usm_v3.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,118 行 · 第 1/5 页

   * @return - SNMPv3_USM_ERROR (not initialized),
   *           SNMPv3_USM_OK (user deleted or not in table)
   */
  int delete_engine_id(const OctetStr& engine_id);

  /**
   * Delete the entry with the given userName and engineID
   * from the usmUserTable
   *
   * @param engine_id  - The engine id
   * @param user_name - The userName that should be deleted
   *
   * @return - SNMPv3_USM_ERROR (not initialized),
   *           SNMPv3_USM_OK (user deleted or not in table)
   */
  int delete_entry(const OctetStr& engine_id, const OctetStr& user_name);

  /**
   * Protected (for agent++):
   *
   * Get the user at the specified position of the usmUserTable.
   *
   * @note Use lock() and unlock() for thread synchronization.
   *
   * @param number - get the entry at position number (1...)
   *
   * @return - a pointer to the structure or NULL if number is out
   *           of range (no need to delete anything)
   */
  const struct UsmUserTableEntry *get_entry(const int number);

  /**
   * Get a user of the usmUserTable.
   *
   * @note Use lock() and unlock() for thread synchronization.
   *
   * @param engine_id - Get a user for this engine id
   * @param sec_name  - Get the user with this security name
   *
   * @return - a pointer to the structure or NULL if the user is not
   *           found (no need to delete anything)
   */
  const struct UsmUserTableEntry *get_entry(const OctetStr &engine_id,
					    const OctetStr &sec_name);

  /**
   * Get a user of the usmUserTable.
   *
   * @note call delete_cloned_entry() with the retruned pointer.
   *
   * @param engine_id - Get a user for this engine id
   * @param sec_name  - Get the user with this security name
   *
   * @return - a pointer to the structure or NULL if the user is not
   *           found
   */
  struct UsmUserTableEntry *get_cloned_entry(const OctetStr &engine_id,
					     const OctetStr &sec_name);

  /**
   * Deletes a entry created through get_cloned_entry().
   *
   * @param entry     -
   */
  void delete_cloned_entry(struct UsmUserTableEntry* &entry);

  /**
   * Get a user of the usmUserTable.
   *
   * There could be more than one entry with the given
   * sec_name. Always the first entry that is found is returned.
   *
   * @note Use lock() and unlock() for thread synchronization.
   *
   * @param sec_name - security name to search for
   *
   * @return - a pointer to the structure or NULL if the user is not
   *           found (no need to delete anything)
   */
  const struct UsmUserTableEntry *get_entry(const OctetStr &sec_name);

  /**
   * Public:
   *
   * Add or replace a user in the usmUserTable. The usmUserTable stores
   * users with their localized keys.
   *
   * @param engine_id     - The engine_id, the key was localized with
   * @param user_name     - The name of the user (in the USM)
   * @param sec_name      - The security name of the user, this name
   *                                is the same for all securityModels
   * @param auth_proto    - Possible values are:
   *                                SNMP_AUTHPROTOCOL_NONE,
   *                                SNMP_AUTHPROTOCOL_HMACMD5,
   *                                SNMP_AUTHPROTOCOL_HMACSHA
   * @param auth_key      - The key used for authentications
   * @param priv_proto    - Possible values are:
   *                                SNMP_PRIVPROTOCOL_NONE,
   *                                SNMP_PRIVPROTOCOL_DES,
   *                                SNMP_PRIVPROTOCOL_IDEA
   * @param priv_key      - The key used for privacy
   *
   * @return - SNMPv3_USM_OK
   *           SNMP_v3_USM_ERROR (not initialized, no memory)
   */
  int add_entry(const OctetStr &engine_id,
		const OctetStr &user_name,  const OctetStr &sec_name,
		const long int  auth_proto, const OctetStr &auth_key,
		const long int  priv_proto, const OctetStr &priv_key);

  /**
   * Replace a localized key of the user and engine_id in the
   * usmUserTable.
   *
   * @param user_name     - The name of the user in the USM
   * @param engine_id     - Change the localized key for the SNMP
   *                        entity with this engine_id
   * @param new_key       - The new key
   * @param key_type      - AUTHKEY, OWNAUTHKEY, PRIVKEY or OWNPRIVKEY
   *
   * @return - SNMPv3_USM_ERROR (no such entry or not initialized),
   *           SNMPv3_USM_OK
   */
  int update_key(const OctetStr &user_name,
                 const OctetStr &engine_id,
                 const OctetStr &new_key,
                 const int key_type);

  /**
   * Save all entries into a file.
   */
  int save_to_file(const char *name, AuthPriv *ap);

