def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) localPrivKey = localPrivKey + localkey.localizeKeyMD5( localPrivKey, snmpEngineID) elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) localPrivKey = localPrivKey + localkey.localizeKeySHA( localPrivKey, snmpEngineID) else: raise error.ProtocolError('Unknown auth protocol %s' % (authProtocol, )) return localPrivKey[:32]
def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): # noinspection PyDeprecation,PyCallingNonCallable localPrivKey += localkey.localizeKeyMD5(localPrivKey, snmpEngineID) elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): localPrivKey += localkey.localizeKeySHA(localPrivKey, snmpEngineID) else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) ) return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) # now extend this key if too short by repeating steps that includes the hashPassphrase step while len(localPrivKey) < self.keySize: newKey = localkey.hashPassphraseMD5(localPrivKey) localPrivKey += localkey.localizeKeyMD5(newKey, snmpEngineID) elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) while len(localPrivKey) < self.keySize: newKey = localkey.hashPassphraseSHA(localPrivKey) localPrivKey += localkey.localizeKeySHA(newKey, snmpEngineID) else: raise error.ProtocolError('Unknown auth protocol %s' % (authProtocol, )) return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) localPrivKey = localPrivKey + localkey.localizeKeyMD5( localPrivKey, snmpEngineID ) elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) localPrivKey = localPrivKey + localkey.localizeKeySHA( localPrivKey, snmpEngineID ) else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) ) return localPrivKey[:32] # key+IV
def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) while ceil(self.keySize // len(localPrivKey)): localPrivKey = localPrivKey + md5(localPrivKey).digest() elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) while ceil(self.keySize // len(localPrivKey)): localPrivKey = localPrivKey + sha1(localPrivKey).digest() else: raise error.ProtocolError('Unknown auth protocol %s' % (authProtocol, )) return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) while ceil(self.keySize//len(localPrivKey)): localPrivKey = localPrivKey + md5(localPrivKey).digest() elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) while ceil(self.keySize//len(localPrivKey)): localPrivKey = localPrivKey + sha1(localPrivKey).digest() else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) ) return localPrivKey[:self.keySize]
def localizeKey(self, authProtocol, privKey, snmpEngineID): if authProtocol == hmacmd5.HmacMd5.serviceID: localPrivKey = localkey.localizeKeyMD5(privKey, snmpEngineID) for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): # noinspection PyDeprecation,PyCallingNonCallable localPrivKey += md5(localPrivKey).digest() elif authProtocol == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(privKey, snmpEngineID) # RFC mentions this algo generates 480bit key, but only up to 256 bits are used for count in range(1, int(ceil(self.keySize * 1.0 / len(localPrivKey)))): localPrivKey += sha1(localPrivKey).digest() else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) ) return localPrivKey[:self.keySize]
def addV3User(snmpEngine, securityName, authProtocol=usmNoAuthProtocol, authKey=None, privProtocol=usmNoPrivProtocol, privKey=None, contextEngineId=None): (snmpEngineID, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry, tblIdx2) = __cookV3UserInfo(snmpEngine, securityName, contextEngineId) # Load augmenting table before creating new row in base one pysnmpUsmKeyEntry, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( 'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry') # Load clone-from (may not be needed) zeroDotZero, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols( 'SNMPv2-SMI', 