fixed 3DES key localization bug

etingof · Dec 30, 2017 · 87dee74 · 87dee74
1 parent 8b4c122
commit 87dee74
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,4 +1,10 @@
 
+Revision 4.4.4, released 2017-12-XX
+-----------------------------------
+
+- Fixed short local key expansion at 3DES key localization
+  implementation.
+
 Revision 4.4.3, released 2017-12-22
 -----------------------------------
 

diff --git a/pysnmp/__init__.py b/pysnmp/__init__.py
@@ -1,5 +1,5 @@
 # http://www.python.org/dev/peps/pep-0396/
-__version__ = '4.4.3'
+__version__ = '4.4.4'
 # backward compatibility
 version = tuple([int(x) for x in __version__.split('.')])
 majorVersionId = version[0]
diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py
@@ -68,6 +68,13 @@ def localizeKey(self, authProtocol, privKey, snmpEngineID):
                 'Unknown auth protocol %s' % (authProtocol,)
             )
         localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo)
+
+        # now extend this key if too short by repeating steps that includes the hashPassphrase step
+        while len(localPrivKey) < self.keySize:
+            # this is the difference between reeder and bluementhal
+            newKey = localkey.hashPassphrase(localPrivKey, hashAlgo)
+            localPrivKey += localkey.localizeKey(newKey, snmpEngineID, hashAlgo)
+
         return localPrivKey[:self.keySize]
 
     # 5.1.1.1