SNMP++  3.3.4
auth_priv.h
Go to the documentation of this file.
1 /*_############################################################################
2  _##
3  _## auth_priv.h
4  _##
5  _## SNMP++ v3.3
6  _## -----------------------------------------------
7  _## Copyright (c) 2001-2013 Jochen Katz, Frank Fock
8  _##
9  _## This software is based on SNMP++2.6 from Hewlett Packard:
10  _##
11  _## Copyright (c) 1996
12  _## Hewlett-Packard Company
13  _##
14  _## ATTENTION: USE OF THIS SOFTWARE IS SUBJECT TO THE FOLLOWING TERMS.
15  _## Permission to use, copy, modify, distribute and/or sell this software
16  _## and/or its documentation is hereby granted without fee. User agrees
17  _## to display the above copyright notice and this license notice in all
18  _## copies of the software and any documentation of the software. User
19  _## agrees to assume all liability for the use of the software;
20  _## Hewlett-Packard and Jochen Katz make no representations about the
21  _## suitability of this software for any purpose. It is provided
22  _## "AS-IS" without warranty of any kind, either express or implied. User
23  _## hereby grants a royalty-free license to any and all derivatives based
24  _## upon this software code base.
25  _##
26  _##########################################################################*/
27 // $Id: auth_priv.h 2359 2013-05-09 20:07:01Z fock $
28 
29 #ifndef _AUTH_PRIV_
30 #define _AUTH_PRIV_
31 
32 #include "snmp_pp/config_snmp_pp.h"
33 
34 #ifdef _SNMPv3
35 
36 #include "snmp_pp/usm_v3.h"
37 
38 #ifdef SNMP_PP_NAMESPACE
39 namespace Snmp_pp {
40 #endif
41 
42 #define SNMPv3_USM_MAX_KEY_LEN 32
43 
44 /* Accept Messages with auth/priv param fields up to this length */
45 #define SNMPv3_AP_MAXLENGTH_AUTHPARAM 128
46 #define SNMPv3_AP_MAXLENGTH_PRIVPARAM 128
47 
48 
49 #define SNMPv3_AP_OUTPUT_LENGTH_MD5 16
50 #define SNMPv3_AP_OUTPUT_LENGTH_SHA 20
51 
52 class OctetStr;
53 
54 /**
55  * Abstract class for auth modules.
56  *
57  * This class has to be subclassed to add new authentication
58  * protocols.
59  *
60  */
61 class DLLOPT Auth
62 {
63 public:
64 
65  virtual ~Auth() {};
66 
67  /**
68  * Generate the localized key for the given password and engine id.
69  *
70  * @param password - the password
71  * @param password_len - the length of the password
72  * @param engine_id - pointer to snmpEngineID
73  * @param engine_id_len - length of snmpEngineID
74  * @param key - pointer to an empty buffer that will be filled
75  * with generated key
76  * @param key_len - IN: length of the buffer
77  * OUT: length of the key
78  *
79  * @return SNMPv3_USM_OK on success
80  */
81  virtual int password_to_key(const unsigned char *password,
82  const unsigned int password_len,
83  const unsigned char *engine_id,
84  const unsigned int engine_id_len,
85  unsigned char *key,
86  unsigned int *key_len) = 0;
87 
88  /**
89  * Generate a hash value for the given data.
90  *
91  * @param data - the data
92  * @param data_len - the length of the data
93  * @param digest - pointer to the generated digest
94  *
95  * @return SNMPv3_USM_OK on success
96  */
97  virtual int hash(const unsigned char *data,
98  const unsigned int data_len,
99  unsigned char *digest) const = 0;
100 
101  /**
102  * Authenticate an outgoing message.
103  *
104  * This method fills the authentication parameters field of the
105  * given message. The param auth_par_ptr is pointing inside the
106  * message buffer and must be zeroed before the authentication value
107  * is computed.
108  *
109  * @param key - pointer to the (fixed length) key
110  * @param msg - pointer to the whole message
111  * @param msg_len - the length of the message
112  * @param auth_par_ptr - pointer to the auth field inside the msg buffer
113  *
114  * @return SNMPv3_USM_OK on success and
115  * SNMPv3_USM_ERROR for unexpected errors.