'zeroDotZero') snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((usmUserEntry.name + (13, ) + tblIdx1, 'destroy'), )) snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((usmUserEntry.name + (13, ) + tblIdx1, 'createAndGo'), (usmUserEntry.name + (3, ) + tblIdx1, securityName), (usmUserEntry.name + (4, ) + tblIdx1, zeroDotZero.name), (usmUserEntry.name + (5, ) + tblIdx1, authProtocol), (usmUserEntry.name + (8, ) + tblIdx1, privProtocol))) # Localize keys if authProtocol == usmHMACMD5AuthProtocol: hashedAuthPassphrase = localkey.hashPassphraseMD5(authKey and authKey or '') localAuthKey = localkey.localizeKeyMD5(hashedAuthPassphrase, snmpEngineID) elif authProtocol == usmHMACSHAAuthProtocol: hashedAuthPassphrase = localkey.hashPassphraseSHA(authKey and authKey or '') localAuthKey = localkey.localizeKeySHA(hashedAuthPassphrase, snmpEngineID) elif authProtocol == usmNoAuthProtocol: hashedAuthPassphrase = localAuthKey = None else: raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol, )) if privProtocol == usmDESPrivProtocol or \ privProtocol == usmAesCfb128Protocol: if authProtocol == usmHMACMD5AuthProtocol: hashedPrivPassphrase = localkey.hashPassphraseMD5( privKey and privKey or '') localPrivKey = localkey.localizeKeyMD5(hashedPrivPassphrase, snmpEngineID) elif authProtocol == usmHMACSHAAuthProtocol: hashedPrivPassphrase = localkey.hashPassphraseSHA( privKey and privKey or '') localPrivKey = localkey.localizeKeySHA(hashedPrivPassphrase, snmpEngineID) else: raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol, )) elif privProtocol == usmNoPrivProtocol: hashedPrivPassphrase = localPrivKey = None else: raise error.PySnmpError('Unknown priv protocol %s' % (privProtocol, )) # Commit localized keys snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmKeyEntry.name + (1, ) + tblIdx1, localAuthKey), (pysnmpUsmKeyEntry.name + (2, ) + tblIdx1, localPrivKey), (pysnmpUsmKeyEntry.name + (3, ) + tblIdx1, hashedAuthPassphrase), (pysnmpUsmKeyEntry.name + (4, ) + tblIdx1, hashedPrivPassphrase))) # Commit passphrases snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmSecretEntry.name + (4, ) + tblIdx2, 'destroy'), )) snmpEngine.msgAndPduDsp.mibInstrumController.writeVars(( (pysnmpUsmSecretEntry.name + (4, ) + tblIdx2, 'createAndGo'), (pysnmpUsmSecretEntry.name + (2, ) + tblIdx2, authKey), (pysnmpUsmSecretEntry.name + (3, ) + tblIdx2, privKey), ))
def localizeKey(self, authKey, snmpEngineID): return localkey.localizeKeyMD5(authKey, snmpEngineID)
def addV3User(snmpEngine, securityName, authProtocol=usmNoAuthProtocol, authKey=None, privProtocol=usmNoPrivProtocol, privKey=None, contextEngineId=None): ( snmpEngineID, usmUserEntry, tblIdx1, pysnmpUsmSecretEntry, tblIdx2 ) = __cookV3UserInfo( snmpEngine, securityName, contextEngineId ) # Load augmenting table before creating new row in base one pysnmpUsmKeyEntry, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry') # Load clone-from (may not be needed) zeroDotZero, = snmpEngine.msgAndPduDsp.mibInstrumController.mibBuilder.importSymbols('SNMPv2-SMI', 'zeroDotZero') snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((usmUserEntry.name + (13,) + tblIdx1, 'destroy'),) ) snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((usmUserEntry.name + (13,) + tblIdx1, 'createAndGo'), (usmUserEntry.name + (3,) + tblIdx1, securityName), (usmUserEntry.name + (4,) + tblIdx1, zeroDotZero.name), (usmUserEntry.name + (5,) + tblIdx1, authProtocol), (usmUserEntry.name + (8,) + tblIdx1, privProtocol)) ) # Localize keys if authProtocol == usmHMACMD5AuthProtocol: hashedAuthPassphrase = localkey.hashPassphraseMD5( authKey and authKey or '' ) localAuthKey = localkey.localizeKeyMD5( hashedAuthPassphrase, snmpEngineID ) elif authProtocol == usmHMACSHAAuthProtocol: hashedAuthPassphrase = localkey.hashPassphraseSHA( authKey and authKey or '' ) localAuthKey = localkey.localizeKeySHA( hashedAuthPassphrase, snmpEngineID ) elif authProtocol == usmNoAuthProtocol: hashedAuthPassphrase = localAuthKey = None else: raise error.PySnmpError('Unknown auth protocol %s' % (authProtocol,)) if privProtocol == usmDESPrivProtocol or \ privProtocol == usmAesCfb128Protocol: if authProtocol == usmHMACMD5AuthProtocol: hashedPrivPassphrase = localkey.hashPassphraseMD5( privKey and privKey or '' ) localPrivKey = localkey.localizeKeyMD5( hashedPrivPassphrase, snmpEngineID ) elif authProtocol == usmHMACSHAAuthProtocol: hashedPrivPassphrase = localkey.hashPassphraseSHA( privKey and privKey or '' ) localPrivKey = localkey.localizeKeySHA( hashedPrivPassphrase, snmpEngineID ) else: raise error.PySnmpError( 'Unknown auth protocol %s' % (authProtocol,) ) elif privProtocol == usmNoPrivProtocol: hashedPrivPassphrase = localPrivKey = None else: raise error.PySnmpError( 'Unknown priv protocol %s' % (privProtocol,) ) # Commit localized keys snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmKeyEntry.name + (1,) + tblIdx1, localAuthKey), (pysnmpUsmKeyEntry.name + (2,) + tblIdx1, localPrivKey), (pysnmpUsmKeyEntry.name + (3,) + tblIdx1, hashedAuthPassphrase), (pysnmpUsmKeyEntry.name + (4,) + tblIdx1, hashedPrivPassphrase)) ) # Commit passphrases snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'destroy'),) ) snmpEngine.msgAndPduDsp.mibInstrumController.writeVars( ((pysnmpUsmSecretEntry.name + (4,) + tblIdx2, 'createAndGo'), (pysnmpUsmSecretEntry.name + (2,) + tblIdx2, authKey), (pysnmpUsmSecretEntry.name + (3,) + tblIdx2, privKey),) )
def __cloneUserInfo( self, mibInstrumController, securityEngineID, securityName ): snmpEngineID, = mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineID' ) # Proto entry usmUserEntry, = mibInstrumController.mibBuilder.importSymbols( 'SNMP-USER-BASED-SM-MIB', 'usmUserEntry' ) tblIdx = usmUserEntry.getInstIdFromIndices( snmpEngineID.syntax, securityName ) # Get proto protocols usmUserSecurityName = usmUserEntry.getNode( usmUserEntry.name + (3,) + tblIdx ) usmUserAuthProtocol = usmUserEntry.getNode( usmUserEntry.name + (5,) + tblIdx ) usmUserPrivProtocol = usmUserEntry.getNode( usmUserEntry.name + (8,) + tblIdx ) # Get proto keys pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols( 'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry' ) pysnmpUsmKeyAuth = pysnmpUsmKeyEntry.getNode( pysnmpUsmKeyEntry.name + (3,) + tblIdx ) pysnmpUsmKeyPriv = pysnmpUsmKeyEntry.getNode( pysnmpUsmKeyEntry.name + (4,) + tblIdx ) # Create new row from proto values tblIdx = usmUserEntry.getInstIdFromIndices( securityEngineID, securityName ) # New row mibInstrumController.writeVars( ((usmUserEntry.name + (13,) + tblIdx, 4),) ) # Set protocols usmUserEntry.getNode( usmUserEntry.name + (3,) + tblIdx ).syntax = usmUserSecurityName.syntax usmUserEntry.getNode( usmUserEntry.name + (5,) + tblIdx ).syntax = usmUserAuthProtocol.syntax usmUserEntry.getNode( usmUserEntry.name + (8,) + tblIdx ).syntax = usmUserPrivProtocol.syntax # Localize and set keys pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols( 'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry' ) pysnmpUsmKeyAuthLocalized = pysnmpUsmKeyEntry.getNode( pysnmpUsmKeyEntry.name + (1,) + tblIdx ) if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID: localAuthKey = localkey.localizeKeySHA( pysnmpUsmKeyAuth.syntax, securityEngineID ) elif usmUserAuthProtocol.syntax == hmacmd5.HmacMd5.serviceID: localAuthKey = localkey.localizeKeyMD5( pysnmpUsmKeyAuth.syntax, securityEngineID ) elif usmUserAuthProtocol.syntax == noauth.NoAuth.serviceID: localAuthKey = None else: raise error.StatusInformation( errorIndication = 'unsupportedAuthProtocol' ) if localAuthKey is not None: pysnmpUsmKeyAuthLocalized.syntax = pysnmpUsmKeyAuthLocalized.syntax.clone(localAuthKey) pysnmpUsmKeyPrivLocalized = pysnmpUsmKeyEntry.getNode( pysnmpUsmKeyEntry.name + (2,) + tblIdx ) if