| /* Portions of this file are subject to the following copyright(s). See |
| * the Net-SNMP's COPYING file for more details and other copyrights |
| * that may apply: |
| */ |
| /* |
| * Portions of this file are copyrighted by: |
| * Copyright © 2003 Sun Microsystems, Inc. All rights reserved. |
| * Use is subject to license terms specified in the COPYING file |
| * distributed with the Net-SNMP package. |
| */ |
| /* |
| * snmpusm.c |
| * |
| * Routines to manipulate a information about a "user" as |
| * defined by the SNMP-USER-BASED-SM-MIB MIB. |
| * |
| * All functions usm_set_usmStateReference_*() return 0 on success, -1 |
| * otherwise. |
| * |
| * !! Tab stops set to 4 in some parts of this file. !! |
| * (Designated on a per function.) |
| */ |
| |
| #include <net-snmp/net-snmp-config.h> |
| |
| #include <sys/types.h> |
| #if HAVE_WINSOCK_H |
| #include <winsock.h> |
| #endif |
| #include <stdio.h> |
| #ifdef HAVE_STDLIB_H |
| #include <stdlib.h> |
| #endif |
| #if TIME_WITH_SYS_TIME |
| # ifdef WIN32 |
| # include <sys/timeb.h> |
| # else |
| # include <sys/time.h> |
| # endif |
| # include <time.h> |
| #else |
| # if HAVE_SYS_TIME_H |
| # include <sys/time.h> |
| # else |
| # include <time.h> |
| # endif |
| #endif |
| #if HAVE_STRING_H |
| #include <string.h> |
| #else |
| #include <strings.h> |
| #endif |
| #ifdef HAVE_NETINET_IN_H |
| #include <netinet/in.h> |
| #endif |
| |
| #if HAVE_UNISTD_H |
| #include <unistd.h> |
| #endif |
| #if HAVE_DMALLOC_H |
| #include <dmalloc.h> |
| #endif |
| |
| #include <net-snmp/types.h> |
| #include <net-snmp/output_api.h> |
| #include <net-snmp/config_api.h> |
| #include <net-snmp/utilities.h> |
| |
| #include <net-snmp/library/asn1.h> |
| #include <net-snmp/library/snmp_api.h> |
| #include <net-snmp/library/callback.h> |
| #include <net-snmp/library/tools.h> |
| #include <net-snmp/library/keytools.h> |
| #include <net-snmp/library/snmpv3.h> |
| #include <net-snmp/library/lcd_time.h> |
| #include <net-snmp/library/scapi.h> |
| #include <net-snmp/library/callback.h> |
| #include <net-snmp/library/snmp_secmod.h> |
| #include <net-snmp/library/snmpusm.h> |
| |
| oid usmNoAuthProtocol[10] = { 1, 3, 6, 1, 6, 3, 10, 1, 1, 1 }; |
| #ifndef NETSNMP_DISABLE_MD5 |
| oid usmHMACMD5AuthProtocol[10] = |
| { 1, 3, 6, 1, 6, 3, 10, 1, 1, 2 }; |
| #endif |
| oid usmHMACSHA1AuthProtocol[10] = |
| { 1, 3, 6, 1, 6, 3, 10, 1, 1, 3 }; |
| oid usmNoPrivProtocol[10] = { 1, 3, 6, 1, 6, 3, 10, 1, 2, 1 }; |
| #ifndef NETSNMP_DISABLE_DES |
| oid usmDESPrivProtocol[10] = { 1, 3, 6, 1, 6, 3, 10, 1, 2, 2 }; |
| #endif |
| oid usmAESPrivProtocol[10] = { 1, 3, 6, 1, 6, 3, 10, 1, 2, 4 }; |
| /* backwards compat */ |
| oid *usmAES128PrivProtocol = usmAESPrivProtocol; |
| |
| static u_int dummy_etime, dummy_eboot; /* For ISENGINEKNOWN(). */ |
| |
| /* |
| * Globals. |
| */ |
| static u_int salt_integer; |
| #ifdef HAVE_AES |
| static u_int salt_integer64_1, salt_integer64_2; |
| #endif |
| /* |
| * 1/2 of seed for the salt. Cf. RFC2274, Sect 8.1.1.1. |
| */ |
| |
| static struct usmUser *noNameUser = NULL; |
| /* |
| * Local storage (LCD) of the default user list. |
| */ |
| static struct usmUser *userList = NULL; |
| |
| /* |
| * Prototypes |
| */ |
| int |
| usm_check_secLevel_vs_protocols(int level, |
| const oid * authProtocol, |
| u_int authProtocolLen, |
| const oid * privProtocol, |
| u_int privProtocolLen); |
| int |
| usm_calc_offsets(size_t globalDataLen, |
| int secLevel, size_t secEngineIDLen, |
| size_t secNameLen, size_t scopedPduLen, |
| u_long engineboots, long engine_time, |
| size_t * theTotalLength, |
| size_t * authParamsOffset, |
| size_t * privParamsOffset, |
| size_t * dataOffset, size_t * datalen, |
| size_t * msgAuthParmLen, |
| size_t * msgPrivParmLen, size_t * otstlen, |
| size_t * seq_len, size_t * msgSecParmLen); |
| /* |
| * Set a given field of the secStateRef. |
| * |
| * Allocate <len> bytes for type <type> pointed to by ref-><field>. |
| * Then copy in <item> and record its length in ref-><field_len>. |
| * |
| * Return 0 on success, -1 otherwise. |
| */ |
| #define MAKE_ENTRY( type, item, len, field, field_len ) \ |
| { \ |
| if (ref == NULL) \ |
| return -1; \ |
| if (ref->field != NULL) { \ |
| SNMP_ZERO(ref->field, ref->field_len); \ |
| SNMP_FREE(ref->field); \ |
| } \ |
| ref->field_len = 0; \ |
| if (len == 0 || item == NULL) { \ |
| return 0; \ |
| } \ |
| if ((ref->field = (type*) malloc (len * sizeof(type))) == NULL) \ |
| { \ |
| return -1; \ |
| } \ |
| \ |
| memcpy (ref->field, item, len * sizeof(type)); \ |
| ref->field_len = len; \ |
| \ |
| return 0; \ |
| } |
| |
| |
| struct usmStateReference * |
| usm_malloc_usmStateReference(void) |
| { |
| struct usmStateReference *retval = (struct usmStateReference *) |
| calloc(1, sizeof(struct usmStateReference)); |
| |
| return retval; |
| } /* end usm_malloc_usmStateReference() */ |
| |
| |
| void |
| usm_free_usmStateReference(void *old) |
| { |
| struct usmStateReference *old_ref = (struct usmStateReference *) old; |
| |
| if (old_ref) { |
| |
| SNMP_FREE(old_ref->usr_name); |
| SNMP_FREE(old_ref->usr_engine_id); |
| SNMP_FREE(old_ref->usr_auth_protocol); |
| SNMP_FREE(old_ref->usr_priv_protocol); |
| |
| if (old_ref->usr_auth_key) { |
| SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length); |
| SNMP_FREE(old_ref->usr_auth_key); |
| } |
| if (old_ref->usr_priv_key) { |
| SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length); |
| SNMP_FREE(old_ref->usr_priv_key); |
| } |
| |
| SNMP_ZERO(old_ref, sizeof(*old_ref)); |
| SNMP_FREE(old_ref); |
| |
| } |
| |
| } /* end usm_free_usmStateReference() */ |
| |
| struct usmUser * |
| usm_get_userList(void) |
| { |
| return userList; |
| } |
| |
| int |
| usm_set_usmStateReference_name(struct usmStateReference *ref, |
| char *name, size_t name_len) |
| { |
| MAKE_ENTRY(char, name, name_len, usr_name, usr_name_length); |
| } |
| |
| int |
| usm_set_usmStateReference_engine_id(struct usmStateReference *ref, |
| u_char * engine_id, |
| size_t engine_id_len) |
| { |
| MAKE_ENTRY(u_char, engine_id, engine_id_len, |
| usr_engine_id, usr_engine_id_length); |
| } |
| |
| int |
| usm_set_usmStateReference_auth_protocol(struct usmStateReference *ref, |
| oid * auth_protocol, |
| size_t auth_protocol_len) |
| { |
| MAKE_ENTRY(oid, auth_protocol, auth_protocol_len, |
| usr_auth_protocol, usr_auth_protocol_length); |
| } |
| |
| int |
| usm_set_usmStateReference_auth_key(struct usmStateReference *ref, |
| u_char * auth_key, size_t auth_key_len) |
| { |
| MAKE_ENTRY(u_char, auth_key, auth_key_len, |
| usr_auth_key, usr_auth_key_length); |
| } |
| |
| int |
| usm_set_usmStateReference_priv_protocol(struct usmStateReference *ref, |
| oid * priv_protocol, |
| size_t priv_protocol_len) |
| { |
| MAKE_ENTRY(oid, priv_protocol, priv_protocol_len, |
| usr_priv_protocol, usr_priv_protocol_length); |
| } |
| |
| int |
| usm_set_usmStateReference_priv_key(struct usmStateReference *ref, |
| u_char * priv_key, size_t priv_key_len) |
| { |
| MAKE_ENTRY(u_char, priv_key, priv_key_len, |
| usr_priv_key, usr_priv_key_length); |
| } |
| |
| int |
| usm_set_usmStateReference_sec_level(struct usmStateReference *ref, |
| int sec_level) |
| { |
| if (ref == NULL) |
| return -1; |
| ref->usr_sec_level = sec_level; |
| return 0; |
| } |
| |
| int |
| usm_clone_usmStateReference(struct usmStateReference *from, struct usmStateReference **to) |
| { |
| struct usmStateReference *cloned_usmStateRef; |
| |
| if (from == NULL || to == NULL) |
| return -1; |
| |
| *to = usm_malloc_usmStateReference(); |
| cloned_usmStateRef = *to; |
| |
| if (usm_set_usmStateReference_name(cloned_usmStateRef, from->usr_name, from->usr_name_length) || |
| usm_set_usmStateReference_engine_id(cloned_usmStateRef, from->usr_engine_id, from->usr_engine_id_length) || |
| usm_set_usmStateReference_auth_protocol(cloned_usmStateRef, from->usr_auth_protocol, from->usr_auth_protocol_length) || |
| usm_set_usmStateReference_auth_key(cloned_usmStateRef, from->usr_auth_key, from->usr_auth_key_length) || |
| usm_set_usmStateReference_priv_protocol(cloned_usmStateRef, from->usr_priv_protocol, from->usr_priv_protocol_length) || |
| usm_set_usmStateReference_priv_key(cloned_usmStateRef, from->usr_priv_key, from->usr_priv_key_length) || |
| usm_set_usmStateReference_sec_level(cloned_usmStateRef, from->usr_sec_level)) |
| { |
| usm_free_usmStateReference(*to); |
| *to = NULL; |
| return -1; |
| } |
| |
| return 0; |
| |
| } |
| |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| /*******************************************************************-o-****** |
| * emergency_print |
| * |
| * Parameters: |
| * *field |
| * length |
| * |
| * This is a print routine that is solely included so that it can be |
| * used in gdb. Don't use it as a function, it will be pulled before |
| * a real release of the code. |
| * |
| * tab stop 4 |
| * |
| * XXX fflush() only works on FreeBSD; core dumps on Sun OS's |
| */ |
| void |
| emergency_print(u_char * field, u_int length) |
| { |
| int iindex; |
| int start = 0; |
| int stop = 25; |
| |
| while (start < stop) { |
| for (iindex = start; iindex < stop; iindex++) |
| printf("%02X ", field[iindex]); |
| |
| printf("\n"); |
| start = stop; |
| stop = stop + 25 < length ? stop + 25 : length; |
| } |
| fflush(0); |
| |
| } /* end emergency_print() */ |
| #endif /* NETSNMP_ENABLE_TESTING_CODE */ |
| |
| |
| /*******************************************************************-o-****** |
| * asn_predict_int_length |
| * |
| * Parameters: |
| * type (UNUSED) |
| * number |
| * len |
| * |
| * Returns: |
| * Number of bytes necessary to store the ASN.1 encoded value of 'number'. |
| * |
| * |
| * This gives the number of bytes that the ASN.1 encoder (in asn1.c) will |
| * use to encode a particular integer value. |
| * |
| * Returns the length of the integer -- NOT THE HEADER! |
| * |
| * Do this the same way as asn_build_int()... |
| */ |
| int |
| asn_predict_int_length(int type, long number, size_t len) |
| { |
| register u_long mask; |
| |
| |
| if (len != sizeof(long)) |
| return -1; |
| |
| mask = ((u_long) 0x1FF) << ((8 * (sizeof(long) - 1)) - 1); |
| /* |
| * mask is 0xFF800000 on a big-endian machine |
| */ |
| |
| while ((((number & mask) == 0) || ((number & mask) == mask)) |
| && len > 1) { |
| len--; |
| number <<= 8; |
| } |
| |
| return len; |
| |
| } /* end asn_predict_length() */ |
| |
| |
| |
| |
| /*******************************************************************-o-****** |
| * asn_predict_length |
| * |
| * Parameters: |
| * type |
| * *ptr |
| * u_char_len |
| * |
| * Returns: |
| * Length in bytes: 1 + <n> + <u_char_len>, where |
| * |
| * 1 For the ASN.1 type. |
| * <n> # of bytes to store length of data. |
| * <u_char_len> Length of data associated with ASN.1 type. |
| * |
| * This gives the number of bytes that the ASN.1 encoder (in asn1.c) will |
| * use to encode a particular integer value. This is as broken as the |
| * currently used encoder. |
| * |
| * XXX How is <n> chosen, exactly?? |
| */ |
| int |
| asn_predict_length(int type, u_char * ptr, size_t u_char_len) |
| { |
| |
| if (type & ASN_SEQUENCE) |
| return 1 + 3 + u_char_len; |
| |
| if (type & ASN_INTEGER) { |
| u_long value; |
| memcpy(&value, ptr, u_char_len); |
| u_char_len = asn_predict_int_length(type, value, u_char_len); |
| } |
| |
| if (u_char_len < 0x80) |
| return 1 + 1 + u_char_len; |
| else if (u_char_len < 0xFF) |
| return 1 + 2 + u_char_len; |
| else |
| return 1 + 3 + u_char_len; |
| |
| } /* end asn_predict_length() */ |
| |
| |
| |
| |
| /*******************************************************************-o-****** |
| * usm_calc_offsets |
| * |
| * Parameters: |
| * (See list below...) |
| * |
| * Returns: |
| * 0 On success, |
| * -1 Otherwise. |
| * |
| * |
| * This routine calculates the offsets into an outgoing message buffer |
| * for the necessary values. The outgoing buffer will generically |
| * look like this: |
| * |
| * SNMPv3 Message |
| * SEQ len[11] |
| * INT len version |
| * Header |
| * SEQ len |
| * INT len MsgID |
| * INT len msgMaxSize |
| * OST len msgFlags (OST = OCTET STRING) |
| * INT len msgSecurityModel |
| * MsgSecurityParameters |
| * [1] OST len[2] |
| * SEQ len[3] |
| * OST len msgAuthoritativeEngineID |
| * INT len msgAuthoritativeEngineBoots |
| * INT len msgAuthoritativeEngineTime |
| * OST len msgUserName |
| * OST len[4] [5] msgAuthenticationParameters |
| * OST len[6] [7] msgPrivacyParameters |
| * MsgData |
| * [8] OST len[9] [10] encryptedPDU |
| * or |
| * [8,10] SEQUENCE len[9] scopedPDU |
| * [12] |
| * |
| * The bracketed points will be needed to be identified ([x] is an index |
| * value, len[x] means a length value). Here is a semantic guide to them: |
| * |
| * [1] = globalDataLen (input) |
| * [2] = otstlen |
| * [3] = seq_len |
| * [4] = msgAuthParmLen (may be 0 or 12) |
| * [5] = authParamsOffset |
| * [6] = msgPrivParmLen (may be 0 or 8) |
| * [7] = privParamsOffset |
| * [8] = globalDataLen + msgSecParmLen |
| * [9] = datalen |
| * [10] = dataOffset |
| * [11] = theTotalLength - the length of the header itself |
| * [12] = theTotalLength |
| */ |
| int |
| usm_calc_offsets(size_t globalDataLen, /* SNMPv3Message + HeaderData */ |
| int secLevel, size_t secEngineIDLen, size_t secNameLen, size_t scopedPduLen, /* An BER encoded sequence. */ |
| u_long engineboots, /* XXX (asn1.c works in long, not int.) */ |
| long engine_time, /* XXX (asn1.c works in long, not int.) */ |
| size_t * theTotalLength, /* globalDataLen + msgSecurityP. + msgData */ |
| size_t * authParamsOffset, /* Distance to auth bytes. */ |
| size_t * privParamsOffset, /* Distance to priv bytes. */ |
| size_t * dataOffset, /* Distance to scopedPdu SEQ -or- the |
| * crypted (data) portion of msgData. */ |
| size_t * datalen, /* Size of msgData OCTET STRING encoding. */ |
| size_t * msgAuthParmLen, /* Size of msgAuthenticationParameters. */ |
| size_t * msgPrivParmLen, /* Size of msgPrivacyParameters. */ |
| size_t * otstlen, /* Size of msgSecurityP. O.S. encoding. */ |
| size_t * seq_len, /* Size of msgSecurityP. SEQ data. */ |
| size_t * msgSecParmLen) |
| { /* Size of msgSecurityP. SEQ. */ |
| int engIDlen, /* Sizes of OCTET STRING and SEQ encodings */ |
| engBtlen, /* for fields within */ |
| engTmlen, /* msgSecurityParameters portion of */ |
| namelen, /* SNMPv3Message. */ |
| authlen, privlen; |
| |
| /* |
| * If doing authentication, msgAuthParmLen = 12 else msgAuthParmLen = 0. |
| * If doing encryption, msgPrivParmLen = 8 else msgPrivParmLen = 0. |
| */ |
| *msgAuthParmLen = (secLevel == SNMP_SEC_LEVEL_AUTHNOPRIV |
| || secLevel == SNMP_SEC_LEVEL_AUTHPRIV) ? 12 : 0; |
| |
| *msgPrivParmLen = (secLevel == SNMP_SEC_LEVEL_AUTHPRIV) ? 8 : 0; |
| |
| |
| /* |
| * Calculate lengths. |
| */ |
| if ((engIDlen = asn_predict_length(ASN_OCTET_STR, |
| 0, secEngineIDLen)) == -1) { |
| return -1; |
| } |
| |
| if ((engBtlen = asn_predict_length(ASN_INTEGER, |
| (u_char *) & engineboots, |
| sizeof(long))) == -1) { |
| return -1; |
| } |
| |
| if ((engTmlen = asn_predict_length(ASN_INTEGER, |
| (u_char *) & engine_time, |
| sizeof(long))) == -1) { |
| return -1; |
| } |
| |
| if ((namelen = asn_predict_length(ASN_OCTET_STR, 0, secNameLen)) == -1) { |
| return -1; |
| } |
| |
| if ((authlen = asn_predict_length(ASN_OCTET_STR, |
| 0, *msgAuthParmLen)) == -1) { |
| return -1; |
| } |
| |
| if ((privlen = asn_predict_length(ASN_OCTET_STR, |
| 0, *msgPrivParmLen)) == -1) { |
| return -1; |
| } |
| |
| *seq_len = |
| engIDlen + engBtlen + engTmlen + namelen + authlen + privlen; |
| |
| if ((*otstlen = asn_predict_length(ASN_SEQUENCE, 0, *seq_len)) == -1) { |
| return -1; |
| } |
| |
| if ((*msgSecParmLen = asn_predict_length(ASN_OCTET_STR, |
| 0, *otstlen)) == -1) { |
| return -1; |
| } |
| |
| *authParamsOffset = globalDataLen + +(*msgSecParmLen - *seq_len) |
| + engIDlen + engBtlen + engTmlen + namelen |
| + (authlen - *msgAuthParmLen); |
| |
| *privParamsOffset = *authParamsOffset + *msgAuthParmLen |
| + (privlen - *msgPrivParmLen); |
| |
| |
| /* |
| * Compute the size of the plaintext. Round up to account for cipher |
| * block size, if necessary. |
| * |
| * XXX This is hardwired for 1DES... If scopedPduLen is already |
| * a multiple of 8, then *add* 8 more; otherwise, round up |
| * to the next multiple of 8. |
| * |
| * FIX Calculation of encrypted portion of msgData and consequent |
| * setting and sanity checking of theTotalLength, et al. should |
| * occur *after* encryption has taken place. |
| */ |
| if (secLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| scopedPduLen = ROUNDUP8(scopedPduLen); |
| |
| if ((*datalen = |
| asn_predict_length(ASN_OCTET_STR, 0, scopedPduLen)) == -1) { |
| return -1; |
| } |
| } else { |
| *datalen = scopedPduLen; |
| } |
| |
| *dataOffset = globalDataLen + *msgSecParmLen + |
| (*datalen - scopedPduLen); |
| *theTotalLength = globalDataLen + *msgSecParmLen + *datalen; |
| |
| return 0; |
| |
| } /* end usm_calc_offsets() */ |
| |
| |
| |
| |
| |
| #ifndef NETSNMP_DISABLE_DES |
| /*******************************************************************-o-****** |
| * usm_set_salt |
| * |
| * Parameters: |
| * *iv (O) Buffer to contain IV. |
| * *iv_length (O) Length of iv. |
| * *priv_salt (I) Salt portion of private key. |
| * priv_salt_length (I) Length of priv_salt. |
| * *msgSalt (I/O) Pointer salt portion of outgoing msg buffer. |
| * |
| * Returns: |
| * 0 On success, |
| * -1 Otherwise. |
| * |
| * Determine the initialization vector for the DES-CBC encryption. |
| * (Cf. RFC 2274, 8.1.1.1.) |
| * |
| * iv is defined as the concatenation of engineBoots and the |
| * salt integer. |
| * The salt integer is incremented. |
| * The resulting salt is copied into the msgSalt buffer. |
| * The result of the concatenation is then XORed with the salt |
| * portion of the private key (last 8 bytes). |
| * The IV result is returned individually for further use. |
| */ |
| int |
| usm_set_salt(u_char * iv, |
| size_t * iv_length, |
| u_char * priv_salt, size_t priv_salt_length, u_char * msgSalt) |
| { |
| size_t propersize_salt = BYTESIZE(USM_DES_SALT_LENGTH); |
| int net_boots; |
| int net_salt_int; |
| /* |
| * net_* should be encoded in network byte order. XXX Why? |
| */ |
| int iindex; |
| |
| |
| /* |
| * Sanity check. |
| */ |
| if (!iv || !iv_length || !priv_salt || (*iv_length != propersize_salt) |
| || (priv_salt_length < propersize_salt)) { |
| return -1; |
| } |
| |
| |
| net_boots = htonl(snmpv3_local_snmpEngineBoots()); |
| net_salt_int = htonl(salt_integer); |
| |
| salt_integer += 1; |
| |
| memcpy(iv, &net_boots, propersize_salt / 2); |
| memcpy(iv + (propersize_salt / 2), &net_salt_int, propersize_salt / 2); |
| |
| if (msgSalt) |
| memcpy(msgSalt, iv, propersize_salt); |
| |
| |
| /* |
| * Turn the salt into an IV: XOR <boots, salt_int> with salt |
| * portion of priv_key. |
| */ |
| for (iindex = 0; iindex < (int) propersize_salt; iindex++) |
| iv[iindex] ^= priv_salt[iindex]; |
| |
| |
| return 0; |
| |
| } /* end usm_set_salt() */ |
| #endif |
| |
| #ifdef HAVE_AES |
| /*******************************************************************-o-****** |
| * usm_set_aes_iv |
| * |
| * Parameters: |
| * *iv (O) Buffer to contain IV. |
| * *iv_length (O) Length of iv. |
| * net_boots (I) the network byte order of the authEng boots val |
| * net_time (I) the network byte order of the authEng time val |
| * *salt (O) A buffer for the outgoing salt (= 8 bytes of iv) |
| * |
| * Returns: |
| * 0 On success, |
| * -1 Otherwise. |
| * |
| * Determine the initialization vector for AES encryption. |
| * (draft-blumenthal-aes-usm-03.txt, 3.1.2.2) |
| * |
| * iv is defined as the concatenation of engineBoots, engineTime |
| and a 64 bit salt-integer. |
| * The 64 bit salt integer is incremented. |
| * The resulting salt is copied into the salt buffer. |
| * The IV result is returned individually for further use. |
| */ |
| int |
| usm_set_aes_iv(u_char * iv, |
| size_t * iv_length, |
| u_int net_boots, |
| u_int net_time, |
| u_char * salt) |
| { |
| /* |
| * net_* should be encoded in network byte order. |
| */ |
| int net_salt_int1, net_salt_int2; |
| #define PROPER_AES_IV_SIZE 64 |
| |
| /* |
| * Sanity check. |
| */ |
| if (!iv || !iv_length) { |
| return -1; |
| } |
| |
| net_salt_int1 = htonl(salt_integer64_1); |
| net_salt_int2 = htonl(salt_integer64_2); |
| |
| if ((salt_integer64_2 += 1) == 0) |
| salt_integer64_2 += 1; |
| |
| /* XXX: warning: hard coded proper lengths */ |
| memcpy(iv, &net_boots, 4); |
| memcpy(iv+4, &net_time, 4); |
| memcpy(iv+8, &net_salt_int1, 4); |
| memcpy(iv+12, &net_salt_int2, 4); |
| |
| memcpy(salt, iv+8, 8); /* only copy the needed portion */ |
| return 0; |
| } /* end usm_set_salt() */ |
| #endif /* HAVE_AES */ |
| |
| int |
| usm_secmod_generate_out_msg(struct snmp_secmod_outgoing_params *parms) |
| { |
| if (!parms) |
| return SNMPERR_GENERR; |
| |
| return usm_generate_out_msg(parms->msgProcModel, |
| parms->globalData, parms->globalDataLen, |
| parms->maxMsgSize, parms->secModel, |
| parms->secEngineID, parms->secEngineIDLen, |
| parms->secName, parms->secNameLen, |
| parms->secLevel, |
| parms->scopedPdu, parms->scopedPduLen, |
| parms->secStateRef, |
| parms->secParams, parms->secParamsLen, |
| parms->wholeMsg, parms->wholeMsgLen); |
| } |
| |
| /*******************************************************************-o-****** |
| * usm_generate_out_msg |
| * |
| * Parameters: |
| * (See list below...) |
| * |
| * Returns: |
| * SNMPERR_SUCCESS On success. |
| * SNMPERR_USM_AUTHENTICATIONFAILURE |
| * SNMPERR_USM_ENCRYPTIONERROR |
| * SNMPERR_USM_GENERICERROR |
| * SNMPERR_USM_UNKNOWNSECURITYNAME |
| * SNMPERR_USM_GENERICERROR |
| * SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL |
| * |
| * |
| * Generates an outgoing message. |
| * |
| * XXX Beware of misnomers! |
| */ |
| int |
| usm_generate_out_msg(int msgProcModel, /* (UNUSED) */ |
| u_char * globalData, /* IN */ |
| /* |
| * Pointer to msg header data will point to the beginning |
| * * of the entire packet buffer to be transmitted on wire, |
| * * memory will be contiguous with secParams, typically |
| * * this pointer will be passed back as beginning of |
| * * wholeMsg below. asn seq. length is updated w/ new length. |
| * * |
| * * While this points to a buffer that should be big enough |
| * * for the whole message, only the first two parts |
| * * of the message are completed, namely SNMPv3Message and |
| * * HeaderData. globalDataLen (next parameter) represents |
| * * the length of these two completed parts. |
| */ |
| size_t globalDataLen, /* IN - Length of msg header data. */ |
| int maxMsgSize, /* (UNUSED) */ |
| int secModel, /* (UNUSED) */ |
| u_char * secEngineID, /* IN - Pointer snmpEngineID. */ |
| size_t secEngineIDLen, /* IN - SnmpEngineID length. */ |
| char *secName, /* IN - Pointer to securityName. */ |
| size_t secNameLen, /* IN - SecurityName length. */ |
| int secLevel, /* IN - AuthNoPriv, authPriv etc. */ |
| u_char * scopedPdu, /* IN */ |
| /* |
| * Pointer to scopedPdu will be encrypted by USM if needed |
| * * and written to packet buffer immediately following |
| * * securityParameters, entire msg will be authenticated by |
| * * USM if needed. |
| */ |
| size_t scopedPduLen, /* IN - scopedPdu length. */ |
| void *secStateRef, /* IN */ |
| /* |
| * secStateRef, pointer to cached info provided only for |
| * * Response, otherwise NULL. |
| */ |
| u_char * secParams, /* OUT */ |
| /* |
| * BER encoded securityParameters pointer to offset within |
| * * packet buffer where secParams should be written, the |
| * * entire BER encoded OCTET STRING (including header) is |
| * * written here by USM secParams = globalData + |
| * * globalDataLen. |
| */ |
| size_t * secParamsLen, /* IN/OUT - Len available, len returned. */ |
| u_char ** wholeMsg, /* OUT */ |
| /* |
| * Complete authenticated/encrypted message - typically |
| * * the pointer to start of packet buffer provided in |
| * * globalData is returned here, could also be a separate |
| * * buffer. |
| */ |
| size_t * wholeMsgLen) |
| { /* IN/OUT - Len available, len returned. */ |
| size_t otstlen; |
| size_t seq_len; |
| size_t msgAuthParmLen; |
| size_t msgPrivParmLen; |
| size_t msgSecParmLen; |
| size_t authParamsOffset; |
| size_t privParamsOffset; |
| size_t datalen; |
| size_t dataOffset; |
| size_t theTotalLength; |
| |
| u_char *ptr; |
| size_t ptr_len; |
| size_t remaining; |
| size_t offSet; |
| u_int boots_uint; |
| u_int time_uint; |
| long boots_long; |
| long time_long; |
| |
| /* |
| * Indirection because secStateRef values override parameters. |
| * |
| * None of these are to be free'd - they are either pointing to |
| * what's in the secStateRef or to something either in the |
| * actual prarmeter list or the user list. |
| */ |
| |
| char *theName = NULL; |
| u_int theNameLength = 0; |
| u_char *theEngineID = NULL; |
| u_int theEngineIDLength = 0; |
| u_char *theAuthKey = NULL; |
| u_int theAuthKeyLength = 0; |
| const oid *theAuthProtocol = NULL; |
| u_int theAuthProtocolLength = 0; |
| u_char *thePrivKey = NULL; |
| u_int thePrivKeyLength = 0; |
| const oid *thePrivProtocol = NULL; |
| u_int thePrivProtocolLength = 0; |
| int theSecLevel = 0; /* No defined const for bad |
| * value (other then err). |
| */ |
| |
| DEBUGMSGTL(("usm", "USM processing has begun.\n")); |
| |
| if (secStateRef != NULL) { |
| /* |
| * To hush the compiler for now. XXX |
| */ |
| struct usmStateReference *ref |
| = (struct usmStateReference *) secStateRef; |
| |
| theName = ref->usr_name; |
| theNameLength = ref->usr_name_length; |
| theEngineID = ref->usr_engine_id; |
| theEngineIDLength = ref->usr_engine_id_length; |
| |
| if (!theEngineIDLength) { |
| theEngineID = secEngineID; |
| theEngineIDLength = secEngineIDLen; |
| } |
| |
| theAuthProtocol = ref->usr_auth_protocol; |
| theAuthProtocolLength = ref->usr_auth_protocol_length; |
| theAuthKey = ref->usr_auth_key; |
| theAuthKeyLength = ref->usr_auth_key_length; |
| thePrivProtocol = ref->usr_priv_protocol; |
| thePrivProtocolLength = ref->usr_priv_protocol_length; |
| thePrivKey = ref->usr_priv_key; |
| thePrivKeyLength = ref->usr_priv_key_length; |
| theSecLevel = ref->usr_sec_level; |
| } |
| |
| /* |
| * Identify the user record. |
| */ |
| else { |
| struct usmUser *user; |
| |
| /* |
| * we do allow an unknown user name for |
| * unauthenticated requests. |
| */ |
| if ((user = usm_get_user(secEngineID, secEngineIDLen, secName)) |
| == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) { |
| DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName)); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_UNKNOWNSECURITYNAME; |
| } |
| |
| theName = secName; |
| theNameLength = secNameLen; |
| theEngineID = secEngineID; |
| theSecLevel = secLevel; |
| theEngineIDLength = secEngineIDLen; |
| if (user) { |
| theAuthProtocol = user->authProtocol; |
| theAuthProtocolLength = user->authProtocolLen; |
| theAuthKey = user->authKey; |
| theAuthKeyLength = user->authKeyLen; |
| thePrivProtocol = user->privProtocol; |
| thePrivProtocolLength = user->privProtocolLen; |
| thePrivKey = user->privKey; |
| thePrivKeyLength = user->privKeyLen; |
| } else { |
| /* |
| * unknown users can not do authentication (obviously) |
| */ |
| theAuthProtocol = usmNoAuthProtocol; |
| theAuthProtocolLength = |
| sizeof(usmNoAuthProtocol) / sizeof(oid); |
| theAuthKey = NULL; |
| theAuthKeyLength = 0; |
| thePrivProtocol = usmNoPrivProtocol; |
| thePrivProtocolLength = |
| sizeof(usmNoPrivProtocol) / sizeof(oid); |
| thePrivKey = NULL; |
| thePrivKeyLength = 0; |
| } |
| } /* endif -- secStateRef==NULL */ |
| |
| |
| /* |
| * From here to the end of the function, avoid reference to |
| * secName, secEngineID, secLevel, and associated lengths. |
| */ |
| |
| |
| /* |
| * Check to see if the user can use the requested sec services. |
| */ |
| if (usm_check_secLevel_vs_protocols(theSecLevel, |
| theAuthProtocol, |
| theAuthProtocolLength, |
| thePrivProtocol, |
| thePrivProtocolLength) == 1) { |
| DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n", |
| theSecLevel)); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; |
| } |
| |
| |
| /* |
| * Retrieve the engine information. |
| * |
| * XXX No error is declared in the EoP when sending messages to |
| * unknown engines, processing continues w/ boots/time == (0,0). |
| */ |
| if (get_enginetime(theEngineID, theEngineIDLength, |
| &boots_uint, &time_uint, FALSE) == -1) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed to find engine data.")); |
| } |
| |
| boots_long = boots_uint; |
| time_long = time_uint; |
| |
| |
| /* |
| * Set up the Offsets. |
| */ |
| if (usm_calc_offsets(globalDataLen, theSecLevel, theEngineIDLength, |
| theNameLength, scopedPduLen, boots_long, |
| time_long, &theTotalLength, &authParamsOffset, |
| &privParamsOffset, &dataOffset, &datalen, |
| &msgAuthParmLen, &msgPrivParmLen, &otstlen, |
| &seq_len, &msgSecParmLen) == -1) { |
| DEBUGMSGTL(("usm", "Failed calculating offsets.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| /* |
| * So, we have the offsets for the three parts that need to be |
| * determined, and an overall length. Now we need to make |
| * sure all of this would fit in the outgoing buffer, and |
| * whether or not we need to make a new buffer, etc. |
| */ |
| |
| |
| /* |
| * Set wholeMsg as a pointer to globalData. Sanity check for |
| * the proper size. |
| * |
| * Mark workspace in the message with bytes of all 1's to make it |
| * easier to find mistakes in raw message dumps. |
| */ |
| ptr = *wholeMsg = globalData; |
| if (theTotalLength > *wholeMsgLen) { |
| DEBUGMSGTL(("usm", "Message won't fit in buffer.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| ptr_len = *wholeMsgLen = theTotalLength; |
| |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| memset(&ptr[globalDataLen], 0xFF, theTotalLength - globalDataLen); |
| #endif /* NETSNMP_ENABLE_TESTING_CODE */ |
| |
| /* |
| * Do the encryption. |
| */ |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| size_t encrypted_length = theTotalLength - dataOffset; |
| size_t salt_length = BYTESIZE(USM_MAX_SALT_LENGTH); |
| u_char salt[BYTESIZE(USM_MAX_SALT_LENGTH)]; |
| |
| /* |
| * XXX Hardwired to seek into a 1DES private key! |
| */ |
| #ifdef HAVE_AES |
| if (ISTRANSFORM(thePrivProtocol, AESPriv)) { |
| if (!thePrivKey || |
| usm_set_aes_iv(salt, &salt_length, |
| htonl(boots_uint), htonl(time_uint), |
| &ptr[privParamsOffset]) == -1) { |
| DEBUGMSGTL(("usm", "Can't set AES iv.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| #endif |
| #ifndef NETSNMP_DISABLE_DES |
| if (ISTRANSFORM(thePrivProtocol, DESPriv)) { |
| if (!thePrivKey || |
| (usm_set_salt(salt, &salt_length, |
| thePrivKey + 8, thePrivKeyLength - 8, |
| &ptr[privParamsOffset]) |
| == -1)) { |
| DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| #endif |
| |
| if (sc_encrypt(thePrivProtocol, thePrivProtocolLength, |
| thePrivKey, thePrivKeyLength, |
| salt, salt_length, |
| scopedPdu, scopedPduLen, |
| &ptr[dataOffset], &encrypted_length) |
| != SNMP_ERR_NOERROR) { |
| DEBUGMSGTL(("usm", "encryption error.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_ENCRYPTIONERROR; |
| } |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| if (debug_is_token_registered("usm/dump") == SNMPERR_SUCCESS) { |
| dump_chunk("usm/dump", "This data was encrypted:", |
| scopedPdu, scopedPduLen); |
| dump_chunk("usm/dump", "salt + Encrypted form:", |
| salt, salt_length); |
| dump_chunk("usm/dump", NULL, |
| &ptr[dataOffset], encrypted_length); |
| dump_chunk("usm/dump", "*wholeMsg:", |
| *wholeMsg, theTotalLength); |
| } |
| #endif |
| |
| |
| ptr = *wholeMsg; |
| ptr_len = *wholeMsgLen = theTotalLength; |
| |
| |
| /* |
| * XXX Sanity check for salt length should be moved up |
| * under usm_calc_offsets() or tossed. |
| */ |
| if ((encrypted_length != (theTotalLength - dataOffset)) |
| || (salt_length != msgPrivParmLen)) { |
| DEBUGMSGTL(("usm", "encryption length error.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_ENCRYPTIONERROR; |
| } |
| |
| DEBUGMSGTL(("usm", "Encryption successful.\n")); |
| } |
| |
| /* |
| * No encryption for you! |
| */ |
| else { |
| memcpy(&ptr[dataOffset], scopedPdu, scopedPduLen); |
| } |
| |
| |
| |
| /* |
| * Start filling in the other fields (in prep for authentication). |
| * |
| * offSet is an octet string header, which is different from all |
| * the other headers. |
| */ |
| remaining = ptr_len - globalDataLen; |
| |
| offSet = ptr_len - remaining; |
| asn_build_header(&ptr[offSet], &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), otstlen); |
| |
| offSet = ptr_len - remaining; |
| asn_build_sequence(&ptr[offSet], &remaining, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), seq_len); |
| |
| offSet = ptr_len - remaining; |
| DEBUGDUMPHEADER("send", "msgAuthoritativeEngineID"); |
| asn_build_string(&ptr[offSet], &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), theEngineID, |
| theEngineIDLength); |
| DEBUGINDENTLESS(); |
| |
| offSet = ptr_len - remaining; |
| DEBUGDUMPHEADER("send", "msgAuthoritativeEngineBoots"); |
| asn_build_int(&ptr[offSet], &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER), |
| &boots_long, sizeof(long)); |
| DEBUGINDENTLESS(); |
| |
| offSet = ptr_len - remaining; |
| DEBUGDUMPHEADER("send", "msgAuthoritativeEngineTime"); |
| asn_build_int(&ptr[offSet], &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER), |
| &time_long, sizeof(long)); |
| DEBUGINDENTLESS(); |
| |
| offSet = ptr_len - remaining; |
| DEBUGDUMPHEADER("send", "msgUserName"); |
| asn_build_string(&ptr[offSet], &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), (u_char *) theName, |
| theNameLength); |
| DEBUGINDENTLESS(); |
| |
| |
| /* |
| * Note: if there is no authentication being done, |
| * msgAuthParmLen is 0, and there is no effect (other than |
| * inserting a zero-length header) of the following |
| * statements. |
| */ |
| |
| offSet = ptr_len - remaining; |
| asn_build_header(&ptr[offSet], |
| &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), msgAuthParmLen); |
| |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHNOPRIV |
| || theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| offSet = ptr_len - remaining; |
| memset(&ptr[offSet], 0, msgAuthParmLen); |
| } |
| |
| remaining -= msgAuthParmLen; |
| |
| |
| /* |
| * Note: if there is no encryption being done, msgPrivParmLen |
| * is 0, and there is no effect (other than inserting a |
| * zero-length header) of the following statements. |
| */ |
| |
| offSet = ptr_len - remaining; |
| asn_build_header(&ptr[offSet], |
| &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), msgPrivParmLen); |
| |
| remaining -= msgPrivParmLen; /* Skipping the IV already there. */ |
| |
| |
| /* |
| * For privacy, need to add the octet string header for it. |
| */ |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| offSet = ptr_len - remaining; |
| asn_build_header(&ptr[offSet], |
| &remaining, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), |
| theTotalLength - dataOffset); |
| } |
| |
| |
| /* |
| * Adjust overall length and store it as the first SEQ length |
| * of the SNMPv3Message. |
| * |
| * FIX 4 is a magic number! |
| */ |
| remaining = theTotalLength; |
| asn_build_sequence(ptr, &remaining, |
| (u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR), |
| theTotalLength - 4); |
| |
| |
| /* |
| * Now, time to consider / do authentication. |
| */ |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHNOPRIV |
| || theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| size_t temp_sig_len = msgAuthParmLen; |
| u_char *temp_sig = (u_char *) malloc(temp_sig_len); |
| |
| if (temp_sig == NULL) { |
| DEBUGMSGTL(("usm", "Out of memory.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (sc_generate_keyed_hash(theAuthProtocol, theAuthProtocolLength, |
| theAuthKey, theAuthKeyLength, |
| ptr, ptr_len, temp_sig, &temp_sig_len) |
| != SNMP_ERR_NOERROR) { |
| /* |
| * FIX temp_sig_len defined?! |
| */ |
| SNMP_ZERO(temp_sig, temp_sig_len); |
| SNMP_FREE(temp_sig); |
| DEBUGMSGTL(("usm", "Signing failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_AUTHENTICATIONFAILURE; |
| } |
| |
| if (temp_sig_len != msgAuthParmLen) { |
| SNMP_ZERO(temp_sig, temp_sig_len); |
| SNMP_FREE(temp_sig); |
| DEBUGMSGTL(("usm", "Signing lengths failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_AUTHENTICATIONFAILURE; |
| } |
| |
| memcpy(&ptr[authParamsOffset], temp_sig, msgAuthParmLen); |
| |
| SNMP_ZERO(temp_sig, temp_sig_len); |
| SNMP_FREE(temp_sig); |
| |
| } |
| |
| /* |
| * endif -- create keyed hash |
| */ |
| usm_free_usmStateReference(secStateRef); |
| |
| DEBUGMSGTL(("usm", "USM processing completed.\n")); |
| |
| return SNMPERR_SUCCESS; |
| |
| } /* end usm_generate_out_msg() */ |
| |
| #ifdef NETSNMP_USE_REVERSE_ASNENCODING |
| int |
| usm_secmod_rgenerate_out_msg(struct snmp_secmod_outgoing_params *parms) |
| { |
| if (!parms) |
| return SNMPERR_GENERR; |
| |
| return usm_rgenerate_out_msg(parms->msgProcModel, |
| parms->globalData, parms->globalDataLen, |
| parms->maxMsgSize, parms->secModel, |
| parms->secEngineID, parms->secEngineIDLen, |
| parms->secName, parms->secNameLen, |
| parms->secLevel, |
| parms->scopedPdu, parms->scopedPduLen, |
| parms->secStateRef, |
| parms->wholeMsg, parms->wholeMsgLen, |
| parms->wholeMsgOffset); |
| } |
| |
| int |
| usm_rgenerate_out_msg(int msgProcModel, /* (UNUSED) */ |
| u_char * globalData, /* IN */ |
| /* |
| * points at the msgGlobalData, which is of length given by next |
| * parameter. |
| */ |
| size_t globalDataLen, /* IN - Length of msg header data. */ |
| int maxMsgSize, /* (UNUSED) */ |
| int secModel, /* (UNUSED) */ |
| u_char * secEngineID, /* IN - Pointer snmpEngineID. */ |
| size_t secEngineIDLen, /* IN - SnmpEngineID length. */ |
| char *secName, /* IN - Pointer to securityName. */ |
| size_t secNameLen, /* IN - SecurityName length. */ |
| int secLevel, /* IN - AuthNoPriv, authPriv etc. */ |
| u_char * scopedPdu, /* IN */ |
| /* |
| * Pointer to scopedPdu will be encrypted by USM if needed |
| * * and written to packet buffer immediately following |
| * * securityParameters, entire msg will be authenticated by |
| * * USM if needed. |
| */ |
| size_t scopedPduLen, /* IN - scopedPdu length. */ |
| void *secStateRef, /* IN */ |
| /* |
| * secStateRef, pointer to cached info provided only for |
| * * Response, otherwise NULL. |
| */ |
| u_char ** wholeMsg, /* IN/OUT */ |
| /* |
| * Points at the pointer to the packet buffer, which might get extended |
| * if necessary via realloc(). |
| */ |
| size_t * wholeMsgLen, /* IN/OUT */ |
| /* |
| * Length of the entire packet buffer, **not** the length of the |
| * packet. |
| */ |
| size_t * offset /* IN/OUT */ |
| /* |
| * Offset from the end of the packet buffer to the start of the packet, |
| * also known as the packet length. |
| */ |
| ) |
| { |
| size_t msgAuthParmLen = 0; |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| size_t theTotalLength; |
| #endif |
| |
| u_int boots_uint; |
| u_int time_uint; |
| long boots_long; |
| long time_long; |
| |
| /* |
| * Indirection because secStateRef values override parameters. |
| * |
| * None of these are to be free'd - they are either pointing to |
| * what's in the secStateRef or to something either in the |
| * actual parameter list or the user list. |
| */ |
| |
| char *theName = NULL; |
| u_int theNameLength = 0; |
| u_char *theEngineID = NULL; |
| u_int theEngineIDLength = 0; |
| u_char *theAuthKey = NULL; |
| u_int theAuthKeyLength = 0; |
| const oid *theAuthProtocol = NULL; |
| u_int theAuthProtocolLength = 0; |
| u_char *thePrivKey = NULL; |
| u_int thePrivKeyLength = 0; |
| const oid *thePrivProtocol = NULL; |
| u_int thePrivProtocolLength = 0; |
| int theSecLevel = 0; /* No defined const for bad |
| * value (other then err). */ |
| size_t salt_length = 0, save_salt_length = 0; |
| u_char salt[BYTESIZE(USM_MAX_SALT_LENGTH)]; |
| u_char authParams[USM_MAX_AUTHSIZE]; |
| u_char iv[BYTESIZE(USM_MAX_SALT_LENGTH)]; |
| size_t sp_offset = 0, mac_offset = 0; |
| int rc = 0; |
| |
| DEBUGMSGTL(("usm", "USM processing has begun (offset %d)\n", *offset)); |
| |
| if (secStateRef != NULL) { |
| /* |
| * To hush the compiler for now. XXX |
| */ |
| struct usmStateReference *ref |
| = (struct usmStateReference *) secStateRef; |
| |
| theName = ref->usr_name; |
| theNameLength = ref->usr_name_length; |
| theEngineID = ref->usr_engine_id; |
| theEngineIDLength = ref->usr_engine_id_length; |
| |
| if (!theEngineIDLength) { |
| theEngineID = secEngineID; |
| theEngineIDLength = secEngineIDLen; |
| } |
| |
| theAuthProtocol = ref->usr_auth_protocol; |
| theAuthProtocolLength = ref->usr_auth_protocol_length; |
| theAuthKey = ref->usr_auth_key; |
| theAuthKeyLength = ref->usr_auth_key_length; |
| thePrivProtocol = ref->usr_priv_protocol; |
| thePrivProtocolLength = ref->usr_priv_protocol_length; |
| thePrivKey = ref->usr_priv_key; |
| thePrivKeyLength = ref->usr_priv_key_length; |
| theSecLevel = ref->usr_sec_level; |
| } |
| |
| /* |
| * * Identify the user record. |
| */ |
| else { |
| struct usmUser *user; |
| |
| /* |
| * we do allow an unknown user name for |
| * unauthenticated requests. |
| */ |
| if ((user = usm_get_user(secEngineID, secEngineIDLen, secName)) |
| == NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) { |
| DEBUGMSGTL(("usm", "Unknown User\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_UNKNOWNSECURITYNAME; |
| } |
| |
| theName = secName; |
| theNameLength = secNameLen; |
| theEngineID = secEngineID; |
| theSecLevel = secLevel; |
| theEngineIDLength = secEngineIDLen; |
| if (user) { |
| theAuthProtocol = user->authProtocol; |
| theAuthProtocolLength = user->authProtocolLen; |
| theAuthKey = user->authKey; |
| theAuthKeyLength = user->authKeyLen; |
| thePrivProtocol = user->privProtocol; |
| thePrivProtocolLength = user->privProtocolLen; |
| thePrivKey = user->privKey; |
| thePrivKeyLength = user->privKeyLen; |
| } else { |
| /* |
| * unknown users can not do authentication (obviously) |
| */ |
| theAuthProtocol = usmNoAuthProtocol; |
| theAuthProtocolLength = |
| sizeof(usmNoAuthProtocol) / sizeof(oid); |
| theAuthKey = NULL; |
| theAuthKeyLength = 0; |
| thePrivProtocol = usmNoPrivProtocol; |
| thePrivProtocolLength = |
| sizeof(usmNoPrivProtocol) / sizeof(oid); |
| thePrivKey = NULL; |
| thePrivKeyLength = 0; |
| } |
| } /* endif -- secStateRef==NULL */ |
| |
| |
| /* |
| * From here to the end of the function, avoid reference to |
| * secName, secEngineID, secLevel, and associated lengths. |
| */ |
| |
| |
| /* |
| * Check to see if the user can use the requested sec services. |
| */ |
| if (usm_check_secLevel_vs_protocols(theSecLevel, |
| theAuthProtocol, |
| theAuthProtocolLength, |
| thePrivProtocol, |
| thePrivProtocolLength) == 1) { |
| DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n", |
| theSecLevel)); |
| |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; |
| } |
| |
| |
| /* |
| * * Retrieve the engine information. |
| * * |
| * * XXX No error is declared in the EoP when sending messages to |
| * * unknown engines, processing continues w/ boots/time == (0,0). |
| */ |
| if (get_enginetime(theEngineID, theEngineIDLength, |
| &boots_uint, &time_uint, FALSE) == -1) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed to find engine data.")); |
| } |
| |
| boots_long = boots_uint; |
| time_long = time_uint; |
| |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| /* |
| * Initially assume that the ciphertext will end up the same size as |
| * the plaintext plus some padding. Really sc_encrypt ought to be able |
| * to grow this for us, a la asn_realloc_rbuild_<type> functions, but |
| * this will do for now. |
| */ |
| u_char *ciphertext = NULL; |
| size_t ciphertextlen = scopedPduLen + 64; |
| |
| if ((ciphertext = (u_char *) malloc(ciphertextlen)) == NULL) { |
| DEBUGMSGTL(("usm", |
| "couldn't malloc %d bytes for encrypted PDU\n", |
| ciphertextlen)); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_MALLOC; |
| } |
| |
| /* |
| * XXX Hardwired to seek into a 1DES private key! |
| */ |
| #ifdef HAVE_AES |
| if (ISTRANSFORM(thePrivProtocol, AESPriv)) { |
| salt_length = BYTESIZE(USM_AES_SALT_LENGTH); |
| save_salt_length = BYTESIZE(USM_AES_SALT_LENGTH)/2; |
| if (!thePrivKey || |
| usm_set_aes_iv(salt, &salt_length, |
| htonl(boots_uint), htonl(time_uint), |
| iv) == -1) { |
| DEBUGMSGTL(("usm", "Can't set AES iv.\n")); |
| usm_free_usmStateReference(secStateRef); |
| SNMP_FREE(ciphertext); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| #endif |
| #ifndef NETSNMP_DISABLE_DES |
| if (ISTRANSFORM(thePrivProtocol, DESPriv)) { |
| salt_length = BYTESIZE(USM_DES_SALT_LENGTH); |
| save_salt_length = BYTESIZE(USM_DES_SALT_LENGTH); |
| if (!thePrivKey || (usm_set_salt(salt, &salt_length, |
| thePrivKey + 8, |
| thePrivKeyLength - 8, |
| iv) == -1)) { |
| DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n")); |
| usm_free_usmStateReference(secStateRef); |
| SNMP_FREE(ciphertext); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| #endif |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| if (debug_is_token_registered("usm/dump") == SNMPERR_SUCCESS) { |
| dump_chunk("usm/dump", "This data was encrypted:", |
| scopedPdu, scopedPduLen); |
| } |
| #endif |
| |
| if (sc_encrypt(thePrivProtocol, thePrivProtocolLength, |
| thePrivKey, thePrivKeyLength, |
| salt, salt_length, |
| scopedPdu, scopedPduLen, |
| ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) { |
| DEBUGMSGTL(("usm", "encryption error.\n")); |
| usm_free_usmStateReference(secStateRef); |
| SNMP_FREE(ciphertext); |
| return SNMPERR_USM_ENCRYPTIONERROR; |
| } |
| |
| /* |
| * Write the encrypted scopedPdu back into the packet buffer. |
| */ |
| |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| theTotalLength = *wholeMsgLen; |
| #endif |
| *offset = 0; |
| rc = asn_realloc_rbuild_string(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | |
| ASN_PRIMITIVE | |
| ASN_OCTET_STR), |
| ciphertext, ciphertextlen); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "Encryption failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| SNMP_FREE(ciphertext); |
| return SNMPERR_USM_ENCRYPTIONERROR; |
| } |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| if (debug_is_token_registered("usm/dump") == SNMPERR_SUCCESS) { |
| dump_chunk("usm/dump", "salt + Encrypted form: ", salt, |
| salt_length); |
| dump_chunk("usm/dump", "wholeMsg:", |
| (*wholeMsg + *wholeMsgLen - *offset), *offset); |
| } |
| #endif |
| |
| DEBUGMSGTL(("usm", "Encryption successful.\n")); |
| SNMP_FREE(ciphertext); |
| } else { |
| /* |
| * theSecLevel != SNMP_SEC_LEVEL_AUTHPRIV |
| */ |
| } |
| |
| /* |
| * Start encoding the msgSecurityParameters. |
| */ |
| |
| sp_offset = *offset; |
| |
| DEBUGDUMPHEADER("send", "msgPrivacyParameters"); |
| /* |
| * msgPrivacyParameters (warning: assumes DES salt). |
| */ |
| rc = asn_realloc_rbuild_string(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), |
| iv, |
| save_salt_length); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building privParams failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| DEBUGDUMPHEADER("send", "msgAuthenticationParameters"); |
| /* |
| * msgAuthenticationParameters (warnings assumes 0x00 by 12). |
| */ |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHNOPRIV |
| || theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| memset(authParams, 0, USM_MD5_AND_SHA_AUTH_LEN); |
| msgAuthParmLen = USM_MD5_AND_SHA_AUTH_LEN; |
| } |
| |
| rc = asn_realloc_rbuild_string(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), authParams, |
| msgAuthParmLen); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building authParams failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * Remember where to put the actual HMAC we calculate later on. An |
| * encoded OCTET STRING of length USM_MD5_AND_SHA_AUTH_LEN has an ASN.1 |
| * header of length 2, hence the fudge factor. |
| */ |
| |
| mac_offset = *offset - 2; |
| |
| /* |
| * msgUserName. |
| */ |
| DEBUGDUMPHEADER("send", "msgUserName"); |
| rc = asn_realloc_rbuild_string(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), |
| (u_char *) theName, theNameLength); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building authParams failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * msgAuthoritativeEngineTime. |
| */ |
| DEBUGDUMPHEADER("send", "msgAuthoritativeEngineTime"); |
| rc = asn_realloc_rbuild_int(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &time_long, |
| sizeof(long)); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", |
| "building msgAuthoritativeEngineTime failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * msgAuthoritativeEngineBoots. |
| */ |
| DEBUGDUMPHEADER("send", "msgAuthoritativeEngineBoots"); |
| rc = asn_realloc_rbuild_int(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_INTEGER), &boots_long, |
| sizeof(long)); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", |
| "building msgAuthoritativeEngineBoots failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| DEBUGDUMPHEADER("send", "msgAuthoritativeEngineID"); |
| rc = asn_realloc_rbuild_string(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), theEngineID, |
| theEngineIDLength); |
| DEBUGINDENTLESS(); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * USM msgSecurityParameters sequence header |
| */ |
| rc = asn_realloc_rbuild_sequence(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_SEQUENCE | |
| ASN_CONSTRUCTOR), |
| *offset - sp_offset); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building usm security parameters failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * msgSecurityParameters OCTET STRING wrapper. |
| */ |
| rc = asn_realloc_rbuild_header(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), |
| *offset - sp_offset); |
| |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * Copy in the msgGlobalData and msgVersion. |
| */ |
| while ((*wholeMsgLen - *offset) < globalDataLen) { |
| if (!asn_realloc(wholeMsg, wholeMsgLen)) { |
| DEBUGMSGTL(("usm", "building global data failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| } |
| |
| *offset += globalDataLen; |
| memcpy(*wholeMsg + *wholeMsgLen - *offset, globalData, globalDataLen); |
| |
| /* |
| * Total packet sequence. |
| */ |
| rc = asn_realloc_rbuild_sequence(wholeMsg, wholeMsgLen, offset, 1, |
| (u_char) (ASN_SEQUENCE | |
| ASN_CONSTRUCTOR), *offset); |
| if (rc == 0) { |
| DEBUGMSGTL(("usm", "building master packet sequence failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_TOO_LONG; |
| } |
| |
| /* |
| * Now consider / do authentication. |
| */ |
| |
| if (theSecLevel == SNMP_SEC_LEVEL_AUTHNOPRIV || |
| theSecLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| size_t temp_sig_len = msgAuthParmLen; |
| u_char *temp_sig = (u_char *) malloc(temp_sig_len); |
| u_char *proto_msg = *wholeMsg + *wholeMsgLen - *offset; |
| size_t proto_msg_len = *offset; |
| |
| |
| if (temp_sig == NULL) { |
| DEBUGMSGTL(("usm", "Out of memory.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (sc_generate_keyed_hash(theAuthProtocol, theAuthProtocolLength, |
| theAuthKey, theAuthKeyLength, |
| proto_msg, proto_msg_len, |
| temp_sig, &temp_sig_len) |
| != SNMP_ERR_NOERROR) { |
| SNMP_FREE(temp_sig); |
| DEBUGMSGTL(("usm", "Signing failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_AUTHENTICATIONFAILURE; |
| } |
| |
| if (temp_sig_len != msgAuthParmLen) { |
| SNMP_FREE(temp_sig); |
| DEBUGMSGTL(("usm", "Signing lengths failed.\n")); |
| usm_free_usmStateReference(secStateRef); |
| return SNMPERR_USM_AUTHENTICATIONFAILURE; |
| } |
| |
| memcpy(*wholeMsg + *wholeMsgLen - mac_offset, temp_sig, |
| msgAuthParmLen); |
| SNMP_FREE(temp_sig); |
| } |
| /* |
| * endif -- create keyed hash |
| */ |
| usm_free_usmStateReference(secStateRef); |
| DEBUGMSGTL(("usm", "USM processing completed.\n")); |
| return SNMPERR_SUCCESS; |
| } /* end usm_rgenerate_out_msg() */ |
| |
| #endif /* */ |
| |
| |
| |
| /*******************************************************************-o-****** |
| * usm_parse_security_parameters |
| * |
| * Parameters: |
| * (See list below...) |
| * |
| * Returns: |
| * 0 On success, |
| * -1 Otherwise. |
| * |
| * tab stop 4 |
| * |
| * Extracts values from the security header and data portions of the |
| * incoming buffer. |
| */ |
| int |
| usm_parse_security_parameters(u_char * secParams, |
| size_t remaining, |
| u_char * secEngineID, |
| size_t * secEngineIDLen, |
| u_int * boots_uint, |
| u_int * time_uint, |
| char *secName, |
| size_t * secNameLen, |
| u_char * signature, |
| size_t * signature_length, |
| u_char * salt, |
| size_t * salt_length, u_char ** data_ptr) |
| { |
| u_char *parse_ptr = secParams; |
| u_char *value_ptr; |
| u_char *next_ptr; |
| u_char type_value; |
| |
| size_t octet_string_length = remaining; |
| size_t sequence_length; |
| size_t remaining_bytes; |
| |
| long boots_long; |
| long time_long; |
| |
| u_int origNameLen; |
| |
| |
| /* |
| * Eat the first octet header. |
| */ |
| if ((value_ptr = asn_parse_sequence(parse_ptr, &octet_string_length, |
| &type_value, |
| (ASN_UNIVERSAL | ASN_PRIMITIVE | |
| ASN_OCTET_STR), |
| "usm first octet")) == NULL) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| |
| /* |
| * Eat the sequence header. |
| */ |
| parse_ptr = value_ptr; |
| sequence_length = octet_string_length; |
| |
| if ((value_ptr = asn_parse_sequence(parse_ptr, &sequence_length, |
| &type_value, |
| (ASN_SEQUENCE | ASN_CONSTRUCTOR), |
| "usm sequence")) == NULL) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| |
| /* |
| * Retrieve the engineID. |
| */ |
| parse_ptr = value_ptr; |
| remaining_bytes = sequence_length; |
| |
| DEBUGDUMPHEADER("recv", "msgAuthoritativeEngineID"); |
| if ((next_ptr |
| = asn_parse_string(parse_ptr, &remaining_bytes, &type_value, |
| secEngineID, secEngineIDLen)) == NULL) { |
| DEBUGINDENTLESS(); |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| DEBUGINDENTLESS(); |
| |
| if (type_value != |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR)) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| |
| /* |
| * Retrieve the engine boots, notice switch in the way next_ptr and |
| * remaining_bytes are used (to accomodate the asn code). |
| */ |
| DEBUGDUMPHEADER("recv", "msgAuthoritativeEngineBoots"); |
| if ((next_ptr = asn_parse_int(next_ptr, &remaining_bytes, &type_value, |
| &boots_long, sizeof(long))) == NULL) { |
| DEBUGINDENTLESS(); |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| DEBUGINDENTLESS(); |
| |
| if (type_value != |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER)) { |
| DEBUGINDENTLESS(); |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| *boots_uint = (u_int) boots_long; |
| |
| |
| /* |
| * Retrieve the time value. |
| */ |
| DEBUGDUMPHEADER("recv", "msgAuthoritativeEngineTime"); |
| if ((next_ptr = asn_parse_int(next_ptr, &remaining_bytes, &type_value, |
| &time_long, sizeof(long))) == NULL) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| DEBUGINDENTLESS(); |
| |
| if (type_value != |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_INTEGER)) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| *time_uint = (u_int) time_long; |
| |
| if (*boots_uint > ENGINEBOOT_MAX || *time_uint > ENGINETIME_MAX) { |
| return -1; |
| } |
| |
| /* |
| * Retrieve the secName. |
| */ |
| origNameLen = *secNameLen; |
| |
| |
| DEBUGDUMPHEADER("recv", "msgUserName"); |
| if ((next_ptr |
| = asn_parse_string(next_ptr, &remaining_bytes, &type_value, |
| (u_char *) secName, secNameLen)) == NULL) { |
| DEBUGINDENTLESS(); |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| DEBUGINDENTLESS(); |
| |
| /* |
| * FIX -- doesn't this also indicate a buffer overrun? |
| */ |
| if ((int) origNameLen < *secNameLen + 1) { |
| /* |
| * RETURN parse error, but it's really a parameter error |
| */ |
| return -1; |
| } |
| |
| if (*secNameLen > 32) { |
| /* |
| * This is a USM-specific limitation over and above the above |
| * limitation (which will probably default to the length of an |
| * SnmpAdminString, i.e. 255). See RFC 2574, sec. 2.4. |
| */ |
| return -1; |
| } |
| |
| secName[*secNameLen] = '\0'; |
| |
| if (type_value != |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR)) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| |
| /* |
| * Retrieve the signature and blank it if there. |
| */ |
| DEBUGDUMPHEADER("recv", "msgAuthenticationParameters"); |
| if ((next_ptr |
| = asn_parse_string(next_ptr, &remaining_bytes, &type_value, |
| signature, signature_length)) == NULL) { |
