SNMP++  3.3.11
auth_priv.h
Go to the documentation of this file.
1 /*_############################################################################
2  _##
3  _## auth_priv.h
4  _##
5  _## SNMP++ v3.3
6  _## -----------------------------------------------
7  _## Copyright (c) 2001-2013 Jochen Katz, Frank Fock
8  _##
9  _## This software is based on SNMP++2.6 from Hewlett Packard:
10  _##
11  _## Copyright (c) 1996
12  _## Hewlett-Packard Company
13  _##
14  _## ATTENTION: USE OF THIS SOFTWARE IS SUBJECT TO THE FOLLOWING TERMS.
15  _## Permission to use, copy, modify, distribute and/or sell this software
16  _## and/or its documentation is hereby granted without fee. User agrees
17  _## to display the above copyright notice and this license notice in all
18  _## copies of the software and any documentation of the software. User
19  _## agrees to assume all liability for the use of the software;
20  _## Hewlett-Packard and Jochen Katz make no representations about the
21  _## suitability of this software for any purpose. It is provided
22  _## "AS-IS" without warranty of any kind, either express or implied. User
23  _## hereby grants a royalty-free license to any and all derivatives based
24  _## upon this software code base.
25  _##
26  _##########################################################################*/
27 // $Id$
28 
29 #ifndef _SNMP_AUTH_PRIV_H_
30 #define _SNMP_AUTH_PRIV_H_
31 
32 #include <libsnmp.h>
33 #include "snmp_pp/config_snmp_pp.h"
34 
35 #ifdef _SNMPv3
36 
37 #include "snmp_pp/usm_v3.h"
38 
39 #ifdef SNMP_PP_NAMESPACE
40 namespace Snmp_pp {
41 #endif
42 
43 #define SNMPv3_USM_MAX_KEY_LEN 64
44 
45 /* Accept Messages with auth/priv param fields up to this length */
46 #define SNMPv3_AP_MAXLENGTH_AUTHPARAM 128
47 #define SNMPv3_AP_MAXLENGTH_PRIVPARAM 128
48 
49 
50 #define SNMPv3_AP_OUTPUT_LENGTH_MD5 16
51 #define SNMPv3_AP_OUTPUT_LENGTH_SHA 20
52 
53 #define SNMPv3_AP_OUTPUT_LENGTH_SHA224 28
54 #define SNMPv3_AP_OUTPUT_LENGTH_SHA256 32
55 #define SNMPv3_AP_OUTPUT_LENGTH_SHA384 48
56 #define SNMPv3_AP_OUTPUT_LENGTH_SHA512 64
57 
58 
59 class OctetStr;
60 
61 /**
62  * Abstract class for auth modules.
63  *
64  * This class has to be subclassed to add new authentication
65  * protocols.
66  *
67  */
68 class DLLOPT Auth
69 {
70 public:
71 
72  virtual ~Auth() {}
73 
74  /**
75  * Generate the localized key for the given password and engine id.
76  *
77  * @param password - the password
78  * @param password_len - the length of the password
79  * @param engine_id - pointer to snmpEngineID
80  * @param engine_id_len - length of snmpEngineID
81  * @param key - pointer to an empty buffer that will be filled
82  * with generated key
83  * @param key_len - IN: length of the buffer
84  * OUT: length of the key
85  *
86  * @return SNMPv3_USM_OK on success
87  */
88  virtual int password_to_key(const unsigned char *password,
89  const unsigned int password_len,
90  const unsigned char *engine_id,
91  const unsigned int engine_id_len,
92  unsigned char *key,
93  unsigned int *key_len) = 0;
94 
95  /**
96  * Generate a hash value for the given data.
97  *
98  * @param data - the data
99  * @param data_len - the length of the data
100  * @param digest - pointer to the generated digest
101  *
102  * @return SNMPv3_USM_OK on success
103  */
104  virtual int hash(const unsigned char *data,
105  const unsigned int data_len,
106  unsigned char *digest) const = 0;
107 
108  /**
109  * Authenticate an outgoing message.
110  *
111  * This method fills the authentication parameters field of the
112  * given message. The param auth_par_ptr is pointing inside the
113  * message buffer and must be zeroed before the authentication value
114  * is computed.
115  *
116  * @param key - pointer to the (fixed length) key
117  * @param msg - pointer to the whole message
118  * @param msg_len - the length of the message
119  * @param auth_par_ptr - pointer to the auth field inside the msg buffer
120  *
121  * @return SNMPv3_USM_OK on success and
122  * SNMPv3_USM_ERROR for unexpected errors.
123  */
124  virtual int auth_out_msg(const unsigned char *key,
125  unsigned char *msg,
126  const int msg_len,
127  unsigned char *auth_par_ptr) = 0;
128 
129 
130  /**
131  * Authenticate an incoming message.
132  *
133  * This method checks if the value in the authentication parameters
134  * field of the message is valid.
135  *
136  * The following procedure is used to verify the authenitcation value
137  * - copy the authentication value to a temp buffer
138  * - zero the auth field
139  * - recalculate the authenthication value
140  * - compare the two authentcation values
141  * - write back the received authentication value if values differ
142  *
143  * @param key - pointer to the (fixed length) key
144  * @param msg - pointer to the whole message
145  * @param msg_len - the length of the message
146  * @param auth_par_ptr - pointer to the auth field inside the msg buffer
147  * @param auth_par_len - Length of the received auth field
148  *
149  * @return SNMPv3_USM_OK if the msg is valid,
150  * SNMPv3_USM_AUTHENTICATION_FAILURE if not and
151  * SNMPv3_USM_ERROR for unexpected errors.
