def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
localPrivKey = localPrivKey + localkey.localizeKeyMD5(
localPrivKey, snmpEngineID)
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
localPrivKey = localPrivKey + localkey.localizeKeySHA(
localPrivKey, snmpEngineID)
else:
raise error.ProtocolError('Unknown auth protocol %s' %
(authProtocol, ))
return localPrivKey[:32]
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
# noinspection PyDeprecation,PyCallingNonCallable
localPrivKey += localkey.localizeKeyMD5(localPrivKey, snmpEngineID)
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
localPrivKey += localkey.localizeKeySHA(localPrivKey, snmpEngineID)
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
# now extend this key if too short by repeating steps that includes the hashPassphrase step
while len(localPrivKey) < self.keySize:
newKey = localkey.hashPassphraseMD5(localPrivKey)
localPrivKey += localkey.localizeKeyMD5(newKey, snmpEngineID)
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
while len(localPrivKey) < self.keySize:
newKey = localkey.hashPassphraseSHA(localPrivKey)
localPrivKey += localkey.localizeKeySHA(newKey, snmpEngineID)
else:
raise error.ProtocolError('Unknown auth protocol %s' %
(authProtocol, ))
return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
localPrivKey = localPrivKey + localkey.localizeKeyMD5(
localPrivKey, snmpEngineID
)
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
localPrivKey = localPrivKey + localkey.localizeKeySHA(
localPrivKey, snmpEngineID
)
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localPrivKey[:32] # key+IV
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
while ceil(self.keySize // len(localPrivKey)):
localPrivKey = localPrivKey + md5(localPrivKey).digest()
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
while ceil(self.keySize // len(localPrivKey)):
localPrivKey = localPrivKey + sha1(localPrivKey).digest()
else:
raise error.ProtocolError('Unknown auth protocol %s' %
(authProtocol, ))
return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
while ceil(self.keySize//len(localPrivKey)):
localPrivKey = localPrivKey + md5(localPrivKey).digest()
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
while ceil(self.keySize//len(localPrivKey)):
localPrivKey = localPrivKey + sha1(localPrivKey).digest()
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
# noinspection PyDeprecation,PyCallingNonCallable
localPrivKey += md5(localPrivKey).digest()
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
# RFC mentions this algo generates 480bit key, but only up to 256 bits are used
for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
localPrivKey += sha1(localPrivKey).digest()
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID):
if authProtocol == hmacmd5.HmacMd5.serviceID:
localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID)
for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
# noinspection PyDeprecation,PyCallingNonCallable
localPrivKey += md5(localPrivKey).digest()
elif authProtocol == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID)
# RFC mentions this algo generates 480bit key, but only up to 256 bits are used
for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))):
localPrivKey += sha1(localPrivKey).digest()
else:
raise error.ProtocolError(
'Unknown auth protocol %s' % (authProtocol,)
)
return localPrivKey[:self.keySize]
def addV3User(snmpEngine,
securityName,
authProtocol=usmNoAuthProtocol,
authKey=None,
privProtocol=usmNoPrivProtocol,
privKey=None,
contextEngineId=None):
(snmpEngineID, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry,
tblIdx2) = __cookV3UserInfo(snmpEngine, securityName, contextEngineId)
# Load augmenting table before creating new row in base one
pysnmpUsmKeyEntry, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols(
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry')
# Load clone-from (may not be needed)
zeroDotZero, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols(
'SNMPv2-SMI', 'zeroDotZero')
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((usmUserEntry.name + (13, ) + tblIdx1, 'destroy'), ))
