/*******************************************************************-o-******
* test_dumpseid
*
* Returns:
* Number of failures.
*
* Test dump_snmpEngineID().
*/
int
test_dumpseid(void)
{
int /* rval = SNMPERR_SUCCESS, */
failcount = 0,
tlen,
count = 0;
char buf[SNMP_MAXBUF],
*s, *t,
*ris,
*rawid_set[ID_NUMSTRINGS+1] = {
IDBLAT_4,
IDVIOLATE1,
IDIPv4,
IDIPv6,
IDMAC,
IDTEXT,
IDOCTETS_7,
IDLOCAL_11,
IDIPv4_EXTRA3,
NULL
};
OUTPUT( "Test of dump_snmpEngineID. "
"(Does not report failure or success.)");
while ( (ris = rawid_set[count++]) ) {
tlen = hex_to_binary2(ris, strlen(ris), &t);
if (ris == IDTEXT) {
memset(buf, 0, SNMP_MAXBUF);
memcpy(buf, t, tlen);
tlen += sprintf(buf+tlen, "%s", PRINTABLE);
SNMP_FREE(t);
t = buf;
}
#ifdef SNMP_TESTING_CODE
s = dump_snmpEngineID(t, &tlen);
printf("%s (len=%d)\n", s, tlen);
#endif
SNMP_FREE(s);
if (t != buf) {
SNMP_FREE(t);
}
}
return failcount;
} /* end test_dumpseid() */
/*******************************************************************-o-******
*/
int
main(int argc, char **argv)
{
int rval = SNMPERR_SUCCESS;
size_t oldKu_len = SNMP_MAXBUF_SMALL,
newKu_len = SNMP_MAXBUF_SMALL,
oldkul_len = SNMP_MAXBUF_SMALL,
newkul_len = SNMP_MAXBUF_SMALL,
keychange_len = SNMP_MAXBUF_SMALL;
char *s = NULL;
u_char oldKu[SNMP_MAXBUF_SMALL],
newKu[SNMP_MAXBUF_SMALL],
oldkul[SNMP_MAXBUF_SMALL],
newkul[SNMP_MAXBUF_SMALL],
keychange[SNMP_MAXBUF_SMALL];
int i;
int arg = 1;
local_progname = argv[0];
/*
* Parse.
*/
for(; (arg < argc) && (argv[arg][0] == '-') ; arg++){
switch(argv[arg][1]){
case 'D': snmp_set_do_debugging(1); break;
case 'E': engineid = (u_char *)argv[++arg]; break;
case 'f': forcepassphrase = 1; break;
case 'N': newpass = argv[++arg]; break;
case 'O': oldpass = argv[++arg]; break;
case 'P': promptindicator = 0; break;
case 't': transform_type_input = argv[++arg]; break;
case 'v': verbose = 1; break;
case 'V': visible = 1; break;
case 'h':
rval = 0;
default:
usage_to_file(stdout);
exit(rval);
}
}
if ( !transform_type_input ) {
fprintf(stderr, "The -t option is mandatory.\n");
usage_synopsis(stdout);
exit(1000);
}
/*
* Convert and error check transform_type.
*/
if ( !strcmp(transform_type_input, "md5") ) {
transform_type = usmHMACMD5AuthProtocol;
} else if ( !strcmp(transform_type_input, "sha1") ) {
transform_type = usmHMACSHA1AuthProtocol;
} else {
fprintf(stderr,
"Unrecognized hash transform: \"%s\".\n",
transform_type_input);
usage_synopsis(stderr);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
}
if (verbose) {
fprintf(stderr, "Hash:\t\t%s\n",
(transform_type == usmHMACMD5AuthProtocol)
? "usmHMACMD5AuthProtocol"
: "usmHMACSHA1AuthProtocol"
);
}
/*
* Build engineID. Accept hex engineID as the bits
* "in-and-of-themselves", otherwise create an engineID with the
* given string as text.
*
* If no engineID is given, lookup the first IP address for the
* localhost and use that (see setup_engineID()).
*/
if ( engineid && (tolower(*(engineid+1)) == 'x') ) {
engineid_len = hex_to_binary2( engineid+2,
strlen((char *)engineid)-2,
(char **) &engineid);
DEBUGMSGTL(("encode_keychange","engineIDLen: %d\n", engineid_len));
} else {
engineid_len = setup_engineID(&engineid, (char *)engineid);
}
#ifdef SNMP_TESTING_CODE
if (verbose) {
fprintf(stderr, "EngineID:\t%s\n",
/* XXX = */ dump_snmpEngineID(engineid, &engineid_len));
}
#endif
/*
* Get passphrases from user.
*/
rval = get_user_passphrases();
QUITFUN(rval, main_quit);
if ( strlen(oldpass) < USM_LENGTH_P_MIN ) {
fprintf(stderr, "Old passphrase must be greater than %d "
"characters in length.\n",
USM_LENGTH_P_MIN);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
} else if ( strlen(newpass) < USM_LENGTH_P_MIN ) {
fprintf(stderr, "New passphrase must be greater than %d "
"characters in length.\n",
USM_LENGTH_P_MIN);
QUITFUN(rval = SNMPERR_GENERR, main_quit);
}
if (verbose) {
fprintf(stderr,
"Old passphrase:\t%s\nNew passphrase:\t%s\n",
oldpass, newpass);
}
/*
* Compute Ku and Kul's from old and new passphrases, then
* compute the keychange string & print it out.
*/
rval = sc_init();
QUITFUN(rval, main_quit);
rval = generate_Ku( transform_type, USM_LENGTH_OID_TRANSFORM,
(u_char *)oldpass, strlen(oldpass),
oldKu, &oldKu_len);
QUITFUN(rval, main_quit);
rval = generate_Ku( transform_type, USM_LENGTH_OID_TRANSFORM,
(u_char *)newpass, strlen(newpass),
newKu, &newKu_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "EID (%d): ", engineid_len));
for(i=0; i < (int)engineid_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (engineid[i])));
DEBUGMSGTL(("encode_keychange","\n"));
DEBUGMSGTL(("encode_keychange", "old Ku (%d) (from %s): ", oldKu_len, oldpass));
for(i=0; i < (int)oldKu_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (oldKu[i])));
DEBUGMSGTL(("encode_keychange","\n"));
rval = generate_kul( transform_type, USM_LENGTH_OID_TRANSFORM,
engineid, engineid_len,
oldKu, oldKu_len,
oldkul, &oldkul_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "generating old Kul (%d) (from Ku): ", oldkul_len));
for(i=0; i < (int)oldkul_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",(int) (oldkul[i])));
DEBUGMSGTL(("encode_keychange","\n"));
rval = generate_kul( transform_type, USM_LENGTH_OID_TRANSFORM,
engineid, engineid_len,
newKu, newKu_len,
newkul, &newkul_len);
QUITFUN(rval, main_quit);
DEBUGMSGTL(("encode_keychange", "generating new Kul (%d) (from Ku): ", oldkul_len));
for(i=0; i < (int)newkul_len; i++)
DEBUGMSGTL(("encode_keychange", "%02x",newkul[i]));
DEBUGMSGTL(("encode_keychange","\n"));
rval = encode_keychange(transform_type, USM_LENGTH_OID_TRANSFORM,
oldkul, oldkul_len,
newkul, newkul_len,
keychange, &keychange_len);
QUITFUN(rval, main_quit);
binary_to_hex(keychange, keychange_len, &s);
printf("%s%s\n",
(verbose) ? "KeyChange string:\t" : "", /* XXX stdout */
s);
/*
* Cleanup.
*/
main_quit:
snmp_call_callbacks(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SHUTDOWN,
NULL);
SNMP_ZERO(oldpass, strlen(oldpass));
SNMP_ZERO(newpass, strlen(newpass));
SNMP_ZERO(oldKu, oldKu_len);
SNMP_ZERO(newKu, newKu_len);
SNMP_ZERO(oldkul, oldkul_len);
SNMP_ZERO(newkul, newkul_len);
SNMP_ZERO(s, strlen(s));
return rval;
} /* end main() */
/*******************************************************************-o-******
* test_keychange
*
* Returns:
* Number of failures.
*
*
* Test of KeyChange TC implementation.
*
* ASSUME newkey and oldkey begin as NULL terminated strings.
*/
int
test_keychange(void)
{
int rval = SNMPERR_SUCCESS,
failcount = 0,
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5),
oldkey_len,
newkey_len,
keychange_len,
temp_len, isdefault_new = FALSE, isdefault_old = FALSE;
char *hashname = "usmHMACMD5AuthProtocol.", *s;
u_char oldkey_buf[LOCAL_MAXBUF],
newkey_buf[LOCAL_MAXBUF],
temp_buf[LOCAL_MAXBUF], keychange_buf[LOCAL_MAXBUF];
oid *hashtype = usmHMACMD5AuthProtocol;
OUTPUT("Test of KeyChange TC --");
/*
* Set newkey and oldkey.
