xref: /nrf52832-nimble/rt-thread/components/net/lwip-2.0.2/src/apps/snmp/snmpv3_mbedtls.c (revision 104654410c56c573564690304ae786df310c91fc) 
1*10465441SEvalZero /**
2*10465441SEvalZero  * @file
3*10465441SEvalZero  * SNMPv3 crypto/auth functions implemented for ARM mbedtls.
4*10465441SEvalZero  */
5*10465441SEvalZero 
6*10465441SEvalZero /*
7*10465441SEvalZero  * Copyright (c) 2016 Elias Oenal and Dirk Ziegelmeier.
8*10465441SEvalZero  * All rights reserved.
9*10465441SEvalZero  *
10*10465441SEvalZero  * Redistribution and use in source and binary forms, with or without modification,
11*10465441SEvalZero  * are permitted provided that the following conditions are met:
12*10465441SEvalZero  *
13*10465441SEvalZero  * 1. Redistributions of source code must retain the above copyright notice,
14*10465441SEvalZero  *    this list of conditions and the following disclaimer.
15*10465441SEvalZero  * 2. Redistributions in binary form must reproduce the above copyright notice,
16*10465441SEvalZero  *    this list of conditions and the following disclaimer in the documentation
17*10465441SEvalZero  *    and/or other materials provided with the distribution.
18*10465441SEvalZero  * 3. The name of the author may not be used to endorse or promote products
19*10465441SEvalZero  *    derived from this software without specific prior written permission.
20*10465441SEvalZero  *
21*10465441SEvalZero  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
22*10465441SEvalZero  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23*10465441SEvalZero  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
24*10465441SEvalZero  * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25*10465441SEvalZero  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
26*10465441SEvalZero  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27*10465441SEvalZero  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28*10465441SEvalZero  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
29*10465441SEvalZero  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
30*10465441SEvalZero  * OF SUCH DAMAGE.
31*10465441SEvalZero  *
32*10465441SEvalZero  * Author: Elias Oenal <[email protected]>
33*10465441SEvalZero  *         Dirk Ziegelmeier <[email protected]>
34*10465441SEvalZero  */
35*10465441SEvalZero 
36*10465441SEvalZero #include "lwip/apps/snmpv3.h"
37*10465441SEvalZero #include "snmpv3_priv.h"
38*10465441SEvalZero #include "lwip/arch.h"
39*10465441SEvalZero #include "snmp_msg.h"
40*10465441SEvalZero #include "lwip/sys.h"
41*10465441SEvalZero #include <string.h>
42*10465441SEvalZero 
43*10465441SEvalZero #if LWIP_SNMP && LWIP_SNMP_V3 && LWIP_SNMP_V3_MBEDTLS
44*10465441SEvalZero 
45*10465441SEvalZero #include "mbedtls/md.h"
46*10465441SEvalZero #include "mbedtls/cipher.h"
47*10465441SEvalZero 
48*10465441SEvalZero #include "mbedtls/md5.h"
49*10465441SEvalZero #include "mbedtls/sha1.h"
50*10465441SEvalZero 
51*10465441SEvalZero err_t
snmpv3_auth(struct snmp_pbuf_stream * stream,u16_t length,const u8_t * key,u8_t algo,u8_t * hmac_out)52*10465441SEvalZero snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
53*10465441SEvalZero     const u8_t* key, u8_t algo, u8_t* hmac_out)
54*10465441SEvalZero {
55*10465441SEvalZero   u32_t i;
56*10465441SEvalZero   u8_t key_len;
57*10465441SEvalZero   const mbedtls_md_info_t *md_info;
58*10465441SEvalZero   mbedtls_md_context_t ctx;
59*10465441SEvalZero   struct snmp_pbuf_stream read_stream;
60*10465441SEvalZero   snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
61*10465441SEvalZero 
62*10465441SEvalZero   if (algo == SNMP_V3_AUTH_ALGO_MD5) {