| DEBUGINDENTLESS(); |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| DEBUGINDENTLESS(); |
| |
| if (type_value != |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR)) { |
| /* |
| * RETURN parse error |
| */ return -1; |
| } |
| |
| if (*signature_length != 0) { /* Blanking for authentication step later */ |
| memset(next_ptr - (u_long) * signature_length, |
| 0, *signature_length); |
| } |
| |
| |
| /* |
| * Retrieve the salt. |
| * |
| * Note that the next ptr is where the data section starts. |
| */ |
| DEBUGDUMPHEADER("recv", "msgPrivacyParameters"); |
| if ((*data_ptr |
| = asn_parse_string(next_ptr, &remaining_bytes, &type_value, |
| salt, salt_length)) == NULL) { |
| DEBUGINDENTLESS(); |
| /* |
| * RETURN parse error |
| */ return -2; |
| } |
| DEBUGINDENTLESS(); |
| |
| if (type_value != |
| (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR)) { |
| /* |
| * RETURN parse error |
| */ return -2; |
| } |
| |
| return 0; |
| |
| } /* end usm_parse_security_parameters() */ |
| |
| |
| |
| |
| /*******************************************************************-o-****** |
| * usm_check_and_update_timeliness |
| * |
| * Parameters: |
| * *secEngineID |
| * secEngineIDen |
| * boots_uint |
| * time_uint |
| * *error |
| * |
| * Returns: |
| * 0 On success, |
| * -1 Otherwise. |
| * |
| * |
| * Performs the incoming timeliness checking and setting. |
| */ |
| int |
| usm_check_and_update_timeliness(u_char * secEngineID, |
| size_t secEngineIDLen, |
| u_int boots_uint, |
| u_int time_uint, int *error) |
| { |
| u_char myID[USM_MAX_ID_LENGTH]; |
| u_long myIDLength = |
| snmpv3_get_engineID(myID, USM_MAX_ID_LENGTH); |
| u_int myBoots; |
| u_int myTime; |
| |
| |
| |
| if ((myIDLength > USM_MAX_ID_LENGTH) || (myIDLength == 0)) { |
| /* |
| * We're probably already screwed...buffer overwrite. XXX? |
| */ |
| DEBUGMSGTL(("usm", "Buffer overflow.\n")); |
| *error = SNMPERR_USM_GENERICERROR; |
| return -1; |
| } |
| |
| myBoots = snmpv3_local_snmpEngineBoots(); |
| myTime = snmpv3_local_snmpEngineTime(); |
| |
| |
| /* |
| * IF the time involved is local |
| * Make sure message is inside the time window |
| * ELSE |
| * IF boots is higher or boots is the same and time is higher |
| * remember this new data |
| * ELSE |
| * IF !(boots same and time within USM_TIME_WINDOW secs) |
| * Message is too old |
| * ELSE |
| * Message is ok, but don't take time |
| * ENDIF |
| * ENDIF |
| * ENDIF |
| */ |
| |
| /* |
| * This is a local reference. |
| */ |
| if ((int) secEngineIDLen == myIDLength |
| && memcmp(secEngineID, myID, myIDLength) == 0) { |
| u_int time_difference = myTime > time_uint ? |
| myTime - time_uint : time_uint - myTime; |
| |
| if (boots_uint == ENGINEBOOT_MAX |
| || boots_uint != myBoots |
| || time_difference > USM_TIME_WINDOW) { |
| if (snmp_increment_statistic(STAT_USMSTATSNOTINTIMEWINDOWS) == |
| 0) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed to increment statistic.")); |
| } |
| |
| DEBUGMSGTL(("usm", |
| "boot_uint %u myBoots %u time_diff %u => not in time window\n", |
| boots_uint, myBoots, time_difference)); |
| *error = SNMPERR_USM_NOTINTIMEWINDOW; |
| return -1; |
| } |
| |
| *error = SNMPERR_SUCCESS; |
| return 0; |
| } |
| |
| /* |
| * This is a remote reference. |
| */ |
| else { |
| u_int theirBoots, theirTime, theirLastTime; |
| u_int time_difference; |
| |
| if (get_enginetime_ex(secEngineID, secEngineIDLen, |
| &theirBoots, &theirTime, |
| &theirLastTime, TRUE) |
| != SNMPERR_SUCCESS) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed to get remote engine's times.")); |
| |
| *error = SNMPERR_USM_GENERICERROR; |
| return -1; |
| } |
| |
| time_difference = theirTime > time_uint ? |
| theirTime - time_uint : time_uint - theirTime; |
| |
| |
| /* |
| * XXX Contrary to the pseudocode: |
| * See if boots is invalid first. |
| */ |
| if (theirBoots == ENGINEBOOT_MAX || theirBoots > boots_uint) { |
| DEBUGMSGTL(("usm", "%s\n", "Remote boot count invalid.")); |
| |
| *error = SNMPERR_USM_NOTINTIMEWINDOW; |
| return -1; |
| } |
| |
| |
| /* |
| * Boots is ok, see if the boots is the same but the time |
| * is old. |
| */ |
| if (theirBoots == boots_uint && time_uint < theirLastTime) { |
| if (time_difference > USM_TIME_WINDOW) { |
| DEBUGMSGTL(("usm", "%s\n", "Message too old.")); |
| *error = SNMPERR_USM_NOTINTIMEWINDOW; |
| return -1; |
| } |
| |
| else { /* Old, but acceptable */ |
| |
| *error = SNMPERR_SUCCESS; |
| return 0; |
| } |
| } |
| |
| |
| /* |
| * Message is ok, either boots has been advanced, or |
| * time is greater than before with the same boots. |
| */ |
| |
| if (set_enginetime(secEngineID, secEngineIDLen, |
| boots_uint, time_uint, TRUE) |
| != SNMPERR_SUCCESS) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed updating remote boot/time.")); |
| *error = SNMPERR_USM_GENERICERROR; |
| return -1; |
| } |
| |
| *error = SNMPERR_SUCCESS; |
| return 0; /* Fresh message and time updated */ |
| |
| } /* endif -- local or remote time reference. */ |
| |
| |
| } /* end usm_check_and_update_timeliness() */ |
| |
| |
| |
| int |
| usm_secmod_process_in_msg(struct snmp_secmod_incoming_params *parms) |
| { |
| if (!parms) |
| return SNMPERR_GENERR; |
| |
| return usm_process_in_msg(parms->msgProcModel, |
| parms->maxMsgSize, |
| parms->secParams, |
| parms->secModel, |
| parms->secLevel, |
| parms->wholeMsg, |
| parms->wholeMsgLen, |
| parms->secEngineID, |
| parms->secEngineIDLen, |
| parms->secName, |
| parms->secNameLen, |
| parms->scopedPdu, |
| parms->scopedPduLen, |
| parms->maxSizeResponse, |
| parms->secStateRef, |
| parms->sess, parms->msg_flags); |
| } |
| |
| /*******************************************************************-o-****** |
| * usm_process_in_msg |
| * |
| * Parameters: |
| * (See list below...) |
| * |
| * Returns: |
| * SNMPERR_SUCCESS On success. |
| * SNMPERR_USM_AUTHENTICATIONFAILURE |
| * SNMPERR_USM_DECRYPTIONERROR |
| * SNMPERR_USM_GENERICERROR |
| * SNMPERR_USM_PARSEERROR |
| * SNMPERR_USM_UNKNOWNENGINEID |
| * SNMPERR_USM_PARSEERROR |
| * SNMPERR_USM_UNKNOWNSECURITYNAME |
| * SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL |
| * |
| * |
| * ASSUMES size of decrypt_buf will always be >= size of encrypted sPDU. |
| * |
| * FIX Memory leaks if secStateRef is allocated and a return occurs |
| * without cleaning up. May contain secrets... |
| */ |
| int |
| usm_process_in_msg(int msgProcModel, /* (UNUSED) */ |
| size_t maxMsgSize, /* IN - Used to calc maxSizeResponse. */ |
| u_char * secParams, /* IN - BER encoded securityParameters. */ |
| int secModel, /* (UNUSED) */ |
| int secLevel, /* IN - AuthNoPriv, authPriv etc. */ |
| u_char * wholeMsg, /* IN - Original v3 message. */ |
| size_t wholeMsgLen, /* IN - Msg length. */ |
| u_char * secEngineID, /* OUT - Pointer snmpEngineID. */ |
| size_t * secEngineIDLen, /* IN/OUT - Len available, len returned. */ |
| /* |
| * NOTE: Memory provided by caller. |
| */ |
| char *secName, /* OUT - Pointer to securityName. */ |
| size_t * secNameLen, /* IN/OUT - Len available, len returned. */ |
| u_char ** scopedPdu, /* OUT - Pointer to plaintext scopedPdu. */ |
| size_t * scopedPduLen, /* IN/OUT - Len available, len returned. */ |
| size_t * maxSizeResponse, /* OUT - Max size of Response PDU. */ |
| void **secStateRf, /* OUT - Ref to security state. */ |
| netsnmp_session * sess, /* IN - session which got the message */ |
| u_char msg_flags) |
| { /* IN - v3 Message flags. */ |
| size_t remaining = wholeMsgLen - (u_int) |
| ((u_long) * secParams - (u_long) * wholeMsg); |
| u_int boots_uint; |
| u_int time_uint; |
| #ifdef HAVE_AES |
| u_int net_boots, net_time; |
| #endif |
| u_char signature[BYTESIZE(USM_MAX_KEYEDHASH_LENGTH)]; |
| size_t signature_length = BYTESIZE(USM_MAX_KEYEDHASH_LENGTH); |
| u_char salt[BYTESIZE(USM_MAX_SALT_LENGTH)]; |
| size_t salt_length = BYTESIZE(USM_MAX_SALT_LENGTH); |
| u_char iv[BYTESIZE(USM_MAX_SALT_LENGTH)]; |
| u_int iv_length = BYTESIZE(USM_MAX_SALT_LENGTH); |
| u_char *data_ptr; |
| u_char *value_ptr; |
| u_char type_value; |
| u_char *end_of_overhead = NULL; |
| int error; |
| int i, rc = 0; |
| struct usmStateReference **secStateRef = |
| (struct usmStateReference **) secStateRf; |
| |
| struct usmUser *user; |
| |
| |
| DEBUGMSGTL(("usm", "USM processing begun...\n")); |
| |
| |
| if (secStateRef) { |
| usm_free_usmStateReference(*secStateRef); |
| *secStateRef = usm_malloc_usmStateReference(); |
| if (*secStateRef == NULL) { |
| DEBUGMSGTL(("usm", "Out of memory.\n")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| |
| |
| /* |
| * Make sure the *secParms is an OCTET STRING. |
| * Extract the user name, engine ID, and security level. |
| */ |
| if ((rc = usm_parse_security_parameters(secParams, remaining, |
| secEngineID, secEngineIDLen, |
| &boots_uint, &time_uint, |
| secName, secNameLen, |
| signature, &signature_length, |
| salt, &salt_length, |
| &data_ptr)) < 0) { |
| DEBUGMSGTL(("usm", "Parsing failed (rc %d).\n", rc)); |
| if (rc == -2) { |
| /* |
| * This indicates a decryptionError. |
| */ |
| if (snmp_increment_statistic(STAT_USMSTATSDECRYPTIONERRORS) == |
| 0) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed to increment statistic.")); |
| } |
| return SNMPERR_USM_DECRYPTIONERROR; |
| } |
| if (snmp_increment_statistic(STAT_SNMPINASNPARSEERRS) == 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed to increment statistic.")); |
| } |
| return SNMPERR_USM_PARSEERROR; |
| } |
| |
| /* |
| * RFC 2574 section 8.3.2 |
| * 1) If the privParameters field is not an 8-octet OCTET STRING, |
| * then an error indication (decryptionError) is returned to the |
| * calling module. |
| */ |
| if ((secLevel == SNMP_SEC_LEVEL_AUTHPRIV) && (salt_length != 8)) { |
| if (snmp_increment_statistic(STAT_USMSTATSDECRYPTIONERRORS) == |
| 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed increment statistic.")); |
| } |
| return SNMPERR_USM_DECRYPTIONERROR; |
| } |
| |
| if (secLevel != SNMP_SEC_LEVEL_AUTHPRIV) { |
| /* |
| * pull these out now so reports can use them |
| */ |
| *scopedPdu = data_ptr; |
| *scopedPduLen = wholeMsgLen - (data_ptr - wholeMsg); |
| end_of_overhead = data_ptr; |
| } |
| |
| if (secStateRef) { |
| /* |
| * Cache the name, engine ID, and security level, |
| * * per step 2 (section 3.2) |
| */ |
| if (usm_set_usmStateReference_name |
| (*secStateRef, secName, *secNameLen) == -1) { |
| DEBUGMSGTL(("usm", "%s\n", "Couldn't cache name.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (usm_set_usmStateReference_engine_id |
| (*secStateRef, secEngineID, *secEngineIDLen) == -1) { |
| DEBUGMSGTL(("usm", "%s\n", "Couldn't cache engine id.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (usm_set_usmStateReference_sec_level(*secStateRef, secLevel) == |
| -1) { |
| DEBUGMSGTL(("usm", "%s\n", "Couldn't cache security level.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| |
| |
| /* |
| * Locate the engine ID record. |
| * If it is unknown, then either create one or note this as an error. |
| */ |
| if ((sess && (sess->isAuthoritative == SNMP_SESS_AUTHORITATIVE || |
| (sess->isAuthoritative == SNMP_SESS_UNKNOWNAUTH && |
| (msg_flags & SNMP_MSG_FLAG_RPRT_BIT)))) || |
| (!sess && (msg_flags & SNMP_MSG_FLAG_RPRT_BIT))) { |
| if (ISENGINEKNOWN(secEngineID, *secEngineIDLen) == FALSE) { |
| DEBUGMSGTL(("usm", "Unknown Engine ID.\n")); |
| if (snmp_increment_statistic(STAT_USMSTATSUNKNOWNENGINEIDS) == |
