keymanagetest.c

snmp up7

    return failcount;

}                               /* end test_genKu() */




/*******************************************************************-o-******
 * test_genkul
 *
 * Returns:
 *	Number of failures.
 *
 *
 * Test of generate_kul().
 *
 * A passphrase and engineID are hashed into a master key Ku using
 * both known hash transforms.  Localized keys, also using both hash
 * transforms, are generated from each of these master keys.
 *
 * ASSUME  generate_Ku is already tested.
 * ASSUME  engineID is initially a NULL terminated string.
 */
int
test_genkul(void)
{
    int             rval = SNMPERR_SUCCESS,
        failcount = 0,
        properlength, kulen, kul_len, engineID_len, isdefault = FALSE;

    char           *s = NULL,
        *testname = "Using HMACMD5 to create master key.",
        *hashname_Ku = "usmHMACMD5AuthProtocol", *hashname_kul;

    u_char          Ku[LOCAL_MAXBUF], kul[LOCAL_MAXBUF];

    oid            *hashtype_Ku = usmHMACMD5AuthProtocol, *hashtype_kul;

    OUTPUT("Test of generate_kul --");


    /*
     * Set passphrase and engineID.
     *
     * If engineID begins with 0x, assume it is written in (printable)
     * hex and convert it to binary data.
     */
    if (!passphrase) {
        passphrase = PASSPHRASE_DEFAULT;
    }
    if (!bequiet)
        fprintf(stdout, "Passphrase%s:\n\t%s\n\n",
                (passphrase == PASSPHRASE_DEFAULT) ? " (default)" : "",
                passphrase);

    if (!engineID) {
        engineID = ENGINEID_DEFAULT;
        isdefault = TRUE;
    }

    engineID_len = strlen(engineID);

    if (tolower(*(engineID + 1)) == 'x') {
        engineID_len = hex_to_binary2(engineID + 2, engineID_len - 2, &s);
        if (engineID_len < 0) {
            FAILED((rval = SNMPERR_GENERR),
                   "Could not resolve hex engineID.");
        }
        engineID = s;
        binary_to_hex(engineID, engineID_len, &s);
    }

    if (!bequiet)
        fprintf(stdout, "engineID%s (len=%d):  %s\n\n",
                (isdefault) ? " (default)" : "",
                engineID_len, (s) ? s : engineID);
    if (s) {
        SNMP_FREE(s);
    }



    /*
     * Create a master key using both hash transforms; create localized
     * keys using both hash transforms from each master key.
     */
  test_genkul_again_master:
    memset(Ku, 0, LOCAL_MAXBUF);
    kulen = LOCAL_MAXBUF;
    hashname_kul = "usmHMACMD5AuthProtocol";
    hashtype_kul = usmHMACMD5AuthProtocol;
    properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5);


    rval = generate_Ku(hashtype_Ku, USM_LENGTH_OID_TRANSFORM,
                       passphrase, strlen(passphrase), Ku, &kulen);
    FAILED(rval, "generate_Ku().");

    binary_to_hex(Ku, kulen, &s);
    if (!bequiet)
        fprintf(stdout,
                "\n\nMaster Ku using \"%s\":\n\t%s\n\n", hashname_Ku, s);
    free_zero(s, kulen);


  test_genkul_again_local:
    memset(kul, 0, LOCAL_MAXBUF);
    kul_len = LOCAL_MAXBUF;

    rval = generate_kul(hashtype_kul, USM_LENGTH_OID_TRANSFORM,
                        engineID, engineID_len, Ku, kulen, kul, &kul_len);

    if ((hashtype_Ku == usmHMACMD5AuthProtocol)
        && (hashtype_kul == usmHMACSHA1AuthProtocol)) {
        if (rval == SNMPERR_SUCCESS) {
            FAILED(SNMPERR_GENERR,
                   "generate_kul SHOULD fail when Ku length is "
                   "less than hash transform length.");
        }

    } else {
        FAILED(rval, "generate_kul().");

        if (kul_len != properlength) {
            FAILED(SNMPERR_GENERR,
                   "kul length is wrong for the given hashtype.");
        }

        binary_to_hex(kul, kul_len, &s);
        fprintf(stdout, "kul (%s) (len=%d):  %s\n",
                ((hashtype_Ku == usmHMACMD5AuthProtocol) ? "MD5" : "SHA"),
                kul_len, s);
        free_zero(s, kul_len);
    }


    /*
     * Create localized key using the other hash transform, but from
     * * the same master key.
     */
    if (hashtype_kul == usmHMACMD5AuthProtocol) {
        hashtype_kul = usmHMACSHA1AuthProtocol;
        hashname_kul = "usmHMACSHA1AuthProtocol";
        properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
        goto test_genkul_again_local;
    }

    SUCCESS(testname);


    /*
     * Re-create the master key using the other hash transform.
     */
    if (hashtype_Ku == usmHMACMD5AuthProtocol) {
        hashtype_Ku = usmHMACSHA1AuthProtocol;
        hashname_Ku = "usmHMACSHA1AuthProtocol";
        testname = "Using HMACSHA1 to create master key.";
        goto test_genkul_again_master;
    }

    return failcount;