*/
if (!newkey) { /* newkey */
newkey = NEWKEY_DEFAULT;
isdefault_new = TRUE;
}
newkey_len = strlen(newkey);
if (tolower(*(newkey + 1)) == 'x') {
newkey_len = hex_to_binary2(newkey + 2, newkey_len - 2, &s);
if (newkey_len < 0) {
FAILED((rval = SNMPERR_GENERR),
"Could not resolve hex newkey.");
}
newkey = s;
binary_to_hex(newkey, newkey_len, &s);
}
if (!oldkey) { /* oldkey */
oldkey = OLDKEY_DEFAULT;
isdefault_old = TRUE;
}
oldkey_len = strlen(oldkey);
if (tolower(*(oldkey + 1)) == 'x') {
oldkey_len = hex_to_binary2(oldkey + 2, oldkey_len - 2, &s);
if (oldkey_len < 0) {
FAILED((rval = SNMPERR_GENERR),
"Could not resolve hex oldkey.");
}
oldkey = s;
binary_to_hex(oldkey, oldkey_len, &s);
}
test_keychange_again:
memset(oldkey_buf, 0, LOCAL_MAXBUF);
memset(newkey_buf, 0, LOCAL_MAXBUF);
memset(keychange_buf, 0, LOCAL_MAXBUF);
memset(temp_buf, 0, LOCAL_MAXBUF);
memcpy(oldkey_buf, oldkey, SNMP_MIN(oldkey_len, properlength));
memcpy(newkey_buf, newkey, SNMP_MIN(newkey_len, properlength));
keychange_len = LOCAL_MAXBUF;
binary_to_hex(oldkey_buf, properlength, &s);
fprintf(stdout, "\noldkey%s (len=%d): %s\n",
(isdefault_old) ? " (default)" : "", properlength, s);
SNMP_FREE(s);
binary_to_hex(newkey_buf, properlength, &s);
fprintf(stdout, "newkey%s (len=%d): %s\n\n",
(isdefault_new) ? " (default)" : "", properlength, s);
SNMP_FREE(s);
rval = encode_keychange(hashtype, USM_LENGTH_OID_TRANSFORM,
oldkey_buf, properlength,
newkey_buf, properlength,
keychange_buf, &keychange_len);
FAILED(rval, "encode_keychange().");
if (keychange_len != (properlength * 2)) {
FAILED(SNMPERR_GENERR,
"KeyChange string (encoded) is not proper length "
"for this hash transform.");
}
binary_to_hex(keychange_buf, keychange_len, &s);
fprintf(stdout, "(%s) KeyChange string: %s\n\n",
((hashtype == usmHMACMD5AuthProtocol) ? "MD5" : "SHA"), s);
SNMP_FREE(s);
temp_len = properlength;
rval = decode_keychange(hashtype, USM_LENGTH_OID_TRANSFORM,
oldkey_buf, properlength,
keychange_buf, properlength * 2,
temp_buf, &temp_len);
FAILED(rval, "decode_keychange().");
if (temp_len != properlength) {
FAILED(SNMPERR_GENERR,
"decoded newkey is not proper length for "
"this hash transform.");
}
binary_to_hex(temp_buf, temp_len, &s);
fprintf(stdout, "decoded newkey: %s\n\n", s);
SNMP_FREE(s);
if (memcmp(newkey_buf, temp_buf, temp_len)) {
FAILED(SNMPERR_GENERR, "newkey did not decode properly.");
}
SUCCESS(hashname);
fprintf(stdout, "\n");
/*
* Multiplex different test combinations.
*
* First clause is for Test #2, second clause is for (last) Test #3.
