1*10465441SEvalZero /**
2*10465441SEvalZero * @file
3*10465441SEvalZero * SNMPv3 crypto/auth functions implemented for ARM mbedtls.
4*10465441SEvalZero */
5*10465441SEvalZero
6*10465441SEvalZero /*
7*10465441SEvalZero * Copyright (c) 2016 Elias Oenal and Dirk Ziegelmeier.
8*10465441SEvalZero * All rights reserved.
9*10465441SEvalZero *
10*10465441SEvalZero * Redistribution and use in source and binary forms, with or without modification,
11*10465441SEvalZero * are permitted provided that the following conditions are met:
12*10465441SEvalZero *
13*10465441SEvalZero * 1. Redistributions of source code must retain the above copyright notice,
14*10465441SEvalZero * this list of conditions and the following disclaimer.
15*10465441SEvalZero * 2. Redistributions in binary form must reproduce the above copyright notice,
16*10465441SEvalZero * this list of conditions and the following disclaimer in the documentation
17*10465441SEvalZero * and/or other materials provided with the distribution.
18*10465441SEvalZero * 3. The name of the author may not be used to endorse or promote products
19*10465441SEvalZero * derived from this software without specific prior written permission.
20*10465441SEvalZero *
21*10465441SEvalZero * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
22*10465441SEvalZero * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
23*10465441SEvalZero * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
24*10465441SEvalZero * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25*10465441SEvalZero * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
26*10465441SEvalZero * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27*10465441SEvalZero * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28*10465441SEvalZero * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
29*10465441SEvalZero * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
30*10465441SEvalZero * OF SUCH DAMAGE.
31*10465441SEvalZero *
32*10465441SEvalZero * Author: Elias Oenal <[email protected]>
33*10465441SEvalZero * Dirk Ziegelmeier <[email protected]>
34*10465441SEvalZero */
35*10465441SEvalZero
36*10465441SEvalZero #include "lwip/apps/snmpv3.h"
37*10465441SEvalZero #include "snmpv3_priv.h"
38*10465441SEvalZero #include "lwip/arch.h"
39*10465441SEvalZero #include "snmp_msg.h"
40*10465441SEvalZero #include "lwip/sys.h"
41*10465441SEvalZero #include <string.h>
42*10465441SEvalZero
43*10465441SEvalZero #if LWIP_SNMP && LWIP_SNMP_V3 && LWIP_SNMP_V3_MBEDTLS
44*10465441SEvalZero
45*10465441SEvalZero #include "mbedtls/md.h"
46*10465441SEvalZero #include "mbedtls/cipher.h"
47*10465441SEvalZero
48*10465441SEvalZero #include "mbedtls/md5.h"
49*10465441SEvalZero #include "mbedtls/sha1.h"
50*10465441SEvalZero
51*10465441SEvalZero err_t
snmpv3_auth(struct snmp_pbuf_stream * stream,u16_t length,const u8_t * key,snmpv3_auth_algo_t algo,u8_t * hmac_out)52*10465441SEvalZero snmpv3_auth(struct snmp_pbuf_stream *stream, u16_t length,
53*10465441SEvalZero const u8_t *key, snmpv3_auth_algo_t algo, u8_t *hmac_out)
54*10465441SEvalZero {
55*10465441SEvalZero u32_t i;
56*10465441SEvalZero u8_t key_len;
57*10465441SEvalZero const mbedtls_md_info_t *md_info;
58*10465441SEvalZero mbedtls_md_context_t ctx;
59*10465441SEvalZero struct snmp_pbuf_stream read_stream;
60*10465441SEvalZero snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
61*10465441SEvalZero
62*10465441SEvalZero if (algo == SNMP_V3_AUTH_ALGO_MD5) {
63*10465441SEvalZero md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