152  */
153  virtual int auth_inc_msg(const unsigned char *key,
154  unsigned char *msg,
155  const int msg_len,
156  unsigned char *auth_par_ptr,
157  const int auth_par_len) = 0;
158 
159  /**
160  * Get the unique id of the authentication protocol.
161  */
162  virtual int get_id() const = 0;
163 
164 
165  /**
166  * Get the unique identifier string of the authentication protocol.
167  */
168  virtual const char *get_id_string() const = 0;
169 
170  /**
171  * Set the pointer to the salt that should be used.
172  */
173  virtual void set_salt(pp_uint64 *new_salt) { salt = new_salt; };
174 
175  /**
176  * Get the maximum length that is needed for the
177  * msgAuthenticationParameters field.
178  */
179  virtual int get_auth_params_len() const = 0;
180 
181  /**
182  * Get length of a hash output.
183  */
184  virtual int get_hash_len() const = 0;
185 
186  protected:
187  pp_uint64 *salt;
188 };
189 
190 
191 /**
192  * Abstract class for priv modules
193  *
194  * This class has to be subclassed to add new privacy
195  * protocols.
196  *
197  */
198 class DLLOPT Priv
199 {
200 public:
201  virtual ~Priv() {}
202 
203  /**
204  * Encrypt the buffer with the given key.
205  *
206  * This method fills the privacy parameters field of the given
207  * message.
208  *
209  * @param key - pointer to the encryption key
210  * @param key_len - length of encryption key
211  * @param buffer - pointer to the unencrypted buffer
212  * @param buffer_len - length of the buffer
213  * @param out_buffer - pointer to the buffer for the encryptet data
214  * @param out_buffer_len - Input: Length of the output buffer.
215  * Output: Bytes written
216  * @param privacy_params - Buffer, where the privacy parameters
217  * are written to.
218  * @param privacy_params_len - Length of the privacy parameters buffer
219  * @param engine_boots - The engine boots value for the message
220  * @param engine_time - The engine time value for the message
221  *
222  * @return SNMPv3_USM_OK on success
223  */
224  virtual int encrypt(const unsigned char *key,
225  const unsigned int key_len,
226  const unsigned char *buffer,
227  const unsigned int buffer_len,
228  unsigned char *out_buffer,
229  unsigned int *out_buffer_len,
230  unsigned char *privacy_params,
231  unsigned int *privacy_params_len,
232  const unsigned long engine_boots,
233  const unsigned long engine_time) = 0;
234 
235 
236  /**
237  * Decrypt the buffer with the given key.
238  *
239  * This method needs the privacy parameters field for the given
240  * message.
241  *
242  * @param key - pointer to the (fixed length) dencryption key
243  * @param key_len - length of encryption key
244  * @param buffer - pointer to the encrypted buffer
245  * @param buffer_len - length of the buffer
246  * @param out_buffer - pointer to the buffer for the decryptet data
247  * @param out_buffer_len - Input: Length of the output buffer.
248  * Output: Bytes written
249  * @param privacy_params - Buffer, where the privacy parameters
250  * are read from.
251  * @param privacy_params_len - Length of the privacy parameters buffer
252  * @param engine_boots - The engine boots value for the message
253  * @param engine_time - The engine time value for the message
254  *
255  * @return SNMPv3_USM_OK on success
256  */
257  virtual int decrypt(const unsigned char *key,
258  const unsigned int key_len,
259  const unsigned char *buffer,
260  const unsigned int buffer_len,
261  unsigned char *out_buffer,
262  unsigned int *out_buffer_len,
263  const unsigned char *privacy_params,
264  const unsigned int privacy_params_len,
265  const unsigned long engine_boots,
266  const unsigned long engine_time) = 0;
267 
268  /**
269  * Extend a localized key that is too short.
270  *
271  * Some privacy protocols require a key that is longer than the key
272  * generated by the pasword to key algorithm of the authentication
273  * protocol. This function extends a short key to the required length.
274  *
275  * @param password - the password
276  * @param password_len - the length of the password
277  * @param engine_id - pointer to snmpEngineID
278  * @param engine_id_len - length of snmpEngineID
279  * @param key - pointer to the short key that was generated
280  * using Auth::password_to_key() function
281  * @param key_len - IN: length of the short key
282  * OUT: length of the extended key
283  * @param max_key_len - Length of the key buffer
284  * @param auth - Pointer of the authentication protocol that
285  * should be used
286  *
287  * @return SNMPv3_USM_OK on success
288  */
289 
290  virtual int extend_short_key(const unsigned char *password,
291  const unsigned int password_len,
292  const unsigned char *engine_id,
293  const unsigned int engine_id_len,
294  unsigned char *key,
295  unsigned int *key_len,
296  const unsigned int max_key_len,
297  Auth *auth) = 0;
298 
299  /**
300  * Get the uniqhe id of the privacy protocol.
301  */
302  virtual int get_id() const = 0;
303 
304  /**
305  * Get the unique identifier string of the privacy protocol.
306  */
307  virtual const char *get_id_string() const = 0;
308 
309  /**
310  * Set the pointer to the salt that should be used.
311  */
312  virtual void set_salt(pp_uint64 *new_salt) { salt = new_salt; }
313 
314  /**
315  * Get the maximum length that is needed for the
316  * msgPrivacyParameters field.
