v3mt_dh.c

wm PNE 3.3 source code, running at more than vxworks6.x version.

/* v3mt_dh.c - v3mt_dh.c routines */

/*
 *  Copyright 2005 Wind River Systems, Inc.
 *  All rights reserved.  Provided under license only.
 *  Distribution or other use of this software is only
 *  permitted pursuant to the terms of a license agreement
 *  from Wind River Systems (and is otherwise prohibited).
 *  Refer to that license agreement for terms of use.
 */

/* [clearcase]
modification history
-------------------
*/

#include <wrn/wm/snmp/engine/asn1conf.h>
#include <wrn/wm/snmp/engine/asn1.h>
#include <wrn/wm/snmp/engine/buffer.h>
#include <wrn/wm/snmp/engine/mib.h>
#include <wrn/wm/snmp/engine/localio.h>
#include <wrn/wm/snmp/engine/snmpdefs.h>
#include <wrn/wm/snmp/engine/snmp.h>
#include <wrn/wm/snmp/engine/auxfuncs.h>
#include <wrn/wm/snmp/engine/v3_user.h>
#include <wrn/wm/snmp/engine/v3_mth.h>

#if INSTALL_SNMP_V3_DIFFIE_HELLMAN
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <wrn/wm/snmp/engine/v3_dh.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#endif /* INSTALL_SNMP_V3_DIFFIE_HELLMAN */


/*
**  Method routines for the usmDHPublicObjects variables:
**     usmDHParameters -- read-write
**  The public Diffie-Hellman parameters for doing a Diffie-Hellman key
**  agreement for this device.  This is encoded as an ASN.1 DHParameter
**  per PKCS #3, section 9.  E.g.
**  
**      DHParameter ::= SEQUENCE {
**         prime   INTEGER,   -- p
**         base    INTEGER,   -- g
**         privateValueLength  INTEGER OPTIONAL }
**  
**  Implementors are encouraged to use either the values from Oakley Group
**  1 or the values of from Oakley Group 2 as specified in RFC-2409, The
**  Internet Key Exchange, Section 6.1, 6.2 as the default for this object.
**  Other values may be used, but the security properties of those values
**  MUST be well understood and MUST meet the requirements of PKCS #3 for
**  the selection of Diffie-Hellman primes.
**  
**  In addition, any time usmDHParameters changes, all values of type
**  DHKeyChange will change and new random numbers MUST be generated by
**  the agent for each DHKeyChange object.
*/

static int
usmDHPublicObjects_get_value (OIDC_T            lastmatch,
                              SNMP_PKT_T       *pktp,
                              VB_T             *vbp,
                              SNMP_DH_PARAMS_T *data)
{
    switch (lastmatch)
    {
        case LEAF_usmDHParameters:
            getproc_got_string (pktp, vbp, EBufferUsed (&SNMP_DH_params.encodedString),
                                EBufferStart (&SNMP_DH_params.encodedString), 0, VT_STRING);
            break;

        default:
            return GEN_ERR;
    }

    return NO_ERROR;
}


void
usmDHPublicObjects_get (OIDC_T      lastmatch,
                        int         tcount,
                        OIDC_T     *tlist,
                        SNMP_PKT_T *pktp,
                        VB_T       *vbp)
{
    int error;
    SNMP_DH_PARAMS_T data;

    /* Find all the varbinds that share the same getproc and instance */

    group_by_getproc_and_instance (pktp, vbp, tcount, tlist);

    /* Check that the instance is exactly .0 */

    if (!((tcount == 1) && (*tlist == 0)))
    {
        for (; vbp; vbp = vbp -> vb_link)
            getproc_nosuchins (pktp, vbp);
        return;
    }

    /* Retrieve all the values from the same data structure */

    for (; vbp; vbp = vbp -> vb_link)
    {
        if ((error = usmDHPublicObjects_get_value (vbp -> vb_ml.ml_last_match, pktp, vbp, &data)) != NO_ERROR)
            getproc_error (pktp, vbp, error);
        return;
    }
}


void
usmDHPublicObjects_next (OIDC_T     lastmatch,
                        int         tcount,
                        OIDC_T     *tlist,
                        SNMP_PKT_T *pktp,
                        VB_T       *vbp)
{
    SNMP_DH_PARAMS_T data;
    OIDC_T instance = 0;

    /* The only time there's a next for a scalar is if no instance is supplied */

    if (tcount != 0)
    {
        nextproc_no_next (pktp, vbp);
        return;
    }

