From a803a95c00f89932d2cfd7a7b424aad05fa276b8 Mon Sep 17 00:00:00 2001 From: Micael Karlberg Date: Thu, 17 Oct 2013 17:45:54 +0200 Subject: [snmp] Wrong block cypher type used for AES Wrong block cypher type used for AES ('aes_cbf128' instead of 'aes_cfb128') when performing AES block encrypt/decrypt which breaks SNMP usmAesCfb128Protocol in agent and manager. OTP-11412 --- lib/snmp/doc/src/notes.xml | 68 +++++++++++++++++++++++++++++++++++++++++ lib/snmp/src/app/snmp.appup.src | 42 ++++--------------------- lib/snmp/src/misc/snmp_usm.erl | 15 ++++++--- lib/snmp/vsn.mk | 2 +- 4 files changed, 86 insertions(+), 41 deletions(-) (limited to 'lib/snmp') diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml index 7514c52dda..7155402ab1 100644 --- a/lib/snmp/doc/src/notes.xml +++ b/lib/snmp/doc/src/notes.xml @@ -33,6 +33,74 @@ +
+ SNMP Development Toolkit 4.25 +

Version 4.25 supports code replacement in runtime from/to + version 4.24.2, 4.24.1, 4.24, 4.23.1 and 4.23.

+ +
+ Improvements and new features +

-

+ + + +
+ +
+ Fixed Bugs and Malfunctions + + + + +

Wrong block cypher type used for AES ('aes_cbf128' + instead of 'aes_cfb128') when performing AES block + encrypt/decrypt which breaks SNMP usmAesCfb128Protocol + in agent and manager.

+

Own Id: OTP-11412

+ + + + +
+ +
+ Incompatibilities +

-

+ + +
+ +
+ +
SNMP Development Toolkit 4.24.2

Version 4.24.2 supports code replacement in runtime from/to diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src index 6edcf7e833..e1bf7692b3 100644 --- a/lib/snmp/src/app/snmp.appup.src +++ b/lib/snmp/src/app/snmp.appup.src @@ -29,24 +29,9 @@ %% {add_module, snmpm_net_if_mt} [ - {"4.24.1", - [ - {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_mib, soft, soft_purge, soft_purge, []} - ] - }, - {"4.24", - [ - {load_module, snmp_conf, soft_purge, soft_purge, []}, - {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, - [snmp_conf]}, - {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, - {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_mib, soft, soft_purge, soft_purge, []} - ] - }, + {"4.24.2", [{restart_application, snmp}]}, + {"4.24.1", [{restart_application, snmp}]}, + {"4.24", [{restart_application, snmp}]}, {"4.23.1", [{restart_application, snmp}]}, {"4.23", [{restart_application, snmp}]} ], @@ -57,24 +42,9 @@ %% {remove, {snmpm_net_if_mt, soft_purge, soft_purge}} [ - {"4.24.1", - [ - {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_mib, soft, soft_purge, soft_purge, []} - ] - }, - {"4.24", - [ - {load_module, snmp_conf, soft_purge, soft_purge, []}, - {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, - [snmp_conf]}, - {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_local_db, soft, soft_purge, soft_purge, []}, - {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]}, - {update, snmpa_mib, soft, soft_purge, soft_purge, []} - ] - }, + {"4.24.2", [{restart_application, snmp}]}, + {"4.24.1", [{restart_application, snmp}]}, + {"4.24", [{restart_application, snmp}]}, {"4.23.1", [{restart_application, snmp}]}, {"4.23", [{restart_application, snmp}]} ] diff --git a/lib/snmp/src/misc/snmp_usm.erl b/lib/snmp/src/misc/snmp_usm.erl index 67e3476816..0c57f535cd 100644 --- a/lib/snmp/src/misc/snmp_usm.erl +++ b/lib/snmp/src/misc/snmp_usm.erl @@ -42,6 +42,9 @@ -define(i32(Int), (Int bsr 24) band 255, (Int bsr 16) band 255, (Int bsr 8) band 255, Int band 255). +-define(BLOCK_CIPHER_AES, aes_cfb128). +-define(BLOCK_CIPHER_DES, des_cbc). + %%----------------------------------------------------------------- %% Func: passwd2localized_key/3 @@ -210,7 +213,8 @@ des_encrypt(PrivKey, Data, SaltFun) -> IV = list_to_binary(snmp_misc:str_xor(PreIV, Salt)), TailLen = (8 - (length(Data) rem 8)) rem 8, Tail = mk_tail(TailLen), - EncData = crypto:block_encrypt(des_cbc, DesKey, IV, [Data,Tail]), + EncData = crypto:block_encrypt(?BLOCK_CIPHER_DES, + DesKey, IV, [Data,Tail]), {ok, binary_to_list(EncData), Salt}. des_decrypt(PrivKey, MsgPrivParams, EncData) @@ -224,7 +228,8 @@ des_decrypt(PrivKey, MsgPrivParams, EncData) Salt = MsgPrivParams, IV = list_to_binary(snmp_misc:str_xor(PreIV, Salt)), %% Whatabout errors here??? E.g. not a mulitple of 8! - Data = binary_to_list(crypto:block_decrypt(des_cbc, DesKey, IV, EncData)), + Data = binary_to_list(crypto:block_decrypt(?BLOCK_CIPHER_DES, + DesKey, IV, EncData)), Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data), {ok, Data2}; des_decrypt(PrivKey, BadMsgPrivParams, EncData) -> @@ -242,7 +247,8 @@ aes_encrypt(PrivKey, Data, SaltFun) -> EngineBoots = snmp_framework_mib:get_engine_boots(), EngineTime = snmp_framework_mib:get_engine_time(), IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]), - EncData = crypto:block_encrypt(aes_cbf128, AesKey, IV, Data), + EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES, + AesKey, IV, Data), {ok, binary_to_list(EncData), Salt}. aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime) @@ -251,7 +257,8 @@ aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime) Salt = MsgPrivParams, IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]), %% Whatabout errors here??? E.g. not a mulitple of 8! - Data = binary_to_list(crypto:block_decrypt(aes_cbf128, AesKey, IV, EncData)), + Data = binary_to_list(crypto:block_decrypt(?BLOCK_CIPHER_AES, + AesKey, IV, EncData)), Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data), {ok, Data2}. diff --git a/lib/snmp/vsn.mk b/lib/snmp/vsn.mk index 2164121e86..70f7c2b19a 100644 --- a/lib/snmp/vsn.mk +++ b/lib/snmp/vsn.mk @@ -18,6 +18,6 @@ # %CopyrightEnd% APPLICATION = snmp -SNMP_VSN = 4.24.2 +SNMP_VSN = 4.25 PRE_VSN = APP_VSN = "$(APPLICATION)-$(SNMP_VSN)$(PRE_VSN)" -- cgit v1.2.3 From 300803837926d0bb28829f313fad07f757188d41 Mon Sep 17 00:00:00 2001 From: Micael Karlberg Date: Fri, 18 Oct 2013 11:32:25 +0200 Subject: [snmp/manager] Incorrect use of EngineBoots and EngineTime when encrypting When performing the AES encryption, invalid values for the EngineBoots and EngineTime was used. The values of the local agent was used, which would have produced some values if an agent was actually running. If not it would have caused a crash. OTP-11413 --- lib/snmp/doc/src/notes.xml | 9 +++++++++ lib/snmp/src/agent/snmpa_mpd.erl | 4 ++-- lib/snmp/src/agent/snmpa_usm.erl | 10 ++++++++-- lib/snmp/src/manager/snmpm_usm.erl | 14 ++++++++++---- lib/snmp/src/misc/snmp_usm.erl | 8 ++++---- 5 files changed, 33 insertions(+), 12 deletions(-) (limited to 'lib/snmp') diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml index 7155402ab1..977af3ffb2 100644 --- a/lib/snmp/doc/src/notes.xml +++ b/lib/snmp/doc/src/notes.xml @@ -77,6 +77,15 @@

Own Id: OTP-11412

+ +

[manager] When performing the AES encryption, invalid values for + the EngineBoots and EngineTime was used.

+

The values of the local agent was used, which would have produced + some values if an agent was actually running. + If not it would have caused a crash.

