usm_v3.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,118 行 · 第 1/5 页

  printf("\n");
  for (int i=0; i<25; i++)
    if (source[i]!=decrypted[i]) {
      printf("\n*** source != decrypted ****\n\n");
      break;
    }

  // test keyUpdate md5
  printf("\n Test KeyUpdate Algorithm:\n");
  printf("Test MD5:\n");
  OctetStr oldKey = OctetStr(keymd5, SNMPv3_AP_OUTPUT_LENGTH_MD5);

  unsigned char newkeymd5[50];
  apPasswordToKeyMD5((unsigned char*)"newsyrup",8,
                     (unsigned char*)"\0\0\0\0\0\0\0\0\0\0\0\2",12,newkeymd5);
  printf("Output of PasswordToKey-algorithm for MD5:\n");
  for (int i=0; i< 16; i++) {
    printf("%02X ", newkeymd5[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("Output ahould be (draft-ietf-snmpv3-usm-v2-02.txt):\n");
  printf("87 02 1d 7b  d9 d1 01 ba  05 ea 6e 3b  f9 d9 bd 4a\n");
  OctetStr result;
  apNewKey(oldKey, OctetStr(newkeymd5, SNMPv3_AP_OUTPUT_LENGTH_MD5),
            result, SNMPv3_usmHMACMD5AuthProtocol);

  // test keyUpdate sha (auth)
  printf("\nTest SHA for authPassword:\n");
  oldKey = OctetStr(keysha, SNMPv3_AP_OUTPUT_LENGTH_SHA);

  unsigned char newkeysha[50];
  apPasswordToKeySHA((unsigned char*)"newsyrup",8,
                     (unsigned char*)"\0\0\0\0\0\0\0\0\0\0\0\2",12,newkeysha);
  printf("Output of PasswordToKey-algorithm for sha:\n");
  for (int i=0; i< SNMPv3_AP_OUTPUT_LENGTH_SHA; i++) {
    printf("%02X ", newkeysha[i]);
    if ((i+1)%4==0) printf(" ");
    if ((i+1)%16==0) printf("\n");
  }
  printf("Output ahould be (draft-ietf-snmpv3-usm-v2-02.txt):\n");
  printf("78 e2 dc ce  79 d5 94 03  b5 8c 1b ba  a5 bf f4 63 \n91 f1 cd 25\n");

  apNewKey(oldKey, OctetStr(newkeysha, SNMPv3_AP_OUTPUT_LENGTH_SHA),
            result, SNMPv3_usmHMACSHAAuthProtocol);
  // test keyUpdate sha (privPassword DES)
  printf("\nTest SHA for privPassword:\n");

  oldKey = OctetStr(keysha, SNMPv3_AP_OUTPUT_LENGTH_MD5);
  apNewKey(oldKey, OctetStr(newkeysha, SNMPv3_AP_OUTPUT_LENGTH_MD5),
            result, SNMPv3_usmHMACSHAAuthProtocol);
  printf("Result should be:\n");
  printf("00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00\n");
  printf("7e f8 d8 a4  c9 cd b2 6b  47 59 1c d8  52 ff 88 b5\n");
#endif
  /* test AES key extension algorithm */
  unsigned char key_sha[SNMPv3_USM_MAX_KEY_LEN];
  unsigned int key_sha_len = SNMPv3_USM_MAX_KEY_LEN;

  int res = auth_priv->password_to_key_priv(
    SNMP_AUTHPROTOCOL_HMACSHA,
    SNMP_PRIVPROTOCOL_AES256,
    (unsigned char*)"maplesyrup", 10,
    (unsigned char*)"\0\0\0\0\0\0\0\0\0\0\0\2", 12,
    key_sha, &key_sha_len);

  debugprintf(0, "aes key extension result %i, key_sha_len = %i.",
	      res, key_sha_len);
  debughexcprintf(0, "key_sha", key_sha, key_sha_len);

  unsigned char pt[56] = "This is a secret message, nobody is allowed to read it!";
  unsigned char *plaintext = pt;
  unsigned char ct[56];
  unsigned char *cipher = ct;
  unsigned int cipherlen = 56;
  unsigned char privpar[8];
  unsigned int privparlen = 8;

  Priv *priv = auth_priv->get_priv(SNMP_PRIVPROTOCOL_AES256);
  pp_uint64 salt = 0;
  priv->set_salt(&salt);
  auth_priv->encrypt_msg(SNMP_PRIVPROTOCOL_AES256,
			 key_sha, key_sha_len,
			 plaintext, 55, cipher, &cipherlen,
			 privpar, &privparlen,
			 0xdeadc0deUL, 0xbeefdedeUL);

  auth_priv->decrypt_msg(SNMP_PRIVPROTOCOL_AES256,
			 key_sha, key_sha_len,
			 cipher, 55, plaintext, &cipherlen,
			 privpar, privparlen,
			 0xdeadc0deUL, 0xbeefdedeUL);

#endif // _TEST

  usm_time_table = new USMTimeTable(this, engine_boots, result);
  if (result != SNMPv3_USM_OK)
    return;