| 0) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed to increment statistic.")); |
| } |
| return SNMPERR_USM_UNKNOWNENGINEID; |
| } |
| } else { |
| if (ENSURE_ENGINE_RECORD(secEngineID, *secEngineIDLen) |
| != SNMPERR_SUCCESS) { |
| DEBUGMSGTL(("usm", "%s\n", "Couldn't ensure engine record.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| } |
| |
| |
| /* |
| * Locate the User record. |
| * If the user/engine ID is unknown, report this as an error. |
| */ |
| if ((user = usm_get_user_from_list(secEngineID, *secEngineIDLen, |
| secName, userList, |
| (((sess && sess->isAuthoritative == |
| SNMP_SESS_AUTHORITATIVE) || |
| (!sess)) ? 0 : 1))) |
| == NULL) { |
| DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName)); |
| if (snmp_increment_statistic(STAT_USMSTATSUNKNOWNUSERNAMES) == 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed to increment statistic.")); |
| } |
| return SNMPERR_USM_UNKNOWNSECURITYNAME; |
| } |
| |
| /* ensure the user is active */ |
| if (user->userStatus != RS_ACTIVE) { |
| DEBUGMSGTL(("usm", "Attempt to use an inactive user.\n")); |
| return SNMPERR_USM_UNKNOWNSECURITYNAME; |
| } |
| |
| /* |
| * Make sure the security level is appropriate. |
| */ |
| |
| rc = usm_check_secLevel(secLevel, user); |
| if (1 == rc) { |
| DEBUGMSGTL(("usm", "Unsupported Security Level (%d).\n", |
| secLevel)); |
| if (snmp_increment_statistic |
| (STAT_USMSTATSUNSUPPORTEDSECLEVELS) == 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed to increment statistic.")); |
| } |
| return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL; |
| } else if (rc != 0) { |
| DEBUGMSGTL(("usm", "Unknown issue.\n")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| /* |
| * Check the authentication credentials of the message. |
| */ |
| if (secLevel == SNMP_SEC_LEVEL_AUTHNOPRIV |
| || secLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| if (sc_check_keyed_hash(user->authProtocol, user->authProtocolLen, |
| user->authKey, user->authKeyLen, |
| wholeMsg, wholeMsgLen, |
| signature, signature_length) |
| != SNMP_ERR_NOERROR) { |
| DEBUGMSGTL(("usm", "Verification failed.\n")); |
| if (snmp_increment_statistic(STAT_USMSTATSWRONGDIGESTS) == 0) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed to increment statistic.")); |
| } |
| snmp_log(LOG_WARNING, "Authentication failed for %s\n", |
| user->name); |
| return SNMPERR_USM_AUTHENTICATIONFAILURE; |
| } |
| |
| DEBUGMSGTL(("usm", "Verification succeeded.\n")); |
| } |
| |
| |
| /* |
| * Steps 10-11 user is already set - relocated before timeliness |
| * check in case it fails - still save user data for response. |
| * |
| * Cache the keys and protocol oids, per step 11 (s3.2). |
| */ |
| if (secStateRef) { |
| if (usm_set_usmStateReference_auth_protocol(*secStateRef, |
| user->authProtocol, |
| user-> |
| authProtocolLen) == |
| -1) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Couldn't cache authentication protocol.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (usm_set_usmStateReference_auth_key(*secStateRef, |
| user->authKey, |
| user->authKeyLen) == -1) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Couldn't cache authentication key.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (usm_set_usmStateReference_priv_protocol(*secStateRef, |
| user->privProtocol, |
| user-> |
| privProtocolLen) == |
| -1) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Couldn't cache privacy protocol.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| |
| if (usm_set_usmStateReference_priv_key(*secStateRef, |
| user->privKey, |
| user->privKeyLen) == -1) { |
| DEBUGMSGTL(("usm", "%s\n", "Couldn't cache privacy key.")); |
| return SNMPERR_USM_GENERICERROR; |
| } |
| } |
| |
| |
| /* |
| * Perform the timeliness/time manager functions. |
| */ |
| if (secLevel == SNMP_SEC_LEVEL_AUTHNOPRIV |
| || secLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| if (usm_check_and_update_timeliness(secEngineID, *secEngineIDLen, |
| boots_uint, time_uint, |
| &error) == -1) { |
| return error; |
| } |
| } |
| #ifdef LCD_TIME_SYNC_OPT |
| /* |
| * Cache the unauthenticated time to use in case we don't have |
| * anything better - this guess will be no worse than (0,0) |
| * that we normally use. |
| */ |
| else { |
| set_enginetime(secEngineID, *secEngineIDLen, |
| boots_uint, time_uint, FALSE); |
| } |
| #endif /* LCD_TIME_SYNC_OPT */ |
| |
| |
| /* |
| * If needed, decrypt the scoped PDU. |
| */ |
| if (secLevel == SNMP_SEC_LEVEL_AUTHPRIV) { |
| remaining = wholeMsgLen - (data_ptr - wholeMsg); |
| |
| if ((value_ptr = asn_parse_sequence(data_ptr, &remaining, |
| &type_value, |
| (ASN_UNIVERSAL | ASN_PRIMITIVE |
| | ASN_OCTET_STR), |
| "encrypted sPDU")) == NULL) { |
| DEBUGMSGTL(("usm", "%s\n", |
| "Failed while parsing encrypted sPDU.")); |
| if (snmp_increment_statistic(STAT_SNMPINASNPARSEERRS) == 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed increment statistic.")); |
| } |
| usm_free_usmStateReference(*secStateRef); |
| *secStateRef = NULL; |
| return SNMPERR_USM_PARSEERROR; |
| } |
| |
| #ifndef NETSNMP_DISABLE_DES |
| if (ISTRANSFORM(user->privProtocol, DESPriv)) { |
| /* |
| * From RFC2574: |
| * |
| * "Before decryption, the encrypted data length is verified. |
| * If the length of the OCTET STRING to be decrypted is not |
| * an integral multiple of 8 octets, the decryption process |
| * is halted and an appropriate exception noted." |
| */ |
| |
| if (remaining % 8 != 0) { |
| DEBUGMSGTL(("usm", |
| "Ciphertext is %lu bytes, not an integer multiple of 8 (rem %d)\n", |
| remaining, remaining % 8)); |
| if (snmp_increment_statistic(STAT_USMSTATSDECRYPTIONERRORS) == |
| 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed increment statistic.")); |
| } |
| usm_free_usmStateReference(*secStateRef); |
| *secStateRef = NULL; |
| return SNMPERR_USM_DECRYPTIONERROR; |
| } |
| |
| end_of_overhead = value_ptr; |
| |
| if ( !user->privKey ) { |
| DEBUGMSGTL(("usm", "No privacy pass phrase for %s\n", user->secName)); |
| if (snmp_increment_statistic(STAT_USMSTATSDECRYPTIONERRORS) == |
| 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed increment statistic.")); |
| } |
| usm_free_usmStateReference(*secStateRef); |
| *secStateRef = NULL; |
| return SNMPERR_USM_DECRYPTIONERROR; |
| } |
| |
| /* |
| * XOR the salt with the last (iv_length) bytes |
| * of the priv_key to obtain the IV. |
| */ |
| iv_length = BYTESIZE(USM_DES_SALT_LENGTH); |
| for (i = 0; i < (int) iv_length; i++) |
| iv[i] = salt[i] ^ user->privKey[iv_length + i]; |
| } |
| #endif |
| #ifdef HAVE_AES |
| if (ISTRANSFORM(user->privProtocol, AESPriv)) { |
| iv_length = BYTESIZE(USM_AES_SALT_LENGTH); |
| net_boots = ntohl(boots_uint); |
| net_time = ntohl(time_uint); |
| memcpy(iv, &net_boots, 4); |
| memcpy(iv+4, &net_time, 4); |
| memcpy(iv+8, salt, salt_length); |
| } |
| #endif |
| |
| if (sc_decrypt(user->privProtocol, user->privProtocolLen, |
| user->privKey, user->privKeyLen, |
| iv, iv_length, |
| value_ptr, remaining, *scopedPdu, scopedPduLen) |
| != SNMP_ERR_NOERROR) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed decryption.")); |
| if (snmp_increment_statistic |
| (STAT_USMSTATSDECRYPTIONERRORS) == 0) { |
| DEBUGMSGTL(("usm", "%s\n", "Failed increment statistic.")); |
| } |
| return SNMPERR_USM_DECRYPTIONERROR; |
| } |
| #ifdef NETSNMP_ENABLE_TESTING_CODE |
| if (debug_is_token_registered("usm/dump") == SNMPERR_SUCCESS) { |
| dump_chunk("usm/dump", "Cypher Text", value_ptr, remaining); |
| dump_chunk("usm/dump", "salt + Encrypted form:", |
| salt, salt_length); |
| dump_chunk("usm/dump", "IV + Encrypted form:", iv, iv_length); |
| dump_chunk("usm/dump", "Decrypted chunk:", |
| *scopedPdu, *scopedPduLen); |
| } |
| #endif |
| } |
| /* |
| * sPDU is plaintext. |
| */ |
| else { |
| *scopedPdu = data_ptr; |
| *scopedPduLen = wholeMsgLen - (data_ptr - wholeMsg); |
| end_of_overhead = data_ptr; |
| |
| } /* endif -- PDU decryption */ |
| |
| |
| /* |
| * Calculate the biggest sPDU for the response (i.e., whole - ovrhd). |
| * |
| * FIX Correct? |
| */ |
| *maxSizeResponse = maxMsgSize - (int) |
| ((u_long) end_of_overhead - (u_long) wholeMsg); |
| |
| |
| DEBUGMSGTL(("usm", "USM processing completed.\n")); |
| |
| return SNMPERR_SUCCESS; |
| |
| } /* end usm_process_in_msg() */ |
| |
| void |
| usm_handle_report(void *sessp, |
| netsnmp_transport *transport, netsnmp_session *session, |
| int result, netsnmp_pdu *pdu) |
| { |
| /* |
| * handle reportable errors |
| */ |
| |
| /* this will get in our way */ |
| usm_free_usmStateReference(pdu->securityStateRef); |
| pdu->securityStateRef = NULL; |
| |
| switch (result) { |
| case SNMPERR_USM_AUTHENTICATIONFAILURE: |
| { |
| int res = session->s_snmp_errno; |
| session->s_snmp_errno = result; |
| if (session->callback) { |
| session->callback(NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE, |
| session, pdu->reqid, pdu, |
| session->callback_magic); |
| } |
| session->s_snmp_errno = res; |
| } |
| /* fallthrough */ |
| case SNMPERR_USM_UNKNOWNENGINEID: |
| case SNMPERR_USM_UNKNOWNSECURITYNAME: |
| case SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL: |
| case SNMPERR_USM_NOTINTIMEWINDOW: |
| case SNMPERR_USM_DECRYPTIONERROR: |
| |
| if (SNMP_CMD_CONFIRMED(pdu->command) || |
| (pdu->command == 0 |
| && (pdu->flags & SNMP_MSG_FLAG_RPRT_BIT))) { |
| netsnmp_pdu *pdu2; |
| int flags = pdu->flags; |
| |
| pdu->flags |= UCD_MSG_FLAG_FORCE_PDU_COPY; |
| pdu2 = snmp_clone_pdu(pdu); |
| pdu->flags = pdu2->flags = flags; |
| snmpv3_make_report(pdu2, result); |
| if (0 == snmp_sess_send(sessp, pdu2)) { |
| snmp_free_pdu(pdu2); |
| /* |
| * TODO: indicate error |
| */ |
| } |
| } |
| break; |
| } |
| } |
| |
| void |
| init_usm(void) |
| { |
| struct snmp_secmod_def *def; |
| |
| DEBUGMSGTL(("init_usm", "unit_usm: %d %d\n", usmNoPrivProtocol[0], |
| usmNoPrivProtocol[1])); |
| |
| sc_init(); /* initalize scapi code */ |
| |
| /* |
| * register ourselves as a security service |
| */ |
| def = SNMP_MALLOC_STRUCT(snmp_secmod_def); |
| /* |
| * XXX: def->init_sess_secmod move stuff from snmp_api.c |
| */ |
| def->encode_reverse = usm_secmod_rgenerate_out_msg; |
| def->encode_forward = usm_secmod_generate_out_msg; |
| def->decode = usm_secmod_process_in_msg; |
| def->pdu_free_state_ref = usm_free_usmStateReference; |
| def->handle_report = usm_handle_report; |
| register_sec_mod(USM_SEC_MODEL_NUMBER, "usm", def); |
| |
| snmp_register_callback(SNMP_CALLBACK_LIBRARY, |
| SNMP_CALLBACK_POST_PREMIB_READ_CONFIG, |
| init_usm_post_config, NULL); |
| |
| snmp_register_callback(SNMP_CALLBACK_LIBRARY, |
| SNMP_CALLBACK_SHUTDOWN, |
| deinit_usm_post_config, NULL); |
| |
| snmp_register_callback(SNMP_CALLBACK_LIBRARY, |
| SNMP_CALLBACK_SHUTDOWN, |
| free_engineID, NULL); |
| |
| } |
| |
| void |
| init_usm_conf(const char *app) |
| { |
| register_config_handler(app, "usmUser", |
| usm_parse_config_usmUser, NULL, NULL); |
| register_config_handler(app, "createUser", |
| usm_parse_create_usmUser, NULL, |
| "username [-e ENGINEID] (MD5|SHA) authpassphrase [DES [privpassphrase]]"); |
| |
| /* |
| * we need to be called back later |
| */ |
| snmp_register_callback(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_STORE_DATA, |
| usm_store_users, NULL); |
| } |
| |
| /* |
| * initializations for the USM. |
| * |
