ON Semiconductor
/
mbed-os
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: mbed-TFT-example-NCS36510 mbed-Accelerometer-example-NCS36510 mbed-Accelerometer-example-NCS36510
features/FEATURE_LWIP/lwip-interface/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c@0:098463de4c5d, 2017-01-25 (annotated)
- Committer:
- group-onsemi
- Date:
- Wed Jan 25 20:34:15 2017 +0000
- Revision:
- 0:098463de4c5d
Initial commit
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| group-onsemi | 0:098463de4c5d | 1 | /** |
| group-onsemi | 0:098463de4c5d | 2 | * @file |
| group-onsemi | 0:098463de4c5d | 3 | * SNMPv3 crypto/auth functions implemented for ARM mbedtls. |
| group-onsemi | 0:098463de4c5d | 4 | */ |
| group-onsemi | 0:098463de4c5d | 5 | |
| group-onsemi | 0:098463de4c5d | 6 | /* |
| group-onsemi | 0:098463de4c5d | 7 | * Copyright (c) 2016 Elias Oenal and Dirk Ziegelmeier. |
| group-onsemi | 0:098463de4c5d | 8 | * All rights reserved. |
| group-onsemi | 0:098463de4c5d | 9 | * |
| group-onsemi | 0:098463de4c5d | 10 | * Redistribution and use in source and binary forms, with or without modification, |
| group-onsemi | 0:098463de4c5d | 11 | * are permitted provided that the following conditions are met: |
| group-onsemi | 0:098463de4c5d | 12 | * |
| group-onsemi | 0:098463de4c5d | 13 | * 1. Redistributions of source code must retain the above copyright notice, |
| group-onsemi | 0:098463de4c5d | 14 | * this list of conditions and the following disclaimer. |
| group-onsemi | 0:098463de4c5d | 15 | * 2. Redistributions in binary form must reproduce the above copyright notice, |
| group-onsemi | 0:098463de4c5d | 16 | * this list of conditions and the following disclaimer in the documentation |
| group-onsemi | 0:098463de4c5d | 17 | * and/or other materials provided with the distribution. |
| group-onsemi | 0:098463de4c5d | 18 | * 3. The name of the author may not be used to endorse or promote products |
| group-onsemi | 0:098463de4c5d | 19 | * derived from this software without specific prior written permission. |
| group-onsemi | 0:098463de4c5d | 20 | * |
| group-onsemi | 0:098463de4c5d | 21 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED |
| group-onsemi | 0:098463de4c5d | 22 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| group-onsemi | 0:098463de4c5d | 23 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT |
| group-onsemi | 0:098463de4c5d | 24 | * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| group-onsemi | 0:098463de4c5d | 25 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT |
| group-onsemi | 0:098463de4c5d | 26 | * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| group-onsemi | 0:098463de4c5d | 27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| group-onsemi | 0:098463de4c5d | 28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING |
| group-onsemi | 0:098463de4c5d | 29 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY |
| group-onsemi | 0:098463de4c5d | 30 | * OF SUCH DAMAGE. |
| group-onsemi | 0:098463de4c5d | 31 | * |
| group-onsemi | 0:098463de4c5d | 32 | * Author: Elias Oenal <lwip@eliasoenal.com> |
| group-onsemi | 0:098463de4c5d | 33 | * Dirk Ziegelmeier <dirk@ziegelmeier.net> |
| group-onsemi | 0:098463de4c5d | 34 | */ |
| group-onsemi | 0:098463de4c5d | 35 | |
| group-onsemi | 0:098463de4c5d | 36 | #include "lwip/apps/snmpv3.h" |
| group-onsemi | 0:098463de4c5d | 37 | #include "snmpv3_priv.h" |
| group-onsemi | 0:098463de4c5d | 38 | #include "lwip/arch.h" |
| group-onsemi | 0:098463de4c5d | 39 | #include "snmp_msg.h" |
| group-onsemi | 0:098463de4c5d | 40 | #include "lwip/sys.h" |
| group-onsemi | 0:098463de4c5d | 41 | #include <string.h> |
| group-onsemi | 0:098463de4c5d | 42 | |
| group-onsemi | 0:098463de4c5d | 43 | #if LWIP_SNMP && LWIP_SNMP_V3 && LWIP_SNMP_V3_MBEDTLS |
| group-onsemi | 0:098463de4c5d | 44 | |
| group-onsemi | 0:098463de4c5d | 45 | #include "mbedtls/md.h" |
| group-onsemi | 0:098463de4c5d | 46 | #include "mbedtls/cipher.h" |
| group-onsemi | 0:098463de4c5d | 47 | |
| group-onsemi | 0:098463de4c5d | 48 | #include "mbedtls/md5.h" |
| group-onsemi | 0:098463de4c5d | 49 | #include "mbedtls/sha1.h" |
| group-onsemi | 0:098463de4c5d | 50 | |
| group-onsemi | 0:098463de4c5d | 51 | err_t |
| group-onsemi | 0:098463de4c5d | 52 | snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length, |
| group-onsemi | 0:098463de4c5d | 53 | const u8_t* key, u8_t algo, u8_t* hmac_out) |
| group-onsemi | 0:098463de4c5d | 54 | { |
| group-onsemi | 0:098463de4c5d | 55 | u32_t i; |
| group-onsemi | 0:098463de4c5d | 56 | u8_t key_len; |
| group-onsemi | 0:098463de4c5d | 57 | const mbedtls_md_info_t *md_info; |
| group-onsemi | 0:098463de4c5d | 58 | mbedtls_md_context_t ctx; |
| group-onsemi | 0:098463de4c5d | 59 | struct snmp_pbuf_stream read_stream; |
| group-onsemi | 0:098463de4c5d | 60 | snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length); |
| group-onsemi | 0:098463de4c5d | 61 | |
| group-onsemi | 0:098463de4c5d | 62 | if (algo == SNMP_V3_AUTH_ALGO_MD5) { |
| group-onsemi | 0:098463de4c5d | 63 | md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5); |
| group-onsemi | 0:098463de4c5d | 64 | key_len = SNMP_V3_MD5_LEN; |
| group-onsemi | 0:098463de4c5d | 65 | } else if (algo == SNMP_V3_AUTH_ALGO_SHA) { |
| group-onsemi | 0:098463de4c5d | 66 | md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); |
| group-onsemi | 0:098463de4c5d | 67 | key_len = SNMP_V3_SHA_LEN; |
| group-onsemi | 0:098463de4c5d | 68 | } else { |
| group-onsemi | 0:098463de4c5d | 69 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 70 | } |
| group-onsemi | 0:098463de4c5d | 71 | |
| group-onsemi | 0:098463de4c5d | 72 | mbedtls_md_init(&ctx); |
| group-onsemi | 0:098463de4c5d | 73 | if(mbedtls_md_setup(&ctx, md_info, 1) != 0) { |
| group-onsemi | 0:098463de4c5d | 74 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 75 | } |
| group-onsemi | 0:098463de4c5d | 76 | |
| group-onsemi | 0:098463de4c5d | 77 | if (mbedtls_md_hmac_starts(&ctx, key, key_len) != 0) { |
| group-onsemi | 0:098463de4c5d | 78 | goto free_md; |
| group-onsemi | 0:098463de4c5d | 79 | } |
| group-onsemi | 0:098463de4c5d | 80 | |
| group-onsemi | 0:098463de4c5d | 81 | for (i = 0; i < length; i++) { |
| group-onsemi | 0:098463de4c5d | 82 | u8_t byte; |
| group-onsemi | 0:098463de4c5d | 83 | |
| group-onsemi | 0:098463de4c5d | 84 | if (snmp_pbuf_stream_read(&read_stream, &byte)) { |
| group-onsemi | 0:098463de4c5d | 85 | goto free_md; |
| group-onsemi | 0:098463de4c5d | 86 | } |
| group-onsemi | 0:098463de4c5d | 87 | |
| group-onsemi | 0:098463de4c5d | 88 | if (mbedtls_md_hmac_update(&ctx, &byte, 1) != 0) { |
| group-onsemi | 0:098463de4c5d | 89 | goto free_md; |
| group-onsemi | 0:098463de4c5d | 90 | } |
| group-onsemi | 0:098463de4c5d | 91 | } |
| group-onsemi | 0:098463de4c5d | 92 | |
| group-onsemi | 0:098463de4c5d | 93 | if (mbedtls_md_hmac_finish(&ctx, hmac_out) != 0) { |
| group-onsemi | 0:098463de4c5d | 94 | goto free_md; |
| group-onsemi | 0:098463de4c5d | 95 | } |
| group-onsemi | 0:098463de4c5d | 96 | |
| group-onsemi | 0:098463de4c5d | 97 | mbedtls_md_free(&ctx); |
| group-onsemi | 0:098463de4c5d | 98 | return ERR_OK; |
| group-onsemi | 0:098463de4c5d | 99 | |
| group-onsemi | 0:098463de4c5d | 100 | free_md: |
| group-onsemi | 0:098463de4c5d | 101 | mbedtls_md_free(&ctx); |
| group-onsemi | 0:098463de4c5d | 102 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 103 | } |
| group-onsemi | 0:098463de4c5d | 104 | |
| group-onsemi | 0:098463de4c5d | 105 | #if LWIP_SNMP_V3_CRYPTO |
| group-onsemi | 0:098463de4c5d | 106 | |
| group-onsemi | 0:098463de4c5d | 107 | err_t |
| group-onsemi | 0:098463de4c5d | 108 | snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length, |
| group-onsemi | 0:098463de4c5d | 109 | const u8_t* key, const u8_t* priv_param, const u32_t engine_boots, |
| group-onsemi | 0:098463de4c5d | 110 | const u32_t engine_time, u8_t algo, u8_t mode) |
| group-onsemi | 0:098463de4c5d | 111 | { |
| group-onsemi | 0:098463de4c5d | 112 | size_t i; |
| group-onsemi | 0:098463de4c5d | 113 | mbedtls_cipher_context_t ctx; |
| group-onsemi | 0:098463de4c5d | 114 | const mbedtls_cipher_info_t *cipher_info; |
| group-onsemi | 0:098463de4c5d | 115 | |
| group-onsemi | 0:098463de4c5d | 116 | struct snmp_pbuf_stream read_stream; |
| group-onsemi | 0:098463de4c5d | 117 | struct snmp_pbuf_stream write_stream; |
| group-onsemi | 0:098463de4c5d | 118 | snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length); |
| group-onsemi | 0:098463de4c5d | 119 | snmp_pbuf_stream_init(&write_stream, stream->pbuf, stream->offset, stream->length); |
| group-onsemi | 0:098463de4c5d | 120 | mbedtls_cipher_init(&ctx); |
| group-onsemi | 0:098463de4c5d | 121 | |
| group-onsemi | 0:098463de4c5d | 122 | if (algo == SNMP_V3_PRIV_ALGO_DES) { |
| group-onsemi | 0:098463de4c5d | 123 | u8_t iv_local[8]; |
| group-onsemi | 0:098463de4c5d | 124 | u8_t out_bytes[8]; |
| group-onsemi | 0:098463de4c5d | 125 | size_t out_len; |
| group-onsemi | 0:098463de4c5d | 126 | |
| group-onsemi | 0:098463de4c5d | 127 | /* RFC 3414 mandates padding for DES */ |
| group-onsemi | 0:098463de4c5d | 128 | if ((length & 0x07) != 0) { |
| group-onsemi | 0:098463de4c5d | 129 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 130 | } |
| group-onsemi | 0:098463de4c5d | 131 | |
| group-onsemi | 0:098463de4c5d | 132 | cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC); |
| group-onsemi | 0:098463de4c5d | 133 | if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) { |
| group-onsemi | 0:098463de4c5d | 134 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 135 | } |
| group-onsemi | 0:098463de4c5d | 136 | if(mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) { |
| group-onsemi | 0:098463de4c5d | 137 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 138 | } |
| group-onsemi | 0:098463de4c5d | 139 | if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) { |
| group-onsemi | 0:098463de4c5d | 140 | goto error; |
| group-onsemi | 0:098463de4c5d | 141 | } |
| group-onsemi | 0:098463de4c5d | 142 | |
| group-onsemi | 0:098463de4c5d | 143 | /* Prepare IV */ |
| group-onsemi | 0:098463de4c5d | 144 | for (i = 0; i < LWIP_ARRAYSIZE(iv_local); i++) { |
| group-onsemi | 0:098463de4c5d | 145 | iv_local[i] = priv_param[i] ^ key[i + 8]; |
| group-onsemi | 0:098463de4c5d | 146 | } |
| group-onsemi | 0:098463de4c5d | 147 | if(mbedtls_cipher_set_iv(&ctx, iv_local, LWIP_ARRAYSIZE(iv_local)) != 0) { |
| group-onsemi | 0:098463de4c5d | 148 | goto error; |
| group-onsemi | 0:098463de4c5d | 149 | } |
| group-onsemi | 0:098463de4c5d | 150 | |
| group-onsemi | 0:098463de4c5d | 151 | for (i = 0; i < length; i += 8) { |
| group-onsemi | 0:098463de4c5d | 152 | size_t j; |
| group-onsemi | 0:098463de4c5d | 153 | u8_t in_bytes[8]; |
| group-onsemi | 0:098463de4c5d | 154 | out_len = LWIP_ARRAYSIZE(out_bytes) ; |
| group-onsemi | 0:098463de4c5d | 155 | |
| group-onsemi | 0:098463de4c5d | 156 | for (j = 0; j < LWIP_ARRAYSIZE(in_bytes); j++) { |
| group-onsemi | 0:098463de4c5d | 157 | snmp_pbuf_stream_read(&read_stream, &in_bytes[j]); |
| group-onsemi | 0:098463de4c5d | 158 | } |
| group-onsemi | 0:098463de4c5d | 159 | |
| group-onsemi | 0:098463de4c5d | 160 | if(mbedtls_cipher_update(&ctx, in_bytes, LWIP_ARRAYSIZE(in_bytes), out_bytes, &out_len) != 0) { |
| group-onsemi | 0:098463de4c5d | 161 | goto error; |
| group-onsemi | 0:098463de4c5d | 162 | } |
| group-onsemi | 0:098463de4c5d | 163 | |
| group-onsemi | 0:098463de4c5d | 164 | snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len); |
| group-onsemi | 0:098463de4c5d | 165 | } |
| group-onsemi | 0:098463de4c5d | 166 | |
| group-onsemi | 0:098463de4c5d | 167 | out_len = LWIP_ARRAYSIZE(out_bytes); |
| group-onsemi | 0:098463de4c5d | 168 | if(mbedtls_cipher_finish(&ctx, out_bytes, &out_len) != 0) { |
| group-onsemi | 0:098463de4c5d | 169 | goto error; |
| group-onsemi | 0:098463de4c5d | 170 | } |
| group-onsemi | 0:098463de4c5d | 171 | snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len); |
| group-onsemi | 0:098463de4c5d | 172 | } else if (algo == SNMP_V3_PRIV_ALGO_AES) { |
| group-onsemi | 0:098463de4c5d | 173 | u8_t iv_local[16]; |
| group-onsemi | 0:098463de4c5d | 174 | |
| group-onsemi | 0:098463de4c5d | 175 | cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128); |
| group-onsemi | 0:098463de4c5d | 176 | if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) { |
| group-onsemi | 0:098463de4c5d | 177 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 178 | } |
| group-onsemi | 0:098463de4c5d | 179 | if(mbedtls_cipher_setkey(&ctx, key, 16*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) { |
| group-onsemi | 0:098463de4c5d | 180 | goto error; |
| group-onsemi | 0:098463de4c5d | 181 | } |
| group-onsemi | 0:098463de4c5d | 182 | |
| group-onsemi | 0:098463de4c5d | 183 | /* |
| group-onsemi | 0:098463de4c5d | 184 | * IV is the big endian concatenation of boots, |
| group-onsemi | 0:098463de4c5d | 185 | * uptime and priv param - see RFC3826. |
| group-onsemi | 0:098463de4c5d | 186 | */ |
| group-onsemi | 0:098463de4c5d | 187 | iv_local[0 + 0] = (engine_boots >> 24) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 188 | iv_local[0 + 1] = (engine_boots >> 16) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 189 | iv_local[0 + 2] = (engine_boots >> 8) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 190 | iv_local[0 + 3] = (engine_boots >> 0) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 191 | iv_local[4 + 0] = (engine_time >> 24) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 192 | iv_local[4 + 1] = (engine_time >> 16) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 193 | iv_local[4 + 2] = (engine_time >> 8) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 194 | iv_local[4 + 3] = (engine_time >> 0) & 0xFF; |
