auth_priv.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,184 行 · 第 1/5 页

  LOG_BEGIN(INFO_LOG | 6);
  LOG("AuthPriv: Removed auth protocol (id)");
  LOG(auth_id);
  LOG_END;

  return SNMP_CLASS_SUCCESS;
}


int AuthPriv::add_priv(Priv *new_priv)
{
  if (!new_priv)
  {
    return SNMP_CLASS_ERROR;
  }

  int id = new_priv->get_id();

  if (id < 0)
  {
    return SNMP_CLASS_ERROR;
  }

  if (id >= priv_size)
  {
    PrivPtr *new_array = new PrivPtr[id + 5];
    if (!new_array)
    {
      LOG_BEGIN(ERROR_LOG | 1);
      LOG("AuthPriv: Could not allocate new priv array.");
      LOG_END;

      return SNMP_CLASS_ERROR;
    }
    for (int i=0 ; i<priv_size; i++)
      new_array[i] = priv[i];

    for (int j=priv_size ; j<id + 5; j++)
      new_array[j] = 0;

    PrivPtr *victim = priv;
    priv = new_array;
    delete [] victim;
    priv_size = id + 5;
  }

  new_priv->set_salt(&salt);

  if (priv[id])
  {
    LOG_BEGIN(WARNING_LOG | 4);
    LOG("AuthPriv: deleting old priv object before adding new one (id)");
    LOG(id);
    LOG_END;

    delete priv[id];
  }

  priv[id] = new_priv;

  LOG_BEGIN(INFO_LOG | 6);
  LOG("AuthPriv: Added priv protocol (id)");
  LOG(id);
  LOG_END;

  return SNMP_CLASS_SUCCESS;
}

int AuthPriv::del_priv(const int priv_id)
{
  if ((priv_id < 0) || (priv_id >= priv_size) || (priv[priv_id] == 0))
  {
    LOG_BEGIN(WARNING_LOG | 4);
    LOG("AuthPriv: Request to delete non existing priv protocol (id)");
    LOG(priv_id);
    LOG_END;

    return SNMP_CLASS_ERROR;
  }

  delete priv[priv_id];
  priv[priv_id] = 0;

  LOG_BEGIN(INFO_LOG | 6);
  LOG("AuthPriv: Removed priv protocol (id)");
  LOG(priv_id);
  LOG_END;

  return SNMP_CLASS_SUCCESS;
}

Auth *AuthPriv::get_auth(const int auth_prot)
{
  if ((auth_prot >= 0) && (auth_prot < auth_size))
    return auth[auth_prot];
  return 0;
}

Priv *AuthPriv::get_priv(const int priv_prot)
{
  if ((priv_prot >= 0) && (priv_prot < priv_size))
    return priv[priv_prot];
  return 0;
}

// Get the unique id for the given auth protocol.
int AuthPriv::get_auth_id(const char *string_id) const
{
  for (int i = 0; i < auth_size; ++i)
    if ((auth[i]) && (strcmp(string_id, auth[i]->get_id_string()) == 0))
      return i;
  return -1;
}

// Get the unique id for the given priv protocol.
int AuthPriv::get_priv_id(const char *string_id) const
{
  for (int i = 0; i < priv_size; ++i)
    if ((priv[i]) && (strcmp(string_id, priv[i]->get_id_string()) == 0))
      return i;
  return -1;
}

int AuthPriv::get_keychange_value(const int       auth_prot,
                                  const OctetStr& old_key,
                                  const OctetStr& new_key,
                                  OctetStr&       keychange_value)
{

  // uses fixed key length determined from oldkey!
  // works with SHA and MD5
  // modifications needed to support variable length keys
  // algorithm according to USM-document textual convention KeyChange

  int key_len = old_key.len();

  Auth *a = get_auth(auth_prot);

  if (!a)
    return SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL;

  // compute random value
  OctetStr random = "";

  for (int i=0; i<key_len; i++) {
#ifdef _TEST
    // do not use random values for testing
    random += OctetStr((unsigned char*)"\0",1);
#else
    char tmprand = rand();
    random += tmprand;
#endif
  }

#ifdef __DEBUG
  debugprintf(21, "Values for keyChange:");
  debughexcprintf(21, "old_key", old_key.data(), old_key.len());
  debughexcprintf(21, "new_key", new_key.data(), new_key.len());
  debughexcprintf(21, "random value", random.data(), random.len());
#endif

  // step 1: initialize temporary variable
  OctetStr tmp = old_key;

  // step 2: nothing to do as we only support fixed length keys ;-)
  // step 3:
  tmp += random;
  unsigned char digest[SNMPv3_USM_MAX_KEY_LEN];
  memset((char*)digest, 0, SNMPv3_USM_MAX_KEY_LEN);

  a->hash(tmp.data(), tmp.len(), digest);

  // step 4:
  keychange_value = random;
  keychange_value += new_key;
  for (unsigned int j = key_len; j < keychange_value.len(); j++) {
    keychange_value[j] = keychange_value[j] ^ digest[j - key_len];
  }