  /**
   * Load the table from a file.
   */
  int load_from_file(const char *name, AuthPriv *ap);

  const UsmUserTableEntry *peek_first() const
    { if (entries > 0) return table; return 0; };

  const UsmUserTableEntry *peek_next(const UsmUserTableEntry *e) const;

private:
  void delete_entry(const int nr);

  struct UsmUserTableEntry *table;

  int max_entries; ///< the maximum number of entries
  int entries;     ///< the current amount of entries
};



struct UsmSecurityParameters {
  unsigned char  msgAuthoritativeEngineID[MAXLENGTH_ENGINEID];
  long int       msgAuthoritativeEngineIDLength;
  long int       msgAuthoritativeEngineBoots;
  long int       msgAuthoritativeEngineTime;
  unsigned char  msgUserName[MAXLEN_USMUSERNAME];
  long int       msgUserNameLength;
  unsigned char *msgAuthenticationParameters;
  long int       msgAuthenticationParametersLength;
  unsigned char *msgPrivacyParameters;
  unsigned int   msgPrivacyParametersLength;
};




struct SecurityStateReference
{
  unsigned char  msgUserName[MAXLEN_USMUSERNAME]; int msgUserNameLength;
  unsigned char *securityName;                    int securityNameLength;
  unsigned char *securityEngineID;                int securityEngineIDLength;
  int authProtocol;
  unsigned char* authKey;                         int authKeyLength;
  int privProtocol;
  unsigned char* privKey;                         int privKeyLength;
  int securityLevel;
};




void USM::inc_stats_unsupported_sec_levels()
{
  if (usmStatsUnsupportedSecLevels == MAXUINT32)
    usmStatsUnsupportedSecLevels = 0;
  else
    usmStatsUnsupportedSecLevels++;
}

void USM::inc_stats_not_in_time_windows()
{
  if (usmStatsNotInTimeWindows == MAXUINT32)
    usmStatsNotInTimeWindows = 0;
  else
    usmStatsNotInTimeWindows++;
}

void USM::inc_stats_unknown_user_names()
{
  if (usmStatsUnknownUserNames == MAXUINT32)
    usmStatsUnknownUserNames = 0;
  else
    usmStatsUnknownUserNames++;
}

void USM::inc_stats_unknown_engine_ids()
{
  if (usmStatsUnknownEngineIDs == MAXUINT32)
    usmStatsUnknownEngineIDs = 0;
  else
    usmStatsUnknownEngineIDs++;
}

void USM::inc_stats_wrong_digests()
{
  if (usmStatsWrongDigests == MAXUINT32)
    usmStatsWrongDigests = 0;
  else
    usmStatsWrongDigests++;
}

void USM::inc_stats_decryption_errors()
{
  if (usmStatsDecryptionErrors == MAXUINT32)
    usmStatsDecryptionErrors = 0;
  else
    usmStatsDecryptionErrors++;
}


void USM::delete_sec_state_reference(struct SecurityStateReference *ssr)
{
  if (ssr)
  {
    ssr->msgUserName[0] = 0;
    if (ssr->securityName) delete [] ssr->securityName;
    if (ssr->securityEngineID) delete [] ssr->securityEngineID;
    if (ssr->authKey)
    {
      memset(ssr->authKey, 0, ssr->authKeyLength);
      delete [] ssr->authKey;
    }
    if (ssr->privKey)
    {
      memset(ssr->privKey, 0, ssr->privKeyLength);
      delete [] ssr->privKey;
    }
  }
  delete ssr;
}

struct SecurityStateReference *USM::get_new_sec_state_reference()
{
  struct SecurityStateReference *res = new SecurityStateReference;

  if (!res)
    return NULL;

  memset(res, 0, sizeof(struct SecurityStateReference));
  return res;
}


USM::USM(unsigned int engine_boots, const OctetStr &engine_id,
	 const v3MP *v3_mp,
	 unsigned int *msgID, int &result)
  : local_snmp_engine_id (engine_id),
    v3mp (v3_mp),

    discovery_mode (TRUE),

    usmStatsUnsupportedSecLevels (0),
    usmStatsNotInTimeWindows     (0),
    usmStatsUnknownUserNames     (0),
    usmStatsUnknownEngineIDs     (0),
    usmStatsWrongDigests         (0),
    usmStatsDecryptionErrors     (0),

    usm_add_user_cb (0)
{
  auth_priv = new AuthPriv(result);
  if (result != SNMPv3_USM_OK)
    return;
  auth_priv->add_default_modules();

  usm_user_name_table = new USMUserNameTable(result);
  if (result != SNMPv3_USM_OK)
    return;

  usm_user_table = new USMUserTable(result);
  if (result != SNMPv3_USM_OK)
    return;