}                               /* end test_genkul() */




/*******************************************************************-o-******
 * test_keychange
 *
 * Returns:
 *	Number of failures.
 *
 *
 * Test of KeyChange TC implementation.
 *
 * ASSUME newkey and oldkey begin as NULL terminated strings.
 */
int
test_keychange(void)
{
    int             rval = SNMPERR_SUCCESS,
        failcount = 0,
        properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5),
        oldkey_len,
        newkey_len,
        keychange_len,
        temp_len, isdefault_new = FALSE, isdefault_old = FALSE;

    char           *hashname = "usmHMACMD5AuthProtocol.", *s;

    u_char          oldkey_buf[LOCAL_MAXBUF],
        newkey_buf[LOCAL_MAXBUF],
        temp_buf[LOCAL_MAXBUF], keychange_buf[LOCAL_MAXBUF];

    oid            *hashtype = usmHMACMD5AuthProtocol;

    OUTPUT("Test of KeyChange TC --");


    /*
     * Set newkey and oldkey.
     */
    if (!newkey) {              /* newkey */
        newkey = NEWKEY_DEFAULT;
        isdefault_new = TRUE;
    }
    newkey_len = strlen(newkey);

    if (tolower(*(newkey + 1)) == 'x') {
        newkey_len = hex_to_binary2(newkey + 2, newkey_len - 2, &s);
        if (newkey_len < 0) {
            FAILED((rval = SNMPERR_GENERR),
                   "Could not resolve hex newkey.");
        }
        newkey = s;
        binary_to_hex(newkey, newkey_len, &s);
    }

    if (!oldkey) {              /* oldkey */
        oldkey = OLDKEY_DEFAULT;
        isdefault_old = TRUE;
    }
    oldkey_len = strlen(oldkey);

    if (tolower(*(oldkey + 1)) == 'x') {
        oldkey_len = hex_to_binary2(oldkey + 2, oldkey_len - 2, &s);
        if (oldkey_len < 0) {
            FAILED((rval = SNMPERR_GENERR),
                   "Could not resolve hex oldkey.");
        }
        oldkey = s;
        binary_to_hex(oldkey, oldkey_len, &s);
    }



  test_keychange_again:
    memset(oldkey_buf, 0, LOCAL_MAXBUF);
    memset(newkey_buf, 0, LOCAL_MAXBUF);
    memset(keychange_buf, 0, LOCAL_MAXBUF);
    memset(temp_buf, 0, LOCAL_MAXBUF);

    memcpy(oldkey_buf, oldkey, SNMP_MIN(oldkey_len, properlength));
    memcpy(newkey_buf, newkey, SNMP_MIN(newkey_len, properlength));
    keychange_len = LOCAL_MAXBUF;


    binary_to_hex(oldkey_buf, properlength, &s);
    fprintf(stdout, "\noldkey%s (len=%d):  %s\n",
            (isdefault_old) ? " (default)" : "", properlength, s);
    SNMP_FREE(s);

    binary_to_hex(newkey_buf, properlength, &s);
    fprintf(stdout, "newkey%s (len=%d):  %s\n\n",
            (isdefault_new) ? " (default)" : "", properlength, s);
    SNMP_FREE(s);


    rval = encode_keychange(hashtype, USM_LENGTH_OID_TRANSFORM,
                            oldkey_buf, properlength,
                            newkey_buf, properlength,
                            keychange_buf, &keychange_len);
    FAILED(rval, "encode_keychange().");

    if (keychange_len != (properlength * 2)) {
        FAILED(SNMPERR_GENERR,
               "KeyChange string (encoded) is not proper length "
               "for this hash transform.");
    }

    binary_to_hex(keychange_buf, keychange_len, &s);
    fprintf(stdout, "(%s) KeyChange string:  %s\n\n",
            ((hashtype == usmHMACMD5AuthProtocol) ? "MD5" : "SHA"), s);
    SNMP_FREE(s);

    temp_len = properlength;
    rval = decode_keychange(hashtype, USM_LENGTH_OID_TRANSFORM,
                            oldkey_buf, properlength,
                            keychange_buf, properlength * 2,
                            temp_buf, &temp_len);
    FAILED(rval, "decode_keychange().");

    if (temp_len != properlength) {
        FAILED(SNMPERR_GENERR,
               "decoded newkey is not proper length for "
               "this hash transform.");
    }

    binary_to_hex(temp_buf, temp_len, &s);
    fprintf(stdout, "decoded newkey:  %s\n\n", s);
    SNMP_FREE(s);


    if (memcmp(newkey_buf, temp_buf, temp_len)) {
        FAILED(SNMPERR_GENERR, "newkey did not decode properly.");
    }


    SUCCESS(hashname);
    fprintf(stdout, "\n");


    /*
     * Multiplex different test combinations.
     *
     * First clause is for Test #2, second clause is for (last) Test #3.
     */
    if (hashtype == usmHMACMD5AuthProtocol) {
        hashtype = usmHMACSHA1AuthProtocol;
        hashname = "usmHMACSHA1AuthProtocol (w/DES length kul's).";
        properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES)
            + BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
        goto test_keychange_again;

    } else if (properlength < BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1)) {
        hashtype = usmHMACSHA1AuthProtocol;
        hashname = "usmHMACSHA1AuthProtocol.";
        properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
        goto test_keychange_again;
    }

    return failcount;

}                               /* end test_keychange() */