+

Own Id: OTP-11413

+ +
diff --git a/lib/snmp/src/agent/snmpa_mpd.erl b/lib/snmp/src/agent/snmpa_mpd.erl index 2d37ea56f0..11ae806866 100644 --- a/lib/snmp/src/agent/snmpa_mpd.erl +++ b/lib/snmp/src/agent/snmpa_mpd.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 1997-2012. All Rights Reserved. +%% Copyright Ericsson AB 1997-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -657,7 +657,7 @@ generate_response_msg(Vsn, RePdu, Type, ?SEC_USM -> snmpa_usm end, - SecEngineID = LocalEngineID, + SecEngineID = LocalEngineID, % 3.1.1a ?vtrace("generate_response_msg -> SecEngineID: ~w", [SecEngineID]), case (catch SecModule:generate_outgoing_msg(Message, SecEngineID, diff --git a/lib/snmp/src/agent/snmpa_usm.erl b/lib/snmp/src/agent/snmpa_usm.erl index 6f54307f9f..719ea4e356 100644 --- a/lib/snmp/src/agent/snmpa_usm.erl +++ b/lib/snmp/src/agent/snmpa_usm.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 1999-2011. All Rights Reserved. +%% Copyright Ericsson AB 1999-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -16,6 +16,9 @@ %% %% %CopyrightEnd% %% +%% AES: RFC 3826 +%% + -module(snmpa_usm). %% Avoid warning for local function error/1 clashing with autoimported BIF. @@ -652,7 +655,10 @@ get_des_salt() -> [?i32(EngineBoots), ?i32(SaltInt)]. aes_encrypt(PrivKey, Data) -> - snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0). + EngineBoots = snmp_framework_mib:get_engine_boots(), + EngineTime = snmp_framework_mib:get_engine_time(), + snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0, + EngineBoots, EngineTime). aes_decrypt(PrivKey, UsmSecParams, EncData) -> #usmSecurityParameters{msgPrivacyParameters = PrivParams, diff --git a/lib/snmp/src/manager/snmpm_usm.erl b/lib/snmp/src/manager/snmpm_usm.erl index 497d6d6102..0a8a6436a3 100644 --- a/lib/snmp/src/manager/snmpm_usm.erl +++ b/lib/snmp/src/manager/snmpm_usm.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2011. All Rights Reserved. +%% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,6 +19,9 @@ %%----------------------------------------------------------------- %% This module implements the User Based Security Model for SNMP, %% as defined in rfc2274. +%% +%% AES: RFC 3826 +%% %%----------------------------------------------------------------- -module(snmpm_usm). @@ -416,11 +419,14 @@ get_des_salt() -> [?i32(EngineBoots), ?i32(SaltInt)]. aes_encrypt(PrivKey, Data) -> - snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0). + EngineBoots = get_engine_boots(), + EngineTime = get_engine_time(), + snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0, + EngineBoots, EngineTime). aes_decrypt(PrivKey, UsmSecParams, EncData) -> - #usmSecurityParameters{msgPrivacyParameters = MsgPrivParams, - msgAuthoritativeEngineTime = EngineTime, + #usmSecurityParameters{msgPrivacyParameters = MsgPrivParams, + msgAuthoritativeEngineTime = EngineTime, msgAuthoritativeEngineBoots = EngineBoots} = UsmSecParams, snmp_usm:aes_decrypt(PrivKey, MsgPrivParams, EncData, diff --git a/lib/snmp/src/misc/snmp_usm.erl b/lib/snmp/src/misc/snmp_usm.erl index 0c57f535cd..32198deb8b 100644 --- a/lib/snmp/src/misc/snmp_usm.erl +++ b/lib/snmp/src/misc/snmp_usm.erl @@ -16,6 +16,8 @@ %% %% %CopyrightEnd% %% +%% AES: RFC 3826 +%% -module(snmp_usm). @@ -24,7 +26,7 @@ -export([passwd2localized_key/3, localize_key/3]). -export([auth_in/4, auth_out/4, set_msg_auth_params/3]). -export([des_encrypt/3, des_decrypt/3]). --export([aes_encrypt/3, aes_decrypt/5]). +-export([aes_encrypt/5, aes_decrypt/5]). -define(SNMP_USE_V3, true). @@ -241,11 +243,9 @@ des_decrypt(PrivKey, BadMsgPrivParams, EncData) -> throw({error, {bad_msgPrivParams, PrivKey, BadMsgPrivParams, EncData}}). -aes_encrypt(PrivKey, Data, SaltFun) -> +aes_encrypt(PrivKey, Data, SaltFun, EngineBoots, EngineTime) -> AesKey = PrivKey, Salt = SaltFun(), - EngineBoots = snmp_framework_mib:get_engine_boots(), - EngineTime = snmp_framework_mib:get_engine_time(), IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]), EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES, AesKey, IV, Data), -- cgit v1.2.3