116  */
117  virtual int auth_out_msg(const unsigned char *key,
118  unsigned char *msg,
119  const int msg_len,
120  unsigned char *auth_par_ptr) = 0;
121 
122 
123  /**
124  * Authenticate an incoming message.
125  *
126  * This method checks if the value in the authentication parameters
127  * field of the message is valid.
128  *
129  * The following procedure is used to verify the authenitcation value
130  * - copy the authentication value to a temp buffer
131  * - zero the auth field
132  * - recalculate the authenthication value
133  * - compare the two authentcation values
134  * - write back the received authentication value if values differ
135  *
136  * @param key - pointer to the (fixed length) key
137  * @param msg - pointer to the whole message
138  * @param msg_len - the length of the message
139  * @param auth_par_ptr - pointer to the auth field inside the msg buffer
140  * @param auth_par_len - Length of the received auth field
141  *
142  * @return SNMPv3_USM_OK if the msg is valid,
143  * SNMPv3_USM_AUTHENTICATION_FAILURE if not and
144  * SNMPv3_USM_ERROR for unexpected errors.
145  */
146  virtual int auth_inc_msg(const unsigned char *key,
147  unsigned char *msg,
148  const int msg_len,
149  unsigned char *auth_par_ptr,
150  const int auth_par_len) = 0;
151 
152  /**
153  * Get the unique id of the authentication protocol.
154  */
155  virtual int get_id() const = 0;
156 
157 
158  /**
159  * Get the unique identifier string of the authentication protocol.
160  */
161  virtual const char *get_id_string() const = 0;
162 
163  /**
164  * Set the pointer to the salt that should be used.
165  */
166  virtual void set_salt(pp_uint64 *new_salt) { salt = new_salt; };
167 
168  /**
169  * Get the maximum length that is needed for the
170  * msgAuthenticationParameters field.
171  */
172  virtual int get_auth_params_len() const = 0;
173 
174  /**
175  * Get length of a hash output.
176  */
177  virtual int get_hash_len() const = 0;
178 
179  protected:
180  pp_uint64 *salt;
181 };
182 
183 
184 /**
185  * Abstract class for priv modules
186  *
187  * This class has to be subclassed to add new privacy
188  * protocols.
189  *
190  */
191 class DLLOPT Priv
192 {
193 public:
194  virtual ~Priv() {};
195 
196  /**
197  * Encrypt the buffer with the given key.
198  *
199  * This method fills the privacy parameters field of the given
200  * message.
201  *
202  * @param key - pointer to the encryption key
203  * @param key_len - length of encryption key
204  * @param buffer - pointer to the unencrypted buffer
205  * @param buffer_len - length of the buffer
206  * @param out_buffer - pointer to the buffer for the encryptet data
207  * @param out_buffer_len - Input: Length of the output buffer.
208  * Output: Bytes written
209  * @param privacy_params - Buffer, where the privacy parameters
210  * are written to.
211  * @param privacy_params_len - Length of the privacy parameters buffer
212  * @param engine_boots - The engine boots value for the message
213  * @param engine_time - The engine time value for the message
214  *
215  * @return SNMPv3_USM_OK on success
216  */
217  virtual int encrypt(const unsigned char *key,
218  const unsigned int key_len,
219  const unsigned char *buffer,
220  const unsigned int buffer_len,
221  unsigned char *out_buffer,
222  unsigned int *out_buffer_len,
223  unsigned char *privacy_params,
224  unsigned int *privacy_params_len,
225  const unsigned long engine_boots,
226  const unsigned long engine_time) = 0;
227 
228 
229  /**
230  * Decrypt the buffer with the given key.
231  *
232  * This method needs the privacy parameters field for the given
233  * message.
234  *
235  * @param key - pointer to the (fixed length) dencryption key
236  * @param key_len - length of encryption key
237  * @param buffer - pointer to the encrypted buffer
238  * @param buffer_len - length of the buffer
239  * @param out_buffer - pointer to the buffer for the decryptet data
240  * @param out_buffer_len - Input: Length of the output buffer.
241  * Output: Bytes written
242  * @param privacy_params - Buffer, where the privacy parameters
243  * are read from.
244  * @param privacy_params_len - Length of the privacy parameters buffer
245  * @param engine_boots - The engine boots value for the message
246  * @param engine_time - The engine time value for the message
247  *
248  * @return SNMPv3_USM_OK on success
249  */
250  virtual int decrypt(const unsigned char *key,
251  const unsigned int key_len,
252  const unsigned char *buffer,
253  const unsigned int buffer_len,
254  unsigned char *out_buffer,
255  unsigned int *out_buffer_len,
256  const unsigned char *privacy_params,
257  const unsigned int privacy_params_len,
258  const unsigned long engine_boots,
259  const unsigned long engine_time) = 0;
260 
261  /**
262  * Extend a localized key that is too short.
263  *
264  * Some privacy protocols require a key that is longer than the key
265  * generated by the pasword to key algorithm of the authentication
266  * protocol. This function extends a short key to the required length.
267  *
268  * @param password - the password
269  * @param password_len - the length of the password
270  * @param engine_id - pointer to snmpEngineID
271  * @param engine_id_len - length of snmpEngineID
272  * @param key - pointer to the short key that was generated
273  * using Auth::password_to_key() function
274  * @param key_len - IN: length of the short key
275  * OUT: length of the extended key
276  * @param max_key_len - Length of the key buffer
277  * @param auth - Pointer of the authentication protocol that
278  * should be used
279  *
280  * @return SNMPv3_USM_OK on success
281  */
282 
283  virtual int extend_short_key(const unsigned char *password,
284  const unsigned int password_len,
285  const unsigned char *engine_id,
286  const unsigned int engine_id_len,
287  unsigned char *key,
288  unsigned int *key_len,
289  const unsigned int max_key_len,
290  Auth *auth) = 0;
291 
292  /**
293  * Get the uniqhe id of the privacy protocol.
294  */
295  virtual int get_id() const = 0;
296 
297  /**
298  * Get the unique identifier string of the privacy protocol.
299  */
300  virtual const char *get_id_string() const = 0;
301 
302  /**
303  * Set the pointer to the salt that should be used.
304  */
305  virtual void set_salt(pp_uint64 *new_salt) { salt = new_salt; };
306 
307  /**
308  * Get the maximum length that is needed for the
309  * msgPrivacyParameters field.
310  */
311  virtual int get_priv_params_len() const = 0;
312 
313  /**
314  * Get the minimum key length needed for encryption and decryption.
315  */
316  virtual int get_min_key_len() const = 0;
317 
318  /**
319  * Decrease a too long length to the right value.
320  */
321  virtual void fix_key_len(unsigned int &key_len) const = 0;
322 
323  protected:
324  pp_uint64 *salt;
325 
326 };
327 
328 typedef Auth* AuthPtr;
329 typedef Priv* PrivPtr;
330 
331 
332 /**
333  * Class that holds all authentication and privacy protocols
334  * for a snmp entity.
335  */
336 class DLLOPT AuthPriv
337 {
338 public:
339 
340  /**
341  * Default constructor, initializes random values
342  */
343  AuthPriv(int &construct_state);
344 
345  /**
346  * Destructor, deletes all auth and priv protocol objets.
347  */
348  ~AuthPriv();
349 
350  /**
351  * Add the default authentication protocols.
352  *
353  * The following authentication protocols are added:
354  * - MD5
355  * - SHA
356  *
357  * The following privacy protocols are added:
358  * - DES
359  * - AES128, AES192 and AES256 if libtomcrypt or OpenSSL is enabled
360  * - IDEA if enabled
361  *
362  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR.
363  */
364  int add_default_modules();
365 
366  /**
367  * Add a new authentication protocol.
368  *
369  * All added objects will be deleted in the destructor
370  *
371  * @param auth - Pointer to a new auth protocol object
372  *
373  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
374  */
375  int add_auth(Auth *auth);
376 
377  /**
378  * Delete a authentication protocol.
379  *
380  * @param auth_id - The id of the authentication protocol to remove
381  *
382  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
383  */
384  int del_auth(const int auth_id);
385 
386  /**
387  * Add a new privacy protocol.
388  *
389  * All added objects will be deleted in the destructor
390  *
391  * @param priv - Pointer to a new privacy protocol object
392  *
393  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
394  */
395  int add_priv(Priv *priv);
396 
397  /**
398  * Delete a privacy protocol.
399  *
400  * @param priv_id - The id of the privacy protocol to remove
401  *
402  * @return SNMP_CLASS_SUCCESS or SNMP_CLASS_ERROR
403  */
404  int del_priv(const int priv_id);
405 
406  /**
407  * Call the password-to-key method of the specified authentication
408  * protocol.
409  */
410  int password_to_key_auth(const int auth_prot,
411  const unsigned char *password,
412  const unsigned int password_len,
413  const unsigned char *engine_id,
414  const unsigned int engine_id_len,
415  unsigned char *key,
416  unsigned int *key_len);
417 
418  /**
419  * Call the password-to-key method of the specified privacy
420  * protocol.
421  */
422  int password_to_key_priv(const int auth_prot,
423  const int priv_prot,
424  const unsigned char *password,
425  const unsigned int password_len,
426  const unsigned char *engine_id,
427  const unsigned int engine_id_len,
428  unsigned char *key,
429  unsigned int *key_len);
430 
431  /**
432  * Get the keyChange value for the specified keys using the given
433  * authentication protocol.
434  */
435  int get_keychange_value(const int auth_prot,
436  const OctetStr& old_key,
437  const OctetStr& new_key,
438  OctetStr& keychange_value);
439 
440  /**
441  * Get a pointer to a privacy protocol object.
442  */
443  Priv *get_priv(const int priv_prot);
444 
445  /**
446  * Get a pointer to a authentication protocol object.
447  */
448  Auth *get_auth(const int auth_prot);
449 
450  /**
451  * Get the unique id for the given auth protocol.
452  *
453  * @param string_id - The string returned by Auth::get_id_string()
454  *
455  * @return The id or -1
456  */
457  int get_auth_id(const char *string_id) const;
458 
459  /**
460  * Get the unique id for the given priv protocol.
461  *
462  * @param string_id - The string returned by Priv::get_id_string()
463  *
464  * @return The id or -1
465  */
466  int get_priv_id(const char *string_id) const;
467 
468  /**
469  * Encrypt a message.
470  */
471  int encrypt_msg(const int priv_prot,
472  const unsigned char *key,
473  const unsigned int key_len,
474  const unsigned char *buffer,
475  const unsigned int buffer_len,
476  unsigned char *out_buffer,
477  unsigned int *out_buffer_len,
478  unsigned char *privacy_params,
479  unsigned int *privacy_params_len,
480  const unsigned long engine_boots,
481  const unsigned long engine_time);
482 
483  /**
484  * Decrypt a message.
485  */
486  int decrypt_msg(const int priv_prot,
487  const unsigned char *key,
488  const unsigned int key_len,
489  const unsigned char *buffer,
490  const unsigned int buffer_len,
491  unsigned char *out_buffer,
492  unsigned int *out_buffer_len,
493  const unsigned char *privacy_params,
494  const unsigned int privacy_params_len,
495  const unsigned long engine_boots,
496  const unsigned long engine_time);
497 
498  /**
499  * Get the length of the authentication parameters field of the given
500  * authentication protocol.
501  */
502  int get_auth_params_len(const int auth_prot);
503 
504  /**
505  * Get the length of the privacy parameters field of the given
506  * privacy protocol.
507  */
508  int get_priv_params_len(const int priv_prot);
509 
510  /**
511  * Fill in the authentication field of an outgoing message
512  */
513  int auth_out_msg(const int auth_prot,
514  const unsigned char *key,
515  unsigned char *msg,
516  const int msg_len,
517  unsigned char *auth_par_ptr);
518 
519  /**
520  * Check the authentication field of an incoming message
521  */
522  int auth_inc_msg(const int auth_prot,
523  const unsigned char *key,
524  unsigned char *msg,
525  const int msg_len,
526  unsigned char *auth_par_ptr,
527  const int auth_par_len);
528 
529 private:
530 
531  AuthPtr *auth; ///< Array of pointers to Auth-objects
532  PrivPtr *priv; ///< Array of pointers to Priv-objects
533  int auth_size; ///< current size of the auth array
534  int priv_size; ///< current size of the priv array
535  pp_uint64 salt; ///< current salt value (64 bits)
536 };
537 
538 
539 /**
540  * Authentication module using SHA.
541  *
542  * @see Auth
543  */
544 class DLLOPT AuthSHA: public Auth
545 {
546 public:
547  int password_to_key(const unsigned char *password,
548  const unsigned int password_len,
549  const unsigned char *engine_id,
550  const unsigned int engine_id_len,
551  unsigned char *key,
552  unsigned int *key_len);
553 
554  int hash(const unsigned char *data,
555  const unsigned int data_len,
556  unsigned char *digest) const;
557 
558  int auth_out_msg(const unsigned char *key,
559  unsigned char *msg,
560  const int msg_len,
561  unsigned char *auth_par_ptr);
562 
563  int auth_inc_msg(const unsigned char *key,
564  unsigned char *msg,
565  const int msg_len,
566  unsigned char *auth_par_ptr,
567  const int auth_par_len);
568 
569  int get_id() const { return SNMP_AUTHPROTOCOL_HMACSHA; };
570 
571  const char *get_id_string() const { return "HMAC-SHA"; };
572 
573  int get_auth_params_len() const { return 12; };
574 
575  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_SHA;};
576 };
577 
578 /**
579  * Authentication module using MD5.
580  *
581  * @see Auth
582  */
583 class DLLOPT AuthMD5: public Auth
584 {
585 public:
586  int password_to_key(const unsigned char *password,
587  const unsigned int password_len,
588  const unsigned char *engine_id,
589  const unsigned int engine_id_len,
590  unsigned char *key,
591  unsigned int *key_len);
592 
593  int hash(const unsigned char *data,
594  const unsigned int data_len,
595  unsigned char *digest) const;
596 
597  int auth_out_msg(const unsigned char *key,
598  unsigned char *msg,
599  const int msg_len,
600  unsigned char *auth_par_ptr);
601 
602 
603  int auth_inc_msg(const unsigned char *key,
604  unsigned char *msg,
605  const int msg_len,
606  unsigned char *auth_par_ptr,
607  const int auth_par_len);
608 
609  int get_id() const { return SNMP_AUTHPROTOCOL_HMACMD5; };
610 
611  const char *get_id_string() const { return "HMAC-MD5"; };
612 
613  int get_auth_params_len() const { return 12; };
614 
615  int get_hash_len() const { return SNMPv3_AP_OUTPUT_LENGTH_MD5;};
616 };
617 
618 /**
619  * Encryption module using DES.
620  *
621  * @see Priv
622  */
623 class DLLOPT PrivDES: public Priv
624 {
625  public:
626 #if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
627  PrivDES();
628  private:
629  int cipher;
630  public:
631 #endif
632  int encrypt(const unsigned char *key,
633  const unsigned int key_len,
634  const unsigned char *buffer,
635  const unsigned int buffer_len,
636  unsigned char *out_buffer,
637  unsigned int *out_buffer_len,
638  unsigned char *privacy_params,
639  unsigned int *privacy_params_len,
640  const unsigned long engine_boots,
641  const unsigned long engine_time);
642 
643  int decrypt(const unsigned char *key,
644  const unsigned int key_len,
645  const unsigned char *buffer,
646  const unsigned int buffer_len,
647  unsigned char *out_buffer,
648  unsigned int *out_buffer_len,
649  const unsigned char *privacy_params,
650  const unsigned int privacy_params_len,
651  const unsigned long engine_boots,
652  const unsigned long engine_time);
653 
654  int extend_short_key(const unsigned char *password,
655  const unsigned int password_len,
656  const unsigned char *engine_id,
657  const unsigned int engine_id_len,
658  unsigned char *key,
659  unsigned int *key_len,
660  const unsigned int max_key_len,
661  Auth *auth)
662  {
663  (void)password;
664  (void)password_len;
665  (void)engine_id;
666  (void)engine_id_len;
667  (void)key;
668  (void)key_len;
669  (void)max_key_len;
670  (void)auth;
671  return SNMPv3_USM_ERROR; /* not needed for DES! */
672  }
673 
674  int get_id() const { return SNMP_PRIVPROTOCOL_DES; };
675  const char *get_id_string() const { return "DES"; };
676  int get_priv_params_len() const { return 8; };
677  int get_min_key_len() const { return 16; };
678  void fix_key_len(unsigned int &key_len) const
679  { key_len = (key_len >= 16 ? 16 : 0); };
680 };
681 
682 #ifdef _USE_IDEA
683 /**
684  * Encryption module using IDEA.
685  *
686  * @see Priv
687  */
688 class DLLOPT PrivIDEA: public Priv
689 {
690 public:
691 
692  int encrypt(const unsigned char *key,
693  const unsigned int key_len,
694  const unsigned char *buffer,
695  const unsigned int buffer_len,
696  unsigned char *out_buffer,
697  unsigned int *out_buffer_len,
698  unsigned char *privacy_params,
699  unsigned int *privacy_params_len,
700  const unsigned long engine_boots,
701  const unsigned long engine_time);
702 
703  int decrypt(const unsigned char *key,
704  const unsigned int key_len,
705  const unsigned char *buffer,
706  const unsigned int buffer_len,
707  unsigned char *out_buffer,
708  unsigned int *out_buffer_len,
709  const unsigned char *privacy_params,
710  const unsigned int privacy_params_len,
711  const unsigned long engine_boots,
712  const unsigned long engine_time);
713 
714  int extend_short_key(const unsigned char *password,
715  const unsigned int password_len,
716  const unsigned char *engine_id,
717  const unsigned int engine_id_len,
718  unsigned char *key,
719  unsigned int *key_len,
720  const unsigned int max_key_len,
721  Auth *auth)
722  { return SNMPv3_USM_ERROR; /* not needed for IDEA! */ };
723 
724  int get_id() const { return SNMP_PRIVPROTOCOL_IDEA; };
725  const char *get_id_string() const { return "IDEA"; };
726  int get_priv_params_len() const { return 8; };
727  int get_min_key_len() const { return 16; };
728  void fix_key_len(unsigned int &key_len) const
729  { key_len = (key_len >= 16 ? 16 : 0); };
730 };
731 
732 #endif
733 
734 
735 #if defined(_USE_LIBTOMCRYPT) || defined(_USE_OPENSSL)
736 
737 /**
738  * Encryption module using AES (only available with libtomcrypt).
739  *
740  * @see Priv
741  */
742 class DLLOPT PrivAES: public Priv
743 {
744 public:
745 
746  PrivAES(const int aes_type_);
747 
748  int encrypt(const unsigned char *key,
749  const unsigned int key_len,
750  const unsigned char *buffer,
751  const unsigned int buffer_len,
752  unsigned char *out_buffer,
753  unsigned int *out_buffer_len,
754  unsigned char *privacy_params,
755  unsigned int *privacy_params_len,
756  const unsigned long engine_boots,
757  const unsigned long engine_time);
758 
759  int decrypt(const unsigned char *key,
760  const unsigned int key_len,
761  const unsigned char *buffer,
762  const unsigned int buffer_len,
763  unsigned char *out_buffer,
764  unsigned int *out_buffer_len,
765  const unsigned char *privacy_params,
766  const unsigned int privacy_params_len,
767  const unsigned long engine_boots,
768  const unsigned long engine_time);
769 
770  int extend_short_key(const unsigned char *password,
771  const unsigned int password_len,
772  const unsigned char *engine_id,
773  const unsigned int engine_id_len,
774  unsigned char *key,
775  unsigned int *key_len,
776  const unsigned int max_key_len,
777  Auth *auth);
778 
779  int get_id() const { return aes_type; };
780  const char *get_id_string() const;
781  int get_priv_params_len() const { return 8; };
782  int get_min_key_len() const { return key_bytes; };
783  void fix_key_len(unsigned int &key_len) const
784  { key_len = (key_len >= (unsigned)key_bytes ? key_bytes : 0); };
785 
786  private:
787  int aes_type;
788  int key_bytes;
789  int rounds;