63*10465441SEvalZero     md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
64*10465441SEvalZero     key_len = SNMP_V3_MD5_LEN;
65*10465441SEvalZero   } else if (algo == SNMP_V3_AUTH_ALGO_SHA) {
66*10465441SEvalZero     md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
67*10465441SEvalZero     key_len = SNMP_V3_SHA_LEN;
68*10465441SEvalZero   } else {
69*10465441SEvalZero     return ERR_ARG;
70*10465441SEvalZero   }
71*10465441SEvalZero 
72*10465441SEvalZero   mbedtls_md_init(&ctx);
73*10465441SEvalZero   if(mbedtls_md_setup(&ctx, md_info, 1) != 0) {
74*10465441SEvalZero     return ERR_ARG;
75*10465441SEvalZero   }
76*10465441SEvalZero 
77*10465441SEvalZero   if (mbedtls_md_hmac_starts(&ctx, key, key_len) != 0) {
78*10465441SEvalZero     goto free_md;
79*10465441SEvalZero   }
80*10465441SEvalZero 
81*10465441SEvalZero   for (i = 0; i < length; i++) {
82*10465441SEvalZero     u8_t byte;
83*10465441SEvalZero 
84*10465441SEvalZero     if (snmp_pbuf_stream_read(&read_stream, &byte)) {
85*10465441SEvalZero       goto free_md;
86*10465441SEvalZero     }
87*10465441SEvalZero 
88*10465441SEvalZero     if (mbedtls_md_hmac_update(&ctx, &byte, 1) != 0) {
89*10465441SEvalZero       goto free_md;
90*10465441SEvalZero     }
91*10465441SEvalZero   }
92*10465441SEvalZero 
93*10465441SEvalZero   if (mbedtls_md_hmac_finish(&ctx, hmac_out) != 0) {
94*10465441SEvalZero     goto free_md;
95*10465441SEvalZero   }
96*10465441SEvalZero 
97*10465441SEvalZero   mbedtls_md_free(&ctx);
98*10465441SEvalZero   return ERR_OK;
99*10465441SEvalZero 
100*10465441SEvalZero free_md:
101*10465441SEvalZero   mbedtls_md_free(&ctx);
102*10465441SEvalZero   return ERR_ARG;
103*10465441SEvalZero }
104*10465441SEvalZero 
105*10465441SEvalZero #if LWIP_SNMP_V3_CRYPTO
106*10465441SEvalZero 
107*10465441SEvalZero err_t
snmpv3_crypt(struct snmp_pbuf_stream * stream,u16_t length,const u8_t * key,const u8_t * priv_param,const u32_t engine_boots,const u32_t engine_time,u8_t algo,u8_t mode)108*10465441SEvalZero snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
109*10465441SEvalZero     const u8_t* key, const u8_t* priv_param, const u32_t engine_boots,
110*10465441SEvalZero     const u32_t engine_time, u8_t algo, u8_t mode)
111*10465441SEvalZero {
112*10465441SEvalZero   size_t i;
113*10465441SEvalZero   mbedtls_cipher_context_t ctx;
114*10465441SEvalZero   const mbedtls_cipher_info_t *cipher_info;
115*10465441SEvalZero 
116*10465441SEvalZero   struct snmp_pbuf_stream read_stream;
117*10465441SEvalZero   struct snmp_pbuf_stream write_stream;
118*10465441SEvalZero   snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
119*10465441SEvalZero   snmp_pbuf_stream_init(&write_stream, stream->pbuf, stream->offset, stream->length);
120*10465441SEvalZero   mbedtls_cipher_init(&ctx);
121*10465441SEvalZero 
122*10465441SEvalZero   if (algo == SNMP_V3_PRIV_ALGO_DES) {
123*10465441SEvalZero     u8_t iv_local[8];
124*10465441SEvalZero     u8_t out_bytes[8];
125*10465441SEvalZero     size_t out_len;
126*10465441SEvalZero 
127*10465441SEvalZero     /* RFC 3414 mandates padding for DES */
128*10465441SEvalZero     if ((length & 0x07) != 0) {
129*10465441SEvalZero       return ERR_ARG;
130*10465441SEvalZero     }
131*10465441SEvalZero 
132*10465441SEvalZero     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC);
133*10465441SEvalZero     if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
134*10465441SEvalZero       return ERR_ARG;
135*10465441SEvalZero     }
136*10465441SEvalZero     if(mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) {