317  */
318  virtual int get_priv_params_len() const = 0;
319 
320  /**
321  * Get the minimum key length needed for encryption and decryption.
322  */
323  virtual int get_min_key_len() const = 0;
324 
325  /**
326  * Decrease a too long length to the right value.
327  */
328  virtual void fix_key_len(unsigned int &key_len) const = 0;
329 
330  protected:
331  pp_uint64 *salt;
332 
333 };
334 
335 typedef Auth* AuthPtr;
336 typedef Priv* PrivPtr;
337 
338 
339 /**
340  * Class that holds all authentication and privacy protocols
341  * for a snmp entity.
342  */
343 class DLLOPT AuthPriv
344 {
345 public:
346 
347  /**
348  * Default constructor, initializes random values
349  */
350  AuthPriv(int &construct_state);
351 
352  /**
353  * Destructor, deletes all auth and priv protocol objets.
354  */
355  ~AuthPriv();
356 
357  /**
358  * Add the default authentication protocols.
359  *
360  * The following authentication protocols are added:
361  * - MD5
362  * - SHA
363  *
364  * The following privacy protocols are added:
365  * - DES
366  * - AES128, AES192 and AES256 if libtomcrypt or OpenSSL is enabled
367  * - IDEA if enabled
368  *
369  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR.
370  */
371  int add_default_modules();
372 
373  /**
374  * Add a new authentication protocol.
375  *
376  * All added objects will be deleted in the destructor
377  *
378  * @param auth - Pointer to a new auth protocol object
379  *
380  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
381  */
382  int add_auth(Auth *auth);
383 
384  /**
385  * Delete a authentication protocol.
386  *
387  * @param auth_id - The id of the authentication protocol to remove
388  *
389  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
390  */
391  int del_auth(const int auth_id);
392 
393  /**
394  * Add a new privacy protocol.
395  *
396  * All added objects will be deleted in the destructor
397  *
398  * @param priv - Pointer to a new privacy protocol object
399  *
400  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
401  */
402  int add_priv(Priv *priv);
403 
404  /**
405  * Delete a privacy protocol.
406  *
407  * @param priv_id - The id of the privacy protocol to remove
408  *
409  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
410  */
411  int del_priv(const int priv_id);
412 
413  /**
414  * Call the password-to-key method of the specified authentication
415  * protocol.
416  */
417  int password_to_key_auth(const int auth_prot,
418  const unsigned char *password,
419  const unsigned int password_len,
420  const unsigned char *engine_id,
421  const unsigned int engine_id_len,
422  unsigned char *key,
423  unsigned int *key_len);
424 
425  /**
426  * Call the password-to-key method of the specified privacy
427  * protocol.
428  */
429  int password_to_key_priv(const int auth_prot,
430  const int priv_prot,
431  const unsigned char *password,
432  const unsigned int password_len,
433  const unsigned char *engine_id,
434  const unsigned int engine_id_len,
435  unsigned char *key,
436  unsigned int *key_len);
437 
438  /**
439  * Get the keyChange value for the specified keys using the given
440  * authentication protocol.
441  */
442  int get_keychange_value(const int auth_prot,
443  const OctetStr& old_key,
444  const OctetStr& new_key,
445  OctetStr& keychange_value);
446 
447  /**
448  * Get a pointer to a privacy protocol object.
449  */
450  Priv *get_priv(const int priv_prot);
451 
452  /**
453  * Get a pointer to a authentication protocol object.
454  */
455  Auth *get_auth(const int auth_prot);
456 
457  /**
458  * Get the unique id for the given auth protocol.
459  *
460  * @param string_id - The string returned by Auth::get_id_string()
461  *
462  * @return The id or -1
463  */
464  int get_auth_id(const char *string_id) const;
465 
466  /**
467  * Get the unique id for the given priv protocol.
468  *
469  * @param string_id - The string returned by Priv::get_id_string()
470  *
471  * @return The id or -1
472  */
473  int get_priv_id(const char *string_id) const;
474 
475  /**
476  * Encrypt a message.
477  */
478  int encrypt_msg(const int priv_prot,
479  const unsigned char *key,
480  const unsigned int key_len,
481  const unsigned char *buffer,
482  const unsigned int buffer_len,
483  unsigned char *out_buffer,
484  unsigned int *out_buffer_len,
485  unsigned char *privacy_params,
486  unsigned int *privacy_params_len,
487  const unsigned long engine_boots,
488  const unsigned long engine_time);
489 
490  /**
491  * Decrypt a message.
492  */
493  int decrypt_msg(const int priv_prot,
494  const unsigned char *key,
495  const unsigned int key_len,
496  const unsigned char *buffer,
497  const unsigned int buffer_len,
498  unsigned char *out_buffer,
499  unsigned int *out_buffer_len,
500  const unsigned char *privacy_params,
501  const unsigned int privacy_params_len,
502  const unsigned long engine_boots,
503  const unsigned long engine_time);
504 
505  /**
506  * Get the length of the authentication parameters field of the given
507  * authentication protocol.
508  */
509  int get_auth_params_len(const int auth_prot);
510 
511  /**
512  * Get the length of the privacy parameters field of the given
513  * privacy protocol.