790 #if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
791  int cipher;
792 #endif
793  bool need_byteswap;
794 };
795 #endif // _USE_LIBTOMCRYPT or _USE_OPENSSL
796 
797 #ifdef _USE_3DES_EDE
798 /**
799  * Encryption module using TripleDES-EDE KEY
800  *
801  *
802  * @see Priv
803  */
804 #define TRIPLEDES_EDE_KEY_LEN 32
805 
806 
807 class DLLOPT Priv3DES_EDE: public Priv
808 {
809 public:
810 #if defined(_USE_LIBTOMCRYPT) && !defined(_USE_OPENSSL)
811  Priv3DES_EDE();
812  private:
813  int cipher;
814  public:
815 #endif
816 
817  int encrypt(const unsigned char *key,
818  const unsigned int key_len,
819  const unsigned char *buffer,
820  const unsigned int buffer_len,
821  unsigned char *out_buffer,
822  unsigned int *out_buffer_len,
823  unsigned char *privacy_params,
824  unsigned int *privacy_params_len,
825  const unsigned long engine_boots,
826  const unsigned long engine_time);
827 
828  int decrypt(const unsigned char *key,
829  const unsigned int key_len,
830  const unsigned char *buffer,
831  const unsigned int buffer_len,
832  unsigned char *out_buffer,
833  unsigned int *out_buffer_len,
834  const unsigned char *privacy_params,
835  const unsigned int privacy_params_len,
836  const unsigned long engine_boots,
837  const unsigned long engine_time);
838 
839  int extend_short_key(const unsigned char *password,
840  const unsigned int password_len,
841  const unsigned char *engine_id,
842  const unsigned int engine_id_len,
843  unsigned char *key,
844  unsigned int *key_len,
845  const unsigned int max_key_len,
846  Auth *auth);
847 
848  int get_id() const { return SNMP_PRIVPROTOCOL_3DESEDE; };
849  const char *get_id_string() const { return "3DESEDE"; };
850  int get_priv_params_len() const { return 8; };
851  int get_min_key_len() const { return TRIPLEDES_EDE_KEY_LEN; };
852  void fix_key_len(unsigned int &key_len) const
853  { key_len = (key_len >= TRIPLEDES_EDE_KEY_LEN
854  ? TRIPLEDES_EDE_KEY_LEN : 0); };
855 #ifdef _TEST
856  bool test();
857 #endif
858 };
859 
860 #endif // _USE_3DES_EDE
861 
862 #ifdef SNMP_PP_NAMESPACE
863 } // end of namespace Snmp_pp
864 #endif
865 
866 #endif // _SNMPv3
867 
868 #endif
AuthPriv
Class that holds all authentication and privacy protocols for a snmp entity.
Definition: auth_priv.h:336
AuthSHA
Authentication module using SHA.
Definition: auth_priv.h:544
AuthMD5::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:613
PrivDES::get_min_key_len
int get_min_key_len() const
Get the minimum key length needed for encryption and decryption.
Definition: auth_priv.h:677
SNMP_PRIVPROTOCOL_IDEA
#define SNMP_PRIVPROTOCOL_IDEA
IDEA (non standard)
Definition: usm_v3.h:94
PrivDES::get_priv_params_len
int get_priv_params_len() const
Get the maximum length that is needed for the msgPrivacyParameters field.
Definition: auth_priv.h:676
SNMPv3_AP_OUTPUT_LENGTH_MD5
#define SNMPv3_AP_OUTPUT_LENGTH_MD5
Definition: auth_priv.h:49
AuthSHA::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:575
SNMPv3_USM_ERROR
#define SNMPv3_USM_ERROR
Definition: usm_v3.h:107
AuthPriv::priv_size
int priv_size
current size of the priv array
Definition: auth_priv.h:534
AuthMD5::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:609
SNMP_AUTHPROTOCOL_HMACMD5
#define SNMP_AUTHPROTOCOL_HMACMD5
HMAC-MD5.