64*10465441SEvalZero key_len = SNMP_V3_MD5_LEN;
65*10465441SEvalZero } else if (algo == SNMP_V3_AUTH_ALGO_SHA) {
66*10465441SEvalZero md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
67*10465441SEvalZero key_len = SNMP_V3_SHA_LEN;
68*10465441SEvalZero } else {
69*10465441SEvalZero return ERR_ARG;
70*10465441SEvalZero }
71*10465441SEvalZero
72*10465441SEvalZero mbedtls_md_init(&ctx);
73*10465441SEvalZero if (mbedtls_md_setup(&ctx, md_info, 1) != 0) {
74*10465441SEvalZero return ERR_ARG;
75*10465441SEvalZero }
76*10465441SEvalZero
77*10465441SEvalZero if (mbedtls_md_hmac_starts(&ctx, key, key_len) != 0) {
78*10465441SEvalZero goto free_md;
79*10465441SEvalZero }
80*10465441SEvalZero
81*10465441SEvalZero for (i = 0; i < length; i++) {
82*10465441SEvalZero u8_t byte;
83*10465441SEvalZero
84*10465441SEvalZero if (snmp_pbuf_stream_read(&read_stream, &byte)) {
85*10465441SEvalZero goto free_md;
86*10465441SEvalZero }
87*10465441SEvalZero
88*10465441SEvalZero if (mbedtls_md_hmac_update(&ctx, &byte, 1) != 0) {
89*10465441SEvalZero goto free_md;
90*10465441SEvalZero }
91*10465441SEvalZero }
92*10465441SEvalZero
93*10465441SEvalZero if (mbedtls_md_hmac_finish(&ctx, hmac_out) != 0) {
94*10465441SEvalZero goto free_md;
95*10465441SEvalZero }
96*10465441SEvalZero
97*10465441SEvalZero mbedtls_md_free(&ctx);
98*10465441SEvalZero return ERR_OK;
99*10465441SEvalZero
100*10465441SEvalZero free_md:
101*10465441SEvalZero mbedtls_md_free(&ctx);
102*10465441SEvalZero return ERR_ARG;
103*10465441SEvalZero }
104*10465441SEvalZero
105*10465441SEvalZero #if LWIP_SNMP_V3_CRYPTO
106*10465441SEvalZero
107*10465441SEvalZero err_t
snmpv3_crypt(struct snmp_pbuf_stream * stream,u16_t length,const u8_t * key,const u8_t * priv_param,const u32_t engine_boots,const u32_t engine_time,snmpv3_priv_algo_t algo,snmpv3_priv_mode_t mode)108*10465441SEvalZero snmpv3_crypt(struct snmp_pbuf_stream *stream, u16_t length,
109*10465441SEvalZero const u8_t *key, const u8_t *priv_param, const u32_t engine_boots,
110*10465441SEvalZero const u32_t engine_time, snmpv3_priv_algo_t algo, snmpv3_priv_mode_t mode)
111*10465441SEvalZero {
112*10465441SEvalZero size_t i;
113*10465441SEvalZero mbedtls_cipher_context_t ctx;
114*10465441SEvalZero const mbedtls_cipher_info_t *cipher_info;
115*10465441SEvalZero
116*10465441SEvalZero struct snmp_pbuf_stream read_stream;
117*10465441SEvalZero struct snmp_pbuf_stream write_stream;
118*10465441SEvalZero snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
119*10465441SEvalZero snmp_pbuf_stream_init(&write_stream, stream->pbuf, stream->offset, stream->length);
120*10465441SEvalZero mbedtls_cipher_init(&ctx);
121*10465441SEvalZero
122*10465441SEvalZero if (algo == SNMP_V3_PRIV_ALGO_DES) {
123*10465441SEvalZero u8_t iv_local[8];
124*10465441SEvalZero u8_t out_bytes[8];
125*10465441SEvalZero size_t out_len;
126*10465441SEvalZero
127*10465441SEvalZero /* RFC 3414 mandates padding for DES */
128*10465441SEvalZero if ((length & 0x07) != 0) {
129*10465441SEvalZero return ERR_ARG;
130*10465441SEvalZero }
131*10465441SEvalZero
132*10465441SEvalZero cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC);
133*10465441SEvalZero if (mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
134*10465441SEvalZero return ERR_ARG;
135*10465441SEvalZero }
136*10465441SEvalZero if (mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) {
137*10465441SEvalZero return ERR_ARG;
138*10465441SEvalZero }