#ifdef __DEBUG
  debughexcprintf(21, "keychange_value",
                  keychange_value.data(), keychange_value.len());
#endif

  return SNMPv3_USM_OK;
}

int AuthPriv::password_to_key_auth(const int            auth_prot,
                                   const unsigned char *password,
                                   const unsigned int   password_len,
                                   const unsigned char *engine_id,
                                   const unsigned int   engine_id_len,
                                   unsigned char *key,
                                   unsigned int  *key_len)
{
  if (auth_prot == SNMP_AUTHPROTOCOL_NONE)
  {
    *key_len = 0;
    return SNMPv3_USM_OK;
  }

  if (!password || (password_len == 0))
  {
    LOG_BEGIN(WARNING_LOG | 2);
    LOG("AuthPriv: Password to key auth needs a non empty password");
    LOG_END;

    return SNMPv3_USM_ERROR;
  }

  Auth *a = get_auth(auth_prot);

  if (!a)
    return SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL;

  int res = a->password_to_key(password, password_len,
                               engine_id, engine_id_len,
                               key, key_len);

  return res;
}


int AuthPriv::password_to_key_priv(const int            auth_prot,
                                   const int            priv_prot,
                                   const unsigned char *password,
                                   const unsigned int   password_len,
                                   const unsigned char *engine_id,
                                   const unsigned int   engine_id_len,
                                   unsigned char *key,
                                   unsigned int  *key_len)
{
  /* check for priv protocol */
  if (priv_prot == SNMP_PRIVPROTOCOL_NONE)
  {
    *key_len = 0;
    return SNMPv3_USM_OK;
  }

  if (!password || (password_len == 0))
  {
    LOG_BEGIN(WARNING_LOG | 2);
    LOG("AuthPriv: Password to key priv needs a non empty password");
    LOG_END;

    return SNMPv3_USM_ERROR;
  }

  Priv *p = get_priv(priv_prot);
  Auth *a = get_auth(auth_prot);

  if (!p)  return SNMPv3_USM_UNSUPPORTED_PRIVPROTOCOL;
  if (!a)  return SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL;

  unsigned int max_key_len = *key_len; /* save length of buffer! */
  unsigned int min_key_len = p->get_min_key_len();

  /* check if buffer for key is long enough */
  if (min_key_len > max_key_len)
    return SNMPv3_USM_ERROR; // TODO: better error code!

  int res = password_to_key_auth(auth_prot,
				 password, password_len,
				 engine_id, engine_id_len,
				 key, key_len);
  if (res != SNMPv3_USM_OK)
    return res;

  /* We have a too short key: Call priv protocoll to extend it */
  if (*key_len < min_key_len)
  {
    res = p->extend_short_key(password, password_len,
			      engine_id, engine_id_len,
			      key, key_len, max_key_len, a);
    if (res != SNMPv3_USM_OK)
      return res;
  }

  /* make sure key length is valid */
  p->fix_key_len(*key_len);

  return SNMPv3_USM_OK;
}




int AuthPriv::encrypt_msg(const int            priv_prot,
                          const unsigned char *key,
                          const unsigned int   key_len,
                          const unsigned char *buffer,
                          const unsigned int   buffer_len,
                          unsigned char       *out_buffer,
                          unsigned int        *out_buffer_len,
                          unsigned char       *privacy_params,
                          unsigned int        *privacy_params_len,
                          const unsigned long  engine_boots,
                          const unsigned long  engine_time)
{
  /* check for priv protocol */
  Priv *p = get_priv(priv_prot);

  if (!p)
    return SNMPv3_USM_UNSUPPORTED_PRIVPROTOCOL;

  return p->encrypt(key, key_len, buffer, buffer_len,
                    out_buffer, out_buffer_len,
                    privacy_params, privacy_params_len,
                    engine_boots, engine_time);
}

int AuthPriv::decrypt_msg(const int            priv_prot,
                          const unsigned char *key,
                          const unsigned int   key_len,
                          const unsigned char *buffer,
                          const unsigned int   buffer_len,
                          unsigned char       *out_buffer,
                          unsigned int        *out_buffer_len,
                          const unsigned char *privacy_params,
                          const unsigned int   privacy_params_len,
			  const unsigned long  engine_boots,
			  const unsigned long  engine_time)
{
  /* check for priv protocol */
  Priv *p = get_priv(priv_prot);

  if (!p)
    return SNMPv3_USM_UNSUPPORTED_PRIVPROTOCOL;

  return p->decrypt(key, key_len, buffer, buffer_len,
                    out_buffer, out_buffer_len,
                    privacy_params, privacy_params_len,
		    engine_boots, engine_time);
}


int AuthPriv::add_default_modules()
{
  int ret = SNMP_CLASS_SUCCESS;

  if (add_auth(new AuthSHA()) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol AuthSHA.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }

  if (add_auth(new AuthMD5()) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol AuthMD5.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }

  if (add_priv(new PrivDES()) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol PrivDES.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }

#ifdef _USE_IDEA
  if (add_priv(new PrivIDEA()) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol PrivIDEA.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }
#endif

#if defined(_USE_LIBTOMCRYPT) || defined(_USE_OPENSSL)
  if (add_priv(new PrivAES(SNMP_PRIVPROTOCOL_AES128)) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol PrivAES 128.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }

  if (add_priv(new PrivAES(SNMP_PRIVPROTOCOL_AES192)) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol PrivAES 192.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }

  if (add_priv(new PrivAES(SNMP_PRIVPROTOCOL_AES256)) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol PrivAES 256.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }
#endif

#ifdef _USE_3DES_EDE
  if (add_priv(new Priv3DES_EDE()) != SNMP_ERROR_SUCCESS)
  {
    LOG_BEGIN(ERROR_LOG | 1);
    LOG("AuthPriv: Could not add default protocol Priv3DES_EDE.");
    LOG_END;

    ret = SNMP_CLASS_ERROR;
  }
#endif


  if (ret == SNMP_CLASS_SUCCESS)
  {
    LOG_BEGIN(INFO_LOG | 3);
    LOG("AuthPriv: Added default Auth and Priv protocols.");
    LOG_END;
  }

  return ret;
}

int AuthPriv::get_auth_params_len(const int auth_prot)
{
  Auth *a = get_auth(auth_prot);

  if (!a)
    return 0;