| group-onsemi | 0:098463de4c5d | 195 | memcpy(iv_local + 8, priv_param, 8); |
| group-onsemi | 0:098463de4c5d | 196 | if(mbedtls_cipher_set_iv(&ctx, iv_local, LWIP_ARRAYSIZE(iv_local)) != 0) { |
| group-onsemi | 0:098463de4c5d | 197 | goto error; |
| group-onsemi | 0:098463de4c5d | 198 | } |
| group-onsemi | 0:098463de4c5d | 199 | |
| group-onsemi | 0:098463de4c5d | 200 | for (i = 0; i < length; i++) { |
| group-onsemi | 0:098463de4c5d | 201 | u8_t in_byte; |
| group-onsemi | 0:098463de4c5d | 202 | u8_t out_byte; |
| group-onsemi | 0:098463de4c5d | 203 | size_t out_len = sizeof(out_byte); |
| group-onsemi | 0:098463de4c5d | 204 | |
| group-onsemi | 0:098463de4c5d | 205 | snmp_pbuf_stream_read(&read_stream, &in_byte); |
| group-onsemi | 0:098463de4c5d | 206 | if(mbedtls_cipher_update(&ctx, &in_byte, sizeof(in_byte), &out_byte, &out_len) != 0) { |
| group-onsemi | 0:098463de4c5d | 207 | goto error; |
| group-onsemi | 0:098463de4c5d | 208 | } |
| group-onsemi | 0:098463de4c5d | 209 | snmp_pbuf_stream_write(&write_stream, out_byte); |
| group-onsemi | 0:098463de4c5d | 210 | } |
| group-onsemi | 0:098463de4c5d | 211 | } else { |
| group-onsemi | 0:098463de4c5d | 212 | return ERR_ARG; |
| group-onsemi | 0:098463de4c5d | 213 | } |
| group-onsemi | 0:098463de4c5d | 214 | |
| group-onsemi | 0:098463de4c5d | 215 | mbedtls_cipher_free(&ctx); |
| group-onsemi | 0:098463de4c5d | 216 | return ERR_OK; |
| group-onsemi | 0:098463de4c5d | 217 | |
| group-onsemi | 0:098463de4c5d | 218 | error: |
| group-onsemi | 0:098463de4c5d | 219 | mbedtls_cipher_free(&ctx); |
| group-onsemi | 0:098463de4c5d | 220 | return ERR_OK; |
| group-onsemi | 0:098463de4c5d | 221 | } |
| group-onsemi | 0:098463de4c5d | 222 | |
| group-onsemi | 0:098463de4c5d | 223 | #endif /* LWIP_SNMP_V3_CRYPTO */ |
| group-onsemi | 0:098463de4c5d | 224 | |
| group-onsemi | 0:098463de4c5d | 225 | /* A.2.1. Password to Key Sample Code for MD5 */ |
| group-onsemi | 0:098463de4c5d | 226 | void |
| group-onsemi | 0:098463de4c5d | 227 | snmpv3_password_to_key_md5( |
| group-onsemi | 0:098463de4c5d | 228 | const u8_t *password, /* IN */ |
| group-onsemi | 0:098463de4c5d | 229 | u8_t passwordlen, /* IN */ |
| group-onsemi | 0:098463de4c5d | 230 | const u8_t *engineID, /* IN - pointer to snmpEngineID */ |
| group-onsemi | 0:098463de4c5d | 231 | u8_t engineLength,/* IN - length of snmpEngineID */ |
| group-onsemi | 0:098463de4c5d | 232 | u8_t *key) /* OUT - pointer to caller 16-octet buffer */ |
| group-onsemi | 0:098463de4c5d | 233 | { |
| group-onsemi | 0:098463de4c5d | 234 | mbedtls_md5_context MD; |
| group-onsemi | 0:098463de4c5d | 235 | u8_t *cp, password_buf[64]; |
| group-onsemi | 0:098463de4c5d | 236 | u32_t password_index = 0; |
| group-onsemi | 0:098463de4c5d | 237 | u8_t i; |
| group-onsemi | 0:098463de4c5d | 238 | u32_t count = 0; |
| group-onsemi | 0:098463de4c5d | 239 | |
| group-onsemi | 0:098463de4c5d | 240 | mbedtls_md5_init(&MD); /* initialize MD5 */ |