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((usmUserEntry.name + (13, ) + tblIdx1,
'createAndGo'), (usmUserEntry.name + (3, ) + tblIdx1, securityName),
(usmUserEntry.name + (4, ) + tblIdx1, zeroDotZero.name),
(usmUserEntry.name + (5, ) + tblIdx1,
authProtocol), (usmUserEntry.name + (8, ) + tblIdx1, privProtocol)))
# Localize keys
if authProtocol == usmHMACMD5AuthProtocol:
hashedAuthPassphrase = localkey.hashPassphraseMD5(authKey and authKey
or '')
localAuthKey = localkey.localizeKeyMD5(hashedAuthPassphrase,
snmpEngineID)
elif authProtocol == usmHMACSHAAuthProtocol:
hashedAuthPassphrase = localkey.hashPassphraseSHA(authKey and authKey
or '')
localAuthKey = localkey.localizeKeySHA(hashedAuthPassphrase,
snmpEngineID)
elif authProtocol == usmNoAuthProtocol:
hashedAuthPassphrase = localAuthKey = None
else:
raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol, ))
if privProtocol == usmDESPrivProtocol or \
privProtocol == usmAesCfb128Protocol:
if authProtocol == usmHMACMD5AuthProtocol:
hashedPrivPassphrase = localkey.hashPassphraseMD5(
privKey and privKey or '')
localPrivKey = localkey.localizeKeyMD5(hashedPrivPassphrase,
snmpEngineID)
elif authProtocol == usmHMACSHAAuthProtocol:
hashedPrivPassphrase = localkey.hashPassphraseSHA(
privKey and privKey or '')
localPrivKey = localkey.localizeKeySHA(hashedPrivPassphrase,
snmpEngineID)
else:
raise error.PySnmpError('Unknown auth protocol %s' %
(authProtocol, ))
elif privProtocol == usmNoPrivProtocol:
hashedPrivPassphrase = localPrivKey = None
else:
raise error.PySnmpError('Unknown priv protocol %s' % (privProtocol, ))
# Commit localized keys
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((pysnmpUsmKeyEntry.name + (1, ) + tblIdx1, localAuthKey),
(pysnmpUsmKeyEntry.name + (2, ) + tblIdx1, localPrivKey),
(pysnmpUsmKeyEntry.name + (3, ) + tblIdx1, hashedAuthPassphrase),
(pysnmpUsmKeyEntry.name + (4, ) + tblIdx1, hashedPrivPassphrase)))
# Commit passphrases
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((pysnmpUsmSecretEntry.name + (4, ) + tblIdx2, 'destroy'), ))
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars((
(pysnmpUsmSecretEntry.name + (4, ) + tblIdx2, 'createAndGo'),
(pysnmpUsmSecretEntry.name + (2, ) + tblIdx2, authKey),
(pysnmpUsmSecretEntry.name + (3, ) + tblIdx2, privKey),
))
def localizeKey(self, authKey, snmpEngineID):
return localkey.localizeKeySHA(authKey, snmpEngineID)
def localizeKey(self, authKey, snmpEngineID):
return localkey.localizeKeySHA(authKey, snmpEngineID)
def addV3User(snmpEngine, securityName,
authProtocol=usmNoAuthProtocol, authKey=None,
privProtocol=usmNoPrivProtocol, privKey=None,
contextEngineId=None):
( snmpEngineID, usmUserEntry, tblIdx1,
pysnmpUsmSecretEntry, tblIdx2 ) = __cookV3UserInfo(
snmpEngine, securityName, contextEngineId
)
# Load augmenting table before creating new row in base one
pysnmpUsmKeyEntry, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry')
# Load clone-from (may not be needed)
zeroDotZero, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('SNMPv2-SMI', 'zeroDotZero')
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((usmUserEntry.name + (13,) + tblIdx1, 'destroy'),)
)
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((usmUserEntry.name + (13,) + tblIdx1, 'createAndGo'),
(usmUserEntry.name + (3,) + tblIdx1, securityName),
(usmUserEntry.name + (4,) + tblIdx1, zeroDotZero.name),
(usmUserEntry.name + (5,) + tblIdx1, authProtocol),
(usmUserEntry.name + (8,) + tblIdx1, privProtocol))
)
# Localize keys
if authProtocol == usmHMACMD5AuthProtocol:
hashedAuthPassphrase = localkey.hashPassphraseMD5(
authKey and authKey or ''
)
localAuthKey = localkey.localizeKeyMD5(
hashedAuthPassphrase, snmpEngineID
)
elif authProtocol == usmHMACSHAAuthProtocol:
hashedAuthPassphrase = localkey.hashPassphraseSHA(
authKey and authKey or ''
)
localAuthKey = localkey.localizeKeySHA(
hashedAuthPassphrase, snmpEngineID
)
elif authProtocol == usmNoAuthProtocol:
hashedAuthPassphrase = localAuthKey = None
else:
raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol,))
if privProtocol == usmDESPrivProtocol or \
privProtocol == usmAesCfb128Protocol:
if authProtocol == usmHMACMD5AuthProtocol:
hashedPrivPassphrase = localkey.hashPassphraseMD5(
