v3_auth.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

ctx = &real_ctx;
#endif /* INSTALL_ENVOY_HEAP_LARGE_VARS */

/* save the digest and then 0 it out */
MEMCPY(saved_digest, digest, auth->need);
MEMSET(digest, 0, auth->need);

/* do the digest */
InitHmacCTX(ctx, auth->hashinit, auth->hashupdate, 
            auth->hashfinal, (bits32_t)auth->digestsize);
hmac_init(ctx, key, (bits32_t)keylen);
hmac_update(ctx, buffp, (bits32_t)buflen);
hmac_final(ctx, key, (bits32_t)keylen, out_digest); 

#if INSTALL_ENVOY_HEAP_LARGE_VARS
SNMP_memory_free(ctx);
#endif /* INSTALL_ENVOY_HEAP_LARGE_VARS */

/* decide if we need to verify or store the digest */
if (verify)
    /* compare the new digest with the saved digest */
    return(MEMCMP(saved_digest, out_digest, auth->need));
else {
    /* insert the computed digest into the return area */
    MEMCPY(digest, out_digest, auth->need);
    return(0);
    }
}

/*******************************************************************************
*
* SNMP_V3_Pass2Key - generate localized keys from passwords or other keys
* SYNOPSIS
*
* \cs
* int SNMP_V3_Pass2Key 
*     (
*     SNMP_AUTH_T  *  auth, 
*     bits8_t      *  password, 
*     ALENGTH_T       pass_len, 
*     bits8_t      *  key, 
*     ALENGTH_T       key_len, 
*     bits8_t      *  engine_id, 
*     ALENGTH_T       engine_id_len, 
*     int             flags 
*     )
* \ce
*
* DESCRIPTION
*
* This routine generates localized keys from passwords or other keys as 
* described in RFC 2574. After this routine determines a <key>, it digests it 
* with the specified <engine_id> to localize it.
*
* \&NOTE: This function assumes that the <hash*> fields of <auth> contain the 
* raw digesting functions. If you add a new authentication scheme, you must add 
* those functions or use a different password to key function.
*
* PARAMETERS
* \is
* \i <*auth>
* Contain the raw conversion and localization digesting routines.
* \i <*password>
* Specify the password.
* \i <pass_len>
* Specify the length in bytes of the <password>.
* \i <*key>
* On input, specifies a non-local key when <flags> is 0. On output, contains 
* the localized key.
* \i <keylen>
* Specify the length in bytes of the localized <key>.
* \i <*engine_id>
* Specify the engine Id.
* \i <engine_id_len>
* Specify the length in bytes of <engine_id>.
* \i <flags>
* When set to 0, indicate that this routine should use the data in <key> and 
* <keylen> as the nonlocal key.
* \ie
*
* RETURNS: If successful, this routine returns 0 and the value of localized key 
* in <key>. If the key length specified is not equal to the key size or the 
* context is null, this routine returns -1.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Auth_Add(), SNMP_Priv_Add()
*/
int
  SNMP_V3_Pass2Key(SNMP_AUTH_T *auth,
                   bits8_t     *password,
                   ALENGTH_T    pass_len,
                   bits8_t     *key,
                   ALENGTH_T    key_len,
                   bits8_t     *engineid,
                   ALENGTH_T    engineid_len,
                   int          password_flag)
{
bits8_t *context;
sbits32_t i;

/* check that the key string is the right length */
if (key_len != auth->keysize)
    return(-1);

context = SNMP_memory_alloc(auth->ctxsize);
if (context == 0)
    return(-1);

if (password_flag) {
    auth->hashinit(context);
    for (i = pass_len; i < V3_AUTH_MEGABYTE; i += pass_len)
        auth->hashupdate(context, password, (bits32_t)pass_len);
    auth->hashupdate(context, password,
                     (bits32_t)(V3_AUTH_MEGABYTE - (i - pass_len)));
    auth->hashfinal(context, key);
    }

auth->hashinit(context);
auth->hashupdate(context, key, (bits32_t)key_len);
auth->hashupdate(context, engineid, (bits32_t)engineid_len);
auth->hashupdate(context, key, (bits32_t)key_len);
auth->hashfinal(context, key);

SNMP_memory_free(context);
return(0);
}

/****************************************************************************
\NOMANUAL
NAME: SNMP_V3_KeyChange

PURPOSE: Routine to perform the keychange scheme from rfc2274
         Basically we digest the current key and the first part
         of the keychange string, then we xor the second part
         of the keychagne string with the result and store the
         result back into the key buffer.

PARAMETERS: SNMP_AUTH_T * authentication block
            bits8_t     * starting key
            ALENGTH_T     key length
            bits8_t     * string of bytes for changing the key
            ALENGTH_T     length of string

RETURNS: int, 0 on success
****************************************************************************/
int
  SNMP_V3_KeyChange(SNMP_AUTH_T *auth,
                    bits8_t     *key,
                    ALENGTH_T    key_len,
                    bits8_t     *keychange,
                    ALENGTH_T    keychange_len)
{
bits8_t *context, *digest;
sbits32_t i;

context = SNMP_memory_alloc(auth->ctxsize + auth->digestsize);
if (context == 0)
    return(-1);
digest = context + auth->ctxsize;

auth->hashinit(context);
auth->hashupdate(context, key, (bits32_t)key_len);
auth->hashupdate(context, keychange, (bits32_t)key_len);
auth->hashfinal(context, digest);
for (i = key_len, keychange += key_len; i; i--, key++, digest++, keychange++)
    *key = *digest ^ *keychange;

SNMP_memory_free(context);
return(0);
}

#if INSTALL_SNMP_V3_DIFFIE_HELLMAN

/****************************************************************************
\NOMANUAL
NAME: SNMP_V3_DHKeyChange

PURPOSE:    Routine to perform the DH keychange operation per RFC-2631/-2786.

PARAMETERS: DHvalues - Pointer to a DH structure
            pubKey   - The public key from the entity doing the key exchange
            ssk      - Pointer to a pointer to the new shared/secret key
            sskLen   - Pointer to the length of the new shared/secret key

RETURNS: int, 0 on success
****************************************************************************/

int SNMP_V3_DHKeyChange (DH *DHvalues, BIGNUM *pubKey,
                         bits8_t **ssk, int *sskLen)
{
    /* Initialize the DH structure */

    BN_clear (DHvalues -> p);
    BN_clear (DHvalues -> g);

    /* Copy the current usmDHParameters values into the DH structure */

    if (BN_copy (DHvalues -> p, SNMP_DH_params.prime) == NULL) return -1;
    if (BN_copy (DHvalues -> g, SNMP_DH_params.base)  == NULL) return -1;
    DHvalues -> length = SNMP_DH_params.pvl;

    /* Generate shared secret key */

    if (!(*sskLen = DH_size (DHvalues))) return -1;
    if ((*ssk = SNMP_memory_alloc (*sskLen)) == 0) return -1;
    if ((DH_compute_key (*ssk, pubKey, DHvalues)) == -1)
    {
        SNMP_memory_free (*ssk);
        return -1;
    }

    return 0;
}

#endif /* INSTALL_SNMP_V3_DIFFIE_HELLMAN */


#if INSTALL_ENVOY_MD5
/* the following 3 functions are HMACs interface to MD5 */

static
  void hmac_glue_md5_init (void *state)
{
MD5Init ((MD5_CTX *) state);
}

static
  void hmac_glue_md5_update(void    *state,
                            bits8_t *data,
                            bits32_t datalen)
{
MD5Update ((MD5_CTX *) state, data, datalen);
}

static
  void hmac_glue_md5_final(void    *state,
                           bits8_t *output)
{
MD5Final ((MD5_CTX *) state);
MEMCPY(output, ((MD5_CTX *) state)->digest, V3_HMAC_MD5_DIGEST);     
}

static OIDC_T v3_md5_obj[] = {1, 3, 6, 1, 6, 3, 10, 1, 1, 2};

SNMP_AUTH_T v3_auth_md5 = {0, {sizeof(v3_md5_obj)/sizeof(OIDC_T), v3_md5_obj}, 
                           hmac_glue_md5_init, hmac_glue_md5_update,
                           hmac_glue_md5_final, v3_auth_authenticate, 
                           V3_HMAC_MD5_NEEDS, V3_HMAC_MD5_KEYSIZE,
                           V3_HMAC_MD5_DIGEST, sizeof(MD5_CTX)};

/****************************************************************************
\NOMANUAL
NAME: SNMP_Auth_Add_MD5

PURPOSE: Add the md5 authentication block to the list of authentication
         schemes we understand

PARAMETERS: 

RETURNS: int, 0 on success
****************************************************************************/

int
  SNMP_Auth_Add_MD5(void)
{
return(SNMP_Auth_Add(&v3_auth_md5));
}

#endif /* #if INSTALL_ENVOY_MD5 */


#if INSTALL_ENVOY_SHA
/* the following 3 functions are HMACs interface to SHA */

static
  void hmac_glue_sha_init (void *state)
{
sha_init ((SHA_CTX *) state);
}

static
  void hmac_glue_sha_update(void    *state,
                            bits8_t *data,
                            bits32_t datalen)
{
sha_update ((SHA_CTX *) state, data, datalen);
}

static
  void hmac_glue_sha_final(void    *state,
                           bits8_t *output)
{
sha_final ((SHA_CTX *) state);
MEMCPY(output, ((SHA_CTX *) state)->digest, V3_HMAC_SHA_DIGEST);     
}

static OIDC_T v3_sha_obj[] = {1, 3, 6, 1, 6, 3, 10, 1, 1, 3};

SNMP_AUTH_T v3_auth_sha = {0, {sizeof(v3_sha_obj)/sizeof(OIDC_T), v3_sha_obj}, 
                           hmac_glue_sha_init, hmac_glue_sha_update,
                           hmac_glue_sha_final, v3_auth_authenticate, 
                           V3_HMAC_SHA_NEEDS, V3_HMAC_SHA_KEYSIZE,
                           V3_HMAC_SHA_DIGEST, sizeof(SHA_CTX)};

/****************************************************************************
\NOMANUAL
NAME: SNMP_Auth_Add_SHA

PURPOSE: Add the sha authentication block to the list of authentication
         schemes we understand

PARAMETERS: nothing

RETURNS: int, 0 on success
****************************************************************************/

int
  SNMP_Auth_Add_SHA(void)
{
return(SNMP_Auth_Add(&v3_auth_sha));
}

#endif /* #if INSTALL_ENVOY_SHA*/