#ifdef _TEST
  printf(" Testing DES:\n");
  PrivDES pd;
  pp_uint64 testsalt=0xbabec0de;
  pd.set_salt(&testsalt);

  const char *desplaintext[10];
  desplaintext[0] = "abcdefghijklmnopqrstuvwxyz123456";
  desplaintext[1] = "abcdefghijklmnopqrstuvwxyz1234567";
  desplaintext[2] = "abcdefghijklmnopqrstuvwxyz12345678";
  desplaintext[3] = "abcdefghijklmnopqrstuvwxyz123456789";
  desplaintext[4] = "abcdefghijklmnopqrstuvwxyz123456789A";
  desplaintext[5] = "abcdefghijklmnopqrstuvwxyz123456789AB";
  desplaintext[6] = "abcdefghijklmnopqrstuvwxyz123456789ABC";
  desplaintext[7] = "abcdefghijklmnopqrstuvwxyz123456789ABCD";
  desplaintext[8] = "abcdefghijklmnopqrstuvwxyz123456789ABCDE";
  desplaintext[9] = "abcdefghijklmnopqrstuvwxyz123456789ABCDEF";
  
  unsigned char desencrypted[80];
  unsigned char desdecrypted[80];
  unsigned char desprivparams[8];
  unsigned char deskey[17] = "illegal_des_key!";

  for (int i=0; i<9; i++)
  {
      unsigned int encrypt_len = 80;
      unsigned int decrypt_len = 80;
      unsigned int desprivparamslen = 8;

      memset(desencrypted, 'x', 80);
      memset(desdecrypted, 'y', 80);

      debughexcprintf(1, "Plaintext", (unsigned char*)desplaintext[i],
		      strlen(desplaintext[i]));

      int res = pd.encrypt(deskey, 16,
			   (unsigned char*)desplaintext[i],
			   strlen(desplaintext[i]),
			   desencrypted, &encrypt_len,
			   desprivparams, &desprivparamslen,
			   0x2340abcd, 0);

      printf("%d: Result of encryption is %d\n", i, res);
      debughexcprintf(1, "Encrypted", desencrypted, encrypt_len);

      res = pd.decrypt(deskey, 16,
		       desencrypted, encrypt_len,
		       desdecrypted, &decrypt_len,
		       desprivparams, desprivparamslen,
		       0x2340abcd, 0);
      printf("%d: Result of decryption is %d\n", i, res);
      debughexcprintf(1, "Decrypted", desdecrypted, decrypt_len);

      if (memcmp(desplaintext[i], desdecrypted, strlen(desplaintext[i])))
	  printf("\n********* FAILED **********\n");
      else
	  printf("\nOK\n");

  }



#if 0
  printf(" Testing SHA:\n");

  // test password2key-algor:
  unsigned char keysha[50];
  auth_priv->password_to_key_auth(...(unsigned char*)"maplesyrup",10,
                     (unsigned char*)"\0\0\0\0\0\0\0\0\0\0\0\2",12,keysha);
  printf("Output of PasswordToKey-algorithm for SHA:\n");
  for (int i=0; i< 20; i++) {
    printf("%02X ", keysha[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("\nOutput should be (draft-ietf-snmpv3-usm-v2-02.txt):\n");
  printf("66 95 fe bc  92 88 e3 62  82 23 5f c7  15 1f 12 84\n97 b3 8f 3f\n");
  printf("\nTesting MD5:\n");
  unsigned char keymd5[50];
  apPasswordToKeyMD5((unsigned char*)"maplesyrup",10,
                     (unsigned char*)"\0\0\0\0\0\0\0\0\0\0\0\2",12,keymd5);
  printf("Output of PasswordToKey-algorithm for MD5:\n");
  for (int i=0; i< 16; i++) {
    printf("%02X ", keymd5[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("Output ahould be (draft-ietf-snmpv3-usm-v2-02.txt):\n");
  printf("52 6f 5e ed  9f cc e2 6f  89 64 c2 93  07 87 d8 2b\n");

  printf("\nTesting IDEA:\n");
  unsigned char source[35] = "Hallo, das ist ein test!", encrypted[35], decrypted[35], params[8];
  int len_encrypted = 35, len_decrypted = 35;
  apIDEAEncryptData((unsigned char*)"1234567890abcdef",
                    source, 25, encrypted, &len_encrypted, params);

  apIDEADecryptData((unsigned char*)"1234567890abcdef",
                    encrypted, len_encrypted,
                     decrypted, &len_decrypted, params);


  printf("params:\n");
  for (int i=0; i< 8; i++) {
    printf("%02X ", params[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("\nsource:\n");
  for (int i=0; i< 25; i++) {
    printf("%02X ", source[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("\n");
  printf("encrypted:\n");
  for (int i=0; i< 25; i++) {
    printf("%02X ", encrypted[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("\n");
  printf("decrypted:\n");
  for (int i=0; i< 25; i++) {
    printf("%02X ", decrypted[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }