auth_priv.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,184 行 · 第 1/5 页

}

/* ========================= PRIV ================================*/

/* ----------------------- PrivDES ---------------------------------------*/

#if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
PrivDES::PrivDES()
{
  cipher = find_cipher("des");
}
#endif

int PrivDES::encrypt(const unsigned char *key,
                     const unsigned int   /*key_len*/,
                     const unsigned char *buffer,
                     const unsigned int   buffer_len,
                     unsigned char       *out_buffer,
                     unsigned int        *out_buffer_len,
                     unsigned char       *privacy_params,
                     unsigned int        *privacy_params_len,
                     const unsigned long  engine_boots,
                     const unsigned long  /*engine_time*/)
{
  unsigned char initVect[8];
  pp_uint64     my_salt = (*salt)++;

#ifdef INVALID_ENCRYPTION
  debugprintf(-10, "\nWARNING: Encrypting with zeroed salt!\n");
  my_salt = 0;
#endif

  /* check space in privacy_params buffer */
  if (*privacy_params_len < 8)
  {
    debugprintf(4, "Buffer too small: should be 8, is (%i).",
                *privacy_params_len);
    return SNMPv3_USM_ENCRYPTION_ERROR;
  }
  /* Length is always 8 */
  *privacy_params_len = 8;

  // last 8 bytes of key are used as base for initialization vector
  memcpy((char*)initVect, key+8, 8);

  // put salt in privacy_params
  for (int j=0; j<4; j++)
  {
    privacy_params[3-j] = (unsigned char) (0xFF & (engine_boots >> (8*j)));
    privacy_params[7-j] = (unsigned char) (0xFF & (my_salt >> (8*j)));
  }

  // xor initVect with salt
  for (int i=0; i<8; i++)
    initVect[i] ^= privacy_params[i];

#ifdef __DEBUG
  debughexcprintf(21, "apDESEncryptData: Data to encrypt",
                 buffer, buffer_len);
  debughexcprintf(21, "apDESEncryptData: used key (only 8 bytes used)",
                  key, 16);
  debughexcprintf(21, "apDESEncryptData: used iv",
                  initVect, 8);
#endif

  DESCBCType symcbc;
  DES_CBC_START_ENCRYPT(cipher, initVect, key, 8, 16, symcbc);

  for(unsigned int k = 0; k <= buffer_len - 8; k += 8) {
    DES_CBC_ENCRYPT(buffer + k, out_buffer + k, symcbc, initVect, 8);
  }

  /* last part of buffer */
  if (buffer_len % 8)
  {
    unsigned char tmp_buf[8];
    unsigned char *tmp_buf_ptr = tmp_buf;
    int start = buffer_len - (buffer_len % 8);
    memset(tmp_buf, 0, 8);
    for (unsigned int l = start; l < buffer_len; l++)
      *tmp_buf_ptr++ = buffer[l];
    DES_CBC_ENCRYPT(tmp_buf, out_buffer + start, symcbc, initVect, 8);
    *out_buffer_len = buffer_len + 8 - (buffer_len % 8);
  }
  else
    *out_buffer_len = buffer_len;

  /* Clear context buffer (paranoia!)*/
  DES_MEMSET(symcbc, 0, sizeof(symcbc));

#ifdef __DEBUG
  debughexcprintf(21, "apDESEncryptData: created privacy_params",
                  privacy_params, 8);
  debughexcprintf(21, "apDESEncryptData: encrypted Data",
                  out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;
}



int PrivDES::decrypt(const unsigned char *key,
                     const unsigned int   /*key_len*/,
                     const unsigned char *buffer,
                     const unsigned int   buffer_len,
                     unsigned char *outBuffer,
                     unsigned int  *outBuffer_len,
                     const unsigned char *privacy_params,
                     const unsigned int   privacy_params_len,
		     const unsigned long  /*engine_boots*/,
		     const unsigned long  /*engine_time*/)
{
  unsigned char initVect[8];

  /* Privacy params length has to be 8  && Length has to be a multiple of 8 */
  if (( buffer_len % 8 ) || (privacy_params_len != 8))
    return SNMPv3_USM_DECRYPTION_ERROR;

  for (int i=0; i<8; i++)
    initVect[i] = privacy_params[i] ^ key[i+8];

  memset((char*)outBuffer, 0, *outBuffer_len);

#ifdef __DEBUG
  debughexcprintf(21, "apDESDecryptData: Data to decrypt",
                  buffer, buffer_len);
  debughexcprintf(21, "apDESDecryptData: used key (only 8 bytes used)",
                  key, 16);
  debughexcprintf(21, "apDESDecryptData: used privacy_params",
                  privacy_params, 8);
  debughexcprintf(21, "apDESDecryptData: used iv",
                  initVect, 8);
#endif

  DESCBCType symcbc;
  DES_CBC_START_DECRYPT(cipher, initVect, key, 8, 16, symcbc);
  for(unsigned int j=0; j<buffer_len; j+=8 ) {
    DES_CBC_DECRYPT(buffer + j, outBuffer + j, symcbc, initVect, 8);
  }
  /* Clear context (paranoia!) */
  DES_MEMSET(symcbc, 0, sizeof(symcbc));