| group-onsemi | 0:098463de4c5d | 241 | mbedtls_md5_starts(&MD); |
| group-onsemi | 0:098463de4c5d | 242 | |
| group-onsemi | 0:098463de4c5d | 243 | /**********************************************/ |
| group-onsemi | 0:098463de4c5d | 244 | /* Use while loop until we've done 1 Megabyte */ |
| group-onsemi | 0:098463de4c5d | 245 | /**********************************************/ |
| group-onsemi | 0:098463de4c5d | 246 | while (count < 1048576) { |
| group-onsemi | 0:098463de4c5d | 247 | cp = password_buf; |
| group-onsemi | 0:098463de4c5d | 248 | for (i = 0; i < 64; i++) { |
| group-onsemi | 0:098463de4c5d | 249 | /*************************************************/ |
| group-onsemi | 0:098463de4c5d | 250 | /* Take the next octet of the password, wrapping */ |
| group-onsemi | 0:098463de4c5d | 251 | /* to the beginning of the password as necessary.*/ |
| group-onsemi | 0:098463de4c5d | 252 | /*************************************************/ |
| group-onsemi | 0:098463de4c5d | 253 | *cp++ = password[password_index++ % passwordlen]; |
| group-onsemi | 0:098463de4c5d | 254 | } |
| group-onsemi | 0:098463de4c5d | 255 | mbedtls_md5_update(&MD, password_buf, 64); |
| group-onsemi | 0:098463de4c5d | 256 | count += 64; |
| group-onsemi | 0:098463de4c5d | 257 | } |
| group-onsemi | 0:098463de4c5d | 258 | mbedtls_md5_finish(&MD, key); /* tell MD5 we're done */ |
| group-onsemi | 0:098463de4c5d | 259 | |
| group-onsemi | 0:098463de4c5d | 260 | /*****************************************************/ |
| group-onsemi | 0:098463de4c5d | 261 | /* Now localize the key with the engineID and pass */ |
| group-onsemi | 0:098463de4c5d | 262 | /* through MD5 to produce final key */ |
| group-onsemi | 0:098463de4c5d | 263 | /* May want to ensure that engineLength <= 32, */ |
| group-onsemi | 0:098463de4c5d | 264 | /* otherwise need to use a buffer larger than 64 */ |
| group-onsemi | 0:098463de4c5d | 265 | /*****************************************************/ |
| group-onsemi | 0:098463de4c5d | 266 | memcpy(password_buf, key, 16); |
| group-onsemi | 0:098463de4c5d | 267 | memcpy(password_buf + 16, engineID, engineLength); |
| group-onsemi | 0:098463de4c5d | 268 | memcpy(password_buf + 16 + engineLength, key, 16); |
| group-onsemi | 0:098463de4c5d | 269 | |
| group-onsemi | 0:098463de4c5d | 270 | mbedtls_md5_starts(&MD); |
| group-onsemi | 0:098463de4c5d | 271 | mbedtls_md5_update(&MD, password_buf, 32 + engineLength); |
| group-onsemi | 0:098463de4c5d | 272 | mbedtls_md5_finish(&MD, key); |
| group-onsemi | 0:098463de4c5d | 273 | |
| group-onsemi | 0:098463de4c5d | 274 | mbedtls_md5_free(&MD); |
| group-onsemi | 0:098463de4c5d | 275 | return; |
| group-onsemi | 0:098463de4c5d | 276 | } |
| group-onsemi | 0:098463de4c5d | 277 | |
| group-onsemi | 0:098463de4c5d | 278 | /* A.2.2. Password to Key Sample Code for SHA */ |
| group-onsemi | 0:098463de4c5d | 279 | void |
| group-onsemi | 0:098463de4c5d | 280 | snmpv3_password_to_key_sha( |
| group-onsemi | 0:098463de4c5d | 281 | const u8_t *password, /* IN */ |
| group-onsemi | 0:098463de4c5d | 282 | u8_t passwordlen, /* IN */ |
| group-onsemi | 0:098463de4c5d | 283 | const u8_t *engineID, /* IN - pointer to snmpEngineID */ |
| group-onsemi | 0:098463de4c5d | 284 | u8_t engineLength,/* IN - length of snmpEngineID */ |
| group-onsemi | 0:098463de4c5d | 285 | u8_t *key) /* OUT - pointer to caller 20-octet buffer */ |
| group-onsemi | 0:098463de4c5d | 286 | { |
| group-onsemi | 0:098463de4c5d | 287 | mbedtls_sha1_context SH; |
| group-onsemi | 0:098463de4c5d | 288 | u8_t *cp, password_buf[72]; |
| group-onsemi | 0:098463de4c5d | 289 | u32_t password_index = 0; |
| group-onsemi | 0:098463de4c5d | 290 | u8_t i; |
| group-onsemi | 0:098463de4c5d | 291 | u32_t count = 0; |
| group-onsemi | 0:098463de4c5d | 292 | |
| group-onsemi | 0:098463de4c5d | 293 | mbedtls_sha1_init(&SH); /* initialize SHA */ |
| group-onsemi | 0:098463de4c5d | 294 | mbedtls_sha1_starts(&SH); |
| group-onsemi | 0:098463de4c5d | 295 | |
| group-onsemi | 0:098463de4c5d | 296 | /**********************************************/ |
| group-onsemi | 0:098463de4c5d | 297 | /* Use while loop until we've done 1 Megabyte */ |
| group-onsemi | 0:098463de4c5d | 298 | /**********************************************/ |
| group-onsemi | 0:098463de4c5d | 299 | while (count < 1048576) { |
| group-onsemi | 0:098463de4c5d | 300 | cp = password_buf; |
| group-onsemi | 0:098463de4c5d | 301 | for (i = 0; i < 64; i++) { |
| group-onsemi | 0:098463de4c5d | 302 | /*************************************************/ |
| group-onsemi | 0:098463de4c5d | 303 | /* Take the next octet of the password, wrapping */ |
| group-onsemi | 0:098463de4c5d | 304 | /* to the beginning of the password as necessary.*/ |
| group-onsemi | 0:098463de4c5d | 305 | /*************************************************/ |
| group-onsemi | 0:098463de4c5d | 306 | *cp++ = password[password_index++ % passwordlen]; |
| group-onsemi | 0:098463de4c5d | 307 | } |
| group-onsemi | 0:098463de4c5d | 308 | mbedtls_sha1_update(&SH, password_buf, 64); |
| group-onsemi | 0:098463de4c5d | 309 | count += 64; |
| group-onsemi | 0:098463de4c5d | 310 | } |
| group-onsemi | 0:098463de4c5d | 311 | mbedtls_sha1_finish(&SH, key); /* tell SHA we're done */ |
| group-onsemi | 0:098463de4c5d | 312 | |
| group-onsemi | 0:098463de4c5d | 313 | /*****************************************************/ |
| group-onsemi | 0:098463de4c5d | 314 | /* Now localize the key with the engineID and pass */ |
| group-onsemi | 0:098463de4c5d | 315 | /* through SHA to produce final key */ |
| group-onsemi | 0:098463de4c5d | 316 | /* May want to ensure that engineLength <= 32, */ |
| group-onsemi | 0:098463de4c5d | 317 | /* otherwise need to use a buffer larger than 72 */ |
| group-onsemi | 0:098463de4c5d | 318 | /*****************************************************/ |
| group-onsemi | 0:098463de4c5d | 319 | memcpy(password_buf, key, 20); |
| group-onsemi | 0:098463de4c5d | 320 | memcpy(password_buf + 20, engineID, engineLength); |
| group-onsemi | 0:098463de4c5d | 321 | memcpy(password_buf + 20 + engineLength, key, 20); |
| group-onsemi | 0:098463de4c5d | 322 | |
| group-onsemi | 0:098463de4c5d | 323 | mbedtls_sha1_starts(&SH); |
| group-onsemi | 0:098463de4c5d | 324 | mbedtls_sha1_update(&SH, password_buf, 40 + engineLength); |
| group-onsemi | 0:098463de4c5d | 325 | mbedtls_sha1_finish(&SH, key); |
| group-onsemi | 0:098463de4c5d | 326 | |
| group-onsemi | 0:098463de4c5d | 327 | mbedtls_sha1_free(&SH); |
| group-onsemi | 0:098463de4c5d | 328 | return; |
| group-onsemi | 0:098463de4c5d | 329 | } |
| group-onsemi | 0:098463de4c5d | 330 | |
| group-onsemi | 0:098463de4c5d | 331 | #endif /* LWIP_SNMP && LWIP_SNMP_V3 && LWIP_SNMP_V3_MBEDTLS */ |