514  */
515  int get_priv_params_len(const int priv_prot);
516 
517  /**
518  * Fill in the authentication field of an outgoing message
519  */
520  int auth_out_msg(const int auth_prot,
521  const unsigned char *key,
522  unsigned char *msg,
523  const int msg_len,
524  unsigned char *auth_par_ptr);
525 
526  /**
527  * Check the authentication field of an incoming message
528  */
529  int auth_inc_msg(const int auth_prot,
530  const unsigned char *key,
531  unsigned char *msg,
532  const int msg_len,
533  unsigned char *auth_par_ptr,
534  const int auth_par_len);
535 
536 private:
537 
538  AuthPtr *auth; ///< Array of pointers to Auth-objects
539  PrivPtr *priv; ///< Array of pointers to Priv-objects
540  int auth_size; ///< current size of the auth array
541  int priv_size; ///< current size of the priv array
542  pp_uint64 salt; ///< current salt value (64 bits)
543 };
544 
545 /**
546  * Authentication module using MD5.
547  *
548  * @see Auth
549  */
550 class DLLOPT AuthMD5: public Auth
551 {
552 public:
553  int password_to_key(const unsigned char *password,
554  const unsigned int password_len,
555  const unsigned char *engine_id,
556  const unsigned int engine_id_len,
557  unsigned char *key,
558  unsigned int *key_len);
559 
560  int hash(const unsigned char *data,
561  const unsigned int data_len,
562  unsigned char *digest) const;
563 
564  int auth_out_msg(const unsigned char *key,
565  unsigned char *msg,
566  const int msg_len,
567  unsigned char *auth_par_ptr);
568 
569 
570  int auth_inc_msg(const unsigned char *key,
571  unsigned char *msg,
572  const int msg_len,
573  unsigned char *auth_par_ptr,
574  const int auth_par_len);
575 
576  int get_id() const { return SNMP_AUTHPROTOCOL_HMACMD5; };
577 
578  const char *get_id_string() const { return "HMAC-MD5"; };
579 
580  int get_auth_params_len() const { return 12; };
581 
582  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_MD5;};
583 };
584 
585 /**
586  * Encryption module using DES.
587  *
588  * @see Priv
589  */
590 class DLLOPT PrivDES: public Priv
591 {
592  public:
593 #if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
594  PrivDES();
595  private:
596  int cipher;
597  public:
598 #endif
599  int encrypt(const unsigned char *key,
600  const unsigned int key_len,
601  const unsigned char *buffer,
602  const unsigned int buffer_len,
603  unsigned char *out_buffer,
604  unsigned int *out_buffer_len,
605  unsigned char *privacy_params,
606  unsigned int *privacy_params_len,
607  const unsigned long engine_boots,
608  const unsigned long engine_time);
609 
610  int decrypt(const unsigned char *key,
611  const unsigned int key_len,
612  const unsigned char *buffer,
613  const unsigned int buffer_len,
614  unsigned char *out_buffer,
615  unsigned int *out_buffer_len,
616  const unsigned char *privacy_params,
617  const unsigned int privacy_params_len,
618  const unsigned long engine_boots,
619  const unsigned long engine_time);
620 
621  int extend_short_key(const unsigned char *password,
622  const unsigned int password_len,
623  const unsigned char *engine_id,
624  const unsigned int engine_id_len,
625  unsigned char *key,
626  unsigned int *key_len,
627  const unsigned int max_key_len,
628  Auth *auth)
629  {
630  (void)password;
631  (void)password_len;
632  (void)engine_id;
633  (void)engine_id_len;
634  (void)key;
635  (void)key_len;
636  (void)max_key_len;
637  (void)auth;
638  return SNMPv3_USM_ERROR; /* not needed for DES! */
639  }
640 
641  int get_id() const { return SNMP_PRIVPROTOCOL_DES; };
642  const char *get_id_string() const { return "DES"; };
643  int get_priv_params_len() const { return 8; };
644  int get_min_key_len() const { return 16; };
645  void fix_key_len(unsigned int &key_len) const
646  { key_len = (key_len >= 16 ? 16 : 0); };
647 };
648 
649 #ifdef _USE_IDEA
650 /**
651  * Encryption module using IDEA.
652  *
653  * @see Priv
654  */
655 class DLLOPT PrivIDEA: public Priv
656 {
657 public:
658 
659  int encrypt(const unsigned char *key,
660  const unsigned int key_len,
661  const unsigned char *buffer,
662  const unsigned int buffer_len,
663  unsigned char *out_buffer,
664  unsigned int *out_buffer_len,
665  unsigned char *privacy_params,
666  unsigned int *privacy_params_len,
667  const unsigned long engine_boots,
668  const unsigned long engine_time);
669 
670  int decrypt(const unsigned char *key,
671  const unsigned int key_len,
672  const unsigned char *buffer,
673  const unsigned int buffer_len,
674  unsigned char *out_buffer,
675  unsigned int *out_buffer_len,
676  const unsigned char *privacy_params,
677  const unsigned int privacy_params_len,
678  const unsigned long engine_boots,
679  const unsigned long engine_time);
680 
681  int extend_short_key(const unsigned char *password,
682  const unsigned int password_len,
683  const unsigned char *engine_id,
684  const unsigned int engine_id_len,
685  unsigned char *key,
686  unsigned int *key_len,
687  const unsigned int max_key_len,
688  Auth *auth)
689  { return SNMPv3_USM_ERROR; /* not needed for IDEA! */ };
690 
691  int get_id() const { return SNMP_PRIVPROTOCOL_IDEA; };
692  const char *get_id_string() const { return "IDEA"; };
693  int get_priv_params_len() const { return 8; };
694  int get_min_key_len() const { return 16; };
695  void fix_key_len(unsigned int &key_len) const
696  { key_len = (key_len >= 16 ? 16 : 0); };
697 };
698 
699 #endif
700 
701 
702 #if defined(_USE_LIBTOMCRYPT) || defined(_USE_OPENSSL)
703 
704 /**
705  * Encryption module using AES.