privKey and privKey or ''
)
localPrivKey = localkey.localizeKeyMD5(
hashedPrivPassphrase, snmpEngineID
)
elif authProtocol == usmHMACSHAAuthProtocol:
hashedPrivPassphrase = localkey.hashPassphraseSHA(
privKey and privKey or ''
)
localPrivKey = localkey.localizeKeySHA(
hashedPrivPassphrase, snmpEngineID
)
else:
raise error.PySnmpError(
'Unknown auth protocol %s' % (authProtocol,)
)
elif privProtocol == usmNoPrivProtocol:
hashedPrivPassphrase = localPrivKey = None
else:
raise error.PySnmpError(
'Unknown priv protocol %s' % (privProtocol,)
)
# Commit localized keys
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((pysnmpUsmKeyEntry.name + (1,) + tblIdx1, localAuthKey),
(pysnmpUsmKeyEntry.name + (2,) + tblIdx1, localPrivKey),
(pysnmpUsmKeyEntry.name + (3,) + tblIdx1, hashedAuthPassphrase),
(pysnmpUsmKeyEntry.name + (4,) + tblIdx1, hashedPrivPassphrase))
)
# Commit passphrases
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'destroy'),)
)
snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(
((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'createAndGo'),
(pysnmpUsmSecretEntry.name + (2,) + tblIdx2, authKey),
(pysnmpUsmSecretEntry.name + (3,) + tblIdx2, privKey),)
)
def __cloneUserInfo(
self, mibInstrumController, securityEngineID, securityName
):
snmpEngineID, = mibInstrumController.mibBuilder.importSymbols(
'__SNMP-FRAMEWORK-MIB', 'snmpEngineID'
)
# Proto entry
usmUserEntry, = mibInstrumController.mibBuilder.importSymbols(
'SNMP-USER-BASED-SM-MIB', 'usmUserEntry'
)
tblIdx = usmUserEntry.getInstIdFromIndices(
snmpEngineID.syntax, securityName
)
# Get proto protocols
usmUserSecurityName = usmUserEntry.getNode(
usmUserEntry.name + (3,) + tblIdx
)
usmUserAuthProtocol = usmUserEntry.getNode(
usmUserEntry.name + (5,) + tblIdx
)
usmUserPrivProtocol = usmUserEntry.getNode(
usmUserEntry.name + (8,) + tblIdx
)
# Get proto keys
pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols(
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry'
)
pysnmpUsmKeyAuth = pysnmpUsmKeyEntry.getNode(
pysnmpUsmKeyEntry.name + (3,) + tblIdx
)
pysnmpUsmKeyPriv = pysnmpUsmKeyEntry.getNode(
pysnmpUsmKeyEntry.name + (4,) + tblIdx
)
# Create new row from proto values
tblIdx = usmUserEntry.getInstIdFromIndices(
securityEngineID, securityName
)
# New row
mibInstrumController.writeVars(
((usmUserEntry.name + (13,) + tblIdx, 4),)
)
# Set protocols
usmUserEntry.getNode(
usmUserEntry.name + (3,) + tblIdx
).syntax = usmUserSecurityName.syntax
usmUserEntry.getNode(
usmUserEntry.name + (5,) + tblIdx
).syntax = usmUserAuthProtocol.syntax
usmUserEntry.getNode(
usmUserEntry.name + (8,) + tblIdx
).syntax = usmUserPrivProtocol.syntax
# Localize and set keys
pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols(
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry'
)
pysnmpUsmKeyAuthLocalized = pysnmpUsmKeyEntry.getNode(
pysnmpUsmKeyEntry.name + (1,) + tblIdx
)
if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID:
localAuthKey = localkey.localizeKeySHA(
pysnmpUsmKeyAuth.syntax, securityEngineID
)
elif usmUserAuthProtocol.syntax == hmacmd5.HmacMd5.serviceID:
localAuthKey = localkey.localizeKeyMD5(
pysnmpUsmKeyAuth.syntax, securityEngineID
)
elif usmUserAuthProtocol.syntax == noauth.NoAuth.serviceID:
localAuthKey = None
else:
raise error.StatusInformation(
errorIndication = 'unsupportedAuthProtocol'
)
if localAuthKey is not None:
pysnmpUsmKeyAuthLocalized.syntax = pysnmpUsmKeyAuthLocalized.syntax.clone(localAuthKey)
pysnmpUsmKeyPrivLocalized = pysnmpUsmKeyEntry.getNode(
pysnmpUsmKeyEntry.name + (2,) + tblIdx
)
if usmUserPrivProtocol.syntax == des.Des.serviceID or \
usmUserPrivProtocol.syntax == aes.Aes.serviceID:
if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(
pysnmpUsmKeyPriv.syntax, securityEngineID
)
else:
localPrivKey = localkey.localizeKeyMD5(
pysnmpUsmKeyPriv.syntax, securityEngineID
)
elif usmUserPrivProtocol.syntax == nopriv.NoPriv.serviceID:
localPrivKey = None
else:
raise error.StatusInformation(
errorIndication = 'unsupportedPrivProtocol'
)
if localPrivKey is not None:
pysnmpUsmKeyPrivLocalized.syntax = pysnmpUsmKeyPrivLocalized.syntax.clone(localPrivKey)
return (
usmUserSecurityName.syntax, # XXX function needed?
usmUserAuthProtocol.syntax,
pysnmpUsmKeyAuthLocalized.syntax,
usmUserPrivProtocol.syntax,
pysnmpUsmKeyPrivLocalized.syntax
)
def __cloneUserInfo(self, mibInstrumController, securityEngineID,
securityName):
snmpEngineID, = mibInstrumController.mibBuilder.importSymbols(
'__SNMP-FRAMEWORK-MIB', 'snmpEngineID')
# Proto entry
usmUserEntry, = mibInstrumController.mibBuilder.importSymbols(
'SNMP-USER-BASED-SM-MIB', 'usmUserEntry')
tblIdx = usmUserEntry.getInstIdFromIndices(snmpEngineID.syntax,
securityName)
# Get proto protocols
usmUserSecurityName = usmUserEntry.getNode(usmUserEntry.name + (3, ) +
tblIdx)
usmUserAuthProtocol = usmUserEntry.getNode(usmUserEntry.name + (5, ) +
tblIdx)
usmUserPrivProtocol = usmUserEntry.getNode(usmUserEntry.name + (8, ) +
tblIdx)
# Get proto keys
pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols(
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry')
pysnmpUsmKeyAuth = pysnmpUsmKeyEntry.getNode(pysnmpUsmKeyEntry.name +
(3, ) + tblIdx)
pysnmpUsmKeyPriv = pysnmpUsmKeyEntry.getNode(pysnmpUsmKeyEntry.name +
(4, ) + tblIdx)
# Create new row from proto values
tblIdx = usmUserEntry.getInstIdFromIndices(securityEngineID,
securityName)
# New row
mibInstrumController.writeVars(
((usmUserEntry.name + (13, ) + tblIdx, 4), ))
# Set protocols
usmUserEntry.getNode(usmUserEntry.name + (3, ) +
tblIdx).syntax = usmUserSecurityName.syntax
usmUserEntry.getNode(usmUserEntry.name + (5, ) +
tblIdx).syntax = usmUserAuthProtocol.syntax
usmUserEntry.getNode(usmUserEntry.name + (8, ) +
tblIdx).syntax = usmUserPrivProtocol.syntax
# Localize and set keys
pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols(
'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry')
pysnmpUsmKeyAuthLocalized = pysnmpUsmKeyEntry.getNode(
pysnmpUsmKeyEntry.name + (1, ) + tblIdx)
if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID:
localAuthKey = localkey.localizeKeySHA(pysnmpUsmKeyAuth.syntax,
securityEngineID)
elif usmUserAuthProtocol.syntax == hmacmd5.HmacMd5.serviceID:
localAuthKey = localkey.localizeKeyMD5(pysnmpUsmKeyAuth.syntax,
securityEngineID)
elif usmUserAuthProtocol.syntax == noauth.NoAuth.serviceID:
localAuthKey = None
else:
raise error.StatusInformation(
errorIndication='unsupportedAuthProtocol')
if localAuthKey is not None:
pysnmpUsmKeyAuthLocalized.syntax = pysnmpUsmKeyAuthLocalized.syntax.clone(
localAuthKey)
pysnmpUsmKeyPrivLocalized = pysnmpUsmKeyEntry.getNode(
pysnmpUsmKeyEntry.name + (2, ) + tblIdx)
if usmUserPrivProtocol.syntax == des.Des.serviceID or \
usmUserPrivProtocol.syntax == aes.Aes.serviceID:
if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID:
localPrivKey = localkey.localizeKeySHA(pysnmpUsmKeyPriv.syntax,
securityEngineID)
else:
localPrivKey = localkey.localizeKeyMD5(pysnmpUsmKeyPriv.syntax,
securityEngineID)
elif usmUserPrivProtocol.syntax == nopriv.NoPriv.serviceID:
localPrivKey = None
else:
raise error.StatusInformation(
errorIndication='unsupportedPrivProtocol')
if localPrivKey is not None:
pysnmpUsmKeyPrivLocalized.syntax = pysnmpUsmKeyPrivLocalized.syntax.clone(
localPrivKey)
return (
usmUserSecurityName.syntax, # XXX function needed?
usmUserAuthProtocol.syntax,
pysnmpUsmKeyAuthLocalized.syntax,
usmUserPrivProtocol.syntax,
pysnmpUsmKeyPrivLocalized.syntax)