  *msgID = (engine_boots & 0xFFFF) << 16;
}

USM::~USM()
{
  if (usm_time_table)
    delete usm_time_table;
  usm_time_table = NULL;

  if (usm_user_table)
    delete usm_user_table;
  usm_user_table = NULL;

  if (usm_user_name_table)
  {
    delete usm_user_name_table;
    usm_user_name_table = NULL;
  }

  if (auth_priv)
  {
    delete auth_priv;
    auth_priv = NULL;
  }
}

// Delete this engine id form all USM tables (users and engine time).
int USM::remove_engine_id(const OctetStr &engine_id)
{
  int retval1, retval2;

  retval1 = usm_time_table->delete_entry(engine_id);

  retval2 = usm_user_table->delete_entries(engine_id);

  if ((retval1 == SNMPv3_USM_ERROR) ||
      (retval2 == SNMPv3_USM_ERROR))
    return SNMPv3_USM_ERROR;

  return SNMPv3_USM_OK;
}


int USM::update_key(const unsigned char* user_name,
		    const long int user_name_len,
		    const unsigned char* engine_id,
		    const long int engine_id_len,
		    const unsigned char* new_key,
		    const long int new_key_len,
		    const int type_of_key)
{
  OctetStr key(new_key, new_key_len);
  int res;
  res = usm_user_table->update_key(OctetStr(user_name, user_name_len),
				   OctetStr(engine_id, engine_id_len),
				   key, type_of_key);
  key.clear();
  return res;
}

int USM::add_localized_user(const OctetStr &engine_id,
			    const OctetStr &user_name,
			    const OctetStr &security_name,
			    const long auth_protocol,
			    const OctetStr &auth_key,
			    const long priv_protocol,
			    const OctetStr &priv_key)
{
   return usm_user_table->add_entry(engine_id, user_name, security_name,
                                    auth_protocol, auth_key,
                                    priv_protocol, priv_key);
}


int USM::add_usm_user(const OctetStr& user_name,
		      const OctetStr& security_name,
		      const long int  auth_protocol,
		      const long int  priv_protocol,
		      const OctetStr& auth_password,
		      const OctetStr& priv_password)
{
  /*  delete localized entries if some exists */
  delete_localized_user(user_name);

  int result = usm_user_name_table->add_entry(user_name,security_name,
					      auth_protocol, priv_protocol,
					      auth_password, priv_password);
  if (result != SNMPv3_USM_OK)
    return result;

  struct UsmUser *dummy;
  dummy = get_user(local_snmp_engine_id, security_name);
  if (dummy) free_user(dummy);

  return SNMPv3_USM_OK;
}

int USM::add_usm_user(const OctetStr& user_name,
		      const OctetStr& security_name,
		      const long int  auth_protocol,
		      const long int  priv_protocol,
		      const OctetStr& auth_password,
		      const OctetStr& priv_password,
		      const OctetStr& engine_id)
{
  OctetStr auth_key;
  OctetStr priv_key;

  auth_key.set_len(SNMPv3_USM_MAX_KEY_LEN);
  priv_key.set_len(SNMPv3_USM_MAX_KEY_LEN);

  unsigned int auth_key_len = auth_key.len();
  unsigned int priv_key_len = priv_key.len();

  int res = build_localized_keys(engine_id, auth_protocol, priv_protocol,
				 auth_password.data(), auth_password.len(),
				 priv_password.data(), priv_password.len(),
				 auth_key.data(), &auth_key_len,
				 priv_key.data(), &priv_key_len);

  if (res != SNMPv3_USM_OK)
    return res;

  auth_key.set_len(auth_key_len);
  priv_key.set_len(priv_key_len);

  res = usm_user_table->add_entry(engine_id, user_name, security_name,
				  auth_protocol, auth_key,
				  priv_protocol, priv_key);

  auth_key.clear();
  priv_key.clear();

  return res;
}

int USM::add_usm_user(const OctetStr& security_name,
		      const long int  auth_protocol,
		      const long int  priv_protocol,
		      const OctetStr& auth_password,
		      const OctetStr& priv_password)
{
  // usmUserName:     UserName for UserbasedSecurityModel
  // usmSecurityName: UserName for all SecurityModels
  return add_usm_user(security_name, security_name,
		      auth_protocol, priv_protocol,
		      auth_password, priv_password);
}

int USM::delete_localized_user(const OctetStr& usmUserName)
{
  return usm_user_table->delete_entries(usmUserName);
}

int USM::delete_localized_user(const OctetStr& engine_id,
			       const OctetStr& user_name)
{
  return usm_user_table->delete_entry(engine_id, user_name);
}


int USM::build_localized_keys(const OctetStr      &engine_id,
			      const int            auth_prot,
			      const int            priv_prot,
			      const unsigned char *auth_password,
			      const unsigned int   auth_password_len,
			      const unsigned char *priv_password,
			      const unsigned int   priv_password_len,
			      unsigned char *auth_key,
			      unsigned int  *auth_key_len,
			      unsigned char *priv_key,
			      unsigned int  *priv_key_len)
{
  int res = auth_priv->password_to_key_auth(
	                          auth_prot, auth_password,
				  auth_password_len,
				  engine_id.data(), engine_id.len(),
				  auth_key, auth_key_len);