706  *
707  * @see Priv
708  */
709 class DLLOPT PrivAES: public Priv
710 {
711 public:
712 
713  PrivAES(const int aes_type_);
714 
715  int encrypt(const unsigned char *key,
716  const unsigned int key_len,
717  const unsigned char *buffer,
718  const unsigned int buffer_len,
719  unsigned char *out_buffer,
720  unsigned int *out_buffer_len,
721  unsigned char *privacy_params,
722  unsigned int *privacy_params_len,
723  const unsigned long engine_boots,
724  const unsigned long engine_time);
725 
726  int decrypt(const unsigned char *key,
727  const unsigned int key_len,
728  const unsigned char *buffer,
729  const unsigned int buffer_len,
730  unsigned char *out_buffer,
731  unsigned int *out_buffer_len,
732  const unsigned char *privacy_params,
733  const unsigned int privacy_params_len,
734  const unsigned long engine_boots,
735  const unsigned long engine_time);
736 
737  int extend_short_key(const unsigned char *password,
738  const unsigned int password_len,
739  const unsigned char *engine_id,
740  const unsigned int engine_id_len,
741  unsigned char *key,
742  unsigned int *key_len,
743  const unsigned int max_key_len,
744  Auth *auth);
745 
746  int get_id() const { return aes_type; };
747  const char *get_id_string() const;
748  int get_priv_params_len() const { return 8; };
749  int get_min_key_len() const { return key_bytes; };
750  void fix_key_len(unsigned int &key_len) const
751  { key_len = (key_len >= (unsigned)key_bytes ? key_bytes : 0); };
752 
753  private:
754  int aes_type;
755  int key_bytes;
756  int rounds;
757 #if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
758  int cipher;
759 #endif
760  bool need_byteswap;
761 };
762 
763 /**
764  * Encryption module using AES but using non standard key extension.
765  *
766  * @note This class adds compatibility with some devices that
767  * illegally use the 3DES key extension algorithm with
768  * AES privacy.
769  * @see PrivAES
770  */
771 class DLLOPT PrivAESW3DESKeyExt: public PrivAES
772 {
773 public:
774 
775  PrivAESW3DESKeyExt(const int aes_type_);
776 
777  int extend_short_key(const unsigned char *password,
778  const unsigned int password_len,
779  const unsigned char *engine_id,
780  const unsigned int engine_id_len,
781  unsigned char *key,
782  unsigned int *key_len,
783  const unsigned int max_key_len,
784  Auth *auth);
785 
786  const char *get_id_string() const;
787  int get_id() const { return own_aes_type; }
788 
789  static int map_aes_type(const int t);
790 
791 private:
792  int own_aes_type;
793 };
794 
795 #endif // _USE_LIBTOMCRYPT or _USE_OPENSSL
796 
797 #ifdef _USE_3DES_EDE
798 /**
799  * Encryption module using TripleDES-EDE KEY
800  *
801  *
802  * @see Priv
803  */
804 #define TRIPLEDES_EDE_KEY_LEN 32
805 
806 
807 class DLLOPT Priv3DES_EDE: public Priv
808 {
809 public:
810 #if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
811  Priv3DES_EDE();
812  private:
813  int cipher;
814  public:
815 #endif
816 
817  int encrypt(const unsigned char *key,
818  const unsigned int key_len,
819  const unsigned char *buffer,
820  const unsigned int buffer_len,
821  unsigned char *out_buffer,
822  unsigned int *out_buffer_len,
823  unsigned char *privacy_params,
824  unsigned int *privacy_params_len,
825  const unsigned long engine_boots,
826  const unsigned long engine_time);
827 
828  int decrypt(const unsigned char *key,
829  const unsigned int key_len,
830  const unsigned char *buffer,
831  const unsigned int buffer_len,
832  unsigned char *out_buffer,
833  unsigned int *out_buffer_len,
834  const unsigned char *privacy_params,
835  const unsigned int privacy_params_len,
836  const unsigned long engine_boots,
837  const unsigned long engine_time);
838 
839  int extend_short_key(const unsigned char *password,
840  const unsigned int password_len,
841  const unsigned char *engine_id,
842  const unsigned int engine_id_len,
843  unsigned char *key,
844  unsigned int *key_len,
845  const unsigned int max_key_len,
846  Auth *auth);
847 
848  int get_id() const { return SNMP_PRIVPROTOCOL_3DESEDE; };
849  const char *get_id_string() const { return "3DESEDE"; };
850  int get_priv_params_len() const { return 8; };
851  int get_min_key_len() const { return TRIPLEDES_EDE_KEY_LEN; };
852  void fix_key_len(unsigned int &key_len) const
853  { key_len = (key_len >= TRIPLEDES_EDE_KEY_LEN
854  ? TRIPLEDES_EDE_KEY_LEN : 0); };
855 #ifdef _TEST
856  bool test();
857 #endif
858 };
859 
860 #endif // _USE_3DES_EDE
861 
862 /**
863  * Base class for SHA authentication modules.
