/**************************************************************************** Function: uint8_t SNMPv3AESDecryptRxedScopedPdu(void) Summary: Incoming SNMPv3 scoped PDU decryption using AES decryption protocol. Description: This routine decrypts SNMPV3 incoming PDU using AES protocol , but before this encrypted data length is verified.If the length of the encrypted OCTECT-STRING is not multiple of 8, then dryption will be halted. RFC - 3414. ( section 8) Precondition: SNMPv3Init() and ProcessVariabels() are called. Parameters: None Return Values: SNMPV3_MSG_PRIV_FAIL - Failure SNMPV3_MSG_PRIV_PASS - Success Remarks: None ***************************************************************************/ uint8_t SNMPv3AESDecryptRxedScopedPdu(/*uint8_t userDBIndex*/) { uint8_t* cryptoKey; uint8_t* initVector; uint8_t* snmpv3_cipher_text; uint16_t cipherTextLen; uint8_t* decrypted_text; uint16_t temp; uint8_t extraMemReqd; AES_ROUND_KEYS_128_BIT round_keys; AES_CFB_STATE_DATA current_stream; SNMPV3_PROCESSING_MEM_INFO_PTRS snmpv3PktProcessingMemPntr; SNMPV3_STACK_DCPT_STUB * snmpv3EngnDcptMemoryStubPtr=0; SNMPv3GetPktProcessingDynMemStubPtrs(&snmpv3PktProcessingMemPntr); snmpv3EngnDcptMemoryStubPtr=snmpv3PktProcessingMemPntr.snmpv3StkProcessingDynMemStubPtr; cryptoKey=snmpv3EngnDcptMemoryStubPtr->UserInfoDataBase[snmpv3EngnDcptMemoryStubPtr->UserInfoDataBaseIndx].userPrivPswdLoclizdKey; initVector=snmpV3AesDecryptInitVector; temp=snmpv3EngnDcptMemoryStubPtr->InPduWholeMsgBuf.scopedPduOffset; snmpv3_cipher_text=(snmpv3EngnDcptMemoryStubPtr->InPduWholeMsgBuf.snmpMsgHead+temp); cipherTextLen= snmpv3EngnDcptMemoryStubPtr->InPduWholeMsgBuf.scopedPduStructLen; extraMemReqd=(16-(cipherTextLen%16)); //AES Blocks are in multiples of 16 Bytes decrypted_text=(uint8_t*)(TCPIP_HEAP_Calloc(snmpv3PktProcessingMemPntr.snmpHeapMemHandler,1,(size_t)cipherTextLen+extraMemReqd)); if(decrypted_text != NULL) { AESCreateRoundKeys (&round_keys,cryptoKey,AES_KEY_SIZE_128_BIT); memcpy(current_stream.initial_vector,initVector,16); AESCFBDecrypt(decrypted_text,snmpv3_cipher_text, cipherTextLen, &round_keys, ¤t_stream, AES_STREAM_START | AES_USE_CFB128); } else return SNMPV3_MSG_PRIV_FAIL; //Copy decrypted text to already allocated WholeMsg dynamic memory Buffer. memcpy(snmpv3_cipher_text,decrypted_text,cipherTextLen); //free this temp buffer used for decryption purpose. TCPIP_HEAP_Free(snmpv3PktProcessingMemPntr.snmpHeapMemHandler, decrypted_text); return SNMPV3_MSG_PRIV_PASS; }
BYTE Snmpv3AESDecryptRxedScopedPdu(void) { UINT8* cryptoKey; UINT8* initVector; UINT8* cipher_text; WORD cipherTextLen; UINT8* decrypted_text; WORD temp; BYTE extraMemReqd; AES_ROUND_KEYS_128_BIT round_keys; AES_CFB_STATE_DATA current_stream; cryptoKey=snmpV3UserDataBase[gSnmpv3UserDBIndex].userPrivPswdLoclizdKey; initVector=snmpV3AesDecryptInitVector; temp=gSnmpV3InPduWholeMsgBuf.scopedPduOffset; cipher_text=(gSnmpV3InPduWholeMsgBuf.snmpMsgHead+temp); cipherTextLen= gSnmpV3InPduWholeMsgBuf.scopedPduStructLen; extraMemReqd=(16-(cipherTextLen%16)); //AES Blocks are in multiples of 16 Bytes decrypted_text=(BYTE*)(malloc((size_t)cipherTextLen+extraMemReqd)); if(decrypted_text != NULL) { AESCreateRoundKeys (&round_keys,cryptoKey,AES_KEY_SIZE_128_BIT); memcpy(current_stream.initial_vector,initVector,16); AESCFBDecrypt(decrypted_text,cipher_text, cipherTextLen, &round_keys, ¤t_stream, AES_STREAM_START | AES_USE_CFB128); } else return SNMPV3_MSG_PRIV_FAIL; //Copy decrypted text to already allocated WholeMsg dynamic memory Buffer. memcpy(cipher_text,decrypted_text,cipherTextLen); //free this temp buffer used for decryption purpose. free(decrypted_text); return SNMPV3_MSG_PRIV_PASS; }