| * Should be called after the (engineid) configuration files have been read. |
| * |
| * Set "arbitrary" portion of salt to a random number. |
| */ |
| int |
| init_usm_post_config(int majorid, int minorid, void *serverarg, |
| void *clientarg) |
| { |
| size_t salt_integer_len = sizeof(salt_integer); |
| |
| if (sc_random((u_char *) & salt_integer, &salt_integer_len) != |
| SNMPERR_SUCCESS) { |
| DEBUGMSGTL(("usm", "sc_random() failed: using time() as salt.\n")); |
| salt_integer = (u_int) time(NULL); |
| } |
| |
| #ifdef HAVE_AES |
| salt_integer_len = sizeof (salt_integer64_1); |
| if (sc_random((u_char *) & salt_integer64_1, &salt_integer_len) != |
| SNMPERR_SUCCESS) { |
| DEBUGMSGTL(("usm", "sc_random() failed: using time() as aes1 salt.\n")); |
| salt_integer64_1 = (u_int) time(NULL); |
| } |
| salt_integer_len = sizeof (salt_integer64_1); |
| if (sc_random((u_char *) & salt_integer64_2, &salt_integer_len) != |
| SNMPERR_SUCCESS) { |
| DEBUGMSGTL(("usm", "sc_random() failed: using time() as aes2 salt.\n")); |
| salt_integer64_2 = (u_int) time(NULL); |
| } |
| #endif |
| |
| #ifndef NETSNMP_DISABLE_MD5 |
| noNameUser = usm_create_initial_user("", usmHMACMD5AuthProtocol, |
| USM_LENGTH_OID_TRANSFORM, |
| #ifndef NETSNMP_DISABLE_DES |
| usmDESPrivProtocol, |
| #else |
| usmAESPrivProtocol, |
| #endif |
| USM_LENGTH_OID_TRANSFORM); |
| #else |
| noNameUser = usm_create_initial_user("", usmHMACSHA1AuthProtocol, |
| USM_LENGTH_OID_TRANSFORM, |
| #ifndef NETSNMP_DISABLE_DES |
| usmDESPrivProtocol, |
| #else |
| usmAESPrivProtocol, |
| #endif |
| USM_LENGTH_OID_TRANSFORM); |
| #endif |
| |
| if ( noNameUser ) { |
| SNMP_FREE(noNameUser->engineID); |
| noNameUser->engineIDLen = 0; |
| } |
| |
| return SNMPERR_SUCCESS; |
| } /* end init_usm_post_config() */ |
| |
| int |
| deinit_usm_post_config(int majorid, int minorid, void *serverarg, |
| void *clientarg) |
| { |
| if (usm_free_user(noNameUser) != NULL) { |
| DEBUGMSGTL(("deinit_usm_post_config", "could not free initial user\n")); |
| return SNMPERR_GENERR; |
| } |
| noNameUser = NULL; |
| |
| DEBUGMSGTL(("deinit_usm_post_config", "initial user removed\n")); |
| return SNMPERR_SUCCESS; |
| } /* end deinit_usm_post_config() */ |
| |
| void |
| clear_user_list(void) |
| { |
| struct usmUser *tmp = userList, *next = NULL; |
| |
| while (tmp != NULL) { |
| next = tmp->next; |
| usm_free_user(tmp); |
| tmp = next; |
| } |
| userList = NULL; |
| |
| } |
| |
| /*******************************************************************-o-****** |
| * usm_check_secLevel |
| * |
| * Parameters: |
| * level |
| * *user |
| * |
| * Returns: |
| * 0 On success, |
| * -1 Otherwise. |
| * |
| * Checks that a given security level is valid for a given user. |
| */ |
| int |
| usm_check_secLevel(int level, struct usmUser *user) |
| { |
| |
| if (user->userStatus != RS_ACTIVE) |
| return -1; |
| |
| DEBUGMSGTL(("comparex", "Comparing: %d %d ", usmNoPrivProtocol[0], |
| usmNoPrivProtocol[1])); |
| DEBUGMSGOID(("comparex", usmNoPrivProtocol, |
| sizeof(usmNoPrivProtocol) / sizeof(oid))); |
| DEBUGMSG(("comparex", "\n")); |
| if (level == SNMP_SEC_LEVEL_AUTHPRIV |
| && (netsnmp_oid_equals(user->privProtocol, user->privProtocolLen, |
| usmNoPrivProtocol, |
| sizeof(usmNoPrivProtocol) / sizeof(oid)) == |
| 0)) { |
| DEBUGMSGTL(("usm", "Level: %d\n", level)); |
| DEBUGMSGTL(("usm", "User (%s) Auth Protocol: ", user->name)); |
| DEBUGMSGOID(("usm", user->authProtocol, user->authProtocolLen)); |
| DEBUGMSG(("usm", ", User Priv Protocol: ")); |
| DEBUGMSGOID(("usm", user->privProtocol, user->privProtocolLen)); |
| DEBUGMSG(("usm", "\n")); |
| return 1; |
| } |
| if ((level == SNMP_SEC_LEVEL_AUTHPRIV |
| || level == SNMP_SEC_LEVEL_AUTHNOPRIV) |
| && |
| (netsnmp_oid_equals |
| (user->authProtocol, user->authProtocolLen, usmNoAuthProtocol, |
| sizeof(usmNoAuthProtocol) / sizeof(oid)) == 0)) { |
| DEBUGMSGTL(("usm", "Level: %d\n", level)); |
| DEBUGMSGTL(("usm", "User (%s) Auth Protocol: ", user->name)); |
| DEBUGMSGOID(("usm", user->authProtocol, user->authProtocolLen)); |
| DEBUGMSG(("usm", ", User Priv Protocol: ")); |
| DEBUGMSGOID(("usm", user->privProtocol, user->privProtocolLen)); |
| DEBUGMSG(("usm", "\n")); |
| return 1; |
| } |
| |
| return 0; |
| |
| } /* end usm_check_secLevel() */ |
| |
| |
| |
| |
| /*******************************************************************-o-****** |
| * usm_check_secLevel_vs_protocols |
| * |
| * Parameters: |
| * level |
| * *authProtocol |
| * authProtocolLen |
| * *privProtocol |
| * privProtocolLen |
| * |
| * Returns: |
| * 0 On success, |
| * 1 Otherwise. |
| * |
| * Same as above but with explicitly named transform types instead of taking |
| * from the usmUser structure. |
| */ |
| int |
| usm_check_secLevel_vs_protocols(int level, |
| const oid * authProtocol, |
| u_int authProtocolLen, |
| const oid * privProtocol, |
| u_int privProtocolLen) |
| { |
| |
| if (level == SNMP_SEC_LEVEL_AUTHPRIV |
| && |
| (netsnmp_oid_equals |
| (privProtocol, privProtocolLen, usmNoPrivProtocol, |
| sizeof(usmNoPrivProtocol) / sizeof(oid)) == 0)) { |
| DEBUGMSGTL(("usm", "Level: %d\n", level)); |
| DEBUGMSGTL(("usm", "Auth Protocol: ")); |
| DEBUGMSGOID(("usm", authProtocol, authProtocolLen)); |
| DEBUGMSG(("usm", ", Priv Protocol: ")); |
| DEBUGMSGOID(("usm", privProtocol, privProtocolLen)); |
| DEBUGMSG(("usm", "\n")); |
| return 1; |
| } |
| if ((level == SNMP_SEC_LEVEL_AUTHPRIV |
| || level == SNMP_SEC_LEVEL_AUTHNOPRIV) |
| && |
| (netsnmp_oid_equals |
| (authProtocol, authProtocolLen, usmNoAuthProtocol, |
| sizeof(usmNoAuthProtocol) / sizeof(oid)) == 0)) { |
| DEBUGMSGTL(("usm", "Level: %d\n", level)); |
| DEBUGMSGTL(("usm", "Auth Protocol: ")); |
| DEBUGMSGOID(("usm", authProtocol, authProtocolLen)); |
| DEBUGMSG(("usm", ", Priv Protocol: ")); |
| DEBUGMSGOID(("usm", privProtocol, privProtocolLen)); |
| DEBUGMSG(("usm", "\n")); |
| return 1; |
| } |
| |
| return 0; |
| |
| } /* end usm_check_secLevel_vs_protocols() */ |
| |
| |
| |
| |
| /* |
| * usm_get_user(): Returns a user from userList based on the engineID, |
| * engineIDLen and name of the requested user. |
| */ |
| |
| struct usmUser * |
| usm_get_user(u_char * engineID, size_t engineIDLen, char *name) |
| { |
| DEBUGMSGTL(("usm", "getting user %s\n", name)); |
| return usm_get_user_from_list(engineID, engineIDLen, name, userList, |
| 1); |
| } |
| |
| struct usmUser * |
| usm_get_user_from_list(u_char * engineID, size_t engineIDLen, |
| char *name, struct usmUser *puserList, |
| int use_default) |
| { |
| struct usmUser *ptr; |
| char noName[] = ""; |
| if (name == NULL) |
| name = noName; |
| for (ptr = puserList; ptr != NULL; ptr = ptr->next) { |
| if (ptr->name && !strcmp(ptr->name, name)) { |
| DEBUGMSGTL(("usm", "match on user %s\n", ptr->name)); |
| if (ptr->engineIDLen == engineIDLen && |
| ((ptr->engineID == NULL && engineID == NULL) || |
| (ptr->engineID != NULL && engineID != NULL && |
| memcmp(ptr->engineID, engineID, engineIDLen) == 0))) |
| return ptr; |
| DEBUGMSGTL(("usm", "no match on engineID (")); |
| if (engineID) { |
| DEBUGMSGHEX(("usm", engineID, engineIDLen)); |
| } else { |
| DEBUGMSGTL(("usm", "Empty EngineID")); |
| } |
| DEBUGMSG(("usm", ")\n")); |
| } |
| } |
| |
| /* |
| * return "" user used to facilitate engineID discovery |
| */ |
| if (use_default && !strcmp(name, "")) |
| return noNameUser; |
| return NULL; |
| } |
| |
| /* |
| * usm_add_user(): Add's a user to the userList, sorted by the |
| * engineIDLength then the engineID then the name length then the name |
| * to facilitate getNext calls on a usmUser table which is indexed by |
| * these values. |
| * |
| * returns the head of the list (which could change due to this add). |
| */ |
| |
| struct usmUser * |
| usm_add_user(struct usmUser *user) |
| { |
| struct usmUser *uptr; |
| uptr = usm_add_user_to_list(user, userList); |
| if (uptr != NULL) |
| userList = uptr; |
| return uptr; |
| } |
| |
| struct usmUser * |
| usm_add_user_to_list(struct usmUser *user, struct usmUser *puserList) |
| { |
| struct usmUser *nptr, *pptr, *optr; |
| |
| /* |
| * loop through puserList till we find the proper, sorted place to |
| * insert the new user |
| */ |
| /* XXX - how to handle a NULL user->name ?? */ |
| /* XXX - similarly for a NULL nptr->name ?? */ |
| for (nptr = puserList, pptr = NULL; nptr != NULL; |
| pptr = nptr, nptr = nptr->next) { |
| if (nptr->engineIDLen > user->engineIDLen) |
| break; |
| |
| if (user->engineID == NULL && nptr->engineID != NULL) |
| break; |
| |
| if (nptr->engineIDLen == user->engineIDLen && |
| (nptr->engineID != NULL && user->engineID != NULL && |
| memcmp(nptr->engineID, user->engineID, |
| user->engineIDLen) > 0)) |
| break; |
| |
| if (!(nptr->engineID == NULL && user->engineID != NULL)) { |
| if (nptr->engineIDLen == user->engineIDLen && |
| ((nptr->engineID == NULL && user->engineID == NULL) || |
| memcmp(nptr->engineID, user->engineID, |
| user->engineIDLen) == 0) |
| && strlen(nptr->name) > strlen(user->name)) |
| break; |
| |
| if (nptr->engineIDLen == user->engineIDLen && |
| ((nptr->engineID == NULL && user->engineID == NULL) || |
| memcmp(nptr->engineID, user->engineID, |
| user->engineIDLen) == 0) |
| && strlen(nptr->name) == strlen(user->name) |
| && strcmp(nptr->name, user->name) > 0) |
| break; |
| |
| if (nptr->engineIDLen == user->engineIDLen && |
| ((nptr->engineID == NULL && user->engineID == NULL) || |
| memcmp(nptr->engineID, user->engineID, |
| user->engineIDLen) == 0) |
| && strlen(nptr->name) == strlen(user->name) |
| && strcmp(nptr->name, user->name) == 0) { |
| /* |
| * the user is an exact match of a previous entry. |
| * Credentials may be different, though, so remove |
| * the old entry (and add the new one)! |
| */ |
| if (pptr) { /* change prev's next pointer */ |
| pptr->next = nptr->next; |
| } |
| if (nptr->next) { /* change next's prev pointer */ |
| nptr->next->prev = pptr; |
| } |
| optr = nptr; |
| nptr = optr->next; /* add new user at this position */ |
| /* free the old user */ |
| optr->next=NULL; |
| optr->prev=NULL; |
| usm_free_user(optr); |
| break; /* new user will be added below */ |
| } |
| } |
| } |
| |
| /* |
| * nptr should now point to the user that we need to add ourselves |
| * in front of, and pptr should be our new 'prev'. |
| */ |
| |
| /* |
| * change our pointers |
| */ |
| user->prev = pptr; |
| user->next = nptr; |
| |
| /* |
| * change the next's prev pointer |
| */ |
| if (user->next) |
| user->next->prev = user; |
| |
| /* |
| * change the prev's next pointer |
| */ |
| if (user->prev) |
| user->prev->next = user; |
| |
| /* |
| * rewind to the head of the list and return it (since the new head |
| * could be us, we need to notify the above routine who the head now is. |
| */ |
| for (pptr = user; pptr->prev != NULL; pptr = pptr->prev); |
| return pptr; |
| } |
| |
| /* |
| * usm_remove_user(): finds and removes a user from a list |
| */ |
| struct usmUser * |
| usm_remove_user(struct usmUser *user) |
| { |
| return usm_remove_user_from_list(user, &userList); |
| } |
| |
| struct usmUser * |
| usm_remove_user_from_list(struct usmUser *user, |
| struct usmUser **ppuserList) |
| { |
| struct usmUser *nptr, *pptr; |
| |
| /* |
| * NULL pointers aren't allowed |
| */ |
| if (ppuserList == NULL) |
| return NULL; |
| |
| if (*ppuserList == NULL) |
| return NULL; |
| |
| /* |
| * find the user in the list |
| */ |
|