibs/SNMPv2-SMI.py b/pysnmp/smi/mibs/SNMPv2-SMI.py index b3ec88894..e9486222a 100644 --- a/pysnmp/smi/mibs/SNMPv2-SMI.py +++ b/pysnmp/smi/mibs/SNMPv2-SMI.py @@ -577,7 +577,7 @@ def readTestNext(self, name, val, idx, acInfo, oName=None): def readGetNext(self, name, val, idx, acInfo, oName=None): (acFun, acCtx) = acInfo - # have to dublicate AC here as *Next code above treats + # have to duplicate AC here as *Next code above treats # noAccess as a noSuchObject at the Test stage, goes on # to Reading if acFun: