void debugmsg_hex (const char *token, const u_char * thedata, size_t len)
{
u_char *buf = NULL;
size_t buf_len = 0, out_len = 0;
if (sprint_realloc_hexstring (&buf, &buf_len, &out_len, 1, thedata, len))
{
if (buf != NULL)
{
debugmsg (token, "%s", buf);
}
}
else
{
if (buf != NULL)
{
debugmsg (token, "%s [TRUNCATED]", buf);
}
}
if (buf != NULL)
{
free (buf);
}
}
void debugmsg_hextli (const char *token, const u_char * thedata, size_t len)
{
char buf[SPRINT_MAX_LEN], token2[SPRINT_MAX_LEN];
u_char *b3 = NULL;
size_t b3_len = 0, o3_len = 0;
int incr;
sprintf (token2, "dumpx_%s", token);
/*
* XX tracing lines removed from this function DEBUGTRACE;
*/
DEBUGIF (token2)
{
for (incr = 16; len > 0; len -= incr, thedata += incr)
{
if ((int) len < incr)
{
incr = len;
}
/*
* XXnext two lines were DEBUGPRINTINDENT(token);
*/
sprintf (buf, "dumpx%s", token);
debugmsg (buf, "%s: %*s", token2, debug_indent_get (), "");
if (sprint_realloc_hexstring (&b3, &b3_len, &o3_len, 1, thedata, incr))
{
if (b3 != NULL)
{
debugmsg (token2, "%s", b3);
}
}
else
{
if (b3 != NULL)
{
debugmsg (token2, "%s [TRUNCATED]", b3);
}
}
o3_len = 0;
}
}
if (b3 != NULL)
{
free (b3);
}
}
/** * Get snmp value to the structure my_poid_result-> * Author : lining 15810423651 [email protected] * @param netsnmp_variable_list *vars : the return pdu variable value. * @param my_oid_result : the structure my_poid_result-> * @return void. */ void get_oid_value(netsnmp_variable_list *vars, my_oid_result **oid_result) { unsigned int count = 0; (*oid_result)->oid_name_length = vars->name_length; for(count=0; count < vars->name_length; count++) { (*oid_result)->oid_name[count] = *(vars->name+count); } (*oid_result)->val_len = vars->val_len; (*oid_result)->type = vars->type; if(vars->type == SNMP_NOSUCHOBJECT) { return; } if(vars->type == SNMP_NOSUCHINSTANCE) { return; } if(vars->type == SNMP_ENDOFMIBVIEW) { return; } if (vars->type == ASN_OCTET_STR) { int hex = 0; int x; u_char * cp; int allow_realloc = 1; u_char *buf = NULL; size_t buf_len = 256, out_len = 0; for (cp = vars->val.string, x = 0; x < (int)vars->val_len; x++, cp++) { if (!isprint(*cp) && !isspace(*cp)) { hex = 1; } } if(!hex) { for(count=0; count < vars->val_len; count++) { (*oid_result)->val.string[count] = vars->val.string[count]; } return; } else { buf = (u_char *) calloc(buf_len, 1); sprint_realloc_hexstring(&buf, &buf_len, &out_len, allow_realloc, vars->val.string, vars->val_len); for(count=0; count < strlen(buf); count++) { (*oid_result)->val.string[count] = buf[count]; } (*oid_result)->val.string[strlen(buf)] = 0; free(buf); return; } } if (vars->type == ASN_BIT_STR) { sprintf((*oid_result)->val.bitstring, "%s" ,vars->val.bitstring); return; } if (vars->type == ASN_OPAQUE) { return; } if (vars->type == ASN_INTEGER) { (*oid_result)->val.integer = *vars->val.integer; (*oid_result)->val.integer = (*oid_result)->val.integer & 0x00000000ffffffff; return; } if (vars->type == ASN_UINTEGER) { (*oid_result)->val.integer = *vars->val.integer; (*oid_result)->val.integer = (*oid_result)->val.integer & 0x00000000ffffffff; return; } if (vars->type == ASN_OBJECT_ID) { (*oid_result)->objid_length = vars->val_len/sizeof(oid); for(count=0; count < (*oid_result)->objid_length; count++) { (*oid_result)->val.objid[count] = vars->val.objid[count]; } return; } if (vars->type == ASN_TIMETICKS) { (*oid_result)->val.integer = *(u_long *)vars->val.integer; return; } if (vars->type == ASN_IPADDRESS) { (*oid_result)->val.string[0] = vars->val.string[0]; (*oid_result)->val.string[1] = vars->val.string[1]; (*oid_result)->val.string[2] = vars->val.string[2]; (*oid_result)->val.string[3] = vars->val.string[3]; return; } if (vars->type == ASN_OPAQUE_I64) { printI64((*oid_result)->val.string, vars->val.counter64); return; } if (vars->type == ASN_OPAQUE_COUNTER64 || vars->type == ASN_OPAQUE_U64 || vars->type == ASN_COUNTER64) { printU64((*oid_result)->val.string, vars->val.counter64); return; } if (vars->type == ASN_COUNTER) { (*oid_result)->val.integer = *vars->val.integer; return; } if (vars->type == ASN_GAUGE) { (*oid_result)->val.integer = *vars->val.integer; return; } if (vars->type == ASN_OPAQUE_FLOAT) { (*oid_result)->val.floatVal = *vars->val.floatVal; return; } if (vars->type == ASN_OPAQUE_DOUBLE) { (*oid_result)->val.doubleVal = *vars->val.doubleVal; return; } if (vars->type == ASN_NULL) { return; } return; }
_SCAPI_NOT_CONFIGURED
#endif /* NETSNMP_USE_INTERNAL_MD5 */
/*******************************************************************-o-******
* sc_encrypt
*
* Parameters:
* privtype Type of privacy cryptographic transform.
* *key Key bits for crypting.
* keylen Length of key (buffer) in bytes.
* *iv IV bits for crypting.
* ivlen Length of iv (buffer) in bytes.
* *plaintext Plaintext to crypt.
* ptlen Length of plaintext.
* *ciphertext Ciphertext to crypt.
* *ctlen Length of ciphertext.
*
* Returns:
* SNMPERR_SUCCESS Success.
* SNMPERR_SC_NOT_CONFIGURED Encryption is not supported.
* SNMPERR_SC_GENERAL_FAILURE Any other error
*
*
* Encrypt plaintext into ciphertext using key and iv.
*
* ctlen contains actual number of crypted bytes in ciphertext upon
* successful return.
*/
int
sc_encrypt(const oid * privtype, size_t privtypelen,
u_char * key, u_int keylen,
u_char * iv, u_int ivlen,
u_char * plaintext, u_int ptlen,
u_char * ciphertext, size_t * ctlen)
#if defined(NETSNMP_USE_OPENSSL)
{
int rval = SNMPERR_SUCCESS;
u_int properlength = 0, properlength_iv = 0;
u_char pad_block[128]; /* bigger than anything I need */
u_char my_iv[128]; /* ditto */
int pad, plast, pad_size = 0;
int have_trans;
#ifndef NETSNMP_DISABLE_DES
#ifdef OLD_DES
DES_key_schedule key_sch;
#else
DES_key_schedule key_sched_store;
DES_key_schedule *key_sch = &key_sched_store;
#endif
DES_cblock key_struct;
#endif
#ifdef HAVE_AES
AES_KEY aes_key;
int new_ivlen = 0;
#endif
DEBUGTRACE;
/*
* Sanity check.
*/
#if !defined(NETSNMP_ENABLE_SCAPI_AUTHPRIV)
snmp_log(LOG_ERR, "Encryption support not enabled.\n");
return SNMPERR_SC_NOT_CONFIGURED;
#endif
if (!privtype || !key || !iv || !plaintext || !ciphertext || !ctlen
|| (keylen <= 0) || (ivlen <= 0) || (ptlen <= 0) || (*ctlen <= 0)
|| (privtypelen != USM_LENGTH_OID_TRANSFORM)) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
} else if (ptlen > *ctlen) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
{
size_t buf_len = 128, out_len = 0;
u_char *buf = (u_char *) malloc(buf_len);
if (buf != NULL) {
if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
iv, ivlen)) {
DEBUGMSGTL(("scapi", "encrypt: IV: %s/", buf));
} else {
DEBUGMSGTL(("scapi", "encrypt: IV: %s [TRUNCATED]/", buf));
}
out_len = 0;
if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
key, keylen)) {
DEBUGMSG(("scapi", "%s\n", buf));
} else {
DEBUGMSG(("scapi", "%s [TRUNCATED]\n", buf));
}
out_len = 0;
if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
plaintext, 16)) {
DEBUGMSGTL(("scapi", "encrypt: string: %s\n", buf));
} else {
DEBUGMSGTL(("scapi", "encrypt: string: %s [TRUNCATED]\n",
buf));
}
free(buf);
} else {
DEBUGMSGTL(("scapi",
"encrypt: malloc fail for debug output\n"));
}
}
#endif /* NETSNMP_ENABLE_TESTING_CODE */
/*
* Determine privacy transform.
*/
have_trans = 0;
#ifndef NETSNMP_DISABLE_DES
if (ISTRANSFORM(privtype, DESPriv)) {
properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES);
properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
pad_size = properlength;
have_trans = 1;
}
#endif
#ifdef HAVE_AES
if (ISTRANSFORM(privtype, AESPriv)) {
properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES);
properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES_IV);
have_trans = 1;
}
#endif
if (!have_trans) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
if ((keylen < properlength) || (ivlen < properlength_iv)) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
memset(my_iv, 0, sizeof(my_iv));
#ifndef NETSNMP_DISABLE_DES
if (ISTRANSFORM(privtype, DESPriv)) {
/*
* now calculate the padding needed
*/
pad = pad_size - (ptlen % pad_size);
plast = (int) ptlen - (pad_size - pad);
if (pad == pad_size)
pad = 0;
if (ptlen + pad > *ctlen) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); /* not enough space */
}
if (pad > 0) { /* copy data into pad block if needed */
memcpy(pad_block, plaintext + plast, pad_size - pad);
memset(&pad_block[pad_size - pad], pad, pad); /* filling in padblock */
}
memcpy(key_struct, key, sizeof(key_struct));
(void) DES_key_sched(&key_struct, key_sch);
memcpy(my_iv, iv, ivlen);
/*
* encrypt the data
*/
DES_ncbc_encrypt(plaintext, ciphertext, plast, key_sch,
(DES_cblock *) my_iv, DES_ENCRYPT);
if (pad > 0) {
/*
* then encrypt the pad block
*/
DES_ncbc_encrypt(pad_block, ciphertext + plast, pad_size,
key_sch, (DES_cblock *) my_iv, DES_ENCRYPT);
*ctlen = plast + pad_size;
} else {
*ctlen = plast;
}
}
#endif
#ifdef HAVE_AES
if (ISTRANSFORM(privtype, AESPriv)) {
(void) AES_set_encrypt_key(key, properlength*8, &aes_key);
memcpy(my_iv, iv, ivlen);
/*
* encrypt the data
*/
AES_cfb128_encrypt(plaintext, ciphertext, ptlen,
&aes_key, my_iv, &new_ivlen, AES_ENCRYPT);
*ctlen = ptlen;
}
#endif
sc_encrypt_quit:
/*
* clear memory just in case
*/
memset(my_iv, 0, sizeof(my_iv));
memset(pad_block, 0, sizeof(pad_block));
#ifndef NETSNMP_DISABLE_DES
memset(key_struct, 0, sizeof(key_struct));
#ifdef OLD_DES
memset(&key_sch, 0, sizeof(key_sch));
#else
memset(&key_sched_store, 0, sizeof(key_sched_store));
#endif
#endif
#ifdef HAVE_AES
memset(&aes_key,0,sizeof(aes_key));
#endif
return rval;
} /* end sc_encrypt() */
