From 87dee74cacded799187d66107858364c332cc231 Mon Sep 17 00:00:00 2001 From: Ilya Etingof Date: Sat, 30 Dec 2017 15:55:13 +0100 Subject: [PATCH] fixed 3DES key localization bug --- CHANGES.txt | 6 ++++++ pysnmp/__init__.py | 2 +- pysnmp/proto/secmod/eso/priv/des3.py | 7 +++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGES.txt b/CHANGES.txt index 1e9332ba8..5661c95dd 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,10 @@ +Revision 4.4.4, released 2017-12-XX +----------------------------------- + +- Fixed short local key expansion at 3DES key localization + implementation. + Revision 4.4.3, released 2017-12-22 ----------------------------------- diff --git a/pysnmp/__init__.py b/pysnmp/__init__.py index 2e607091d..168d8d7cb 100644 --- a/pysnmp/__init__.py +++ b/pysnmp/__init__.py @@ -1,5 +1,5 @@ # http://www.python.org/dev/peps/pep-0396/ -__version__ = '4.4.3' +__version__ = '4.4.4' # backward compatibility version = tuple([int(x) for x in __version__.split('.')]) majorVersionId = version[0] diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py index d5022089f..97ba156dc 100644 --- a/pysnmp/proto/secmod/eso/priv/des3.py +++ b/pysnmp/proto/secmod/eso/priv/des3.py @@ -68,6 +68,13 @@ def localizeKey(self, authProtocol, privKey, snmpEngineID): 'Unknown auth protocol %s' % (authProtocol,) ) localPrivKey = localkey.localizeKey(privKey, snmpEngineID, hashAlgo) + + # now extend this key if too short by repeating steps that includes the hashPassphrase step + while len(localPrivKey) < self.keySize: + # this is the difference between reeder and bluementhal + newKey = localkey.hashPassphrase(localPrivKey, hashAlgo) + localPrivKey += localkey.localizeKey(newKey, snmpEngineID, hashAlgo) + return localPrivKey[:self.keySize] # 5.1.1.1