1e9a49468SShteryana Shopova /*- 2e9a49468SShteryana Shopova * Copyright (c) 2010 The FreeBSD Foundation 3e9a49468SShteryana Shopova * All rights reserved. 4e9a49468SShteryana Shopova * 5e9a49468SShteryana Shopova * This software was developed by Shteryana Sotirova Shopova under 6e9a49468SShteryana Shopova * sponsorship from the FreeBSD Foundation. 7e9a49468SShteryana Shopova * 8e9a49468SShteryana Shopova * Redistribution and use in source and binary forms, with or without 9e9a49468SShteryana Shopova * modification, are permitted provided that the following conditions 10e9a49468SShteryana Shopova * are met: 11e9a49468SShteryana Shopova * 1. Redistributions of source code must retain the above copyright 12e9a49468SShteryana Shopova * notice, this list of conditions and the following disclaimer. 13e9a49468SShteryana Shopova * 2. Redistributions in binary form must reproduce the above copyright 14e9a49468SShteryana Shopova * notice, this list of conditions and the following disclaimer in the 15e9a49468SShteryana Shopova * documentation and/or other materials provided with the distribution. 16e9a49468SShteryana Shopova * 17e9a49468SShteryana Shopova * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18e9a49468SShteryana Shopova * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19e9a49468SShteryana Shopova * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20e9a49468SShteryana Shopova * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21e9a49468SShteryana Shopova * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22e9a49468SShteryana Shopova * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23e9a49468SShteryana Shopova * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24e9a49468SShteryana Shopova * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25e9a49468SShteryana Shopova * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26e9a49468SShteryana Shopova * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27e9a49468SShteryana Shopova * SUCH DAMAGE. 28e9a49468SShteryana Shopova * 29e9a49468SShteryana Shopova * $FreeBSD$ 30e9a49468SShteryana Shopova */ 31e9a49468SShteryana Shopova #include <sys/types.h> 32e9a49468SShteryana Shopova #include <sys/socket.h> 33e9a49468SShteryana Shopova #include <stdio.h> 34e9a49468SShteryana Shopova #include <stdlib.h> 35e9a49468SShteryana Shopova #include <stddef.h> 36e9a49468SShteryana Shopova #include <stdarg.h> 37e9a49468SShteryana Shopova #ifdef HAVE_STDINT_H 38e9a49468SShteryana Shopova #include <stdint.h> 39e9a49468SShteryana Shopova #elif defined(HAVE_INTTYPES_H) 40e9a49468SShteryana Shopova #include <inttypes.h> 41e9a49468SShteryana Shopova #endif 42e9a49468SShteryana Shopova #include <string.h> 43e9a49468SShteryana Shopova #include <ctype.h> 44e9a49468SShteryana Shopova #include <errno.h> 45e9a49468SShteryana Shopova #include <netinet/in.h> 46e9a49468SShteryana Shopova 47e9a49468SShteryana Shopova #ifdef HAVE_LIBCRYPTO 48e9a49468SShteryana Shopova #include <openssl/evp.h> 49e9a49468SShteryana Shopova #endif 50e9a49468SShteryana Shopova 51e9a49468SShteryana Shopova #include "asn1.h" 52e9a49468SShteryana Shopova #include "snmp.h" 53e9a49468SShteryana Shopova #include "snmppriv.h" 54e9a49468SShteryana Shopova 55e9a49468SShteryana Shopova #define SNMP_PRIV_AES_IV_SIZ 16 56e9a49468SShteryana Shopova #define SNMP_EXTENDED_KEY_SIZ 64 57e9a49468SShteryana Shopova #define SNMP_AUTH_KEY_LOOPCNT 1048576 58e9a49468SShteryana Shopova #define SNMP_AUTH_BUF_SIZE 72 59e9a49468SShteryana Shopova 60e9a49468SShteryana Shopova static const uint8_t ipad = 0x36; 61e9a49468SShteryana Shopova static const uint8_t opad = 0x5c; 62e9a49468SShteryana Shopova 63e9a49468SShteryana Shopova #ifdef HAVE_LIBCRYPTO 64e9a49468SShteryana Shopova 65e9a49468SShteryana Shopova static int32_t 66e9a49468SShteryana Shopova snmp_digest_init(const struct snmp_user *user, EVP_MD_CTX *ctx, 67e9a49468SShteryana Shopova const EVP_MD **dtype, uint32_t *keylen) 68e9a49468SShteryana Shopova { 69e9a49468SShteryana Shopova if (user->auth_proto == SNMP_AUTH_HMAC_MD5) { 70e9a49468SShteryana Shopova *dtype = EVP_md5(); 71e9a49468SShteryana Shopova *keylen = SNMP_AUTH_HMACMD5_KEY_SIZ; 72e9a49468SShteryana Shopova } else if (user->auth_proto == SNMP_AUTH_HMAC_SHA) { 73e9a49468SShteryana Shopova *dtype = EVP_sha1(); 74e9a49468SShteryana Shopova *keylen = SNMP_AUTH_HMACSHA_KEY_SIZ; 75e9a49468SShteryana Shopova } else if (user->auth_proto == SNMP_AUTH_NOAUTH) 76e9a49468SShteryana Shopova return (0); 77e9a49468SShteryana Shopova else { 78e9a49468SShteryana Shopova snmp_error("unknown authentication option - %d", 79e9a49468SShteryana Shopova user->auth_proto); 80e9a49468SShteryana Shopova return (-1); 81e9a49468SShteryana Shopova } 82e9a49468SShteryana Shopova 83e9a49468SShteryana Shopova if (EVP_DigestInit(ctx, *dtype) != 1) 84e9a49468SShteryana Shopova return (-1); 85e9a49468SShteryana Shopova 86e9a49468SShteryana Shopova return (1); 87e9a49468SShteryana Shopova } 88e9a49468SShteryana Shopova 89e9a49468SShteryana Shopova enum snmp_code 902b802662SShteryana Shopova snmp_pdu_calc_digest(const struct snmp_pdu *pdu, uint8_t *digest) 91e9a49468SShteryana Shopova { 92e9a49468SShteryana Shopova uint8_t md[EVP_MAX_MD_SIZE], extkey[SNMP_EXTENDED_KEY_SIZ]; 93e9a49468SShteryana Shopova uint8_t key1[SNMP_EXTENDED_KEY_SIZ], key2[SNMP_EXTENDED_KEY_SIZ]; 94e9a49468SShteryana Shopova uint32_t i, keylen, olen; 95e9a49468SShteryana Shopova int32_t err; 96e9a49468SShteryana Shopova const EVP_MD *dtype; 97e9a49468SShteryana Shopova EVP_MD_CTX ctx; 98e9a49468SShteryana Shopova 99e9a49468SShteryana Shopova err = snmp_digest_init(&pdu->user, &ctx, &dtype, &keylen); 100e9a49468SShteryana Shopova if (err < 0) 101e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 102e9a49468SShteryana Shopova else if (err == 0) 103e9a49468SShteryana Shopova return (SNMP_CODE_OK); 104e9a49468SShteryana Shopova 105e9a49468SShteryana Shopova memset(pdu->digest_ptr, 0, sizeof(pdu->msg_digest)); 106e9a49468SShteryana Shopova memcpy(extkey, pdu->user.auth_key, keylen); 107e9a49468SShteryana Shopova memset(extkey + keylen, 0, sizeof(extkey) - keylen); 108e9a49468SShteryana Shopova 109e9a49468SShteryana Shopova for (i = 0; i < SNMP_EXTENDED_KEY_SIZ; i++) { 110e9a49468SShteryana