Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:19
erlang
0961-Fix-PrivParams-for-SNMPv3-USM-with-AES-pri...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0961-Fix-PrivParams-for-SNMPv3-USM-with-AES-privacy.patch of Package erlang
From fd94b345b54884c6cb695efbc465ebd25270a4b9 Mon Sep 17 00:00:00 2001 From: Raimo Niskanen <raimo@erlang.org> Date: Tue, 18 Aug 2020 16:41:57 +0200 Subject: [PATCH 4/4] Fix PrivParams for SNMPv3 USM with AES privacy * Change snmpa_usm:aes_encrypt/3 to use EngineBoots and EngineTime as in UsmSecParams --- lib/snmp/src/agent/snmpa_usm.erl | 54 ++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/lib/snmp/src/agent/snmpa_usm.erl b/lib/snmp/src/agent/snmpa_usm.erl index 1debceae98..0f41227b4b 100644 --- a/lib/snmp/src/agent/snmpa_usm.erl +++ b/lib/snmp/src/agent/snmpa_usm.erl @@ -475,19 +475,10 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel, _ -> % 3.1.1a SecData end, - %% 3.1.4 - ?vtrace("generate_outgoing_msg -> [3.1.4]" - "~n UserName: ~p" - "~n AuthProtocol: ~p" - "~n PrivProtocol: ~p", - [UserName, AuthProtocol, PrivProtocol]), - ScopedPduBytes = Message#message.data, - {ScopedPduData, MsgPrivParams} = - encrypt(ScopedPduBytes, PrivProtocol, PrivKey, SecLevel), + %% 3.1.6 SnmpEngineID = LocalEngineID, ?vtrace("generate_outgoing_msg -> SnmpEngineID: ~p [3.1.6]", [SnmpEngineID]), - %% 3.1.6 {MsgAuthEngineBoots, MsgAuthEngineTime} = case snmp_misc:is_auth(SecLevel) of false when SecData =:= [] -> % not a response @@ -501,6 +492,16 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel, {get_local_engine_boots(SnmpEngineID), get_local_engine_time(SnmpEngineID)} end, + %% 3.1.4 + ?vtrace("generate_outgoing_msg -> [3.1.4]" + "~n UserName: ~p" + "~n AuthProtocol: ~p" + "~n PrivProtocol: ~p", + [UserName, AuthProtocol, PrivProtocol]), + ScopedPduBytes = Message#message.data, + {ScopedPduData, MsgPrivParams} = + encrypt(ScopedPduBytes, PrivProtocol, PrivKey, SecLevel, + MsgAuthEngineBoots, MsgAuthEngineTime), %% 3.1.5 - 3.1.7 ?vtrace("generate_outgoing_msg -> [3.1.5 - 3.1.7]",[]), UsmSecParams = @@ -561,12 +562,17 @@ generate_discovery_msg(Message, end end, ScopedPduBytes = Message#message.data, + MsgAuthEngineBoots = 0, + MsgAuthEngineTime = 0, {ScopedPduData, MsgPrivParams} = - encrypt(ScopedPduBytes, PrivProtocol, PrivKey, SecLevel), + encrypt(ScopedPduBytes, PrivProtocol, PrivKey, SecLevel, + MsgAuthEngineBoots, MsgAuthEngineTime), UsmSecParams = #usmSecurityParameters{msgAuthoritativeEngineID = SecEngineID, - msgAuthoritativeEngineBoots = 0, % Boots, - msgAuthoritativeEngineTime = 0, % Time, + msgAuthoritativeEngineBoots = % Boots + MsgAuthEngineBoots, + msgAuthoritativeEngineTime = % Time + MsgAuthEngineTime, msgUserName = UserName, msgPrivacyParameters = MsgPrivParams}, Message2 = Message#message{data = ScopedPduData}, @@ -575,14 +581,15 @@ generate_discovery_msg(Message, %% Ret: {ScopedPDU, MsgPrivParams} - both are already encoded as OCTET STRINGs -encrypt(Data, PrivProtocol, PrivKey, SecLevel) -> +encrypt(Data, PrivProtocol, PrivKey, SecLevel, EngineBoots, EngineTime) -> case snmp_misc:is_priv(SecLevel) of false -> % 3.1.4b ?vtrace("encrypt -> 3.1.4b",[]), {Data, []}; true -> % 3.1.4a ?vtrace("encrypt -> 3.1.4a",[]), - case (catch try_encrypt(PrivProtocol, PrivKey, Data)) of + case (catch try_encrypt(PrivProtocol, PrivKey, Data, + EngineBoots, EngineTime)) of {ok, ScopedPduData, MsgPrivParams} -> ?vtrace("encrypt -> encrypted - now encode tag",[]), {snmp_pdus:enc_oct_str_tag(ScopedPduData), MsgPrivParams}; @@ -597,12 +604,13 @@ encrypt(Data, PrivProtocol, PrivKey, SecLevel) -> end end. -try_encrypt(?usmNoPrivProtocol, _PrivKey, _Data) -> % 3.1.2 +try_encrypt( + ?usmNoPrivProtocol, _PrivKey, _Data, _EngineBoots, _EngineTime) -> % 3.1.2 error(unsupportedSecurityLevel); -try_encrypt(?usmDESPrivProtocol, PrivKey, Data) -> +try_encrypt(?usmDESPrivProtocol, PrivKey, Data, _EngineBoots, _EngineTime) -> des_encrypt(PrivKey, Data); -try_encrypt(?usmAesCfb128Protocol, PrivKey, Data) -> - aes_encrypt(PrivKey, Data). +try_encrypt(?usmAesCfb128Protocol, PrivKey, Data, EngineBoots, EngineTime) -> + aes_encrypt(PrivKey, Data, EngineBoots, EngineTime). authenticate_outgoing(Message, UsmSecParams, @@ -658,11 +666,9 @@ get_des_salt() -> EngineBoots = snmp_framework_mib:get_engine_boots(), [?i32(EngineBoots), ?i32(SaltInt)]. -aes_encrypt(PrivKey, Data) -> - EngineBoots = snmp_framework_mib:get_engine_boots(), - EngineTime = snmp_framework_mib:get_engine_time(), - snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0, - EngineBoots, EngineTime). +aes_encrypt(PrivKey, Data, EngineBoots, EngineTime) -> + snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0, + EngineBoots, EngineTime). aes_decrypt(PrivKey, UsmSecParams, EncData) -> #usmSecurityParameters{msgPrivacyParameters = PrivParams, -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor