auth_priv.cpp

来自「JdonFramework need above jdk 1.4.0 This」· C++ 代码 · 共 2,184 行 · 第 1/5 页

		     &symcfb, initVect, &dummy, AES_DECRYPT);
#else
  symmetric_CFB symcfb;

  cfb_start(cipher, initVect, key, key_bytes, rounds, &symcfb);
  cfb_decrypt((unsigned char*)buffer, out_buffer, buffer_len, &symcfb);
#endif

  /* Clear context and plaintext buffer (paranoia!)*/
  memset(&symcfb, 0, sizeof(symcfb));

  *out_buffer_len = buffer_len;

#ifdef __DEBUG
  debughexcprintf(21, "aes DecryptData: Data to decrypt", buffer, buffer_len);
  debughexcprintf(21, "aes DecryptData: used key", key, key_len);
  debughexcprintf(21, "aes DecryptData: used privacy_params",
                  privacy_params, 8);
  debughexcprintf(21, "aes DecryptData: decrypted Data",
                  out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;
}

int PrivAES::extend_short_key(const unsigned char *password,
                              const unsigned int   password_len,
                              const unsigned char *engine_id,
                              const unsigned int   engine_id_len,
                              unsigned char       *key,
                              unsigned int        *key_len,
                              const unsigned int   max_key_len,
                              Auth                *auth)
{
  if (max_key_len < (unsigned)key_bytes)
      return SNMPv3_USM_ERROR;

  int res = 0;
  unsigned char *hash_buf = new unsigned char[auth->get_hash_len()];

  if (!hash_buf)
  {
    debugprintf(0, "Out of mem. Did not get %i bytes.", auth->get_hash_len());
    return SNMPv3_USM_ERROR;
  }

  while (*key_len < (unsigned)key_bytes)
  {
    res = auth->hash(key, *key_len, hash_buf);
    if (res != SNMPv3_USM_OK)
      break;

    int copy_bytes = key_bytes - *key_len;
    if (copy_bytes > auth->get_hash_len())
      copy_bytes = auth->get_hash_len();
    if (*key_len + copy_bytes > max_key_len)
	copy_bytes = max_key_len - *key_len;
    memcpy(key + *key_len, hash_buf, copy_bytes);
    *key_len += copy_bytes;
  }

  if (hash_buf) delete [] hash_buf;

  return res;
}


#endif // _USE_LIBTOMCRYPT or _USE_OPENSSL


#ifdef _USE_3DES_EDE

#if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
Priv3DES_EDE::Priv3DES_EDE()
{
  cipher = find_cipher("3des");
  debugprintf(10, "tomcrypt returned cipher %d", cipher);
}
#endif


int 
Priv3DES_EDE::encrypt(const unsigned char *key,
		      const unsigned int   key_len,
		      const unsigned char *buffer,
		      const unsigned int   buffer_len,
		      unsigned char       *out_buffer,
		      unsigned int        *out_buffer_len,
		      unsigned char       *privacy_params,
		      unsigned int        *privacy_params_len,
		      const unsigned long  engine_boots,
		      const unsigned long  engine_time)
{
  unsigned char initVect[8];
  pp_uint64     my_salt = (*salt)++;
  
#ifdef INVALID_ENCRYPTION
  debugprintf(-10, "\nWARNING: Encrypting with zeroed salt!\n");
  my_salt = 0;
#endif

  /* check space in privacy_params buffer */
  if (*privacy_params_len < 8)
  {
    debugprintf(4, "Buffer too small: should be 8, is (%i).",
                *privacy_params_len);
    return SNMPv3_USM_ENCRYPTION_ERROR;
  }
  /* Length is always 8 */
  *privacy_params_len = 8;

  /* check key length */
  if (key_len < TRIPLEDES_EDE_KEY_LEN)
  {
    debugprintf(4, "Key too small: should be %d, is (%d).",
                TRIPLEDES_EDE_KEY_LEN, key_len);
    return SNMPv3_USM_ENCRYPTION_ERROR;
  }

  /* TODO: check if K1 != K2 != K3 */

  // last 8 bytes of key are used as base for initialization vector
  memcpy((char*)initVect, key+24, 8);

  /* TODO: generate salt as specified in draft */

  // put salt in privacy_params
  for (int j=0; j<4; j++)
  {
    privacy_params[3-j] = (unsigned char) (0xFF & (engine_boots >> (8*j)));
    privacy_params[7-j] = (unsigned char) (0xFF & (my_salt >> (8*j)));
  }

  // xor initVect with salt
  for (int i=0; i<8; i++)
    initVect[i] ^= privacy_params[i];


#ifdef __DEBUG
  debughexcprintf(21, "3DES Data to encrypt", buffer, buffer_len);
  debughexcprintf(21, "3DES used iv", initVect, 8);
  debughexcprintf(21, "3DES key", key, key_len);
#endif

  // The first 24 octets of the 32-octet secret are used as a 3DES-EDE
  // key. Since 3DES-EDE uses only 168 bits the least significant bit
  // in each octet is disregarded

#if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
  DESCBCType symcbc;
  DES_CBC_START_ENCRYPT(cipher, initVect, key, 24, 16, symcbc);

  for(unsigned int k = 0; k <= buffer_len - 8; k += 8) {
    DES_CBC_ENCRYPT(buffer + k, out_buffer + k, symcbc, initVect, 8);
  }

  /* last part of buffer */
  if (buffer_len % 8)
  {
    unsigned char tmp_buf[8];
    unsigned char *tmp_buf_ptr = tmp_buf;
    int start = buffer_len - (buffer_len % 8);
    memset(tmp_buf, 0, 8);
    for (unsigned int l = start; l < buffer_len; l++)
      *tmp_buf_ptr++ = buffer[l];
    DES_CBC_ENCRYPT(tmp_buf, out_buffer + start, symcbc, initVect, 8);
    *out_buffer_len = buffer_len + 8 - (buffer_len % 8);
  }
  else
    *out_buffer_len = buffer_len;

  /* Clear context buffer (paranoia!)*/
  DES_MEMSET(symcbc, 0, sizeof(symcbc));

#else
  DESCBCType ks1, ks2, ks3;

  if ((des_key_sched((C_Block*)(key),     ks1) < 0) ||
      (des_key_sched((C_Block*)(key +8),  ks2) < 0) ||
      (des_key_sched((C_Block*)(key +16), ks3) < 0))
  {
      debugprintf(0, "Starting 3DES-EDE encryption failed.");
      return SNMPv3_USM_ERROR;
  }

  if (buffer_len >= 8)
    for(unsigned int k = 0; k <= (buffer_len - 8); k += 8) 
    {
      DES_EDE3_CBC_ENCRYPT(buffer+k, out_buffer+k, 8,
			   ks1, ks2, ks3, initVect);
    }

  // Last part
  if (buffer_len % 8)
    {
      unsigned char tmp_buf[8];
      unsigned char *tmp_buf_ptr = tmp_buf;
      int start = buffer_len - (buffer_len % 8);
      memset(tmp_buf, 0, 8);
      for (unsigned int l = start; l < buffer_len; l++)
	*tmp_buf_ptr++ = buffer[l];
      DES_EDE3_CBC_ENCRYPT(tmp_buf, out_buffer + start, 8,
			   ks1, ks2, ks3, initVect);
      
      *out_buffer_len = buffer_len + 8 - (buffer_len % 8);
    }
  else
    *out_buffer_len = buffer_len;

  /* Clear context buffer (paranoia!)*/
  DES_MEMSET(ks1, 0, sizeof(ks1));
  DES_MEMSET(ks2, 0, sizeof(ks2));
  DES_MEMSET(ks3, 0, sizeof(ks3));
#endif

#ifdef __DEBUG
  debughexcprintf(21, "3DES created privacy_params", privacy_params, 8);
  debughexcprintf(21, "3DES encrypted Data", out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;
}


int 
Priv3DES_EDE::decrypt(const unsigned char *key,
		      const unsigned int   key_len,
		      const unsigned char *buffer,
		      const unsigned int   buffer_len,
		      unsigned char       *out_buffer,
		      unsigned int        *out_buffer_len,
		      const unsigned char *privacy_params,
		      const unsigned int   privacy_params_len,
		      const unsigned long  engine_boots,
		      const unsigned long  engine_time)
{
  unsigned char initVect[8];

  /* Privacy params length has to be 8  && Length has to be a multiple of 8 */
  if (( buffer_len % 8 ) || (privacy_params_len != 8))
    return SNMPv3_USM_DECRYPTION_ERROR;

  for (int i=0; i<8; i++)
    initVect[i] = privacy_params[i] ^ key[i+24];

  memset((char*)out_buffer, 0, *out_buffer_len);

#ifdef __DEBUG
  debughexcprintf(21, "3DES Data to decrypt", buffer, buffer_len);
  debughexcprintf(21, "3DES privacy_params",  privacy_params, 8);
  debughexcprintf(21, "3DES used iv",   initVect, 8);
  debughexcprintf(21, "3DES key", key, key_len);
#endif

#if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
  DESCBCType symcbc;
  DES_CBC_START_DECRYPT(cipher, initVect, key, 24, 16, symcbc);
  for(unsigned int j=0; j<buffer_len; j+=8 ) {
    DES_CBC_DECRYPT(buffer + j, out_buffer + j, symcbc, initVect, 8);
  }
  /* Clear context (paranoia!) */
  DES_MEMSET(symcbc, 0, sizeof(symcbc));

#else
  DESCBCType ks1, ks2, ks3;

  if ((des_key_sched((C_Block*)(key),     ks1) < 0) ||
      (des_key_sched((C_Block*)(key+8),  ks2) < 0) ||
      (des_key_sched((C_Block*)(key+16), ks3) < 0))
    {
      debugprintf(0, "Starting 3DES-EDE decryption failed.");
      return SNMPv3_USM_ERROR;
    }

  for(unsigned int k=0; k<buffer_len; k+=8 ) 
    {
      DES_EDE3_CBC_DECRYPT(buffer+k, out_buffer+k, 8,
			   ks1, ks2, ks3, initVect);
    }
  /* Clear context (paranoia!) */
  DES_MEMSET(ks1, 0, sizeof(ks1));
  DES_MEMSET(ks2, 0, sizeof(ks2));
  DES_MEMSET(ks3, 0, sizeof(ks3));
#endif

  *out_buffer_len = buffer_len;

#ifdef __DEBUG
  debughexcprintf(21, "3DES decrypted Data", out_buffer, *out_buffer_len);
#endif

  return SNMPv3_USM_OK;  
}


int 
Priv3DES_EDE::extend_short_key(const unsigned char *password,
			       const unsigned int   password_len,
			       const unsigned char *engine_id,
			       const unsigned int   engine_id_len,
			       unsigned char       *key,
			       unsigned int        *key_len,
			       const unsigned int   max_key_len,
			       Auth                *auth)
{
  if (max_key_len < TRIPLEDES_EDE_KEY_LEN)
    return SNMPv3_USM_ERROR;

  unsigned int p2k_output_len = *key_len;
  unsigned char *p2k_buf = new unsigned char[p2k_output_len];
  int res = 0;

  if (!p2k_buf) return SNMPv3_USM_ERROR;

  while (*key_len < TRIPLEDES_EDE_KEY_LEN)
  {
    unsigned int p2k_buf_len = p2k_output_len;

    res = auth->password_to_key(key, *key_len,
				engine_id, engine_id_len,
				p2k_buf, &p2k_buf_len);

    if (res != SNMPv3_USM_OK)
      break;

    unsigned int copy_bytes = TRIPLEDES_EDE_KEY_LEN - *key_len;

    if (copy_bytes > p2k_buf_len)
	copy_bytes = p2k_buf_len;

    if (*key_len + copy_bytes > max_key_len)
	copy_bytes = max_key_len - *key_len;

    memcpy(key + *key_len, p2k_buf, copy_bytes);

    *key_len += copy_bytes;
  }

  if (p2k_buf) delete [] p2k_buf;

  return res;
}

#ifdef _TEST
bool Priv3DES_EDE::test()
{
  int status;
  AuthPriv ap(status);
  if (status != SNMPv3_USM_OK)
      return false;

  if (ap.add_auth(new AuthSHA()) != SNMP_ERROR_SUCCESS)
  {
      debugprintf(0, "Error: could not add AuthSHA.");
      return false;
  }

  if (ap.add_auth(new AuthMD5()) != SNMP_ERROR_SUCCESS)
  {
      debugprintf(0, "Error: could not add AuthMD5.");
      return false;
  }

  if (ap.add_priv(new Priv3DES_EDE()) != SNMP_ERROR_SUCCESS)
  {
      debugprintf(0, "Error: could not add Priv3DES_EDE.");
      return false;
  }

  unsigned char password[11] = "maplesyrup";
  unsigned char engine_id[12];

  memset(engine_id, 0, 11);
  engine_id[11] = 2;

  unsigned char key[TRIPLEDES_EDE_KEY_LEN];
  unsigned int key_len = TRIPLEDES_EDE_KEY_LEN;

  status = ap.password_to_key_priv(SNMP_AUTHPROTOCOL_HMACSHA,
                                   SNMP_PRIVPROTOCOL_3DESEDE,
                                   password, 10,
                                   engine_id, 12,
                                   key,  &key_len);

  debughexcprintf(1, "result key 3DES SHA",
                  key, key_len);

  key_len = TRIPLEDES_EDE_KEY_LEN;
  status = ap.password_to_key_priv(SNMP_AUTHPROTOCOL_HMACMD5,
                                   SNMP_PRIVPROTOCOL_3DESEDE,
                                   password, 10,
                                   engine_id, 12,
                                   key,  &key_len);

  debughexcprintf(1, "result key 3DES MD5",
                  key, key_len);

  unsigned char msg[80] = "This is the secret message, that has to be encrypted!";
  unsigned char enc_buffer[80];
  unsigned int enc_buffer_len = 80;
  unsigned char dec_buffer[80];
  unsigned int dec_buffer_len = 80;
  unsigned char priv_params[64];
  unsigned int priv_params_len = 64;


  status = ap.encrypt_msg(SNMP_PRIVPROTOCOL_3DESEDE,
			  key, key_len, msg, 53,
			  enc_buffer, &enc_buffer_len,
			  priv_params, &priv_params_len, 0x5abc, 0x6def);
  
  debughexcprintf(1, "encrypted text",
                  enc_buffer, enc_buffer_len);

  status = ap.decrypt_msg(SNMP_PRIVPROTOCOL_3DESEDE,
			  key, key_len, enc_buffer, enc_buffer_len,
			  dec_buffer, &dec_buffer_len,
			  priv_params, priv_params_len, 0x5abc, 0x6def);

  dec_buffer[dec_buffer_len] = 0;
  debugprintf(1, "decrypted text: %s",
                  dec_buffer);
  // TODO: check keys and return real value
  return true;
}
#endif

#endif // _USE_3DES_EDE


#ifdef SNMP_PP_NAMESPACE
}; // end of namespace Snmp_pp
#endif 

#endif // _SNMPv3