137*10465441SEvalZero       return ERR_ARG;
138*10465441SEvalZero     }
139*10465441SEvalZero     if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
140*10465441SEvalZero       goto error;
141*10465441SEvalZero     }
142*10465441SEvalZero 
143*10465441SEvalZero     /* Prepare IV */
144*10465441SEvalZero     for (i = 0; i < LWIP_ARRAYSIZE(iv_local); i++) {
145*10465441SEvalZero       iv_local[i] = priv_param[i] ^ key[i + 8];
146*10465441SEvalZero     }
147*10465441SEvalZero     if(mbedtls_cipher_set_iv(&ctx, iv_local, LWIP_ARRAYSIZE(iv_local)) != 0) {
148*10465441SEvalZero       goto error;
149*10465441SEvalZero     }
150*10465441SEvalZero 
151*10465441SEvalZero     for (i = 0; i < length; i += 8) {
152*10465441SEvalZero       size_t j;
153*10465441SEvalZero       u8_t in_bytes[8];
154*10465441SEvalZero       out_len = LWIP_ARRAYSIZE(out_bytes) ;
155*10465441SEvalZero 
156*10465441SEvalZero       for (j = 0; j < LWIP_ARRAYSIZE(in_bytes); j++) {
157*10465441SEvalZero         snmp_pbuf_stream_read(&read_stream, &in_bytes[j]);
158*10465441SEvalZero       }
159*10465441SEvalZero 
160*10465441SEvalZero       if(mbedtls_cipher_update(&ctx, in_bytes, LWIP_ARRAYSIZE(in_bytes), out_bytes, &out_len) != 0) {
161*10465441SEvalZero         goto error;
162*10465441SEvalZero       }
163*10465441SEvalZero 
164*10465441SEvalZero       snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len);
165*10465441SEvalZero     }
166*10465441SEvalZero 
167*10465441SEvalZero     out_len = LWIP_ARRAYSIZE(out_bytes);
168*10465441SEvalZero     if(mbedtls_cipher_finish(&ctx, out_bytes, &out_len) != 0) {
169*10465441SEvalZero       goto error;
170*10465441SEvalZero     }
171*10465441SEvalZero     snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len);
172*10465441SEvalZero   } else if (algo == SNMP_V3_PRIV_ALGO_AES) {
173*10465441SEvalZero     u8_t iv_local[16];
174*10465441SEvalZero 
175*10465441SEvalZero     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128);
176*10465441SEvalZero     if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
177*10465441SEvalZero       return ERR_ARG;
178*10465441SEvalZero     }
179*10465441SEvalZero     if(mbedtls_cipher_setkey(&ctx, key, 16*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
180*10465441SEvalZero       goto error;
181*10465441SEvalZero     }
182*10465441SEvalZero 
183*10465441SEvalZero     /*
184*10465441SEvalZero      * IV is the big endian concatenation of boots,
185*10465441SEvalZero      * uptime and priv param - see RFC3826.
186*10465441SEvalZero      */
187*10465441SEvalZero     iv_local[0 + 0] = (engine_boots >> 24) & 0xFF;
188*10465441SEvalZero     iv_local[0 + 1] = (engine_boots >> 16) & 0xFF;
189*10465441SEvalZero     iv_local[0 + 2] = (engine_boots >>  8) & 0xFF;
190*10465441SEvalZero     iv_local[0 + 3] = (engine_boots >>  0) & 0xFF;
191*10465441SEvalZero     iv_local[4 + 0] = (engine_time  >> 24) & 0xFF;
192*10465441SEvalZero     iv_local[4 + 1] = (engine_time  >> 16) & 0xFF;
193*10465441SEvalZero     iv_local[4 + 2] = (engine_time  >>  8) & 0xFF;
194*10465441SEvalZero     iv_local[4 + 3] = (engine_time  >>  0) & 0xFF;
195*10465441SEvalZero     SMEMCPY(iv_local + 8, priv_param, 8);
196*10465441SEvalZero     if(mbedtls_cipher_set_iv(&ctx, iv_local, LWIP_ARRAYSIZE(iv_local)) != 0) {
197*10465441SEvalZero       goto error;
198*10465441SEvalZero     }
199*10465441SEvalZero 
200*10465441SEvalZero     for (i = 0; i < length; i++) {
201*10465441SEvalZero       u8_t in_byte;
202*10465441SEvalZero       u8_t out_byte;
203*10465441SEvalZero       size_t out_len = sizeof(out_byte);
204*10465441SEvalZero 