864  * Provides support for usmHMACSHAAuthProtocol, usmHMAC128SHA224AuthProtocol,
865  * usmHMAC192SHA256AuthProtocol, usmHMAC256SHA384AuthProtocol and
866  * usmHMAC384SHA512AuthProtocol.
867  *
868  * @see Auth
869  */
870 class DLLOPT AuthSHABase: public Auth
871 {
872 public:
873  int password_to_key(const unsigned char *password,
874  const unsigned int password_len,
875  const unsigned char *engine_id,
876  const unsigned int engine_id_len,
877  unsigned char *key,
878  unsigned int *key_len);
879 
880  int hash(const unsigned char *data,
881  const unsigned int data_len,
882  unsigned char *digest) const;
883 
884  int auth_out_msg(const unsigned char *key,
885  unsigned char *msg,
886  const int msg_len,
887  unsigned char *auth_par_ptr);
888 
889  int auth_inc_msg(const unsigned char *key,
890  unsigned char *msg,
891  const int msg_len,
892  unsigned char *auth_par_ptr,
893  const int auth_par_len);
894 
895 protected:
896  class Hasher
897  {
898  public:
899  Hasher() {}
900  virtual ~Hasher() {}
901 
902  virtual int init() = 0;
903  virtual int update(const unsigned char *data,
904  const unsigned int data_len) = 0;
905  virtual int final(unsigned char *digest) = 0;
906 
907  virtual int get_key_length() const = 0;
908 
909  virtual int get_block_size() const = 0;
910  };
911 
912  virtual Hasher *get_hasher() const = 0;
913 };
914 
915 
916 /**
917  * Authentication module using SHA1 (usmHMACSHAAuthProtocol).
918  *
919  * @see Auth
920  */
921 class DLLOPT AuthSHA : public AuthSHABase
922 {
923 private:
924 
925 public:
926  int get_id() const { return SNMP_AUTHPROTOCOL_HMACSHA; };
927 
928  const char *get_id_string() const { return "HMAC-SHA"; };
929 
930  int get_auth_params_len() const { return 12; };
931 
932  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_SHA; };
933 
934 
935 protected:
936  class HasherSHA1;
937 
938  Hasher *get_hasher() const;
939 };
940 
941 #if defined(_USE_OPENSSL)
942 
943 /**
944  * Authentication module using SHA2 (usmHMAC128SHA224AuthProtocol).
945  *
946  * @see Auth
947  */
948 class DLLOPT AuthHMAC128SHA224 : public AuthSHABase
949 {
950 private:
951 
952 public:
953  int get_id() const { return SNMP_AUTHPROTOCOL_HMAC128SHA224; };
954 
955  const char *get_id_string() const { return "HMAC-128-SHA-224"; };
956 
957  int get_auth_params_len() const { return 16; };
958 
959  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_SHA224; };
960 
961 
962 protected:
963  class Hasher224;
964 
965  Hasher *get_hasher() const;
966 };
967 
968 /**
969  * Authentication module using SHA2 (usmHMAC192SHA256AuthProtocol).
970  *
971  * @see Auth
972  */
973 class DLLOPT AuthHMAC192SHA256 : public AuthSHABase
974 {
975 public:
976  int get_id() const { return SNMP_AUTHPROTOCOL_HMAC192SHA256; };
977 
978  const char *get_id_string() const { return "HMAC-192-SHA-256"; };
979 
980  int get_auth_params_len() const { return 24; };
981 
982  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_SHA256;};
983 
984 protected:
985  class Hasher256;
986 
987  Hasher *get_hasher() const;
988 };
989 
990 /**
991  * Authentication module using SHA2 (usmHMAC256SHA384AuthProtocol).
992  *
993  * @see Auth
994  */
995 class DLLOPT AuthHMAC256SHA384 : public AuthSHABase
996 {
997 public:
998  int get_id() const { return SNMP_AUTHPROTOCOL_HMAC256SHA384; };
999 
1000  const char *get_id_string() const { return "HMAC-256-SHA-384"; };
1001 
1002  int get_auth_params_len() const { return 32; };
1003 
1004  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_SHA384;};
1005 
1006 protected:
1007  class Hasher384;
1008 
1009  Hasher *get_hasher() const;
1010 };
1011 
1012 /**
1013  * Authentication module using SHA2 (usmHMAC384SHA512AuthProtocol).
1014  *
1015  * @see Auth
1016  */
1017 class DLLOPT AuthHMAC384SHA512 : public AuthSHABase
1018 {
1019 public:
1020  int get_id() const { return SNMP_AUTHPROTOCOL_HMAC384SHA512; };
1021 
1022  const char *get_id_string() const { return "HMAC-384-SHA-512"; };
1023 
1024  int get_auth_params_len() const { return 48; };
1025 
1026  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_SHA512;};
1027 
1028 protected:
1029  class Hasher512;
1030  Hasher *get_hasher() const;
1031 };
1032 
1033 #endif // defined(_USE_OPENSSL)
1034 
1035 #ifdef SNMP_PP_NAMESPACE
1036 } // end of namespace Snmp_pp
1037 #endif
1038 
1039 #endif // _SNMPv3
1040 
1041 #endif // _SNMP_AUTH_PRIV_H_
AuthPriv
Class that holds all authentication and privacy protocols for a snmp entity.
Definition: auth_priv.h:343
AuthSHA
Authentication module using SHA1 (usmHMACSHAAuthProtocol).
