mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2025-01-16 07:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

SNMPv3: Make receiving DES encrypted frames work, sending still fails because of broken padding

Browse Source
This commit is contained in:
Dirk Ziegelmeier 2016-04-11 22:04:28 +02:00
parent 92f5da8412
commit 0b6370b9b8
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/apps/snmp/snmpv3_dummy.c
View File

@ -70,7 +70,7 @@ snmpv3_get_user(const char* username, u8_t *auth_algo, u8_t *auth_key, u8_t *pri
*auth_algo = SNMP_V3_AUTH_ALGO_SHA; *auth_algo = SNMP_V3_AUTH_ALGO_SHA;
} }
if(priv_key != NULL) { if(priv_key != NULL) {
snmpv3_password_to_key_md5((const u8_t*)"maplesyrup", 10, snmpv3_password_to_key_sha((const u8_t*)"maplesyrup", 10,
(const u8_t*)engine_id, engine_id_len, (const u8_t*)engine_id, engine_id_len,
priv_key); priv_key);
*priv_algo = SNMP_V3_PRIV_ALGO_DES; *priv_algo = SNMP_V3_PRIV_ALGO_DES;

14
src/apps/snmp/snmpv3_mbedtls.c
View File

@ -119,6 +119,8 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
if (algo == SNMP_V3_PRIV_ALGO_DES) { if (algo == SNMP_V3_PRIV_ALGO_DES) {
u8_t iv_local[8]; u8_t iv_local[8];
u8_t out_bytes[8];
size_t out_len;
/* RFC 3414 mandates padding for DES */ /* RFC 3414 mandates padding for DES */
if ((length & 0x07) != 0) { if ((length & 0x07) != 0) {
@ -129,6 +131,9 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) { if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
return ERR_ARG; return ERR_ARG;
} }
if(mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) {
return ERR_ARG;
}
if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) { if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
goto error; goto error;
} }
@ -144,8 +149,7 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
for (i = 0; i < length; i += 8) { for (i = 0; i < length; i += 8) {
size_t j; size_t j;
u8_t in_bytes[8]; u8_t in_bytes[8];
u8_t out_bytes[8]; out_len = LWIP_ARRAYSIZE(out_bytes) ;
size_t out_len = LWIP_ARRAYSIZE(out_bytes);
for (j = 0; j < LWIP_ARRAYSIZE(in_bytes); j++) { for (j = 0; j < LWIP_ARRAYSIZE(in_bytes); j++) {
snmp_pbuf_stream_read(&read_stream, &in_bytes[j]); snmp_pbuf_stream_read(&read_stream, &in_bytes[j]);
@ -157,6 +161,12 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len); snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len);
} }
out_len = LWIP_ARRAYSIZE(out_bytes);
if(mbedtls_cipher_finish(&ctx, out_bytes, &out_len) != 0) {
goto error;
}
snmp_pbuf_stream_writebuf(&write_stream, out_bytes, out_len);
} else if (algo == SNMP_V3_PRIV_ALGO_AES) { } else if (algo == SNMP_V3_PRIV_ALGO_AES) {
u8_t iv_local[16]; u8_t iv_local[16];