aboutsummaryrefslogtreecommitdiffstats
path: root/lib/snmp/src/misc/snmp_usm.erl
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2009-11-20 14:54:40 +0000
committerErlang/OTP <[email protected]>2009-11-20 14:54:40 +0000
commit84adefa331c4159d432d22840663c38f155cd4c1 (patch)
treebff9a9c66adda4df2106dfd0e5c053ab182a12bd /lib/snmp/src/misc/snmp_usm.erl
downloadotp-84adefa331c4159d432d22840663c38f155cd4c1.tar.gz
otp-84adefa331c4159d432d22840663c38f155cd4c1.tar.bz2
otp-84adefa331c4159d432d22840663c38f155cd4c1.zip
The R13B03 release.OTP_R13B03
Diffstat (limited to 'lib/snmp/src/misc/snmp_usm.erl')
-rw-r--r--lib/snmp/src/misc/snmp_usm.erl367
1 files changed, 367 insertions, 0 deletions
diff --git a/lib/snmp/src/misc/snmp_usm.erl b/lib/snmp/src/misc/snmp_usm.erl
new file mode 100644
index 0000000000..6d216e65d6
--- /dev/null
+++ b/lib/snmp/src/misc/snmp_usm.erl
@@ -0,0 +1,367 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2004-2009. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(snmp_usm).
+
+-export([passwd2localized_key/3, localize_key/3]).
+-export([auth_in/4, auth_out/4, set_msg_auth_params/3]).
+-export([des_encrypt/3, des_decrypt/3]).
+-export([aes_encrypt/3, aes_decrypt/5]).
+
+
+-define(SNMP_USE_V3, true).
+-include("snmp_types.hrl").
+-include("SNMP-USER-BASED-SM-MIB.hrl").
+-include("SNMP-USM-AES-MIB.hrl").
+
+-define(VMODULE,"USM").
+-include("snmp_verbosity.hrl").
+
+
+%%-----------------------------------------------------------------
+
+-define(twelwe_zeros, [0,0,0,0,0,0,0,0,0,0,0,0]).
+
+-define(i32(Int), (Int bsr 24) band 255, (Int bsr 16) band 255, (Int bsr 8) band 255, Int band 255).
+
+
+%%-----------------------------------------------------------------
+%% Func: passwd2localized_key/3
+%% Types: Alg = md5 | sha
+%% Passwd = string()
+%% EngineID = string()
+%% Purpose: Generates a key that can be used as an authentication
+%% or privacy key using MD5 och SHA. The key is
+%% localized for EngineID.
+%% The algorithm is described in appendix A.1 2) of
+%% rfc2274.
+%%-----------------------------------------------------------------
+passwd2localized_key(Alg, Passwd, EngineID) when length(Passwd) > 0 ->
+ Key = mk_digest(Alg, Passwd),
+ localize_key(Alg, Key, EngineID).
+
+
+%%-----------------------------------------------------------------
+%% Func: localize_key/3
+%% Types: Alg = md5 | sha
+%% Passwd = string()
+%% EngineID = string()
+%% Purpose: Localizes an unlocalized key for EngineID. See rfc2274
+%% section 2.6 for a definition of localized keys.
+%%-----------------------------------------------------------------
+localize_key(Alg, Key, EngineID) ->
+ Str = [Key, EngineID, Key],
+ binary_to_list(crypto:Alg(Str)).
+
+
+mk_digest(md5, Passwd) ->
+ mk_md5_digest(Passwd);
+mk_digest(sha, Passwd) ->
+ mk_sha_digest(Passwd).
+
+mk_md5_digest(Passwd) ->
+ Ctx = crypto:md5_init(),
+ Ctx2 = md5_loop(0, [], Ctx, Passwd, length(Passwd)),
+ crypto:md5_final(Ctx2).
+
+md5_loop(Count, Buf, Ctx, Passwd, PasswdLen) when Count < 1048576 ->
+ {Buf64, NBuf} = mk_buf64(length(Buf), Buf, Passwd, PasswdLen),
+ NCtx = crypto:md5_update(Ctx, Buf64),
+ md5_loop(Count+64, NBuf, NCtx, Passwd, PasswdLen);
+md5_loop(_Count, _Buf, Ctx, _Passwd, _PasswdLen) ->
+ Ctx.
+
+mk_sha_digest(Passwd) ->
+ Ctx = crypto:sha_init(),
+ Ctx2 = sha_loop(0, [], Ctx, Passwd, length(Passwd)),
+ crypto:sha_final(Ctx2).
+
+sha_loop(Count, Buf, Ctx, Passwd, PasswdLen) when Count < 1048576 ->
+ {Buf64, NBuf} = mk_buf64(length(Buf), Buf, Passwd, PasswdLen),
+ NCtx = crypto:sha_update(Ctx, Buf64),
+ sha_loop(Count+64, NBuf, NCtx, Passwd, PasswdLen);
+sha_loop(_Count, _Buf, Ctx, _Passwd, _PasswdLen) ->
+ Ctx.
+
+%% Create a 64 bytes long string, by repeating Passwd as many times
+%% as necessary. Output is the 64 byte string, and the rest of the
+%% last repetition of the Passwd. This is used as input in the next
+%% invocation.
+mk_buf64(BufLen, Buf, Passwd, PasswdLen) ->
+ case BufLen + PasswdLen of
+ TotLen when TotLen > 64 ->
+ {[Buf, lists:sublist(Passwd, 64-BufLen)],
+ lists:sublist(Passwd, 65-BufLen, PasswdLen)};
+ TotLen ->
+ mk_buf64(TotLen, [Buf, Passwd], Passwd, PasswdLen)
+ end.
+
+
+%%-----------------------------------------------------------------
+%% Auth and priv algorithms
+%%-----------------------------------------------------------------
+
+auth_in(usmHMACMD5AuthProtocol, AuthKey, AuthParams, Packet) ->
+ md5_auth_in(AuthKey, AuthParams, Packet);
+auth_in(?usmHMACMD5AuthProtocol, AuthKey, AuthParams, Packet) ->
+ md5_auth_in(AuthKey, AuthParams, Packet);
+auth_in(usmHMACSHAAuthProtocol, AuthKey, AuthParams, Packet) ->
+ sha_auth_in(AuthKey, AuthParams, Packet);
+auth_in(?usmHMACSHAAuthProtocol, AuthKey, AuthParams, Packet) ->
+ sha_auth_in(AuthKey, AuthParams, Packet).
+
+auth_out(usmNoAuthProtocol, _AuthKey, _Message, _UsmSecParams) -> % 3.1.3
+ error(unSupportedSecurityLevel);
+auth_out(?usmNoAuthProtocol, _AuthKey, _Message, _UsmSecParams) -> % 3.1.3
+ error(unSupportedSecurityLevel);
+auth_out(usmHMACMD5AuthProtocol, AuthKey, Message, UsmSecParams) ->
+ md5_auth_out(AuthKey, Message, UsmSecParams);
+auth_out(?usmHMACMD5AuthProtocol, AuthKey, Message, UsmSecParams) ->
+ md5_auth_out(AuthKey, Message, UsmSecParams);
+auth_out(usmHMACSHAAuthProtocol, AuthKey, Message, UsmSecParams) ->
+ sha_auth_out(AuthKey, Message, UsmSecParams);
+auth_out(?usmHMACSHAAuthProtocol, AuthKey, Message, UsmSecParams) ->
+ sha_auth_out(AuthKey, Message, UsmSecParams).
+
+md5_auth_out(AuthKey, Message, UsmSecParams) ->
+ %% 6.3.1.1
+ Message2 = set_msg_auth_params(Message, UsmSecParams, ?twelwe_zeros),
+ Packet = snmp_pdus:enc_message_only(Message2),
+ %% 6.3.1.2-4 is done by the crypto function
+ %% 6.3.1.4
+ MAC = binary_to_list(crypto:md5_mac_96(AuthKey, Packet)),
+ %% 6.3.1.5
+ set_msg_auth_params(Message, UsmSecParams, MAC).
+
+md5_auth_in(AuthKey, AuthParams, Packet) when length(AuthParams) == 12 ->
+ %% 6.3.2.3
+ Packet2 = patch_packet(binary_to_list(Packet)),
+ %% 6.3.2.5
+ MAC = binary_to_list(crypto:md5_mac_96(AuthKey, Packet2)),
+ %% 6.3.2.6
+%% ?vtrace("md5_auth_in -> entry with"
+%% "~n Packet2: ~w"
+%% "~n AuthKey: ~w"
+%% "~n AuthParams: ~w"
+%% "~n MAC: ~w", [Packet2, AuthKey, AuthParams, MAC]),
+ MAC == AuthParams;
+md5_auth_in(_AuthKey, _AuthParams, _Packet) ->
+ %% 6.3.2.1
+ ?vtrace("md5_auth_in -> entry with"
+ "~n _AuthKey: ~p"
+ "~n _AuthParams: ~p", [_AuthKey, _AuthParams]),
+ false.