Shopova key1[i] = extkey[i] ^ ipad; 111e9a49468SShteryana Shopova key2[i] = extkey[i] ^ opad; 112e9a49468SShteryana Shopova } 113e9a49468SShteryana Shopova 114e9a49468SShteryana Shopova if (EVP_DigestUpdate(&ctx, key1, SNMP_EXTENDED_KEY_SIZ) != 1 || 115e9a49468SShteryana Shopova EVP_DigestUpdate(&ctx, pdu->outer_ptr, pdu->outer_len) != 1 || 116e9a49468SShteryana Shopova EVP_DigestFinal(&ctx, md, &olen) != 1) 117e9a49468SShteryana Shopova goto failed; 118e9a49468SShteryana Shopova 119e9a49468SShteryana Shopova if (EVP_DigestInit(&ctx, dtype) != 1 || 120e9a49468SShteryana Shopova EVP_DigestUpdate(&ctx, key2, SNMP_EXTENDED_KEY_SIZ) != 1 || 121e9a49468SShteryana Shopova EVP_DigestUpdate(&ctx, md, olen) != 1 || 122e9a49468SShteryana Shopova EVP_DigestFinal(&ctx, md, &olen) != 1) 123e9a49468SShteryana Shopova goto failed; 124e9a49468SShteryana Shopova 125e9a49468SShteryana Shopova if (olen < SNMP_USM_AUTH_SIZE) { 126e9a49468SShteryana Shopova snmp_error("bad digest size - %d", olen); 127e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 128e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 129e9a49468SShteryana Shopova } 130e9a49468SShteryana Shopova 131e9a49468SShteryana Shopova memcpy(digest, md, SNMP_USM_AUTH_SIZE); 132e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 133e9a49468SShteryana Shopova return (SNMP_CODE_OK); 134e9a49468SShteryana Shopova 135e9a49468SShteryana Shopova failed: 136e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 137e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 138e9a49468SShteryana Shopova } 139e9a49468SShteryana Shopova 140e9a49468SShteryana Shopova static int32_t 141e9a49468SShteryana Shopova snmp_pdu_cipher_init(const struct snmp_pdu *pdu, int32_t len, 1422b802662SShteryana Shopova const EVP_CIPHER **ctype, uint8_t *piv) 143e9a49468SShteryana Shopova { 144e9a49468SShteryana Shopova int i; 145e9a49468SShteryana Shopova uint32_t netint; 146e9a49468SShteryana Shopova 147e9a49468SShteryana Shopova if (pdu->user.priv_proto == SNMP_PRIV_DES) { 148e9a49468SShteryana Shopova if (len % 8 != 0) 149e9a49468SShteryana Shopova return (-1); 150e9a49468SShteryana Shopova *ctype = EVP_des_cbc(); 151e9a49468SShteryana Shopova memcpy(piv, pdu->msg_salt, sizeof(pdu->msg_salt)); 152e9a49468SShteryana Shopova for (i = 0; i < 8; i++) 153e9a49468SShteryana Shopova piv[i] = piv[i] ^ pdu->user.priv_key[8 + i]; 154e9a49468SShteryana Shopova } else if (pdu->user.priv_proto == SNMP_PRIV_AES) { 155e9a49468SShteryana Shopova *ctype = EVP_aes_128_cfb128(); 156e9a49468SShteryana Shopova netint = htonl(pdu->engine.engine_boots); 157e9a49468SShteryana Shopova memcpy(piv, &netint, sizeof(netint)); 158e9a49468SShteryana Shopova piv += sizeof(netint); 159e9a49468SShteryana Shopova netint = htonl(pdu->engine.engine_time); 160e9a49468SShteryana Shopova memcpy(piv, &netint, sizeof(netint)); 161e9a49468SShteryana Shopova piv += sizeof(netint); 162e9a49468SShteryana Shopova memcpy(piv, pdu->msg_salt, sizeof(pdu->msg_salt)); 163e9a49468SShteryana Shopova } else if (pdu->user.priv_proto == SNMP_PRIV_NOPRIV) 164e9a49468SShteryana Shopova return (0); 