Definition: usm_v3.h:80
PrivDES::get_id
int get_id() const
Get the uniqhe id of the privacy protocol.
Definition: auth_priv.h:674
PrivDES::fix_key_len
void fix_key_len(unsigned int &key_len) const
Decrease a too long length to the right value.
Definition: auth_priv.h:678
Priv::salt
pp_uint64 * salt
Definition: auth_priv.h:324
PrivDES::extend_short_key
int extend_short_key(const unsigned char *password, const unsigned int password_len, const unsigned char *engine_id, const unsigned int engine_id_len, unsigned char *key, unsigned int *key_len, const unsigned int max_key_len, Auth *auth)
Extend a localized key that is too short.
Definition: auth_priv.h:654
DLLOPT
#define DLLOPT
Definition: config_snmp_pp.h:49
PrivDES::get_id_string
const char * get_id_string() const
Get the unique identifier string of the privacy protocol.
Definition: auth_priv.h:675
config_snmp_pp.h
AuthPriv::salt
pp_uint64 salt
current salt value (64 bits)
Definition: auth_priv.h:535
AuthPriv::auth
AuthPtr * auth
Array of pointers to Auth-objects.
Definition: auth_priv.h:531
AuthSHA::get_auth_params_len
int get_auth_params_len() const
Get the maximum length that is needed for the msgAuthenticationParameters field.
Definition: auth_priv.h:573
Auth::~Auth
virtual ~Auth()
Definition: auth_priv.h:65
AuthPriv::priv
PrivPtr * priv
Array of pointers to Priv-objects.
Definition: auth_priv.h:532
Priv::~Priv
virtual ~Priv()
Definition: auth_priv.h:194
OctetStr
Definition: octet.h:67
PrivPtr
Priv * PrivPtr
Definition: auth_priv.h:329
AuthPtr
Auth * AuthPtr
Definition: auth_priv.h:328
Priv
Abstract class for priv modules.
Definition: auth_priv.h:191
usm_v3.h
pp_uint64
unsigned long long pp_uint64
Definition: config_snmp_pp.h:209
Auth
Abstract class for auth modules.
Definition: auth_priv.h:61
AuthMD5::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:611
Auth::set_salt
virtual void set_salt(pp_uint64 *new_salt)
Set the pointer to the salt that should be used.
Definition: auth_priv.h:166
PrivDES
Encryption module using DES.
Definition: auth_priv.h:623
Priv::set_salt
virtual void set_salt(pp_uint64 *new_salt)
Set the pointer to the salt that should be used.
Definition: auth_priv.h:305
SNMP_PRIVPROTOCOL_3DESEDE
#define SNMP_PRIVPROTOCOL_3DESEDE
3DES (expired draft standard)
Definition: usm_v3.h:97
SNMP_AUTHPROTOCOL_HMACSHA
#define SNMP_AUTHPROTOCOL_HMACSHA
HMAC-SHA.
Definition: usm_v3.h:81
SNMPv3_AP_OUTPUT_LENGTH_SHA
#define SNMPv3_AP_OUTPUT_LENGTH_SHA
Definition: auth_priv.h:50
AuthMD5
Authentication module using MD5.
Definition: auth_priv.h:583
AuthSHA::get_id
int get_id() const
Get the unique id of the authentication protocol.
Definition: auth_priv.h:569
AuthPriv::auth_size
int auth_size
current size of the auth array
Definition: auth_priv.h:533
Auth::salt
pp_uint64 * salt
Definition: auth_priv.h:180
AuthMD5::get_hash_len
int get_hash_len() const
Get length of a hash output.
Definition: auth_priv.h:615
SNMP_PRIVPROTOCOL_DES
#define SNMP_PRIVPROTOCOL_DES
DES.
Definition: usm_v3.h:91
AuthSHA::get_id_string
const char * get_id_string() const
Get the unique identifier string of the authentication protocol.
Definition: auth_priv.h:571