*/
if (hashtype == usmHMACMD5AuthProtocol) {
hashtype = usmHMACSHA1AuthProtocol;
hashname = "usmHMACSHA1AuthProtocol (w/DES length kul's).";
properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES)
+ BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
goto test_keychange_again;
} else if (properlength < BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1)) {
hashtype = usmHMACSHA1AuthProtocol;
hashname = "usmHMACSHA1AuthProtocol.";
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
goto test_keychange_again;
}
return failcount;
} /* end test_keychange() */
void
netsnmp_parse_override(const char *token, char *line)
{
char *cp;
char buf[SNMP_MAXBUF], namebuf[SNMP_MAXBUF];
int readwrite = 0;
oid oidbuf[MAX_OID_LEN];
size_t oidbuf_len = MAX_OID_LEN;
int type;
override_data *thedata;
netsnmp_handler_registration *the_reg;
cp = copy_nword(line, namebuf, sizeof(namebuf) - 1);
if (strcmp(namebuf, "-rw") == 0) {
readwrite = 1;
cp = copy_nword(cp, namebuf, sizeof(namebuf) - 1);
}
if (!cp) {
config_perror("no oid specified");
return;
}
if (!snmp_parse_oid(namebuf, oidbuf, &oidbuf_len)) {
config_perror("illegal oid");
return;
}
cp = copy_nword(cp, buf, sizeof(buf) - 1);
if (!cp && strcmp(buf, "null") != 0) {
config_perror("no variable value specified");
return;
}
{
struct { const char* key; int value; } const strings[] = {
{ "counter", ASN_COUNTER },
{ "counter64", ASN_COUNTER64 },
{ "integer", ASN_INTEGER },
{ "ipaddress", ASN_IPADDRESS },
{ "nsap", ASN_NSAP },
{ "null", ASN_NULL },
{ "object_id", ASN_OBJECT_ID },
{ "octet_str", ASN_OCTET_STR },
{ "opaque", ASN_OPAQUE },
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
{ "opaque_counter64", ASN_OPAQUE_COUNTER64 },
{ "opaque_double", ASN_OPAQUE_DOUBLE },
{ "opaque_float", ASN_OPAQUE_FLOAT },
{ "opaque_i64", ASN_OPAQUE_I64 },
{ "opaque_u64", ASN_OPAQUE_U64 },
#endif
{ "timeticks", ASN_TIMETICKS },
{ "uinteger", ASN_GAUGE },
{ "unsigned", ASN_UNSIGNED },
{ NULL, 0 }
}, * run;
for(run = strings; run->key && strcasecmp(run->key, buf) < 0; ++run);
if(run->key && strcasecmp(run->key, buf) == 0)
type = run->value;
else {
config_perror("unknown type specified");
return;
}
}
if (cp)
copy_nword(cp, buf, sizeof(buf) - 1);
else
buf[0] = 0;
thedata = SNMP_MALLOC_TYPEDEF(override_data);
if (!thedata) {
config_perror("memory allocation failure");
return;
}
thedata->type = type;
switch (type) {
case ASN_INTEGER:
MALLOC_OR_DIE(sizeof(long));
*((long *) thedata->value) = strtol(buf, NULL, 0);
break;
case ASN_COUNTER:
case ASN_TIMETICKS:
case ASN_UNSIGNED:
MALLOC_OR_DIE(sizeof(u_long));
*((u_long *) thedata->value) = strtoul(buf, NULL, 0);
break;
case ASN_OCTET_STR:
case ASN_BIT_STR:
if (buf[0] == '0' && buf[1] == 'x') {
/*
* hex
*/
thedata->value_len =
hex_to_binary2((u_char *)(buf + 2), strlen(buf) - 2,
(char **) &thedata->value);
} else {
thedata->value = strdup(buf);
thedata->value_len = strlen(buf);
}
break;
case ASN_OBJECT_ID:
read_config_read_objid(buf, (oid **) & thedata->value,
&thedata->value_len);
break;
case ASN_NULL:
thedata->value_len = 0;
break;
default:
SNMP_FREE(thedata);
config_perror("illegal/unsupported type specified");
return;
}
if (!thedata->value && thedata->type != ASN_NULL) {
config_perror("memory allocation failure");
free(thedata);
return;
}
the_reg = SNMP_MALLOC_TYPEDEF(netsnmp_handler_registration);
if (!the_reg) {
config_perror("memory allocation failure");
free(thedata);
return;
}
the_reg->handlerName = strdup(namebuf);
the_reg->priority = 255;
the_reg->modes = (readwrite) ? HANDLER_CAN_RWRITE : HANDLER_CAN_RONLY;
the_reg->handler =
netsnmp_create_handler("override", override_handler);
the_reg->rootoid = snmp_duplicate_objid(oidbuf, oidbuf_len);
the_reg->rootoid_len = oidbuf_len;
if (!the_reg->rootoid || !the_reg->handler || !the_reg->handlerName) {
if (the_reg->handler)
SNMP_FREE(the_reg->handler->handler_name);
SNMP_FREE(the_reg->handler);
SNMP_FREE(the_reg->handlerName);
SNMP_FREE(the_reg);
config_perror("memory allocation failure");
free(thedata);
return;
}
the_reg->handler->myvoid = thedata;
if (netsnmp_register_instance(the_reg)) {
config_perror("oid registration failed within the agent");
SNMP_FREE(thedata->value);
free(thedata);
return;
}
}
/*******************************************************************-o-******
* test_genkul
*
* Returns:
* Number of failures.
*
*
* Test of generate_kul().
*
* A passphrase and engineID are hashed into a master key Ku using
* both known hash transforms. Localized keys, also using both hash
* transforms, are generated from each of these master keys.