165e9a49468SShteryana Shopova else { 166e9a49468SShteryana Shopova snmp_error("unknown privacy option - %d", pdu->user.priv_proto); 167e9a49468SShteryana Shopova return (-1); 168e9a49468SShteryana Shopova } 169e9a49468SShteryana Shopova 170e9a49468SShteryana Shopova return (1); 171e9a49468SShteryana Shopova } 172e9a49468SShteryana Shopova 173e9a49468SShteryana Shopova enum snmp_code 1742b802662SShteryana Shopova snmp_pdu_encrypt(const struct snmp_pdu *pdu) 175e9a49468SShteryana Shopova { 176e9a49468SShteryana Shopova int32_t err, olen; 177e9a49468SShteryana Shopova uint8_t iv[SNMP_PRIV_AES_IV_SIZ]; 178e9a49468SShteryana Shopova const EVP_CIPHER *ctype; 179e9a49468SShteryana Shopova EVP_CIPHER_CTX ctx; 180e9a49468SShteryana Shopova 1812b802662SShteryana Shopova err = snmp_pdu_cipher_init(pdu, pdu->scoped_len, &ctype, iv); 182e9a49468SShteryana Shopova if (err < 0) 183e9a49468SShteryana Shopova return (SNMP_CODE_EDECRYPT); 184e9a49468SShteryana Shopova else if (err == 0) 185e9a49468SShteryana Shopova return (SNMP_CODE_OK); 186e9a49468SShteryana Shopova 187e9a49468SShteryana Shopova if (EVP_EncryptInit(&ctx, ctype, pdu->user.priv_key, iv) != 1) 188e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 189e9a49468SShteryana Shopova 190e9a49468SShteryana Shopova if (EVP_EncryptUpdate(&ctx, pdu->scoped_ptr, &olen, pdu->scoped_ptr, 191e9a49468SShteryana Shopova pdu->scoped_len) != 1 || 192e9a49468SShteryana Shopova EVP_EncryptFinal(&ctx, pdu->scoped_ptr + olen, &olen) != 1) { 193e9a49468SShteryana Shopova EVP_CIPHER_CTX_cleanup(&ctx); 194e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 195e9a49468SShteryana Shopova } 196e9a49468SShteryana Shopova 197e9a49468SShteryana Shopova EVP_CIPHER_CTX_cleanup(&ctx); 198e9a49468SShteryana Shopova return (SNMP_CODE_OK); 199e9a49468SShteryana Shopova } 200e9a49468SShteryana Shopova 201e9a49468SShteryana Shopova enum snmp_code 2022b802662SShteryana Shopova snmp_pdu_decrypt(const struct snmp_pdu *pdu) 203e9a49468SShteryana Shopova { 204e9a49468SShteryana Shopova int32_t err, olen; 205e9a49468SShteryana Shopova uint8_t iv[SNMP_PRIV_AES_IV_SIZ]; 206e9a49468SShteryana Shopova const EVP_CIPHER *ctype; 207e9a49468SShteryana Shopova EVP_CIPHER_CTX ctx; 208e9a49468SShteryana Shopova 2092b802662SShteryana Shopova err = snmp_pdu_cipher_init(pdu, pdu->scoped_len, &ctype, iv); 210e9a49468SShteryana Shopova if (err < 0) 211e9a49468SShteryana Shopova return (SNMP_CODE_EDECRYPT); 212e9a49468SShteryana Shopova else if (err == 0) 213e9a49468SShteryana Shopova return (SNMP_CODE_OK); 214e9a49468SShteryana Shopova 215e9a49468SShteryana Shopova if (EVP_DecryptInit(&ctx, ctype, pdu->user.priv_key, iv) != 1 || 216e9a49468SShteryana Shopova EVP_CIPHER_CTX_set_padding(&ctx, 0) != 1) 217e9a49468SShteryana Shopova return (SNMP_CODE_EDECRYPT); 218e9a49468SShteryana Shopova 219e9a49468SShteryana Shopova if (EVP_DecryptUpdate(&ctx, pdu->scoped_ptr, &olen, pdu->scoped_ptr, 220e9a49468SShteryana Shopova pdu->scoped_len) != 1 || 221e9a49468SShteryana Shopova EVP_DecryptFinal(&ctx, pdu->scoped_ptr + olen, &olen) != 1) { 222e9a49468SShteryana Shopova EVP_CIPHER_CTX_cleanup(&ctx); 