v3_priv.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

/* v3_priv.c - v3_priv.c routines */

/*
 *  Copyright 2000-2005 Wind River Systems, Inc.
 *  All rights reserved.  Provided under license only.
 *  Distribution or other use of this software is only
 *  permitted pursuant to the terms of a license agreement
 *  from Wind River Systems (and is otherwise prohibited).
 *  Refer to that license agreement for terms of use.
 */

/*
 *  Copyright 1998 Integrated Systems, Inc.
 *  All rights reserved.
 */

/*
 * $Log: v3_priv.c,v $
 * Revision 1.4  2003/01/15 14:05:09  josh
 * directory structure shifting
 *
 * Revision 1.3  2001/11/06 21:50:52  josh
 * second (and hopefully final) pass of new path hacking
 *
 * Revision 1.2  2001/11/06 21:20:31  josh
 * revised new path hacking
 *
 * Revision 1.1.1.1  2001/11/05 17:47:44  tneale
 * Tornado shuffle
 *
 * Revision 9.2  2001/01/19 22:22:30  paul
 * Update copyright.
 *
 * Revision 9.1  2000/03/17 00:19:32  meister
 * Update copyright message
 *
 * Revision 9.0  1998/10/16 22:12:39  sar
 * Update version stamp to match release
 *
 * Revision 1.8  1998/08/12 04:44:04  sar
 * Move the initialization routines around some in order to minimize
 * the amount of code that gets pulled in for init purposes.
 *
 * Revision 1.7  1998/08/05 03:14:16  sar
 * Use des_is_real() to see if we actually have des code before
 * we install the structure.
 *
 * Revision 1.6  1998/07/02 06:46:53  sra
 * Get rid of an "unused variable" warning.
 *
 * Revision 1.5  1998/06/19 20:13:58  sar
 * make sure all files include asn1conf.h and snmp.h to pick up all of
 * the common code
 *
 * Revision 1.4  1998/06/16 05:23:53  sar
 * Clean up some type stuff via some casts
 *
 * Revision 1.3  1998/06/05 18:53:25  sra
 * "#include <foo.h>" => "#include <envoy/h/foo.h>".
 *
 * Revision 1.2  1998/05/27 22:55:46  sar
 * Added routines to manipulate the auth and priv lists (add and find)
 * and put code into the init routine to install those routines we know
 * about (if they are installed).
 *
 * Revision 1.1  1998/05/24 04:14:49  sar
 * Support for processing SNMPv3 packets.
 * acc = access and group structure control functions
 * auth & prive = authentication and privacy code (not including the
 *                actual digest or encryption routines)
 * ber = routines for encoding and decoding v3 packets
 * eng = engine sructure control functions
 * user = user structure control functions
 *
 */

/* [clearcase]
modification history
-------------------
01e,12may05,job  fix apigen comments
01d,18apr05,job  update copyright notices
01c,25feb05,job  apigen update
01b,22feb05,job  apigen for documented APIs
01a,24nov03,job  update copyright information
*/

/*
DESCRIPTION
This library contains v3_priv.c routines.

INCLUDE FILES: snmp.h, v3_priv.h
*/

#include <wrn/wm/snmp/engine/asn1conf.h>
#include <wrn/wm/snmp/engine/snmp.h>
#include <wrn/wm/snmp/engine/v3_priv.h>
#include <wrn/wm/snmp/engine/auxfuncs.h>