+
+
+sha_auth_out(AuthKey, Message, UsmSecParams) ->
+ %% 7.3.1.1
+ Message2 = set_msg_auth_params(Message, UsmSecParams, ?twelwe_zeros),
+ Packet = snmp_pdus:enc_message_only(Message2),
+ %% 7.3.1.2-4 is done by the crypto function
+ %% 7.3.1.4
+ MAC = binary_to_list(crypto:sha_mac_96(AuthKey, Packet)),
+ %% 7.3.1.5
+ set_msg_auth_params(Message, UsmSecParams, MAC).
+
+sha_auth_in(AuthKey, AuthParams, Packet) when length(AuthParams) =:= 12 ->
+ %% 7.3.2.3
+ Packet2 = patch_packet(binary_to_list(Packet)),
+ %% 7.3.2.5
+ MAC = binary_to_list(crypto:sha_mac_96(AuthKey, Packet2)),
+ %% 7.3.2.6
+ MAC == AuthParams;
+sha_auth_in(_AuthKey, _AuthParams, _Packet) ->
+ %% 7.3.2.1
+ ?vtrace("sha_auth_in -> entry with"
+ "~n _AuthKey: ~p"
+ "~n _AuthParams: ~p", [_AuthKey, _AuthParams]),
+ false.
+
+
+des_encrypt(PrivKey, Data, SaltFun) ->
+ [A,B,C,D,E,F,G,H | PreIV] = PrivKey,
+ DesKey = [A,B,C,D,E,F,G,H],
+ Salt = SaltFun(),
+ IV = snmp_misc:str_xor(PreIV, Salt),
+ TailLen = (8 - (length(Data) rem 8)) rem 8,
+ Tail = mk_tail(TailLen),
+ EncData = crypto:des_cbc_encrypt(DesKey, IV, [Data,Tail]),
+ {ok, binary_to_list(EncData), Salt}.
+
+des_decrypt(PrivKey, MsgPrivParams, EncData)
+ when length(MsgPrivParams) =:= 8 ->
+ [A,B,C,D,E,F,G,H | PreIV] = PrivKey,
+ DesKey = [A,B,C,D,E,F,G,H],
+ Salt = MsgPrivParams,
+ IV = snmp_misc:str_xor(PreIV, Salt),
+ %% Whatabout errors here??? E.g. not a mulitple of 8!
+ Data = binary_to_list(crypto:des_cbc_decrypt(DesKey, IV, EncData)),
+ Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data),
+ {ok, Data2}.
+
+aes_encrypt(PrivKey, Data, SaltFun) ->
+ AesKey = PrivKey,
+ Salt = SaltFun(),
+ EngineBoots = snmp_framework_mib:get_engine_boots(),
+ EngineTime = snmp_framework_mib:get_engine_time(),
+ IV = [?i32(EngineBoots), ?i32(EngineTime) | Salt],
+ EncData = crypto:aes_cfb_128_encrypt(AesKey, IV, Data),
+ {ok, binary_to_list(EncData), Salt}.
+
+aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime)
+ when length(MsgPrivParams) == 8 ->
+ AesKey = PrivKey,
+ Salt = MsgPrivParams,
+ IV = [?i32(EngineBoots), ?i32(EngineTime) | Salt],
+ %% Whatabout errors here??? E.g. not a mulitple of 8!
+ Data = binary_to_list(crypto:aes_cfb_128_decrypt(AesKey, IV, EncData)),
+ Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data),
+ {ok, Data2}.
+
+
+%%-----------------------------------------------------------------
+%% Utility functions
+%%-----------------------------------------------------------------
+mk_tail(N) when N > 0 ->
+ [0 | mk_tail(N-1)];
+mk_tail(0) ->
+ [].
+
+set_msg_auth_params(Message, UsmSecParams, AuthParams) ->
+ NUsmSecParams =
+ UsmSecParams#usmSecurityParameters{msgAuthenticationParameters =
+ AuthParams},
+ SecBytes = snmp_pdus:enc_usm_security_parameters(NUsmSecParams),
+ VsnHdr = Message#message.vsn_hdr,
+ NVsnHdr = VsnHdr#v3_hdr{msgSecurityParameters = SecBytes},
+ Message#message{vsn_hdr = NVsnHdr}.