    /* Find all the varbinds in this group and retrieve their values from the same data structure */

    for (group_by_getproc_and_instance (pktp, vbp, tcount, tlist); vbp; vbp = vbp -> vb_link)
    {
        nextproc_next_instance (pktp, vbp, 1, &instance);
        usmDHPublicObjects_get_value (vbp -> vb_ml.ml_last_match, pktp, vbp, &data);
    }
}


void
usmDHPublicObjects_test (OIDC_T     lastmatch,
                        int         tcount,
                        OIDC_T     *tlist,
                        SNMP_PKT_T *pktp,
                        VB_T       *vbp)
{
    VB_T *group_vbp;

    /* Only scalar variables here, check for .0 */

    if (!((tcount == 1) && (*tlist == 0)))
    {
        testproc_error (pktp, vbp, NO_SUCH_NAME);
        return;
    }

    /* Find all the varbinds that share the same getproc and instance and group them together. */

    group_by_getproc_and_instance (pktp, vbp, tcount, tlist);

    /* Check each varbind */

    for (group_vbp = vbp; group_vbp; group_vbp = group_vbp -> vb_link)
    {
        switch (group_vbp -> vb_ml.ml_last_match)
        {
            case LEAF_usmDHParameters:
            {
                int base, pvl;
                SNMP_DH_PARAMS_T *tempParams;
                BIGNUM *prime = BN_new();

                /*  Decode the string into the base datatypes */

                if (SNMP_DH_decodeParams (VB_GET_STRING (vbp), prime, &base, &pvl) == 0)
                {
                    testproc_error (pktp, group_vbp, WRONG_VALUE);
                    return;
                }

                /* Make absolutely sure we've received a valid prime. */

                if (BN_is_prime (prime, BN_prime_checks, NULL, SNMP_DH_bnCtx, NULL) != 1)
                {
                    testproc_error (pktp, group_vbp, WRONG_VALUE);
                    return;
                }

                /* Initialize the temporary structure to hold the DH parameters */

                tempParams = SNMP_memory_alloc (sizeof (SNMP_DH_PARAMS_T));

                memset (tempParams, 0, sizeof (SNMP_DH_PARAMS_T));
                
                if ((tempParams -> prime = BN_new()) == NULL)
                {
                    testproc_error (pktp, group_vbp, WRONG_VALUE);
                    return;
                }

                if ((tempParams -> base  = BN_new()) == NULL)
                {
                    testproc_error (pktp, group_vbp, WRONG_VALUE);
                    return;
                }

                /* Set the prime, base and pvl */

                BN_copy (tempParams -> prime, prime);
                BN_set_word (tempParams -> base, base);
                tempParams -> pvl = pvl;
                BN_free (prime);

                if (SNMP_DH_encodeParams (tempParams -> prime,
                                          BN_get_word (tempParams -> base),
                                          tempParams -> pvl,
                                          &tempParams -> encodedString) == 0)
                {
                    setproc_error (pktp, vbp, WRONG_VALUE);
                    return;
                }

                /* Save the address of the parameter structure for the set */

                group_vbp -> vb_priv = tempParams;

                testproc_good (pktp, group_vbp);
                break;

            default:
                testproc_error (pktp, group_vbp, WRONG_VALUE);
                return;
            }
        }
    }
}


void
usmDHPublicObjects_set (OIDC_T     lastmatch,
                       int         tcount,
                       OIDC_T     *tlist,
                       SNMP_PKT_T *pktp,
                       VB_T       *vbp)
{
    SNMP_USER_T *user;
    SNMP_DH_PARAMS_T *tempParams;

    for (; vbp; vbp = vbp -> vb_link)
    {
        switch (vbp -> vb_ml.ml_last_match)
        {
            case LEAF_usmDHParameters:
            {
                /* Set the new values */

                tempParams = vbp -> vb_priv;

                if (BN_copy (SNMP_DH_params.prime, tempParams -> prime) == NULL)
                {
                    setproc_error (pktp, vbp, COMMIT_FAILED);
                    return;
                }

                if (BN_copy (SNMP_DH_params.base, tempParams -> base) == NULL)
                {
                    setproc_error (pktp, vbp, COMMIT_FAILED);
                    return;
                }

                SNMP_DH_params.pvl = tempParams -> pvl;

                EBufferClean (&(SNMP_DH_params.encodedString));

                MEMCPY (&(SNMP_DH_params.encodedString),
                        &(tempParams -> encodedString),
                        sizeof (EBUFFER_T));

                /* Clear the "auth/priv keys are valid" bits for all users. */

                for (user = SNMP_User_Next_User ((SNMP_USER_T *) NULL);
                     user != (SNMP_USER_T *) NULL;
                     user = SNMP_User_Next_User(user))
                {
                    user -> flags &= ~ETC_USER_VALID_AUTHKEY;
                    user -> flags &= ~ETC_USER_VALID_PRIVKEY;
                }

                setproc_good (pktp, vbp);
                break;
            }

            default:
                setproc_error (pktp, vbp, COMMIT_FAILED);
                return;
        }
    }
}