*
* ASSUME generate_Ku is already tested.
* ASSUME engineID is initially a NULL terminated string.
*/
int
test_genkul(void)
{
int rval = SNMPERR_SUCCESS,
failcount = 0,
properlength, kulen, kul_len, engineID_len, isdefault = FALSE;
char *s = NULL,
*testname = "Using HMACMD5 to create master key.",
*hashname_Ku = "usmHMACMD5AuthProtocol", *hashname_kul;
u_char Ku[LOCAL_MAXBUF], kul[LOCAL_MAXBUF];
oid *hashtype_Ku = usmHMACMD5AuthProtocol, *hashtype_kul;
OUTPUT("Test of generate_kul --");
/*
* Set passphrase and engineID.
*
* If engineID begins with 0x, assume it is written in (printable)
* hex and convert it to binary data.
*/
if (!passphrase) {
passphrase = PASSPHRASE_DEFAULT;
}
if (!bequiet)
fprintf(stdout, "Passphrase%s:\n\t%s\n\n",
(passphrase == PASSPHRASE_DEFAULT) ? " (default)" : "",
passphrase);
if (!engineID) {
engineID = ENGINEID_DEFAULT;
isdefault = TRUE;
}
engineID_len = strlen(engineID);
if (tolower(*(engineID + 1)) == 'x') {
engineID_len = hex_to_binary2(engineID + 2, engineID_len - 2, &s);
if (engineID_len < 0) {
FAILED((rval = SNMPERR_GENERR),
"Could not resolve hex engineID.");
}
engineID = s;
binary_to_hex(engineID, engineID_len, &s);
}
if (!bequiet)
fprintf(stdout, "engineID%s (len=%d): %s\n\n",
(isdefault) ? " (default)" : "",
engineID_len, (s) ? s : engineID);
if (s) {
SNMP_FREE(s);
}
/*
* Create a master key using both hash transforms; create localized
* keys using both hash transforms from each master key.
*/
test_genkul_again_master:
memset(Ku, 0, LOCAL_MAXBUF);
kulen = LOCAL_MAXBUF;
hashname_kul = "usmHMACMD5AuthProtocol";
hashtype_kul = usmHMACMD5AuthProtocol;
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5);
rval = generate_Ku(hashtype_Ku, USM_LENGTH_OID_TRANSFORM,
passphrase, strlen(passphrase), Ku, &kulen);
FAILED(rval, "generate_Ku().");
binary_to_hex(Ku, kulen, &s);
if (!bequiet)
fprintf(stdout,
"\n\nMaster Ku using \"%s\":\n\t%s\n\n", hashname_Ku, s);
free_zero(s, kulen);
test_genkul_again_local:
memset(kul, 0, LOCAL_MAXBUF);
kul_len = LOCAL_MAXBUF;
rval = generate_kul(hashtype_kul, USM_LENGTH_OID_TRANSFORM,
engineID, engineID_len, Ku, kulen, kul, &kul_len);
if ((hashtype_Ku == usmHMACMD5AuthProtocol)
&& (hashtype_kul == usmHMACSHA1AuthProtocol)) {
if (rval == SNMPERR_SUCCESS) {
FAILED(SNMPERR_GENERR,
"generate_kul SHOULD fail when Ku length is "
"less than hash transform length.");
}
} else {
FAILED(rval, "generate_kul().");
if (kul_len != properlength) {
FAILED(SNMPERR_GENERR,
"kul length is wrong for the given hashtype.");
}
binary_to_hex(kul, kul_len, &s);
fprintf(stdout, "kul (%s) (len=%d): %s\n",
((hashtype_Ku == usmHMACMD5AuthProtocol) ? "MD5" : "SHA"),
kul_len, s);
free_zero(s, kul_len);
}
/*
* Create localized key using the other hash transform, but from
* * the same master key.
*/
if (hashtype_kul == usmHMACMD5AuthProtocol) {
hashtype_kul = usmHMACSHA1AuthProtocol;
hashname_kul = "usmHMACSHA1AuthProtocol";
properlength = BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
goto test_genkul_again_local;
}
SUCCESS(testname);
/*
* Re-create the master key using the other hash transform.
*/
if (hashtype_Ku == usmHMACMD5AuthProtocol) {
hashtype_Ku = usmHMACSHA1AuthProtocol;
hashname_Ku = "usmHMACSHA1AuthProtocol";
testname = "Using HMACSHA1 to create master key.";
goto test_genkul_again_master;
}
return failcount;
} /* end test_genkul() */