  *outBuffer_len = buffer_len;

#ifdef __DEBUG
  debughexcprintf(21, "apDESDecryptData: decrypted Data",
                  outBuffer, *outBuffer_len);
#endif

  return SNMPv3_USM_OK;
}


/* ----------------------- PrivIDEA --------------------------------------*/

#ifdef _USE_IDEA

int PrivIDEA::encrypt(const unsigned char *key,
                      const unsigned int   /*key_len*/,
                      const unsigned char *buffer,
                      const unsigned int   buffer_len,
                      unsigned char       *out_buffer,
                      unsigned int        *out_buffer_len,
                      unsigned char       *privacy_params,
                      unsigned int        *privacy_params_len,
                      const unsigned long  engine_boots,
                      const unsigned long  /*engine_time*/)
{
  IDEAContext CFB_Context;
  pp_uint64 my_salt = (*salt)++;

#ifdef INVALID_ENCRYPTION
  debugprintf(-10, "\nWARNING: Encrypting with zeroed salt!\n");
  my_salt = 0;
#endif

  /* check space in privacy_params buffer */
  if (*privacy_params_len < 8)
  {
    debugprintf(4, "Buffer too small: should be 8, is (%i).", *privacy_params_len);
    return SNMPv3_USM_ENCRYPTION_ERROR;
  }
  /* Length is always 8 */
  *privacy_params_len = 8;

  // last 8 bytes of key are used as base for initialization vector
  unsigned char iv[8];

  memcpy((char*)iv, key+8, 8);

  // put salt in privacy_params
  for (int j=0; j<4; j++)
  {
    privacy_params[3-j] = (unsigned char) (0xFF & (engine_boots >> (8*j)));
    privacy_params[7-j] = (unsigned char) (0xFF & (my_salt >> (8*j)));
  }
  // xor iv with privacy_params
  for (int i=0; i<8; i++)
    iv[i] ^= privacy_params[i];

  idea_set_key(&CFB_Context, key);

  idea_cfb_encrypt(&CFB_Context, iv, out_buffer,
                   buffer, buffer_len);

  /* Clear context (paranoia!) */
  idea_destroy_context(&CFB_Context);

  *out_buffer_len = buffer_len;

#ifdef __DEBUG
  debughexcprintf(21, "apIDEAEncryptData: Data to encrypt",
                  buffer, buffer_len);
  debughexcprintf(21, "apIDEAEncryptData: key",
                  key, 16);
  debughexcprintf(21, "apIDEAEncryptData: privacy_params",
                  privacy_params, 8);
  debughexcprintf(21, "apIDEAEncryptData: encrypted Data",
                  out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;
}

int PrivIDEA::decrypt(const unsigned char *key,
                      const unsigned int   /*key_len*/,
                      const unsigned char *buffer,
                      const unsigned int   buffer_len,
                      unsigned char *out_buffer,
                      unsigned int  *out_buffer_len,
                      const unsigned char *privacy_params,
                      const unsigned int   privacy_params_len,
		      const unsigned long  /*engine_boots*/,
		      const unsigned long  /*engine_time*/)
{
  unsigned char iv[8];
  IDEAContext CFB_Context;

  /* privacy params length has to be 8 */
  if (privacy_params_len != 8)
    return SNMPv3_USM_DECRYPTION_ERROR;

  idea_set_key(&CFB_Context, key);

  memset((char*)out_buffer, 0, *out_buffer_len);

  /* Initialize iv with last 8 bytes of key and xor with privacy_params */
  memcpy((char*)iv, key+8, 8);
  for (int i=0; i<8; i++)
    iv[i] ^= privacy_params[i];

  idea_cfb_decrypt(&CFB_Context, iv, out_buffer,
                   buffer, buffer_len);

  /* Clear context (paranoia!) */
  idea_destroy_context(&CFB_Context);
  memset((char*)iv, 0, 8);

  *out_buffer_len = buffer_len;

#ifdef __DEBUG
  debughexcprintf(21, "apIDEADecryptData: Data to decrypt",
                  buffer, buffer_len);
  debughexcprintf(21, "apIDEADecryptData: key", key, 16);
  debughexcprintf(21, "apIDEAEncryptData: privacy_params", privacy_params, 8);
  debughexcprintf(21, "apIDEADecryptData: decrypted Data",
                  out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;
}

#endif // _USE_IDEA

#if defined(_USE_LIBTOMCRYPT) || defined(_USE_OPENSSL)