#include <wrn/wm/common/bug.h>
#include <wrn/wm/common/des.h>


#if (INSTALL_ENVOY_DES)
static sbits32_t salt = 0;
#endif

/*******************************************************************************
*
* SNMP_Priv_Find - finds an OID tlist from 'SNMP_PRIV_T'
* SYNOPSIS
*
* \cs
* SNMP_PRIV_T *SNMP_Priv_Find 
*     ( 
*     int                       tcount 
*     OID_T                  *  tlist 
*     )
* \ce
*
* DESCRIPTION
*
* This function finds the 'SNMP_PRIV_T' which corresponds to the OID signified 
* by the <tcount> and <tlist> values that you pass into the routine. The 
* routine returns a pointer to the 'SNMP_PRIV_T' structure corresponding to 
* this OID, if one exists. You may then use the SNMP_User_Create() routine to 
* create new 'SNMP_USER_T' structures.
* There are two well-known OIDs for which Wind Manage SNMP provides 
* 'SNMP_PRIV_T' structures:
* \is
* \i 1.3.6.1.6.3.10.1.2.1 -- 'usmNoPrivProtocol'
* This well-known OID is always available.
* \i 1.3.6.1.6.3.10.1.2.2 -- 'usmDESPrivProtocol'
* This well-known OID is available if you have installed the 'ENVOY_DES' 
* option.
* \ie
*
* Parameters:
* \is
* \i <tcount>
* Specify the number of sub-IDs in <tlist>.
* \i <*tlist>
* Point to the object ID.
* \ie
*
* RETURNS: If successful, this routine returns a pointer to the 'SNMP_PRIV_T' 
* structure corresponding to this OID.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Auth_Add(), SNMP_Auth_Find(), SNMP_Priv_Add(), 
* SNMP_V3_Pass2Key()
*/
SNMP_PRIV_T *
  SNMP_Priv_Find(int     tcount,
		 OIDC_T *tlist)
{
SNMP_PRIV_T *priv;
for (priv = v3_priv_root; priv; priv = priv->next) {
    if (oidcmp2(priv->name.num_components, priv->name.component_list,
		tcount, tlist) == 0)
        return(priv);
    }
return(0);
}

/*******************************************************************************
*
* SNMP_Priv_Add - add a privacy algorithm to the list of algorithms
* SYNOPSIS
*
* \cs
* typedef ALENGTH_T (V3_PRIV_SIZE_T)  ( ptr_t pktp, ALENGTH_T need)
* typedef int (V3_PRIV_ENCODE_T) 
*     ( 
*     bits8_t       *  key,
*     ALENGTH_T        keylen, 
*     sbits32_t        boots, 
*     bits8_t       *  data, 
*     ALENGTH_T        datalen, 
*     bits8_t       *  sec_blk, 
*     bits8_t       *  out_buf
*     ) 
*
* typedef int (V3_PRIV_DECODE_T) 
*     ( 
*     bits8_t       *  key,
*     ALENGTH_T       keylen, 
*     bits8_t       *  data,
*     ALENGTH_T        datalen, 
*     bits8_t       *  sec_blk, 
*     bits8_t       *  out_buf
*     ) 
*
* typedef struct SNMP_PRIV_S 
*     { 
*     struct SNMP_PRIV_S *  next 
*     OBJ_ID_T              name       /@ name of the priv protocol @/ 
*     V3_PRIV_SIZE_T     *  size 
*     V3_PRIV_ENCODE_T   *  encode 
*     V3_PRIV_DECODE_T   *  decode 
*     ALENGTH_T             need 
*     ALENGTH_T             keysize 
*     } SNMP_PRIV_T 
*    
* int SNMP_Priv_Add ( SNMP_PRIV_T *  priv 
*     )
* \ce
*
* DESCRIPTION
*
* This routine adds a privacy algorithm to the list of algorithms that Envoy 
* uses. You must construct <priv> yourself.
*
* Parameters:
* \is
* \i <*pktp>
* Point to the packet being processed.
* \i <need>
* Specify the length of the <sec_blk> in bytes.
* \i <*key>
* Specify keying information.
* \i <keylen>
* Specify the length in bytes of the <key>.
* \i <boots>
* Specify the <boots> counter for this engine used by <encode> to create any 
* required initialization vectors.
* \i <*data>
* Specify the actual contents of the output buffer.
* \i <datalen>
* Specify the length in bytes of the <data>.
* \i <*sec_blk>
* Point to the part of the SNMP packet that is used to transfer <data>, for 
* example initialization vectors, from the encoder to the decoder. <encode> 
* writes <data> into <sec_blk> and <decode> reads <data> from <sec_blk>.
* \i <*out_buf>
* Specify an already allocated buffer.
* \i <*next>
* Specify the next 'SNMP_PRIV_S' structure.
* \i <name>
* Specify the object identifier that names the protocol. For standard based 
* protocols, this value is assigned by IANA. For non-standard protocols, assign 
* the object identifier from the organization\抯 private branch of the MIB 
* tree.
* \i <*size>
* Return the size required in bytes to encrypt <pktp>. In most cases, this is 
* equal to the value of <need> plus any required padding. If the actual byte 
* string is required, then the <size> routine would need to encode <pktp>.
* \i <*encode or *decode>
* Specify whether to encode or decode the contents of <out_buf>. One must be 0.
* \i <keysize>
* Specify the size of the key for the algorithm. SNMP uses keys that are equal 
* to the digest size for both MD5 and SHA.
* \i <*priv>
* Specify the privacy algorithm.
* \ie
*
* RETURNS: If successful, this routine returns 0. If you attempt to add a 
* routine more than once, it returns 1.
*
* ERRNO: N/A
*
* SEE ALSO: SNMP_Auth_Add(), SNMP_V3_Pass2Key()
*/
int
  SNMP_Priv_Add(SNMP_PRIV_T *priv)
{
if (SNMP_Priv_Find(priv->name.num_components, priv->name.component_list))
    return(1);