205*10465441SEvalZero       snmp_pbuf_stream_read(&read_stream, &in_byte);
206*10465441SEvalZero       if(mbedtls_cipher_update(&ctx, &in_byte, sizeof(in_byte), &out_byte, &out_len) != 0) {
207*10465441SEvalZero         goto error;
208*10465441SEvalZero       }
209*10465441SEvalZero       snmp_pbuf_stream_write(&write_stream, out_byte);
210*10465441SEvalZero     }
211*10465441SEvalZero   } else {
212*10465441SEvalZero     return ERR_ARG;
213*10465441SEvalZero   }
214*10465441SEvalZero 
215*10465441SEvalZero   mbedtls_cipher_free(&ctx);
216*10465441SEvalZero   return ERR_OK;
217*10465441SEvalZero 
218*10465441SEvalZero error:
219*10465441SEvalZero   mbedtls_cipher_free(&ctx);
220*10465441SEvalZero   return ERR_OK;
221*10465441SEvalZero }
222*10465441SEvalZero 
223*10465441SEvalZero #endif /* LWIP_SNMP_V3_CRYPTO */
224*10465441SEvalZero 
225*10465441SEvalZero /* A.2.1. Password to Key Sample Code for MD5 */
226*10465441SEvalZero void
snmpv3_password_to_key_md5(const u8_t * password,u8_t passwordlen,const u8_t * engineID,u8_t engineLength,u8_t * key)227*10465441SEvalZero snmpv3_password_to_key_md5(
228*10465441SEvalZero     const u8_t *password,    /* IN */
229*10465441SEvalZero     u8_t        passwordlen, /* IN */
230*10465441SEvalZero     const u8_t *engineID,    /* IN  - pointer to snmpEngineID  */
231*10465441SEvalZero     u8_t        engineLength,/* IN  - length of snmpEngineID */
232*10465441SEvalZero     u8_t       *key)         /* OUT - pointer to caller 16-octet buffer */
233*10465441SEvalZero {
234*10465441SEvalZero   mbedtls_md5_context MD;
235*10465441SEvalZero   u8_t *cp, password_buf[64];
236*10465441SEvalZero   u32_t password_index = 0;
237*10465441SEvalZero   u8_t i;
238*10465441SEvalZero   u32_t count = 0;
239*10465441SEvalZero 
240*10465441SEvalZero   mbedtls_md5_init(&MD); /* initialize MD5 */
241*10465441SEvalZero   mbedtls_md5_starts(&MD);
242*10465441SEvalZero 
243*10465441SEvalZero   /**********************************************/
244*10465441SEvalZero   /* Use while loop until we've done 1 Megabyte */
245*10465441SEvalZero   /**********************************************/
246*10465441SEvalZero   while (count < 1048576) {
247*10465441SEvalZero     cp = password_buf;
248*10465441SEvalZero     for (i = 0; i < 64; i++) {
249*10465441SEvalZero       /*************************************************/
250*10465441SEvalZero       /* Take the next octet of the password, wrapping */
251*10465441SEvalZero       /* to the beginning of the password as necessary.*/
252*10465441SEvalZero       /*************************************************/
253*10465441SEvalZero       *cp++ = password[password_index++ % passwordlen];
254*10465441SEvalZero     }
255*10465441SEvalZero     mbedtls_md5_update(&MD, password_buf, 64);
256*10465441SEvalZero     count += 64;
257*10465441SEvalZero   }
258*10465441SEvalZero   mbedtls_md5_finish(&MD, key); /* tell MD5 we're done */
259*10465441SEvalZero 
260*10465441SEvalZero   /*****************************************************/
261*10465441SEvalZero   /* Now localize the key with the engineID and pass   */
262*10465441SEvalZero   /* through MD5 to produce final key                  */
263*10465441SEvalZero   /* May want to ensure that engineLength <= 32,       */
264*10465441SEvalZero   /* otherwise need to use a buffer larger than 64     */
265*10465441SEvalZero   /*****************************************************/
266*10465441SEvalZero   SMEMCPY(password_buf, key, 16);
267*10465441SEvalZero   MEMCPY(password_buf + 16, engineID, engineLength);
268*10465441SEvalZero   SMEMCPY(password_buf + 16 + engineLength, key, 16);
