aboutsummaryrefslogtreecommitdiffstats
path: root/lib/snmp/src/misc/snmp_usm.erl
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2013-10-17 17:45:54 +0200
committerMicael Karlberg <[email protected]>2013-10-17 17:49:48 +0200
commita803a95c00f89932d2cfd7a7b424aad05fa276b8 (patch)
tree993ac7e123db5c336eb3f9324a6664b369bf1de1 /lib/snmp/src/misc/snmp_usm.erl
parente0ecc86e35475b434efa6cccba44074ca1040b7a (diff)
downloadotp-a803a95c00f89932d2cfd7a7b424aad05fa276b8.tar.gz
otp-a803a95c00f89932d2cfd7a7b424aad05fa276b8.tar.bz2
otp-a803a95c00f89932d2cfd7a7b424aad05fa276b8.zip
[snmp] Wrong block cypher type used for AES
Wrong block cypher type used for AES ('aes_cbf128' instead of 'aes_cfb128') when performing AES block encrypt/decrypt which breaks SNMP usmAesCfb128Protocol in agent and manager. OTP-11412
Diffstat (limited to 'lib/snmp/src/misc/snmp_usm.erl')
-rw-r--r--lib/snmp/src/misc/snmp_usm.erl15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/snmp/src/misc/snmp_usm.erl b/lib/snmp/src/misc/snmp_usm.erl
index 67e3476816..0c57f535cd 100644
--- a/lib/snmp/src/misc/snmp_usm.erl
+++ b/lib/snmp/src/misc/snmp_usm.erl
@@ -42,6 +42,9 @@
-define(i32(Int), (Int bsr 24) band 255, (Int bsr 16) band 255, (Int bsr 8) band 255, Int band 255).
+-define(BLOCK_CIPHER_AES, aes_cfb128).
+-define(BLOCK_CIPHER_DES, des_cbc).
+
%%-----------------------------------------------------------------
%% Func: passwd2localized_key/3
@@ -210,7 +213,8 @@ des_encrypt(PrivKey, Data, SaltFun) ->
IV = list_to_binary(snmp_misc:str_xor(PreIV, Salt)),
TailLen = (8 - (length(Data) rem 8)) rem 8,
Tail = mk_tail(TailLen),
- EncData = crypto:block_encrypt(des_cbc, DesKey, IV, [Data,Tail]),
+ EncData = crypto:block_encrypt(?BLOCK_CIPHER_DES,
+ DesKey, IV, [Data,Tail]),
{ok, binary_to_list(EncData), Salt}.
des_decrypt(PrivKey, MsgPrivParams, EncData)
@@ -224,7 +228,8 @@ des_decrypt(PrivKey, MsgPrivParams, EncData)
Salt = MsgPrivParams,
IV = list_to_binary(snmp_misc:str_xor(PreIV, Salt)),
%% Whatabout errors here??? E.g. not a mulitple of 8!
- Data = binary_to_list(crypto:block_decrypt(des_cbc, DesKey, IV, EncData)),
+ Data = binary_to_list(crypto:block_decrypt(?BLOCK_CIPHER_DES,
+ DesKey, IV, EncData)),
Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data),
{ok, Data2};
des_decrypt(PrivKey, BadMsgPrivParams, EncData) ->
@@ -242,7 +247,8 @@ aes_encrypt(PrivKey, Data, SaltFun) ->
EngineBoots = snmp_framework_mib:get_engine_boots(),
EngineTime = snmp_framework_mib:get_engine_time(),
IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
- EncData = crypto:block_encrypt(aes_cbf128, AesKey, IV, Data),
+ EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES,
+ AesKey, IV, Data),
{ok, binary_to_list(EncData), Salt}.
aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime)
@@ -251,7 +257,8 @@ aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime)
Salt = MsgPrivParams,
IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
%% Whatabout errors here??? E.g. not a mulitple of 8!
- Data = binary_to_list(crypto:block_decrypt(aes_cbf128, AesKey, IV, EncData)),
+ Data = binary_to_list(crypto:block_decrypt(?BLOCK_CIPHER_AES,
+ AesKey, IV, EncData)),
Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data),
{ok, Data2}.