priv->next = v3_priv_root;
v3_priv_root = priv;
return(0);
}

#if (INSTALL_ENVOY_DES)
static ALENGTH_T
  v3_priv_des_size(ptr_t     pktp,
		   ALENGTH_T need)
{

if (need%8)
    need += 8 - (need % 8);
return(need);
}

static int
  v3_priv_des_encode(bits8_t   *key,
		     ALENGTH_T  key_len,
		     sbits32_t  boots,
		     bits8_t   *in_buf,
		     ALENGTH_T  in_len,
		     bits8_t   *sec_blk,
		     bits8_t   *out_buf)
{
DES_CTX ctx;
bits8_t iv_blk[8];
sbits32_t lcl_salt;
int i;

lcl_salt = salt;
salt++;

/* build the security block */
sec_blk[0] = (bits8_t)((boots >> 24) & 0xFF);
sec_blk[1] = (bits8_t)((boots >> 16) & 0xFF);
sec_blk[2] = (bits8_t)((boots >> 8) & 0xFF);
sec_blk[3] = (bits8_t)(boots & 0xFF);

sec_blk[4] = (bits8_t)((lcl_salt >> 24) & 0xFF);
sec_blk[5] = (bits8_t)((lcl_salt >> 16) & 0xFF);
sec_blk[6] = (bits8_t)((lcl_salt >> 8) & 0xFF);
sec_blk[7] = (bits8_t)(lcl_salt & 0xFF);

/* then merge it with the key info to form the iv block */
MEMCPY(iv_blk, key + 8, 8);
for (i = 0; i < 8; i++)
    iv_blk[i] ^= sec_blk[i]; 

descbc_init_context(&ctx, key, 0);
descbc_iv_context(&ctx, iv_blk);
descbc_crypt(&ctx, in_buf, out_buf, in_len);

return(0);
}

static int
  v3_priv_des_decode(bits8_t   *key,
		     ALENGTH_T  key_len,
		     bits8_t   *in_buf,
		     ALENGTH_T  in_len,
		     bits8_t   *sec_blk,
		     bits8_t   *out_buf)
{
DES_CTX ctx;
bits8_t iv_blk[8];
int i;

/* merge the security block with the key info to form the iv block */
MEMCPY(iv_blk, key + 8, 8);
for (i = 0; i < 8; i++)
    iv_blk[i] ^= sec_blk[i]; 

descbc_init_context(&ctx, key, 1);
descbc_iv_context(&ctx, iv_blk);
descbc_crypt(&ctx, in_buf, out_buf, in_len);

return(0);
}

static OIDC_T des_obj[] = {1, 3, 6, 1, 6, 3, 10, 1, 2, 2};

SNMP_PRIV_T v3_priv_des = {0, {sizeof(des_obj)/sizeof(OIDC_T), des_obj},
			   v3_priv_des_size,
			   v3_priv_des_encode,
			   v3_priv_des_decode,
			   8, 16};

/****************************************************************************
\NOMANUAL
NAME: SNMP_Priv_Add_DES

PURPOSE: Add a the des routine to our list

PARAMETERS: nothing

RETURNS: int, 0 on success
****************************************************************************/
int
  SNMP_Priv_Add_DES()
{
/* if we don't have the real des encryption code installed
   we don't add the interface for it so there shouldn't
   be any mistakes. */

if (des_is_real())
    return(SNMP_Priv_Add(&v3_priv_des));
return(-1);
}

#endif /* #if (INSTALL_ENVOY_DES) */

/* priv ids that we may want */
OIDC_T v3_priv_nopriv[] = {1, 3, 6, 1, 6, 3, 10, 1, 2, 1};
int    v3_priv_nopriv_size = sizeof(v3_priv_nopriv)/sizeof(OIDC_T);