auth_priv.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,184 行 · 第 1/5 页

  return a->get_auth_params_len();
}

int AuthPriv::get_priv_params_len(const int priv_prot)
{
  Priv *p = get_priv(priv_prot);

  if (!p)
    return 0;

  return p->get_priv_params_len();
}

int AuthPriv::auth_out_msg(const int            auth_prot,
                           const unsigned char *key,
                           unsigned char       *msg,
                           const int            msg_len,
                           unsigned char       *auth_par_ptr)
{
  if (auth_prot == SNMP_AUTHPROTOCOL_NONE)
    return SNMPv3_USM_UNSUPPORTED_SECURITY_LEVEL;

  Auth *a = get_auth(auth_prot);

  if (!a)
    return SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL;

  return a->auth_out_msg(key, msg, msg_len, auth_par_ptr);
}

int AuthPriv::auth_inc_msg(const int            auth_prot,
                           const unsigned char *key,
                           unsigned char       *msg,
                           const int            msg_len,
                           unsigned char       *auth_par_ptr,
                           const int            auth_par_len)
{
  if (auth_prot == SNMP_AUTHPROTOCOL_NONE)
    return SNMPv3_USM_UNSUPPORTED_SECURITY_LEVEL;

  Auth *a = get_auth(auth_prot);

  if (!a)
    return SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL;

  /* @todo check if auth par is inside msg
  if ((auth_par_ptr < msg) ||
      (msg + msg_len < auth_par_ptr + auth_par_len))
  {
    LOG_BEGIN(WARNING_LOG | 1);
    LOG("AuthPriv: Authentication data is not within message (msg start) (len) (auth start) (len)");
    LOG(msg);
    LOG(msg_len);
    LOG(auth_par_ptr);
    LOG(auth_par_len);
    LOG_END;

    return SNMPv3_USM_ERROR;
  }
  */

  return a->auth_inc_msg(key, msg, msg_len, auth_par_ptr, auth_par_len);
}

/* ========================================================== */

/* ----------------------- AuthSHA ---------------------------------------*/

int AuthSHA::password_to_key(const unsigned char *password,
                             const unsigned int   password_len,
                             const unsigned char *engine_id,
                             const unsigned int   engine_id_len,
                             unsigned char *key,
                             unsigned int *key_len)
{
  *key_len = 20; /* All SHA keys have 20 bytes length */

#ifdef __DEBUG
  debugprintf(5,"password_to_key SHA: password: (%s).",
	      OctetStr(password, password_len).get_printable());
  debugprintf(5,"password_to_key SHA: engine_id: (%s).",
	      OctetStr(engine_id, engine_id_len).get_printable());
#endif

  SHAHashStateType sha_hash_state;
  unsigned char *cp, password_buf[72];
  unsigned long  password_index = 0;
  unsigned long  count = 0, i;

  SHA1_INIT(&sha_hash_state);   /* initialize SHA */

  /**********************************************/
  /* Use while loop until we've done 1 Megabyte */
  /**********************************************/
  while (count < 1048576) {
    cp = password_buf;
    for (i = 0; i < 64; i++) {
      /*************************************************/
      /* Take the next octet of the password, wrapping */
      /* to the beginning of the password as necessary.*/
      /*************************************************/
      *cp++ = password[password_index++ % password_len];
    }

    SHA1_PROCESS(&sha_hash_state, password_buf, 64);
    count += 64;
  }

  SHA1_DONE(&sha_hash_state, key);          /* tell SHA we're done */

#ifdef __DEBUG
  debughexcprintf(21, "key", key, *key_len);
#endif

  /*****************************************************/
  /* Now localize the key with the engine_id and pass  */
  /* through SHA to produce final key                  */
  /* May want to ensure that engine_id_len <= 32,      */
  /* otherwise need to use a buffer larger than 72     */
  /*****************************************************/
  memcpy(password_buf,                            key,       *key_len);
  memcpy(password_buf + *key_len,                 engine_id, engine_id_len);
  memcpy(password_buf + *key_len + engine_id_len, key,       *key_len);

  SHA1_INIT(&sha_hash_state);
  SHA1_PROCESS(&sha_hash_state, password_buf, (2 * *key_len) + engine_id_len);
  SHA1_DONE(&sha_hash_state, key);

#ifdef __DEBUG
  debughexcprintf(21, "localized key", key, *key_len);
#endif

  return SNMPv3_USM_OK;
}

int AuthSHA::hash(const unsigned char *data,
                  const unsigned int   data_len,
                  unsigned char       *digest) const
{
  SHAHashStateType sha_hash_state;

  SHA1_INIT(&sha_hash_state);
  SHA1_PROCESS(&sha_hash_state, data, data_len);
  SHA1_DONE(&sha_hash_state, digest);

  return SNMPv3_USM_OK;
}

int AuthSHA::auth_out_msg(const unsigned char *key,
                          unsigned char *msg,
                          const int msg_len,
                          unsigned char *auth_par_ptr)
{
  SHAHashStateType sha_hash_state;
  int           key_len = 20; /* We use only 20 Byte Key! */
  unsigned char digest[20];
  unsigned char k_ipad[65];   /* inner padding - key XORd with ipad */
  unsigned char k_opad[65];   /* outer padding - key XORd with opad */

  memset((char*)(auth_par_ptr), 0, 12);

#ifdef __DEBUG
  debughexcprintf(21, "key", key, 16);
#endif

  /*
   * the HMAC_SHA transform looks like:
   *
   * SHA(K XOR opad, SHA(K XOR ipad, msg))
   *
   * where K is an n byte key
   * ipad is the byte 0x36 repeated 64 times
   * opad is the byte 0x5c repeated 64 times
   * and text is the data being protected
   */

  /* start out by storing ipads and opads in pads */
  memset( (char*)k_ipad, 0x36, sizeof k_ipad);
  memset( (char*)k_opad, 0x5c, sizeof k_opad);

  /* XOR pads with key */
  for (int i=0; i < key_len; ++i) {
    k_ipad[i] ^= key[i];
    k_opad[i] ^= key[i];
  }

  /* perform inner SHA */
  SHA1_INIT(&sha_hash_state);           /* init sha_hash_state for 1st pass */
  SHA1_PROCESS(&sha_hash_state, k_ipad, 64);   /* start with inner pad      */
  SHA1_PROCESS(&sha_hash_state, msg, msg_len); /* then text of datagram     */
  SHA1_DONE(&sha_hash_state, digest);          /* finish up 1st pass        */
  /* perform outer SHA */
  SHA1_INIT(&sha_hash_state);           /* init sha_hash_state for 2nd pass */
  SHA1_PROCESS(&sha_hash_state, k_opad, 64);   /* start with outer pad      */
  SHA1_PROCESS(&sha_hash_state, digest, 20);   /* then results of 1st hash  */
  SHA1_DONE(&sha_hash_state, digest);          /* finish up 2nd pass        */

#ifdef __DEBUG
  debughexcprintf(21,"digest", digest, 160 / 8);
#endif

  memcpy(auth_par_ptr, digest, 12);

  return SNMPv3_USM_OK;
}


int AuthSHA::auth_inc_msg(const unsigned char *key,
                          unsigned char *msg,
                          const int msg_len,
                          unsigned char *auth_par_ptr,
                          const int      auth_par_len)
{
  unsigned char receivedDigest[20];

  if (auth_par_len != 12)
  {
    debugprintf(4, "SHA illegal digest length (%d), authentication FAILED.",
		auth_par_len);
    return SNMPv3_USM_AUTHENTICATION_FAILURE;
  }

#ifdef __DEBUG
  debughexcprintf(21, "digest in Message", auth_par_ptr, 12);
  debughexcprintf(21, "key", key, 20);
#endif

  /* Save received digest */
  memcpy(receivedDigest, auth_par_ptr, 12);

  if (SNMPv3_USM_OK != auth_out_msg(key, msg, msg_len, auth_par_ptr))
  {
    /* copy digest back into message and return error */
    memcpy(auth_par_ptr, receivedDigest, 12);
    debugprintf(4, "SHA authentication FAILED (1).");
    return SNMPv3_USM_AUTHENTICATION_FAILURE;
  }

  /* compare digest to received digest */
  for (int i=0; i < 12 ; ++i)
  {
    if (auth_par_ptr[i] != receivedDigest[i])
    {
      /* copy digest back into message and return error */
      memcpy(auth_par_ptr, receivedDigest, 12);
      debugprintf(4, "SHA authentication FAILED.");
      return SNMPv3_USM_AUTHENTICATION_FAILURE;
    }
  }
  debugprintf(4, "SHA authentication OK.");
  return SNMPv3_USM_OK;
}


/* ----------------------- AuthMD5 ---------------------------------------*/

int AuthMD5::password_to_key(const unsigned char *password,
                             const unsigned int   password_len,
                             const unsigned char *engine_id,
                             const unsigned int   engine_id_len,
                             unsigned char *key,
                             unsigned int *key_len)
{
  *key_len = 16; /* All MD5 keys have 16 bytes length */

#ifdef __DEBUG
  debugprintf(5,"password: %s.",
              OctetStr(password, password_len).get_printable());
  debugprintf(5,"engineID: %s.",
              OctetStr(engine_id, engine_id_len).get_printable());
#endif

  MD5HashStateType md5_hash_state;
  unsigned char  *cp, password_buf[65];
  unsigned long   password_index = 0;
  unsigned long   count = 0, i;

  MD5_INIT(&md5_hash_state);   /* initialize MD5 */

  /**********************************************/
  /* Use while loop until we've done 1 Megabyte */
  /**********************************************/
  while (count < 1048576) {
    cp = password_buf;
    for (i = 0; i < 64; i++) {
      /*************************************************/
      /* Take the next octet of the password, wrapping */
      /* to the beginning of the password as necessary.*/
      /*************************************************/
      *cp++ = password[password_index++ % password_len];
    }
    MD5_PROCESS(&md5_hash_state, password_buf, 64);
    count += 64;
  }
  MD5_DONE(&md5_hash_state, key);      /* tell MD5 we're done */

#ifdef __DEBUG
  debughexcprintf(21, "key", key, *key_len);
#endif

  /*****************************************************/
  /* Now localize the key with the engine_id and pass  */
  /* through MD5 to produce final key                  */
  /* May want to ensure that engine_id_len <= 32,      */
  /* otherwise need to use a buffer larger than 64     */
  /*****************************************************/
  memcpy(password_buf,                            key,       *key_len);
  memcpy(password_buf + *key_len,                 engine_id, engine_id_len);
  memcpy(password_buf + *key_len + engine_id_len, key,       *key_len);

  MD5_INIT(&md5_hash_state);
  MD5_PROCESS(&md5_hash_state, password_buf, (2 * *key_len) + engine_id_len);
  MD5_DONE(&md5_hash_state, key);

#ifdef __DEBUG
  debughexcprintf(21, "localized key", key, *key_len);
#endif

  return SNMPv3_USM_OK;
}

int AuthMD5::hash(const unsigned char *data,
                  const unsigned int   data_len,
                  unsigned char       *digest) const
{
  MD5HashStateType md5_hash_state;

  MD5_INIT(&md5_hash_state);
  MD5_PROCESS(&md5_hash_state, data, data_len);
  MD5_DONE(&md5_hash_state, digest);

  return SNMPv3_USM_OK;
}

int AuthMD5::auth_out_msg(const unsigned char *key,
                          unsigned char *msg,
                          const int      msg_len,
                          unsigned char *auth_par_ptr)
{
  MD5HashStateType md5_hash_state;
  int           key_len = 16; /* We use only 16 Byte Key! */
  unsigned char digest[16];
  unsigned char k_ipad[65];   /* inner padding - key XORd with ipad */
  unsigned char k_opad[65];   /* outer padding - key XORd with opad */

  memset((char*)(auth_par_ptr), 0, 12);