269*10465441SEvalZero 
270*10465441SEvalZero   mbedtls_md5_starts(&MD);
271*10465441SEvalZero   mbedtls_md5_update(&MD, password_buf, 32 + engineLength);
272*10465441SEvalZero   mbedtls_md5_finish(&MD, key);
273*10465441SEvalZero 
274*10465441SEvalZero   mbedtls_md5_free(&MD);
275*10465441SEvalZero   return;
276*10465441SEvalZero }
277*10465441SEvalZero 
278*10465441SEvalZero /* A.2.2. Password to Key Sample Code for SHA */
279*10465441SEvalZero void
snmpv3_password_to_key_sha(const u8_t * password,u8_t passwordlen,const u8_t * engineID,u8_t engineLength,u8_t * key)280*10465441SEvalZero snmpv3_password_to_key_sha(
281*10465441SEvalZero     const u8_t *password,    /* IN */
282*10465441SEvalZero     u8_t        passwordlen, /* IN */
283*10465441SEvalZero     const u8_t *engineID,    /* IN  - pointer to snmpEngineID  */
284*10465441SEvalZero     u8_t        engineLength,/* IN  - length of snmpEngineID */
285*10465441SEvalZero     u8_t       *key)         /* OUT - pointer to caller 20-octet buffer */
286*10465441SEvalZero {
287*10465441SEvalZero   mbedtls_sha1_context SH;
288*10465441SEvalZero   u8_t *cp, password_buf[72];
289*10465441SEvalZero   u32_t password_index = 0;
290*10465441SEvalZero   u8_t i;
291*10465441SEvalZero   u32_t count = 0;
292*10465441SEvalZero 
293*10465441SEvalZero   mbedtls_sha1_init(&SH); /* initialize SHA */
294*10465441SEvalZero   mbedtls_sha1_starts(&SH);
295*10465441SEvalZero 
296*10465441SEvalZero   /**********************************************/
297*10465441SEvalZero   /* Use while loop until we've done 1 Megabyte */
298*10465441SEvalZero   /**********************************************/
299*10465441SEvalZero   while (count < 1048576) {
300*10465441SEvalZero     cp = password_buf;
301*10465441SEvalZero     for (i = 0; i < 64; i++) {
302*10465441SEvalZero       /*************************************************/
303*10465441SEvalZero       /* Take the next octet of the password, wrapping */
304*10465441SEvalZero       /* to the beginning of the password as necessary.*/
305*10465441SEvalZero       /*************************************************/
306*10465441SEvalZero       *cp++ = password[password_index++ % passwordlen];
307*10465441SEvalZero     }
308*10465441SEvalZero     mbedtls_sha1_update(&SH, password_buf, 64);
309*10465441SEvalZero     count += 64;
310*10465441SEvalZero   }
311*10465441SEvalZero   mbedtls_sha1_finish(&SH, key); /* tell SHA we're done */
312*10465441SEvalZero 
313*10465441SEvalZero   /*****************************************************/
314*10465441SEvalZero   /* Now localize the key with the engineID and pass   */
315*10465441SEvalZero   /* through SHA to produce final key                  */
316*10465441SEvalZero   /* May want to ensure that engineLength <= 32,       */
317*10465441SEvalZero   /* otherwise need to use a buffer larger than 72     */
318*10465441SEvalZero   /*****************************************************/
319*10465441SEvalZero   SMEMCPY(password_buf, key, 20);
320*10465441SEvalZero   MEMCPY(password_buf + 20, engineID, engineLength);
321*10465441SEvalZero   SMEMCPY(password_buf + 20 + engineLength, key, 20);
322*10465441SEvalZero 
323*10465441SEvalZero   mbedtls_sha1_starts(&SH);
324*10465441SEvalZero   mbedtls_sha1_update(&SH, password_buf, 40 + engineLength);
325*10465441SEvalZero   mbedtls_sha1_finish(&SH, key);
326*10465441SEvalZero 
327*10465441SEvalZero   mbedtls_sha1_free(&SH);
328*10465441SEvalZero   return;
329*10465441SEvalZero }
330*10465441SEvalZero 
331*10465441SEvalZero #endif /* LWIP_SNMP && LWIP_SNMP_V3 && LWIP_SNMP_V3_MBEDTLS */
332