+
+
+%% Not very nice...
+%% This function patches the asn.1 encoded message. It changes the
+%% AuthenticationParameters to 12 zeros.
+%% NOTE: returns a deep list of bytes
+patch_packet([48 | T]) ->
+ %% Length for whole packet - 2 is tag for version
+ {Len1, [2 | T1]} = split_len(T),
+ %% Length for version - 48 is tag for header data
+ {Len2, [Vsn,48|T2]} = split_len(T1),
+ %% Length for header data
+ {Len3, T3} = split_len(T2),
+ [48,Len1,2,Len2,Vsn,48,Len3|pp2(dec_len(Len3),T3)].
+
+%% Skip HeaderData - 4 is tag for SecurityParameters
+pp2(0,[4|T]) ->
+ %% 48 is tag for UsmSecParams
+ {Len1,[48|T1]} = split_len(T),
+ %% 4 is tag for EngineID
+ {Len2,[4|T2]} = split_len(T1),
+ %% Len 3 is length for EngineID
+ {Len3,T3} = split_len(T2),
+ [4,Len1,48,Len2,4,Len3|pp3(dec_len(Len3),T3)];
+pp2(N,[H|T]) ->
+ [H|pp2(N-1,T)].
+
+%% Skip EngineID - 2 is tag for EngineBoots
+pp3(0,[2|T]) ->
+ {Len1,T1} = split_len(T),
+ [2,Len1|pp4(dec_len(Len1),T1)];
+pp3(N,[H|T]) ->
+ [H|pp3(N-1,T)].
+
+%% Skip EngineBoots - 2 is tag for EngineTime
+pp4(0,[2|T]) ->
+ {Len1,T1} = split_len(T),
+ [2,Len1|pp5(dec_len(Len1),T1)];
+pp4(N,[H|T]) ->
+ [H|pp4(N-1,T)].
+
+%% Skip EngineTime - 4 is tag for UserName
+pp5(0,[4|T]) ->
+ {Len1,T1} = split_len(T),
+ [4,Len1|pp6(dec_len(Len1),T1)];
+pp5(N,[H|T]) ->
+ [H|pp5(N-1,T)].
+
+%% Skip UserName - 4 is tag for AuthenticationParameters
+%% This is what we're looking for!
+pp6(0,[4|T]) ->
+ {Len1,[_,_,_,_,_,_,_,_,_,_,_,_|T1]} = split_len(T),
+ 12 = dec_len(Len1),
+ [4,Len1,?twelwe_zeros|T1];
+pp6(N,[H|T]) ->
+ [H|pp6(N-1,T)].
+
+
+%% Returns {LengthOctets, Rest}
+split_len([Hd|Tl]) ->
+ %% definite form
+ case is8set(Hd) of
+ 0 -> % Short form
+ {Hd,Tl};
+ 1 -> % Long form - at least one more octet
+ No = clear(Hd, 8),
+ {DigList,Rest} = head(No,Tl),
+ {[Hd | DigList], Rest}
+ end.
+
+dec_len(D) when is_integer(D) ->
+ D;
+dec_len([_LongOctet|T]) ->
+ dl(T).
+dl([D]) ->
+ D;
+dl([A,B]) ->
+ (A bsl 8) bor B;
+dl([A,B,C]) ->
+ (A bsl 16) bor (B bsl 8) bor C;
+dl([0 | T]) ->
+ dl(T).
+
+head(L,List) when length(List) == L -> {List,[]};
+head(L,List) ->
+ head(L,List,[]).
+
+head(0,L,Res) ->
+ {lists:reverse(Res),L};
+
+head(Int,[H|Tail],Res) ->
+ head(Int-1,Tail,[H|Res]).
+
+clear(Byte, 8) ->
+ Byte band 127.
+%% clear(Byte,Pos) when Pos < 9 ->
+%% Mask = bnot bset(0,Pos),
+%% Mask band Byte.
+
+%% bset(Byte, 8) ->
+%% Byte bor 2#10000000;
+%% bset(Byte, Pos) when (Pos < 9) ->
+%% Mask = 1 bsl (Pos-1),
+%% Byte bor Mask.
+
+is8set(Byte) ->
+ if
+ Byte > 127 -> 1;
+ true -> 0
+ end.
+
+error(Reason) ->
+ throw({error, Reason}).
+