139*10465441SEvalZero if (mbedtls_cipher_setkey(&ctx, key, 8 * 8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
140*10465441SEvalZero goto error;
141*10465441SEvalZero }
142*10465441SEvalZero
143*10465441SEvalZero /* Prepare IV */
144*10465441SEvalZero for (i = 0; i < LWIP_ARRAYSIZE(iv_local); i++) {
145*10465441SEvalZero iv_local[i] = priv_param[i] ^ key[i + 8];
146*10465441SEvalZero }
147*10465441SEvalZero if (mbedtls_cipher_set_iv(&ctx, iv_local, LWIP_ARRAYSIZE(iv_local)) != 0) {
148*10465441SEvalZero goto error;
149*10465441SEvalZero }
150*10465441SEvalZero
151*10465441SEvalZero for (i = 0; i < length; i += 8) {
152*10465441SEvalZero size_t j;
153*10465441SEvalZero u8_t in_bytes[8];
154*10465441SEvalZero out_len = LWIP_ARRAYSIZE(out_bytes) ;
155*10465441SEvalZero
156*10465441SEvalZero for (j = 0; j < LWIP_ARRAYSIZE(in_bytes); j++) {
157*10465441SEvalZero if (snmp_pbuf_stream_read(&read_stream, &in_bytes[j]) != ERR_OK) {
158*10465441SEvalZero goto error;
159*10465441SEvalZero }
160*10465441SEvalZero }
161*10465441SEvalZero
162*10465441SEvalZero if (mbedtls_cipher_update(&ctx, in_bytes, LWIP_ARRAYSIZE(in_bytes), out_bytes, &out_len) != 0) {
163*10465441SEvalZero goto error;
164*10465441SEvalZero }
165*10465441SEvalZero
166*10465441SEvalZero if (snmp_pbuf_stream_writebuf(&write_stream, out_bytes, (u16_t)out_len) != ERR_OK) {
167*10465441SEvalZero goto error;
168*10465441SEvalZero }
169*10465441SEvalZero }
170*10465441SEvalZero
171*10465441SEvalZero out_len = LWIP_ARRAYSIZE(out_bytes);
172*10465441SEvalZero if (mbedtls_cipher_finish(&ctx, out_bytes, &out_len) != 0) {
173*10465441SEvalZero goto error;
174*10465441SEvalZero }
175*10465441SEvalZero
176*10465441SEvalZero if (snmp_pbuf_stream_writebuf(&write_stream, out_bytes, (u16_t)out_len) != ERR_OK) {
177*10465441SEvalZero goto error;
178*10465441SEvalZero }
179*10465441SEvalZero } else if (algo == SNMP_V3_PRIV_ALGO_AES) {
180*10465441SEvalZero u8_t iv_local[16];
181*10465441SEvalZero
182*10465441SEvalZero cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128);
183*10465441SEvalZero if (mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
184*10465441SEvalZero return ERR_ARG;
185*10465441SEvalZero }
186*10465441SEvalZero if (mbedtls_cipher_setkey(&ctx, key, 16 * 8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
187*10465441SEvalZero goto error;
188*10465441SEvalZero }
189*10465441SEvalZero
190*10465441SEvalZero /*
191*10465441SEvalZero * IV is the big endian concatenation of boots,
192*10465441SEvalZero * uptime and priv param - see RFC3826.
193*10465441SEvalZero */
194*10465441SEvalZero iv_local[0 + 0] = (engine_boots >> 24) & 0xFF;
195*10465441SEvalZero iv_local[0 + 1] = (engine_boots >> 16) & 0xFF;
196*10465441SEvalZero iv_local[0 + 2] = (engine_boots >> 8) & 0xFF;
197*10465441SEvalZero iv_local[0 + 3] = (engine_boots >> 0) & 0xFF;
198*10465441SEvalZero iv_local[4 + 0] = (engine_time >> 24) & 0xFF;
199*10465441SEvalZero iv_local[4 + 1] = (engine_time >> 16) & 0xFF;
200*10465441SEvalZero iv_local[4 + 2] = (engine_time >> 8) & 0xFF;
201*10465441SEvalZero iv_local[4 + 3] = (engine_time >> 0) & 0xFF;
202*10465441SEvalZero SMEMCPY(iv_local + 8, priv_param, 8);
203*10465441SEvalZero if (mbedtls_cipher_set_iv(&ctx, iv_local, LWIP_ARRAYSIZE(iv_local)) != 0) {
204*10465441SEvalZero goto error;
205*10465441SEvalZero }
206*10465441SEvalZero
207*10465441SEvalZero for (i = 0; i < length; i++) {
208*10465441SEvalZero u8_t in_byte;
209*10465441SEvalZero u8_t out_byte;
210*10465441SEvalZero size_t out_len = sizeof(out_byte);