Definition: auth_priv.h:921
AuthHMAC192SHA256::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:978
AuthHMAC256SHA384::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:998
AuthMD5::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:576
SNMP_PRIVPROTOCOL_IDEA
#define SNMP_PRIVPROTOCOL_IDEA
IDEA (non standard)
Definition: usm_v3.h:99
Priv3DES_EDE::get_id
int get_id() const
Get the uniqhe id of the privacy protocol.
Definition: auth_priv.h:848
AuthHMAC256SHA384::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:1004
PrivAES::get_min_key_len
int get_min_key_len() const
Get the minimum key length needed for encryption and decryption.
Definition: auth_priv.h:749
SNMPv3_AP_OUTPUT_LENGTH_MD5
#define SNMPv3_AP_OUTPUT_LENGTH_MD5
Definition: auth_priv.h:50
SNMPv3_USM_ERROR
#define SNMPv3_USM_ERROR
Definition: usm_v3.h:115
AuthPriv::priv_size
int priv_size
current size of the priv array
Definition: auth_priv.h:541
PrivAES::need_byteswap
bool need_byteswap
Definition: auth_priv.h:760
AuthHMAC128SHA224
Authentication module using SHA2 (usmHMAC128SHA224AuthProtocol).
Definition: auth_priv.h:948
PrivAES::get_priv_params_len
int get_priv_params_len() const
Get the maximum length that is needed for the msgPrivacyParameters field.
Definition: auth_priv.h:748
SNMP_AUTHPROTOCOL_HMACMD5
#define SNMP_AUTHPROTOCOL_HMACMD5
HMAC-MD5.
Definition: usm_v3.h:81
PrivIDEA::fix_key_len
void fix_key_len(unsigned int &key_len) const
Decrease a too long length to the right value.
Definition: auth_priv.h:695
PrivAES::key_bytes
int key_bytes
Definition: auth_priv.h:755
AuthSHABase::Hasher::~Hasher
virtual ~Hasher()
Definition: auth_priv.h:900
AuthHMAC192SHA256
Authentication module using SHA2 (usmHMAC192SHA256AuthProtocol).
Definition: auth_priv.h:973
AuthSHABase
Base class for SHA authentication modules.
Definition: auth_priv.h:870
AuthSHA::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:932
SNMP_AUTHPROTOCOL_HMAC128SHA224
#define SNMP_AUTHPROTOCOL_HMAC128SHA224
HMAC-128-SHA-224.
Definition: usm_v3.h:83
PrivAESW3DESKeyExt
Encryption module using AES but using non standard key extension.
Definition: auth_priv.h:771
Priv::salt
pp_uint64 * salt
Definition: auth_priv.h:331
AuthHMAC192SHA256::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:982
Priv3DES_EDE::get_min_key_len
int get_min_key_len() const
Get the minimum key length needed for encryption and decryption.
Definition: auth_priv.h:851
PrivAES::fix_key_len
void fix_key_len(unsigned int &key_len) const
Decrease a too long length to the right value.
Definition: auth_priv.h:750
PrivDES::extend_short_key
int extend_short_key(const unsigned char *password, const unsigned int password_len, const unsigned char *engine_id, const unsigned int engine_id_len, unsigned char *key, unsigned int *key_len, const unsigned int max_key_len, Auth *auth)
Extend a localized key that is too short.
Definition: auth_priv.h:621
DLLOPT
#define DLLOPT
Definition: config_snmp_pp.h:53
AuthHMAC384SHA512::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:1022
AuthHMAC256SHA384
Authentication module using SHA2 (usmHMAC256SHA384AuthProtocol).
Definition: auth_priv.h:995
Priv3DES_EDE
Definition: auth_priv.h:807
SNMPv3_AP_OUTPUT_LENGTH_SHA512
#define SNMPv3_AP_OUTPUT_LENGTH_SHA512
Definition: auth_priv.h:56
AuthHMAC192SHA256::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:976
PrivAES::get_id
int get_id() const
Get the uniqhe id of the privacy protocol.
Definition: auth_priv.h:746
config_snmp_pp.h
AuthPriv::salt
pp_uint64 salt
current salt value (64 bits)
Definition: auth_priv.h:542
AuthPriv::auth
AuthPtr * auth
Array of pointers to Auth-objects.
Definition: auth_priv.h:538
Auth::~Auth
virtual ~Auth()
Definition: auth_priv.h:72
AuthMD5::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:582
AuthHMAC256SHA384::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:1002
PrivIDEA::get_priv_params_len
int get_priv_params_len() const
Get the maximum length that is needed for the msgPrivacyParameters field.
Definition: auth_priv.h:693
AuthPriv::priv
PrivPtr * priv
Array of pointers to Priv-objects.
Definition: auth_priv.h:539
Priv3DES_EDE::get_id_string
const char * get_id_string() const
Get the unique identifier string of the privacy protocol.
Definition: auth_priv.h:849
PrivAESW3DESKeyExt::get_id
int get_id() const
Get the uniqhe id of the privacy protocol.
Definition: auth_priv.h:787
Priv::~Priv
virtual ~Priv()
Definition: auth_priv.h:201
AuthSHA::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:926
PrivIDEA::get_min_key_len
int get_min_key_len() const
Get the minimum key length needed for encryption and decryption.
Definition: auth_priv.h:694
OctetStr
Definition: octet.h:67
PrivPtr
Priv * PrivPtr
Definition: auth_priv.h:336
PrivDES::get_id_string
const char * get_id_string() const
Get the unique identifier string of the privacy protocol.