#ifdef __DEBUG
  debughexcprintf(21, "key", key, 16);
#endif

  /*
   * the HMAC_MD5 transform looks like:
   *
   * MD5(K XOR opad, MD5(K XOR ipad, msg))
   *
   * where K is an n byte key
   * ipad is the byte 0x36 repeated 64 times
   * opad is the byte 0x5c repeated 64 times
   * and text is the data being protected
   */

  /* start out by storing key in pads */
  memset( (char*)k_ipad, 0, sizeof k_ipad);
  memset( (char*)k_opad, 0, sizeof k_opad);
  memcpy( (char*)k_ipad, (char*)key, key_len);
  memcpy( (char*)k_opad, (char*)key, key_len);

  /* XOR key with ipad and opad values */
  for (int i=0; i<64; i++) {
    k_ipad[i] ^= 0x36;
    k_opad[i] ^= 0x5c;
  }

  /* perform inner MD5 */
  MD5_INIT(&md5_hash_state);            /* init md5_hash_state for 1st pass */
  MD5_PROCESS(&md5_hash_state, k_ipad, 64);    /* start with inner pad      */
  MD5_PROCESS(&md5_hash_state, msg, msg_len);  /* then text of datagram     */
  MD5_DONE(&md5_hash_state, digest);           /* finish up 1st pass        */
  /* perform outer MD5 */
  MD5_INIT(&md5_hash_state);            /* init md5_hash_state for 2nd pass */
  MD5_PROCESS(&md5_hash_state, k_opad, 64);    /* start with outer pad      */
  MD5_PROCESS(&md5_hash_state, digest, 16);    /* then results of 1st hash  */
  MD5_DONE(&md5_hash_state, digest);           /* finish up 2nd pass        */

#ifdef __DEBUG
  debughexcprintf(21, "digest", digest, 128 / 8);
#endif

  memcpy(auth_par_ptr, digest, 12);

  return SNMPv3_USM_OK;
}

int AuthMD5::auth_inc_msg(const unsigned char *key,
                          unsigned char *msg,
                          const int msg_len,
                          unsigned char *auth_par_ptr,
                          const int      auth_par_len)
{
  unsigned char receivedDigest[16];

  if (auth_par_len != 12)
  {
    debugprintf(4, "MD5 illegal digest length (%d), authentication FAILED.",
		auth_par_len);
    return SNMPv3_USM_AUTHENTICATION_FAILURE;
  }

#ifdef __DEBUG
  debughexcprintf(21, "digest in Message", auth_par_ptr, 12);
  debughexcprintf(21, "key", key, 16);
#endif

  memcpy(receivedDigest, auth_par_ptr, 12);

  if (SNMPv3_USM_OK != auth_out_msg(key, msg, msg_len, auth_par_ptr))
  {
    /* copy digest back into message and return error */
    memcpy(auth_par_ptr, receivedDigest, 12);
    debugprintf(4, "MD5 authentication FAILED (1).");
    return SNMPv3_USM_AUTHENTICATION_FAILURE;
  }

  /* compare digest to received digest */
  for (int i=0; i < 12 ; ++i)
  {
    if (auth_par_ptr[i] != receivedDigest[i])
    {
      /* copy digest back into message and return error */
      memcpy(auth_par_ptr, receivedDigest, 12);
      debugprintf(4, "MD5 authentication FAILED.");
      return SNMPv3_USM_AUTHENTICATION_FAILURE;
    }
  }
  debugprintf(4, "MD5 authentication OK.");
  return SNMPv3_USM_OK;