211*10465441SEvalZero
212*10465441SEvalZero if (snmp_pbuf_stream_read(&read_stream, &in_byte) != ERR_OK) {
213*10465441SEvalZero goto error;
214*10465441SEvalZero }
215*10465441SEvalZero if (mbedtls_cipher_update(&ctx, &in_byte, sizeof(in_byte), &out_byte, &out_len) != 0) {
216*10465441SEvalZero goto error;
217*10465441SEvalZero }
218*10465441SEvalZero if (snmp_pbuf_stream_write(&write_stream, out_byte) != ERR_OK) {
219*10465441SEvalZero goto error;
220*10465441SEvalZero }
221*10465441SEvalZero }
222*10465441SEvalZero } else {
223*10465441SEvalZero return ERR_ARG;
224*10465441SEvalZero }
225*10465441SEvalZero
226*10465441SEvalZero mbedtls_cipher_free(&ctx);
227*10465441SEvalZero return ERR_OK;
228*10465441SEvalZero
229*10465441SEvalZero error:
230*10465441SEvalZero mbedtls_cipher_free(&ctx);
231*10465441SEvalZero return ERR_OK;
232*10465441SEvalZero }
233*10465441SEvalZero
234*10465441SEvalZero #endif /* LWIP_SNMP_V3_CRYPTO */
235*10465441SEvalZero
236*10465441SEvalZero /* A.2.1. Password to Key Sample Code for MD5 */
237*10465441SEvalZero void
snmpv3_password_to_key_md5(const u8_t * password,size_t passwordlen,const u8_t * engineID,u8_t engineLength,u8_t * key)238*10465441SEvalZero snmpv3_password_to_key_md5(
239*10465441SEvalZero const u8_t *password, /* IN */
240*10465441SEvalZero size_t passwordlen, /* IN */
241*10465441SEvalZero const u8_t *engineID, /* IN - pointer to snmpEngineID */
242*10465441SEvalZero u8_t engineLength,/* IN - length of snmpEngineID */
243*10465441SEvalZero u8_t *key) /* OUT - pointer to caller 16-octet buffer */
244*10465441SEvalZero {
245*10465441SEvalZero mbedtls_md5_context MD;
246*10465441SEvalZero u8_t *cp, password_buf[64];
247*10465441SEvalZero u32_t password_index = 0;
248*10465441SEvalZero u8_t i;
249*10465441SEvalZero u32_t count = 0;
250*10465441SEvalZero
251*10465441SEvalZero mbedtls_md5_init(&MD); /* initialize MD5 */
252*10465441SEvalZero mbedtls_md5_starts(&MD);
253*10465441SEvalZero
254*10465441SEvalZero /**********************************************/
255*10465441SEvalZero /* Use while loop until we've done 1 Megabyte */
256*10465441SEvalZero /**********************************************/
257*10465441SEvalZero while (count < 1048576) {
258*10465441SEvalZero cp = password_buf;
259*10465441SEvalZero for (i = 0; i < 64; i++) {
260*10465441SEvalZero /*************************************************/
261*10465441SEvalZero /* Take the next octet of the password, wrapping */
262*10465441SEvalZero /* to the beginning of the password as necessary.*/
263*10465441SEvalZero /*************************************************/
264*10465441SEvalZero *cp++ = password[password_index++ % passwordlen];
265*10465441SEvalZero }
266*10465441SEvalZero mbedtls_md5_update(&MD, password_buf, 64);
267*10465441SEvalZero count += 64;
268*10465441SEvalZero }
269*10465441SEvalZero mbedtls_md5_finish(&MD, key); /* tell MD5 we're done */
270*10465441SEvalZero
271*10465441SEvalZero /*****************************************************/
272*10465441SEvalZero /* Now localize the key with the engineID and pass */
273*10465441SEvalZero /* through MD5 to produce final key */
274*10465441SEvalZero /* May want to ensure that engineLength <= 32, */
275*10465441SEvalZero /* otherwise need to use a buffer larger than 64 */
276*10465441SEvalZero /*****************************************************/
277*10465441SEvalZero SMEMCPY(password_buf, key, 16);
278*10465441SEvalZero MEMCPY(password_buf + 16, engineID, engineLength);
279*10465441SEvalZero SMEMCPY(password_buf + 16 + engineLength, key, 16);
280*10465441SEvalZero
281*10465441SEvalZero mbedtls_md5_starts(&MD);
282*10465441SEvalZero mbedtls_md5_update(&MD, password_buf, 32 + engineLength);
283*10465441SEvalZero mbedtls_md5_finish(&MD, key);
284*10465441SEvalZero
285*10465441SEvalZero mbedtls_md5_free(&MD);
286*10465441SEvalZero return;
287*10465441SEvalZero }
288*10465441SEvalZero
289*10465441SEvalZero /* A.2.2. Password to Key Sample Code for SHA */
290*10465441SEvalZero void
snmpv3_password_to_key_sha(const u8_t * password,size_t passwordlen,const u8_t * engineID,u8_t engineLength,u8_t * key)291*10465441SEvalZero snmpv3_password_to_key_sha(
292*10465441SEvalZero const u8_t *password, /* IN */
293*10465441SEvalZero size_t passwordlen, /* IN */
294*10465441SEvalZero const u8_t *engineID, /* IN - pointer to snmpEngineID */
295*10465441SEvalZero u8_t engineLength,/* IN - length of snmpEngineID */
296*10465441SEvalZero u8_t *key) /* OUT - pointer to caller 20-octet buffer */
297*10465441SEvalZero {
298*10465441SEvalZero mbedtls_sha1_context SH;
299*10465441SEvalZero u8_t *cp, password_buf[72];
300*10465441SEvalZero u32_t password_index = 0;
301*10465441SEvalZero u8_t i;
302*10465441SEvalZero u32_t count = 0;
303*10465441SEvalZero
304*10465441SEvalZero mbedtls_sha1_init(&SH); /* initialize SHA */
305*10465441SEvalZero mbedtls_sha1_starts(&SH);
306*10465441SEvalZero
307*10465441SEvalZero /**********************************************/
308*10465441SEvalZero /* Use while loop until we've done 1 Megabyte */
309*10465441SEvalZero /**********************************************/
310*10465441SEvalZero while (count < 1048576) {
311*10465441SEvalZero cp = password_buf;
312*10465441SEvalZero for (i = 0; i < 64; i++) {
313*10465441SEvalZero /*************************************************/
314*10465441SEvalZero /* Take the next octet of the password, wrapping */
315*10465441SEvalZero /* to the beginning of the password as necessary.*/
316*10465441SEvalZero /*************************************************/
317*10465441SEvalZero *cp++ = password[password_index++ % passwordlen];
318*10465441SEvalZero }
319*10465441SEvalZero mbedtls_sha1_update(&SH, password_buf, 64);
320*10465441SEvalZero count += 64;
321*10465441SEvalZero }
322*10465441SEvalZero mbedtls_sha1_finish(&SH, key); /* tell SHA we're done */
323*10465441SEvalZero
324*10465441SEvalZero /*****************************************************/
325*10465441SEvalZero /* Now localize the key with the engineID and pass */
326*10465441SEvalZero /* through SHA to produce final key */
327*10465441SEvalZero /* May want to ensure that engineLength <= 32, */
328*10465441SEvalZero /* otherwise need to use a buffer larger than 72 */
329*10465441SEvalZero /*****************************************************/
330*10465441SEvalZero SMEMCPY(password_buf, key, 20);
331*10465441SEvalZero MEMCPY(password_buf + 20, engineID, engineLength);
332*10465441SEvalZero SMEMCPY(password_buf + 20 + engineLength, key, 20);
333*10465441SEvalZero
334*10465441SEvalZero mbedtls_sha1_starts(&SH);
335*10465441SEvalZero mbedtls_sha1_update(&SH, password_buf, 40 + engineLength);
336*10465441SEvalZero mbedtls_sha1_finish(&SH, key);
337*10465441SEvalZero
338*10465441SEvalZero mbedtls_sha1_free(&SH);
339*10465441SEvalZero return;
340*10465441SEvalZero }
341*10465441SEvalZero
342*10465441SEvalZero #endif /* LWIP_SNMP && LWIP_SNMP_V3 && LWIP_SNMP_V3_MBEDTLS */
343