Definition: auth_priv.h:642
AuthHMAC128SHA224::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:953
TRIPLEDES_EDE_KEY_LEN
#define TRIPLEDES_EDE_KEY_LEN
Encryption module using TripleDES-EDE KEY.
Definition: auth_priv.h:804
PrivIDEA
Encryption module using IDEA.
Definition: auth_priv.h:655
AuthPtr
Auth * AuthPtr
Definition: auth_priv.h:335
Priv
Abstract class for priv modules.
Definition: auth_priv.h:198
Priv3DES_EDE::get_priv_params_len
int get_priv_params_len() const
Get the maximum length that is needed for the msgPrivacyParameters field.
Definition: auth_priv.h:850
SNMP_AUTHPROTOCOL_HMAC384SHA512
#define SNMP_AUTHPROTOCOL_HMAC384SHA512
HMAC-384-SHA-512.
Definition: usm_v3.h:86
SNMPv3_AP_OUTPUT_LENGTH_SHA224
#define SNMPv3_AP_OUTPUT_LENGTH_SHA224
Definition: auth_priv.h:53
usm_v3.h
pp_uint64
unsigned long long pp_uint64
Definition: config_snmp_pp.h:215
SNMPv3_AP_OUTPUT_LENGTH_SHA256
#define SNMPv3_AP_OUTPUT_LENGTH_SHA256
Definition: auth_priv.h:54
PrivDES::fix_key_len
void fix_key_len(unsigned int &key_len) const
Decrease a too long length to the right value.
Definition: auth_priv.h:645
AuthSHA::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:928
PrivIDEA::get_id
int get_id() const
Get the uniqhe id of the privacy protocol.
Definition: auth_priv.h:691
AuthHMAC384SHA512
Authentication module using SHA2 (usmHMAC384SHA512AuthProtocol).
Definition: auth_priv.h:1017
Auth
Abstract class for auth modules.
Definition: auth_priv.h:68
AuthHMAC128SHA224::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:959
SNMP_AUTHPROTOCOL_HMAC192SHA256
#define SNMP_AUTHPROTOCOL_HMAC192SHA256
HMAC-192-SHA-256.
Definition: usm_v3.h:84
Auth::set_salt
virtual void set_salt(pp_uint64 *new_salt)
Set the pointer to the salt that should be used.
Definition: auth_priv.h:173
AuthHMAC384SHA512::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:1020
PrivDES
Encryption module using DES.
Definition: auth_priv.h:590
PrivDES::get_priv_params_len
int get_priv_params_len() const
Get the maximum length that is needed for the msgPrivacyParameters field.
Definition: auth_priv.h:643
PrivAES
Encryption module using AES.
Definition: auth_priv.h:709
Priv3DES_EDE::fix_key_len
void fix_key_len(unsigned int &key_len) const
Decrease a too long length to the right value.
Definition: auth_priv.h:852
PrivAES::rounds
int rounds
Definition: auth_priv.h:756
Priv::set_salt
virtual void set_salt(pp_uint64 *new_salt)
Set the pointer to the salt that should be used.
Definition: auth_priv.h:312
SNMPv3_AP_OUTPUT_LENGTH_SHA384
#define SNMPv3_AP_OUTPUT_LENGTH_SHA384
Definition: auth_priv.h:55
SNMP_PRIVPROTOCOL_3DESEDE
#define SNMP_PRIVPROTOCOL_3DESEDE
3DES (expired draft standard)
Definition: usm_v3.h:102
AuthHMAC384SHA512::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:1026
SNMP_AUTHPROTOCOL_HMACSHA
#define SNMP_AUTHPROTOCOL_HMACSHA
HMAC-SHA.
Definition: usm_v3.h:82
PrivDES::get_id
int get_id() const
Get the uniqhe id of the privacy protocol.
Definition: auth_priv.h:641
SNMPv3_AP_OUTPUT_LENGTH_SHA
#define SNMPv3_AP_OUTPUT_LENGTH_SHA
Definition: auth_priv.h:51
AuthMD5
Authentication module using MD5.
Definition: auth_priv.h:550
AuthMD5::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:578
AuthHMAC192SHA256::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:980
AuthHMAC128SHA224::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:957
AuthHMAC128SHA224::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:955
SNMP_AUTHPROTOCOL_HMAC256SHA384
#define SNMP_AUTHPROTOCOL_HMAC256SHA384
HMAC-256-SHA-384.
Definition: usm_v3.h:85
AuthPriv::auth_size
int auth_size
current size of the auth array
Definition: auth_priv.h:540
PrivIDEA::get_id_string
const char * get_id_string() const
Get the unique identifier string of the privacy protocol.
Definition: auth_priv.h:692
AuthMD5::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:580
Auth::salt
pp_uint64 * salt
Definition: auth_priv.h:187
AuthHMAC384SHA512::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:1024
AuthSHA::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:930
PrivIDEA::extend_short_key
int extend_short_key(const unsigned char *password, const unsigned int password_len, const unsigned char *engine_id, const unsigned int engine_id_len, unsigned char *key, unsigned int *key_len, const unsigned int max_key_len, Auth *auth)
Extend a localized key that is too short.
Definition: auth_priv.h:681
PrivDES::get_min_key_len
int get_min_key_len() const
Get the minimum key length needed for encryption and decryption.
Definition: auth_priv.h:644
AuthHMAC256SHA384::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:1000
SNMP_PRIVPROTOCOL_DES
#define SNMP_PRIVPROTOCOL_DES
DES.
Definition: usm_v3.h:96