usmUserPrivProtocol.syntax == des.Des.serviceID or \ usmUserPrivProtocol.syntax == aes.Aes.serviceID: if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA( pysnmpUsmKeyPriv.syntax, securityEngineID ) else: localPrivKey = localkey.localizeKeyMD5( pysnmpUsmKeyPriv.syntax, securityEngineID ) elif usmUserPrivProtocol.syntax == nopriv.NoPriv.serviceID: localPrivKey = None else: raise error.StatusInformation( errorIndication = 'unsupportedPrivProtocol' ) if localPrivKey is not None: pysnmpUsmKeyPrivLocalized.syntax = pysnmpUsmKeyPrivLocalized.syntax.clone(localPrivKey) return ( usmUserSecurityName.syntax, # XXX function needed? usmUserAuthProtocol.syntax, pysnmpUsmKeyAuthLocalized.syntax, usmUserPrivProtocol.syntax, pysnmpUsmKeyPrivLocalized.syntax )
def __cloneUserInfo(self, mibInstrumController, securityEngineID, securityName): snmpEngineID, = mibInstrumController.mibBuilder.importSymbols( '__SNMP-FRAMEWORK-MIB', 'snmpEngineID') # Proto entry usmUserEntry, = mibInstrumController.mibBuilder.importSymbols( 'SNMP-USER-BASED-SM-MIB', 'usmUserEntry') tblIdx = usmUserEntry.getInstIdFromIndices(snmpEngineID.syntax, securityName) # Get proto protocols usmUserSecurityName = usmUserEntry.getNode(usmUserEntry.name + (3, ) + tblIdx) usmUserAuthProtocol = usmUserEntry.getNode(usmUserEntry.name + (5, ) + tblIdx) usmUserPrivProtocol = usmUserEntry.getNode(usmUserEntry.name + (8, ) + tblIdx) # Get proto keys pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols( 'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry') pysnmpUsmKeyAuth = pysnmpUsmKeyEntry.getNode(pysnmpUsmKeyEntry.name + (3, ) + tblIdx) pysnmpUsmKeyPriv = pysnmpUsmKeyEntry.getNode(pysnmpUsmKeyEntry.name + (4, ) + tblIdx) # Create new row from proto values tblIdx = usmUserEntry.getInstIdFromIndices(securityEngineID, securityName) # New row mibInstrumController.writeVars( ((usmUserEntry.name + (13, ) + tblIdx, 4), )) # Set protocols usmUserEntry.getNode(usmUserEntry.name + (3, ) + tblIdx).syntax = usmUserSecurityName.syntax usmUserEntry.getNode(usmUserEntry.name + (5, ) + tblIdx).syntax = usmUserAuthProtocol.syntax usmUserEntry.getNode(usmUserEntry.name + (8, ) + tblIdx).syntax = usmUserPrivProtocol.syntax # Localize and set keys pysnmpUsmKeyEntry, = mibInstrumController.mibBuilder.importSymbols( 'PYSNMP-USM-MIB', 'pysnmpUsmKeyEntry') pysnmpUsmKeyAuthLocalized = pysnmpUsmKeyEntry.getNode( pysnmpUsmKeyEntry.name + (1, ) + tblIdx) if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID: localAuthKey = localkey.localizeKeySHA(pysnmpUsmKeyAuth.syntax, securityEngineID) elif usmUserAuthProtocol.syntax == hmacmd5.HmacMd5.serviceID: localAuthKey = localkey.localizeKeyMD5(pysnmpUsmKeyAuth.syntax, securityEngineID) elif usmUserAuthProtocol.syntax == noauth.NoAuth.serviceID: localAuthKey = None else: raise error.StatusInformation( errorIndication='unsupportedAuthProtocol') if localAuthKey is not None: pysnmpUsmKeyAuthLocalized.syntax = pysnmpUsmKeyAuthLocalized.syntax.clone( localAuthKey) pysnmpUsmKeyPrivLocalized = pysnmpUsmKeyEntry.getNode( pysnmpUsmKeyEntry.name + (2, ) + tblIdx) if usmUserPrivProtocol.syntax == des.Des.serviceID or \ usmUserPrivProtocol.syntax == aes.Aes.serviceID: if usmUserAuthProtocol.syntax == hmacsha.HmacSha.serviceID: localPrivKey = localkey.localizeKeySHA(pysnmpUsmKeyPriv.syntax, securityEngineID) else: localPrivKey = localkey.localizeKeyMD5(pysnmpUsmKeyPriv.syntax, securityEngineID) elif usmUserPrivProtocol.syntax == nopriv.NoPriv.serviceID: localPrivKey = None else: raise error.StatusInformation( errorIndication='unsupportedPrivProtocol') if localPrivKey is not None: pysnmpUsmKeyPrivLocalized.syntax = pysnmpUsmKeyPrivLocalized.syntax.clone( localPrivKey) return ( usmUserSecurityName.syntax, # XXX function needed? usmUserAuthProtocol.syntax, pysnmpUsmKeyAuthLocalized.syntax, usmUserPrivProtocol.syntax, pysnmpUsmKeyPrivLocalized.syntax)