void
debugmsg_hex(const char *token, u_char *thedata, size_t len) {
char buf[SPRINT_MAX_LEN];
sprint_hexstring(buf, thedata, len);
debugmsg(token, buf);
}
static void
sprint_octet_string(//buf, var, foo, quiet)
char *buf,
struct variable_list *var,
struct enum_list *foo,
int quiet)
{
int hex, x;
u_char *cp;
if (var->type != ASN_OCTET_STR){
sprintf(buf, WIDE("Wrong Type (should be OCTET STRING): "));
buf += strlen(buf);
sprint_by_type(buf, var, (struct enum_list *)NULL, quiet);
return;
}
hex = 0;
for(cp = var->val.string, x = 0; x < (var->val_len-1); x++, cp++) {
if (!(isprint(*cp) || isspace(*cp))) {
hex = 1;
break;
}
}
/* Now only check the last char if it's not a NULL.
* Some things include the trailing NULL in the supplied length,
* while others don't.
*/
/* If len>0 we have to check the last char */
if ((!hex) && (var->val_len) && (*cp != '\0') &&
(!(isprint(*cp) || isspace(*cp)))) {
hex = 1;
}
#if 0
if (var->val_len <= 4)
hex = 1; /* not likely to be ascii */
#endif
if (hex){
if (!quiet) {
sprintf(buf, WIDE("OCTET STRING- (hex):\t"));
buf += strlen(buf);
}
sprint_hexstring(buf, var->val.string, var->val_len);
} else {
if (!quiet) {
sprintf(buf, WIDE("OCTET STRING- (ascii):\t"));
buf += strlen(buf);
}
sprint_asciistring(buf, var->val.string, var->val_len);
}
}
void
debugmsg_hextli(const char *token, u_char *thedata, size_t len) {
char buf[SPRINT_MAX_LEN];
int incr;
/*XX tracing lines removed from this function DEBUGTRACE; */
DEBUGIF(token) {
for(incr = 16; len > 0; len -= incr, thedata += incr) {
if ((int)len < incr) incr = len;
/*XXnext two lines were DEBUGPRINTINDENT(token);*/
debugmsgtoken(token, "%s", debug_indent());
debugmsg(token, "%s", debug_indent());
sprint_hexstring(buf, thedata, incr);
debugmsg(token, buf);
}
}
}
static void
sprint_opaque(//buf, var, foo, quiet)
char *buf,
struct variable_list *var,
struct enum_list *foo,
int quiet)
{
if (var->type != SMI_OPAQUE){
sprintf(buf, WIDE("Wrong Type (should be Opaque): "));
buf += strlen(buf);
sprint_by_type(buf, var, (struct enum_list *)NULL, quiet);
return;
}
if (!quiet) {
sprintf(buf, WIDE("OPAQUE - (hex):\t"));
buf += strlen(buf);
}
sprint_hexstring(buf, var->val.string, var->val_len);
}
_SCAPI_NOT_CONFIGURED
#endif /* USE_INTERNAL_MD5 */
/*******************************************************************-o-******
* sc_encrypt
*
* Parameters:
* privtype Type of privacy cryptographic transform.
* *key Key bits for crypting.
* keylen Length of key (buffer) in bytes.
* *iv IV bits for crypting.
* ivlen Length of iv (buffer) in bytes.
* *plaintext Plaintext to crypt.
* ptlen Length of plaintext.
* *ciphertext Ciphertext to crypt.
* *ctlen Length of ciphertext.
*
* Returns:
* SNMPERR_SUCCESS Success.
* SNMPERR_SC_NOT_CONFIGURED Encryption is not supported.
* SNMPERR_SC_GENERAL_FAILURE Any other error
*
*
* Encrypt plaintext into ciphertext using key and iv.
*
* ctlen contains actual number of crypted bytes in ciphertext upon
* successful return.
*/
int
sc_encrypt( oid *privtype, size_t privtypelen,
u_char *key, u_int keylen,
u_char *iv, u_int ivlen,
u_char *plaintext, u_int ptlen,
u_char *ciphertext, size_t *ctlen)
#if defined(USE_OPENSSL)
{
int rval = SNMPERR_SUCCESS;
u_int transform,
properlength,
properlength_iv;
u_char pad_block[32]; /* bigger than anything I need */
u_char my_iv[32]; /* ditto */
int pad, plast, pad_size;
des_key_schedule key_sch;
des_cblock key_struct;
DEBUGTRACE;
/*
* Sanity check.
*/
#if !defined(SCAPI_AUTHPRIV)
return SNMPERR_SC_NOT_CONFIGURED;
#endif
if ( !privtype || !key || !iv || !plaintext || !ciphertext || !ctlen
|| (keylen<=0) || (ivlen<=0) || (ptlen<=0) || (*ctlen<=0)
|| (privtypelen != USM_LENGTH_OID_TRANSFORM) )
{
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
else if ( ptlen >= *ctlen) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
#ifdef SNMP_TESTING_CODE
{
char buf[SNMP_MAXBUF];
sprint_hexstring(buf, iv, ivlen);
DEBUGMSGTL(("scapi", "encrypt: IV: %s/ ", buf));
sprint_hexstring(buf, key, keylen);
DEBUGMSG(("scapi","%s\n", buf));
sprint_hexstring(buf, plaintext, 16);
DEBUGMSGTL(("scapi","encrypt: string: %s\n", buf));
}
#endif /* SNMP_TESTING_CODE */
/*
* Determine privacy transform.
*/
if ( ISTRANSFORM(privtype, DESPriv) ) {
properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES);
properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
pad_size = properlength;
} else {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
if ( (keylen<properlength) || (ivlen<properlength_iv) ) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
else if ( (keylen<properlength) || (ivlen<properlength_iv) ) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
}
/* now calculate the padding needed */
pad = pad_size - (ptlen % pad_size);
if (ptlen + pad > *ctlen) {
QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); /* not enough space */
}
memset(pad_block, 0, sizeof(pad_block));
plast = (int) ptlen - (pad_size - pad);
if (pad > 0) /* copy data into pad block if needed */
memcpy( pad_block, plaintext + plast, pad_size - pad);
memset(&pad_block[pad_size-pad], pad, pad); /* filling in padblock */
memset(my_iv, 0, sizeof(my_iv));
if ( ISTRANSFORM(privtype, DESPriv) ) {
memcpy(key_struct, key, sizeof(key_struct));
(void) des_key_sched(&key_struct, key_sch);
memcpy(my_iv, iv, ivlen);
/* encrypt the data */
des_ncbc_encrypt(plaintext, ciphertext, plast, key_sch,
(des_cblock *) &my_iv, DES_ENCRYPT);
/* then encrypt the pad block */
des_ncbc_encrypt(pad_block, ciphertext+plast, pad_size,
key_sch, (des_cblock *)&my_iv, DES_ENCRYPT);
*ctlen = plast + pad_size;
}
sc_encrypt_quit:
/* clear memory just in case */
memset(my_iv, 0, sizeof(my_iv));
memset(pad_block, 0, sizeof(pad_block));
memset(key_struct, 0, sizeof(key_struct));
memset(key_sch, 0, sizeof(key_sch));
return rval;
} /* end sc_encrypt() */