223e9a49468SShteryana Shopova return (SNMP_CODE_EDECRYPT); 224e9a49468SShteryana Shopova } 225e9a49468SShteryana Shopova 226e9a49468SShteryana Shopova EVP_CIPHER_CTX_cleanup(&ctx); 227e9a49468SShteryana Shopova return (SNMP_CODE_OK); 228e9a49468SShteryana Shopova } 229e9a49468SShteryana Shopova 230e9a49468SShteryana Shopova /* [RFC 3414] - A.2. Password to Key Algorithm */ 231e9a49468SShteryana Shopova enum snmp_code 232e9a49468SShteryana Shopova snmp_passwd_to_keys(struct snmp_user *user, char *passwd) 233e9a49468SShteryana Shopova { 234e9a49468SShteryana Shopova int err, loop, i, pwdlen; 235e9a49468SShteryana Shopova uint32_t keylen, olen; 236e9a49468SShteryana Shopova const EVP_MD *dtype; 237e9a49468SShteryana Shopova EVP_MD_CTX ctx; 238e9a49468SShteryana Shopova uint8_t authbuf[SNMP_AUTH_BUF_SIZE]; 239e9a49468SShteryana Shopova 240e9a49468SShteryana Shopova if (passwd == NULL || user == NULL) 241e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 242e9a49468SShteryana Shopova 243e9a49468SShteryana Shopova err = snmp_digest_init(user, &ctx, &dtype, &keylen); 244e9a49468SShteryana Shopova if (err < 0) 245e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 246e9a49468SShteryana Shopova else if (err == 0) 247e9a49468SShteryana Shopova return (SNMP_CODE_OK); 248e9a49468SShteryana Shopova 249e9a49468SShteryana Shopova memset(user->auth_key, 0, sizeof(user->auth_key)); 250e9a49468SShteryana Shopova pwdlen = strlen(passwd); 251e9a49468SShteryana Shopova 252e9a49468SShteryana Shopova for (loop = 0; loop < SNMP_AUTH_KEY_LOOPCNT; loop += i) { 253e9a49468SShteryana Shopova for (i = 0; i < SNMP_EXTENDED_KEY_SIZ; i++) 254e9a49468SShteryana Shopova authbuf[i] = passwd[(loop + i) % pwdlen]; 255e9a49468SShteryana Shopova if (EVP_DigestUpdate(&ctx, authbuf, SNMP_EXTENDED_KEY_SIZ) != 1) 256e9a49468SShteryana Shopova goto failed; 257e9a49468SShteryana Shopova } 258e9a49468SShteryana Shopova 259e9a49468SShteryana Shopova if (EVP_DigestFinal(&ctx, user->auth_key, &olen) != 1) 260e9a49468SShteryana Shopova goto failed; 261e9a49468SShteryana Shopova 262e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 263e9a49468SShteryana Shopova return (SNMP_CODE_OK); 264e9a49468SShteryana Shopova 265e9a49468SShteryana Shopova failed: 266e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 267e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 268e9a49468SShteryana Shopova } 269e9a49468SShteryana Shopova 270e9a49468SShteryana Shopova /* [RFC 3414] - 2.6. Key Localization Algorithm */ 271e9a49468SShteryana Shopova enum snmp_code 272e9a49468SShteryana Shopova snmp_get_local_keys(struct snmp_user *user, uint8_t *eid, uint32_t elen) 273e9a49468SShteryana Shopova { 274e9a49468SShteryana Shopova int err; 275e9a49468SShteryana Shopova uint32_t keylen, olen; 276e9a49468SShteryana Shopova const EVP_MD *dtype; 277e9a49468SShteryana Shopova EVP_MD_CTX ctx; 278e9a49468SShteryana Shopova uint8_t authbuf[SNMP_AUTH_BUF_SIZE]; 279e9a49468SShteryana Shopova 280e9a49468SShteryana Shopova if (user == NULL || eid == NULL || elen > SNMP_ENGINE_ID_SIZ) 281e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 282e9a49468SShteryana Shopova 283e9a49468SShteryana Shopova memset(user->priv_key, 0, sizeof(user->priv_key)); 284e9a49468SShteryana Shopova memset(authbuf, 0, sizeof(authbuf)); 285e9a49468SShteryana Shopova 286e9a49468SShteryana Shopova err = snmp_digest_init(user, &ctx, &dtype, &keylen); 287e9a49468SShteryana Shopova if (err < 0) 288e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 289e9a49468SShteryana Shopova else if (err == 0) 290e9a49468SShteryana Shopova return (SNMP_CODE_OK); 291e9a49468SShteryana Shopova 292e9a49468SShteryana Shopova memcpy(authbuf, user->auth_key, keylen); 293e9a49468SShteryana Shopova memcpy(authbuf + keylen, eid, elen); 294e9a49468SShteryana Shopova memcpy(authbuf + keylen + elen, user->auth_key, keylen); 295e9a49468SShteryana Shopova 296e9a49468SShteryana Shopova if (EVP_DigestUpdate(&ctx, authbuf, 2 * keylen + elen) != 1 || 297e9a49468SShteryana Shopova EVP_DigestFinal(&ctx, user->auth_key, &olen) != 1) { 298e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 299e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 300e9a49468SShteryana Shopova } 301e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 302e9a49468SShteryana Shopova 303e9a49468SShteryana Shopova if (user->priv_proto != SNMP_PRIV_NOPRIV) 304e9a49468SShteryana Shopova memcpy(user->priv_key, user->auth_key, sizeof(user->priv_key)); 305e9a49468SShteryana Shopova 306e9a49468SShteryana Shopova return (SNMP_CODE_OK); 307e9a49468SShteryana Shopova } 308e9a49468SShteryana Shopova 309e9a49468SShteryana Shopova enum snmp_code 310e9a49468SShteryana Shopova snmp_calc_keychange(struct snmp_user *user, uint8_t *keychange) 311e9a49468SShteryana Shopova { 3122b802662SShteryana Shopova int32_t err, rvalue[SNMP_AUTH_HMACSHA_KEY_SIZ / 4]; 3132b802662SShteryana Shopova uint32_t i, keylen, olen; 314e9a49468SShteryana Shopova const EVP_MD *dtype; 315e9a49468SShteryana Shopova EVP_MD_CTX ctx; 316e9a49468SShteryana Shopova 317e9a49468SShteryana Shopova err = snmp_digest_init(user, &ctx, &dtype, &keylen); 318e9a49468SShteryana Shopova if (err < 0) 319e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 320e9a49468SShteryana Shopova else if (err == 0) 321e9a49468SShteryana Shopova return (SNMP_CODE_OK); 322e9a49468SShteryana Shopova 323e9a49468SShteryana Shopova for (i = 0; i < keylen / 4; i++) 324e9a49468SShteryana Shopova rvalue[i] = random(); 325e9a49468SShteryana Shopova 326e9a49468SShteryana Shopova memcpy(keychange, user->auth_key, keylen); 327e9a49468SShteryana Shopova memcpy(keychange + keylen, rvalue, keylen); 328e9a49468SShteryana Shopova 329e9a49468SShteryana Shopova if (EVP_DigestUpdate(&ctx, keychange, 2 * keylen) != 1 || 330e9a49468SShteryana Shopova EVP_DigestFinal(&ctx, keychange, &olen) != 1) { 331e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 332e9a49468SShteryana Shopova return (SNMP_CODE_BADDIGEST); 333e9a49468SShteryana Shopova } 334e9a49468SShteryana Shopova 335e9a49468SShteryana Shopova EVP_MD_CTX_cleanup(&ctx); 336e9a49468SShteryana Shopova return (SNMP_CODE_OK); 337e9a49468SShteryana Shopova } 338e9a49468SShteryana Shopova 339e9a49468SShteryana Shopova #else /* !HAVE_LIBCRYPTO */ 340e9a49468SShteryana Shopova 341e9a49468SShteryana Shopova enum snmp_code 3422b802662SShteryana Shopova snmp_pdu_calc_digest(const struct snmp_pdu *pdu, uint8_t *digest __unused) 343e9a49468SShteryana Shopova { 344e9a49468SShteryana Shopova if (pdu->user.auth_proto != SNMP_AUTH_NOAUTH) 345e9a49468SShteryana Shopova return (SNMP_CODE_BADSECLEVEL); 346e9a49468SShteryana Shopova 347e9a49468SShteryana Shopova 348e9a49468SShteryana Shopova return (SNMP_CODE_OK); 349e9a49468SShteryana Shopova } 350e9a49468SShteryana Shopova 351e9a49468SShteryana Shopova enum snmp_code 3522b802662SShteryana Shopova snmp_pdu_encrypt(const struct snmp_pdu *pdu) 353e9a49468SShteryana Shopova { 354e9a49468SShteryana Shopova if (pdu->user.priv_proto != SNMP_PRIV_NOPRIV) 355e9a49468SShteryana Shopova return (SNMP_CODE_BADSECLEVEL); 356e9a49468SShteryana Shopova 357e9a49468SShteryana Shopova return (SNMP_CODE_OK); 358e9a49468SShteryana Shopova } 359e9a49468SShteryana Shopova 360e9a49468SShteryana Shopova enum snmp_code 3612b802662SShteryana Shopova snmp_pdu_decrypt(const struct snmp_pdu *pdu) 362e9a49468SShteryana Shopova { 363e9a49468SShteryana Shopova if (pdu->user.priv_proto != SNMP_PRIV_NOPRIV) 364e9a49468SShteryana Shopova return (SNMP_CODE_BADSECLEVEL); 365e9a49468SShteryana Shopova 366e9a49468SShteryana Shopova return (SNMP_CODE_OK); 367e9a49468SShteryana Shopova } 368e9a49468SShteryana Shopova 369*e3ee0494SEnji Cooper enum snmp_code 370e9a49468SShteryana Shopova snmp_passwd_to_keys(struct snmp_user *user, char *passwd __unused) 371e9a49468SShteryana Shopova { 372e9a49468SShteryana Shopova if (user->auth_proto == SNMP_AUTH_NOAUTH && 373e9a49468SShteryana Shopova user->priv_proto == SNMP_PRIV_NOPRIV) 374e9a49468SShteryana Shopova return (SNMP_CODE_OK); 375e9a49468SShteryana Shopova 376e9a49468SShteryana Shopova errno = EPROTONOSUPPORT; 377e9a49468SShteryana Shopova 378e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 379e9a49468SShteryana Shopova } 380e9a49468SShteryana Shopova 381*e3ee0494SEnji Cooper enum snmp_code 382e9a49468SShteryana Shopova snmp_get_local_keys(struct snmp_user *user, uint8_t *eid __unused, 383e9a49468SShteryana Shopova uint32_t elen __unused) 384e9a49468SShteryana Shopova { 385e9a49468SShteryana Shopova if (user->auth_proto == SNMP_AUTH_NOAUTH && 386e9a49468SShteryana Shopova user->priv_proto == SNMP_PRIV_NOPRIV) 387e9a49468SShteryana Shopova return (SNMP_CODE_OK); 388e9a49468SShteryana Shopova 389e9a49468SShteryana Shopova errno = EPROTONOSUPPORT; 390e9a49468SShteryana Shopova 391e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 392e9a49468SShteryana Shopova } 393e9a49468SShteryana Shopova 394e9a49468SShteryana Shopova enum snmp_code 395e9a49468SShteryana Shopova snmp_calc_keychange(struct snmp_user *user __unused, 396e9a49468SShteryana Shopova uint8_t *keychange __unused) 397e9a49468SShteryana Shopova { 398e9a49468SShteryana Shopova errno = EPROTONOSUPPORT; 399e9a49468SShteryana Shopova return (SNMP_CODE_FAILED); 400e9a49468SShteryana Shopova } 401e9a49468SShteryana Shopova 402e9a49468SShteryana Shopova #endif /* HAVE_LIBCRYPTO */ 403