PrivAES::PrivAES(const int aes_type_)
  : aes_type(aes_type_)
{
#if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
  cipher = find_cipher("rijndael");
#endif

  switch (aes_type)
  {
    case SNMP_PRIVPROTOCOL_AES128:
      key_bytes = 16;
      rounds = 10;
      break;
    case SNMP_PRIVPROTOCOL_AES192:
      key_bytes = 24;
      rounds = 12;
      break;
    case SNMP_PRIVPROTOCOL_AES256:
      key_bytes = 32;
      rounds = 14;
      break;
    default:
      debugprintf(0, "Wrong AES type: %i.", aes_type);
      key_bytes = 0;
      rounds = 0;
      aes_type = -1; // will cause an error in AuthPriv::add_priv()
  }

  unsigned int testswap = htonl(0x01020304);
  if (testswap == 0x01020304)
    need_byteswap = FALSE;
  else
    need_byteswap = TRUE;
}

const char *PrivAES::get_id_string() const
{
  switch (aes_type)
  {
    case SNMP_PRIVPROTOCOL_AES128: return "AES128";  break;
    case SNMP_PRIVPROTOCOL_AES192: return "AES192";  break;
    case SNMP_PRIVPROTOCOL_AES256: return "AES256";  break;
    default:                       return "error";   break;
  }
};

int PrivAES::encrypt(const unsigned char *key,
		     const unsigned int   key_len,
		     const unsigned char *buffer,
		     const unsigned int   buffer_len,
		     unsigned char       *out_buffer,
		     unsigned int        *out_buffer_len,
		     unsigned char       *privacy_params,
		     unsigned int        *privacy_params_len,
		     const unsigned long  engine_boots,
		     const unsigned long  engine_time)
{
  unsigned char initVect[16];
  pp_uint64 my_salt = (*salt)++;

#ifdef INVALID_ENCRYPTION
  debugprintf(-10, "\nWARNING: Encrypting with zeroed salt!\n");
  my_salt = 0;
#endif

  /* check space in privacy_params buffer */
  if (*privacy_params_len < 8)
  {
    debugprintf(4, "Buffer too small: should be 8, is (%i).",
                *privacy_params_len);
    return SNMPv3_USM_ENCRYPTION_ERROR;
  }
  /* Length is always 8 */
  *privacy_params_len = 8;

  /* Set IV as engine_boots + engine_time + salt */
  unsigned int *tmpi = (unsigned int *)initVect;
  *tmpi++ = htonl(engine_boots);
  *tmpi++ = htonl(engine_time);
  if (need_byteswap)
  {
    *tmpi++ = htonl(my_salt & 0xFFFFFFFF);
    *tmpi   = htonl((my_salt >> 32) & 0xFFFFFFFF);
  }
  else
    memcpy(tmpi, &my_salt, 8);

  /* put byteswapped salt in privacy_params */
  memcpy(privacy_params, initVect + 8, 8);
  debughexcprintf(21, "aes initVect:", initVect, 16);

#ifdef _USE_OPENSSL
  AES_KEY symcfb;
  int dummy = 0;

  if (AES_set_encrypt_key(key, key_len * 8, &symcfb) < 0)
  {
    
    debugprintf(1, "AES_set_encrypt_key(%p, %d, %p) failed.",
		key, key_len * 8, &symcfb);
    return SNMPv3_USM_ERROR;
  }

  AES_cfb128_encrypt(buffer, out_buffer, buffer_len,
		     &symcfb, initVect, &dummy, AES_ENCRYPT);
#else
  symmetric_CFB symcfb;

  cfb_start(cipher, initVect, key, key_bytes, rounds, &symcfb);
  cfb_encrypt((unsigned char*)buffer, out_buffer, buffer_len, &symcfb);
#endif

  /* Clear context and plaintext buffer (paranoia!)*/
  memset(&symcfb, 0, sizeof(symcfb));

  *out_buffer_len = buffer_len;

#ifdef __DEBUG
  debughexcprintf(21, "aes EncryptData: Data to encrypt", buffer, buffer_len);
  debughexcprintf(21, "aes EncryptData: used key", key, key_len);
  debughexcprintf(21, "aes EncryptData: created privacy_params",
                  privacy_params, 8);
  debughexcprintf(21, "aes EncryptData: encrypted Data",
                  out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;
}

int PrivAES::decrypt(const unsigned char *key,
		     const unsigned int   key_len,
		     const unsigned char *buffer,
		     const unsigned int   buffer_len,
		     unsigned char       *out_buffer,
		     unsigned int        *out_buffer_len,
		     const unsigned char *privacy_params,
		     const unsigned int   privacy_params_len,
		     const unsigned long  engine_boots,
		     const unsigned long  engine_time)
{
  unsigned char initVect[16];

  /* Privacy params length has to be 8 */
  if (privacy_params_len != 8)
    return SNMPv3_USM_DECRYPTION_ERROR;

  /* build IV */
  unsigned int *tmp;
  tmp = (unsigned int *)initVect;
  *tmp++ = htonl(engine_boots);
  *tmp = htonl(engine_time);
  memcpy(initVect + 8, privacy_params, 8);
  debughexcprintf(21, "aes initVect:", initVect, 16);

#ifdef _USE_OPENSSL
  int dummy = 0;
  AES_KEY symcfb;

  AES_set_encrypt_key(key, key_len * 8, &symcfb);
  AES_cfb128_encrypt(buffer, out_buffer, buffer_len,