diff --git a/src/Filelists.mk b/src/Filelists.mk index 2730e878..84ddc211 100644 --- a/src/Filelists.mk +++ b/src/Filelists.mk @@ -148,8 +148,7 @@ SNMPFILES=$(LWIPDIR)/apps/snmp/snmp_asn1.c \ $(LWIPDIR)/apps/snmp/snmp_table.c \ $(LWIPDIR)/apps/snmp/snmp_threadsync.c \ $(LWIPDIR)/apps/snmp/snmp_traps.c \ - $(LWIPDIR)/apps/snmp/snmpv3_mbedtls.c \ - $(LWIPDIR)/apps/snmp/snmpv3_dummy.c + $(LWIPDIR)/apps/snmp/snmpv3_mbedtls.c # HTTPDFILES: HTTP server HTTPDFILES=$(LWIPDIR)/apps/httpd/fs.c \ diff --git a/src/apps/snmp/snmpv3_dummy.c b/src/apps/snmp/snmpv3_dummy.c deleted file mode 100644 index 200b7c59..00000000 --- a/src/apps/snmp/snmpv3_dummy.c +++ /dev/null @@ -1,396 +0,0 @@ -/** - * @file - * Dummy SNMPv3 functions. - */ - -/* - * Copyright (c) 2016 Elias Oenal. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT - * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. - * - * Author: Elias Oenal - * Dirk Ziegelmeier - */ - -#include "lwip/apps/snmpv3.h" -#include "snmpv3_priv.h" -#include "snmpv3_dummy.h" -#include -#include "lwip/err.h" -#include "lwip/def.h" -#include "lwip/timeouts.h" - -#if LWIP_SNMP && LWIP_SNMP_V3 - -struct user_table_entry { - char username[32]; - snmpv3_auth_algo_t auth_algo; - u8_t auth_key[20]; - snmpv3_priv_algo_t priv_algo; - u8_t priv_key[20]; -}; - -static struct user_table_entry user_table[] = { - { "lwip", SNMP_V3_AUTH_ALGO_INVAL, "" , SNMP_V3_PRIV_ALGO_INVAL, "" }, - { "piwl", SNMP_V3_AUTH_ALGO_INVAL, "" , SNMP_V3_PRIV_ALGO_INVAL, "" }, - { "test", SNMP_V3_AUTH_ALGO_INVAL, "" , SNMP_V3_PRIV_ALGO_INVAL, "" } -}; - -static char snmpv3_engineid[32]; -static u8_t snmpv3_engineid_len; - -static u32_t enginetime = 0; - -/* In this implementation engineboots is volatile. In a real world application this value should be stored in non-volatile memory.*/ -static u32_t engineboots = 0; - -/** - * @brief Get the user table entry for the given username. - * - * @param[in] username pointer to the username - * - * @return pointer to the user table entry or NULL if not found. - */ -static struct user_table_entry* -get_user(const char *username) -{ - size_t i; - - for (i = 0; i < LWIP_ARRAYSIZE(user_table); i++) { - if (strnlen(username, 32) != strnlen(user_table[i].username, 32)) { - continue; - } - - if (memcmp(username, user_table[i].username, strnlen(username, 32)) == 0) { - return &user_table[i]; - } - } - - return NULL; -} - -u8_t -snmpv3_get_amount_of_users(void) -{ - return LWIP_ARRAYSIZE(user_table); -} - -/** - * @brief Get the username of a user number (index) - * @param username is a pointer to a string. - * @param index is the user index. - * @return ERR_OK if user is found, ERR_VAL is user is not found. - */ -err_t -snmpv3_get_username(char *username, u8_t index) -{ - if (index < LWIP_ARRAYSIZE(user_table)) { - MEMCPY(username, user_table[index].username, sizeof(user_table[0].username)); - return ERR_OK; - } - - return ERR_VAL; -} - -/** - * Timer callback function that increments enginetime and reschedules itself. - * - * @param arg unused argument - */ -void -snmpv3_enginetime_timer(void *arg) -{ - LWIP_UNUSED_ARG(arg); - - enginetime++; - - /* This handles the engine time reset */ - snmpv3_get_engine_time_internal(); - - /* restart timer */ - sys_timeout(1000, snmpv3_enginetime_timer, NULL); -} - -err_t -snmpv3_set_user_auth_algo(const char *username, snmpv3_auth_algo_t algo) -{ - struct user_table_entry *p = get_user(username); - - if (p) { - switch (algo) { - case SNMP_V3_AUTH_ALGO_INVAL: - if (p->priv_algo != SNMP_V3_PRIV_ALGO_INVAL) { - /* Privacy MUST be disabled before configuring authentication */ - break; - } -#if LWIP_SNMP_V3_CRYPTO - case SNMP_V3_AUTH_ALGO_MD5: - case SNMP_V3_AUTH_ALGO_SHA: -#endif - p->auth_algo = algo; - return ERR_OK; - default: - break; - } - } - - return ERR_VAL; -} - -err_t -snmpv3_set_user_priv_algo(const char *username, snmpv3_priv_algo_t algo) -{ - struct user_table_entry *p = get_user(username); - - if (p) { - switch (algo) { -#if LWIP_SNMP_V3_CRYPTO - case SNMP_V3_PRIV_ALGO_AES: - case SNMP_V3_PRIV_ALGO_DES: - if (p->auth_algo == SNMP_V3_AUTH_ALGO_INVAL) { - /* Authentication MUST be enabled before configuring privacy */ - break; - } -#endif - case SNMP_V3_PRIV_ALGO_INVAL: - p->priv_algo = algo; - return ERR_OK; - default: - break; - } - } - - return ERR_VAL; -} - -err_t -snmpv3_set_user_auth_key(const char *username, const char *password) -{ - struct user_table_entry *p = get_user(username); - const char *engineid; - u8_t engineid_len; - - if (p) { - /* password should be at least 8 characters long */ - if (strlen(password) >= 8) { - memset(p->auth_key, 0, sizeof(p->auth_key)); - snmpv3_get_engine_id(&engineid, &engineid_len); - switch (p->auth_algo) { - case SNMP_V3_AUTH_ALGO_INVAL: - return ERR_OK; -#if LWIP_SNMP_V3_CRYPTO - case SNMP_V3_AUTH_ALGO_MD5: - snmpv3_password_to_key_md5((const u8_t*)password, strlen(password), (const u8_t*)engineid, engineid_len, p->auth_key); - return ERR_OK; - case SNMP_V3_AUTH_ALGO_SHA: - snmpv3_password_to_key_sha((const u8_t*)password, strlen(password), (const u8_t*)engineid, engineid_len, p->auth_key); - return ERR_OK; -#endif - default: - return ERR_VAL; - } - } - } - - return ERR_VAL; -} - -err_t -snmpv3_set_user_priv_key(const char *username, const char *password) -{ - struct user_table_entry *p = get_user(username); - const char *engineid; - u8_t engineid_len; - - if (p) { - /* password should be at least 8 characters long */ - if (strlen(password) >= 8) { - memset(p->priv_key, 0, sizeof(p->priv_key)); - snmpv3_get_engine_id(&engineid, &engineid_len); - switch (p->auth_algo) { - case SNMP_V3_AUTH_ALGO_INVAL: - return ERR_OK; -#if LWIP_SNMP_V3_CRYPTO - case SNMP_V3_AUTH_ALGO_MD5: - snmpv3_password_to_key_md5((const u8_t*)password, strlen(password), (const u8_t*)engineid, engineid_len, p->priv_key); - return ERR_OK; - case SNMP_V3_AUTH_ALGO_SHA: - snmpv3_password_to_key_sha((const u8_t*)password, strlen(password), (const u8_t*)engineid, engineid_len, p->priv_key); - return ERR_OK; -#endif - default: - return ERR_VAL; - } - } - } - - return ERR_VAL; -} - -/** - * @brief Get the storage type of the given username. - * - * @param[in] username pointer to the username - * @param[out] type the storage type - * - * @return ERR_OK if the user was found, ERR_VAL if not. - */ -err_t -snmpv3_get_user_storagetype(const char *username, snmpv3_user_storagetype_t *type) -{ - if (get_user(username) != NULL) { - /* Found user in user table - * In this dummy implementation, storage is permanent because no user can be deleted. - * All changes to users are lost after a reboot.*/ - *type = SNMP_V3_USER_STORAGETYPE_PERMANENT; - return ERR_OK; - } - - return ERR_VAL; -} - -/** - * @param username is a pointer to a string. - * @param auth_algo is a pointer to u8_t. The implementation has to set this if user was found. - * @param auth_key is a pointer to a pointer to a string. Implementation has to set this if user was found. - * @param priv_algo is a pointer to u8_t. The implementation has to set this if user was found. - * @param priv_key is a pointer to a pointer to a string. Implementation has to set this if user was found. - */ -err_t -snmpv3_get_user(const char* username, snmpv3_auth_algo_t *auth_algo, u8_t *auth_key, snmpv3_priv_algo_t *priv_algo, u8_t *priv_key) -{ - const struct user_table_entry *p; - - /* The msgUserName specifies the user (principal) on whose behalf the - message is being exchanged. Note that a zero-length userName will - not match any user, but it can be used for snmpEngineID discovery. */ - if(strlen(username) == 0) { - return ERR_OK; - } - - p = get_user(username); - - if (!p) { - return ERR_VAL; - } - - if (auth_algo != NULL) { - *auth_algo = p->auth_algo; - } - if(auth_key != NULL) { - MEMCPY(auth_key, p->auth_key, sizeof(p->auth_key)); - } - if (priv_algo != NULL) { - *priv_algo = p->priv_algo; - } - if(priv_key != NULL) { - MEMCPY(priv_key, p->priv_key, sizeof(p->priv_key)); - } - return ERR_OK; -} - -/** - * Get engine ID from persistence - * @param id - * @param len - */ -void -snmpv3_get_engine_id(const char **id, u8_t *len) -{ - *id = snmpv3_engineid; - *len = snmpv3_engineid_len; -} - -/** - * Store engine ID in persistence - * @param id - * @param len - */ -err_t -snmpv3_set_engine_id(const char *id, u8_t len) -{ - MEMCPY(snmpv3_engineid, id, len); - snmpv3_engineid_len = len; - return ERR_OK; -} - -/** - * Get engine boots from persistence. Must be increased on each boot. - * @return - */ -u32_t -snmpv3_get_engine_boots(void) -{ - return engineboots; -} - -/** - * Store engine boots in persistence - * @param boots - */ -void -snmpv3_set_engine_boots(u32_t boots) -{ - engineboots = boots; -} - -/** - * RFC3414 2.2.2. - * Once the timer reaches 2147483647 it gets reset to zero and the - * engine boot ups get incremented. - */ -u32_t -snmpv3_get_engine_time(void) -{ - return enginetime; -} - -/** - * Reset current engine time to 0 - */ -void -snmpv3_reset_engine_time(void) -{ - enginetime = 0; -} - -/** - * Initialize dummy SNMPv3 implementation - */ -void -snmpv3_dummy_init(void) -{ - snmpv3_set_engine_id("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02", 12); - - snmpv3_set_user_auth_algo("lwip", SNMP_V3_AUTH_ALGO_SHA); - snmpv3_set_user_auth_key("lwip", "maplesyrup"); - - snmpv3_set_user_priv_algo("lwip", SNMP_V3_PRIV_ALGO_DES); - snmpv3_set_user_priv_key("lwip", "maplesyrup"); - - /* Start the engine time timer */ - snmpv3_enginetime_timer(NULL); -} - -#endif /* LWIP_SNMP && LWIP_SNMP_V3 */ diff --git a/src/apps/snmp/snmpv3_dummy.h b/src/apps/snmp/snmpv3_dummy.h deleted file mode 100644 index 82173700..00000000 --- a/src/apps/snmp/snmpv3_dummy.h +++ /dev/null @@ -1,52 +0,0 @@ -/** - * @file - * Dummy SNMPv3 functions. - */ - -/* - * Copyright (c) 2017 Dirk Ziegelmeier. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT - * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. - * - * Author: Dirk Ziegelmeier - */ - -#ifndef LWIP_HDR_APPS_SNMP_V3_DUMMY_H -#define LWIP_HDR_APPS_SNMP_V3_DUMMY_H - -#include "lwip/apps/snmp_opts.h" -#include "lwip/err.h" - -#if LWIP_SNMP && LWIP_SNMP_V3 - -err_t snmpv3_set_user_auth_algo(const char *username, snmpv3_auth_algo_t algo); -err_t snmpv3_set_user_priv_algo(const char *username, snmpv3_priv_algo_t algo); -err_t snmpv3_set_user_auth_key(const char *username, const char *password); -err_t snmpv3_set_user_priv_key(const char *username, const char *password); - -void snmpv3_dummy_init(void); - -#endif /* LWIP_SNMP && LWIP_SNMP_V3 */ - -#endif /* LWIP_HDR_APPS_SNMP_V3_DUMMY_H */ diff --git a/src/apps/snmp/snmpv3_priv.h b/src/apps/snmp/snmpv3_priv.h index 879fb664..aa25d2bc 100644 --- a/src/apps/snmp/snmpv3_priv.h +++ b/src/apps/snmp/snmpv3_priv.h @@ -67,7 +67,6 @@ typedef enum } snmpv3_priv_mode_t; s32_t snmpv3_get_engine_boots_internal(void); -s32_t snmpv3_get_engine_time_internal(void); err_t snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length, const u8_t* key, snmpv3_auth_algo_t algo, u8_t* hmac_out); err_t snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length, const u8_t* key, const u8_t* priv_param, const u32_t engine_boots, const u32_t engine_time, snmpv3_priv_algo_t algo, snmpv3_priv_mode_t mode); diff --git a/src/include/lwip/apps/snmpv3.h b/src/include/lwip/apps/snmpv3.h index 459b2cc4..ef92724d 100644 --- a/src/include/lwip/apps/snmpv3.h +++ b/src/include/lwip/apps/snmpv3.h @@ -85,6 +85,7 @@ err_t snmpv3_get_username(char *username, u8_t index); /* The following functions are provided by the SNMPv3 agent */ void snmpv3_engine_id_changed(void); +s32_t snmpv3_get_engine_time_internal(void); void snmpv3_password_to_key_md5( const u8_t *password, /* IN */