  if (res != SNMPv3_USM_OK)
  {
    if (res == SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL)
    {
	LOG_BEGIN(ERROR_LOG | 4);
	LOG("Could not generate localized key: Unsupported auth protocol");
	LOG(auth_prot);
	LOG_END;
    }
    else
    {
	LOG_BEGIN(ERROR_LOG | 4);
	LOG("Could not generate localized auth key, error code");
	LOG(res);
	LOG_END;
    }
    return res;
  }

  res = auth_priv->password_to_key_priv(auth_prot, priv_prot, priv_password,
					priv_password_len,
					engine_id.data(), engine_id.len(),
					priv_key, priv_key_len);

  if (res != SNMPv3_USM_OK)
  {
    if (res == SNMPv3_USM_UNSUPPORTED_PRIVPROTOCOL)
    {
	LOG_BEGIN(ERROR_LOG | 4);
	LOG("Could not generate localized key: Unsupported priv protocol");
	LOG(priv_prot);
	LOG_END;
    }
    else
    {
	LOG_BEGIN(ERROR_LOG | 4);
	LOG("Could not generate localized priv key, error code");
	LOG(res);
	LOG_END;
    }
    return res;
  }

  return res; // OK
}

struct UsmUser *USM::get_user(const OctetStr &engine_id,
			      const OctetStr &security_name)
{
  debugprintf(7,"USM::get_user: user (%s) engine_id (%s)",
              security_name.get_printable(),engine_id.get_printable());

  struct UsmUserNameTableEntry *name_table_entry = NULL;
  struct UsmUserTableEntry *user_table_entry = NULL;

  user_table_entry = usm_user_table->get_cloned_entry(engine_id,
						      security_name);
  if (!user_table_entry)
  {
    name_table_entry = usm_user_name_table->get_cloned_entry(security_name);
    if (!name_table_entry)
    {
      const struct UsmUserTableEntry *entry;

      BEGIN_AUTO_LOCK(usm_user_table);

      entry = usm_user_table->get_entry(security_name);

      if ((entry) && (engine_id.len() == 0))
      {
        // there is a entry for this security_name in the usmUserTable
        // so return an entry for this user to do engine_id discovery
        struct UsmUser *res = new UsmUser;
        if (!res)
          return 0;

        res->engineID = 0;
        res->engineIDLength = 0;
        res->usmUserName = v3strcpy(entry->usmUserName,
				    entry->usmUserNameLength);
        res->usmUserNameLength = entry->usmUserNameLength;
        res->securityName = v3strcpy(entry->usmUserSecurityName,
				     entry->usmUserSecurityNameLength);
        res->securityNameLength = entry->usmUserSecurityNameLength;
        res->authProtocol = SNMPv3_usmNoAuthProtocol;
        res->authKey = 0;        res->authKeyLength = 0;
        res->privProtocol = SNMPv3_usmNoPrivProtocol;
        res->privKey = 0;        res->privKeyLength = 0;

	if ((res->usmUserNameLength  && !res->usmUserName) ||
	    (res->securityNameLength && !res->securityName))
	{
	    free_user(res);
	}
        return res;
      }
      else
      {
        debugprintf(1, "USM::get_user: User unknown");
        return NULL;
      }
    }
    // here we have valid name_table_entry but not user_table_entry
    if (engine_id.len() == 0)
    {
      // do not add a user
      struct UsmUser *res = new UsmUser;
      if (!res)
      {
	usm_user_name_table->delete_cloned_entry(name_table_entry);
        return 0;
      }
      res->engineID           = 0;
      res->engineIDLength     = 0;
      res->usmUserName        = v3strcpy(name_table_entry->usmUserName.data(),
					 name_table_entry->usmUserName.len());
      res->usmUserNameLength  = name_table_entry->usmUserName.len();
      res->securityName       = v3strcpy(
	                          name_table_entry->usmUserSecurityName.data(),
				  name_table_entry->usmUserSecurityName.len());
      res->securityNameLength = name_table_entry->usmUserSecurityName.len();
      res->authProtocol       = SNMPv3_usmNoAuthProtocol;
      res->authKey            = 0;
      res->authKeyLength      = 0;
      res->privProtocol       = SNMPv3_usmNoPrivProtocol;
      res->privKey            = 0;
      res->privKeyLength      = 0;

      if ((res->usmUserNameLength  && !res->usmUserName) ||
	  (res->securityNameLength && !res->securityName))
      {
	  free_user(res);
      }
      usm_user_name_table->delete_cloned_entry(name_table_entry);
      return res;
    }
    else
    {
      // We can add a new user:
      unsigned char privKey[SNMPv3_USM_MAX_KEY_LEN];
      unsigned char authKey[SNMPv3_USM_MAX_KEY_LEN];
      unsigned int authKeyLength = SNMPv3_USM_MAX_KEY_LEN;
      unsigned int privKeyLength = SNMPv3_USM_MAX_KEY_LEN;

      int res = build_localized_keys(engine_id,
			 name_table_entry->usmUserAuthProtocol,