Etusivu Tutki Apua
Kirjaudu sisään
rajven
/
Eye
peilaus alkaen https://github.com/rajven/Eye
1
0
Haarauta 0
Tiedostot Esitykset 0 Wiki
Puu: 3.0.1
Haarat Tunnisteet
Eye
/
docs
/
patches
/
sha512.alt.patch

sha512.alt.patch 8.1 KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215 
  1. --- USM.pm	2018-06-29 21:06:28.000000000 +0300
    2. 

  2. +++ USM.sha512.pm	2025-12-03 11:58:04.962638800 +0300
    3. 

  3. @@ -25,8 +25,8 @@
    4. 

  4.  
    5. 

  5.  use Crypt::DES();
    6. 

  6.  use Digest::MD5();
    7. 

  7. -use Digest::SHA1();
    8. 

  8. -use Digest::HMAC();
    9. 

  9. +use Digest::SHA qw( hmac_sha1 hmac_sha224 hmac_sha256 hmac_sha384 hmac_sha512 );
    10. 

  10. +use Digest::HMAC_MD5 qw ( hmac_md5 );
    11. 

  11.  
    12. 

  12.  ## Version of the Net::SNMP::Security::USM module
    13. 

  13.  
    14. 

  14. @@ -40,7 +40,9 @@
    15. 

  15.  
    16. 

  16.  our %EXPORT_TAGS = (
    17. 

  17.     authprotos => [
    18. 

  18. -      qw( AUTH_PROTOCOL_NONE AUTH_PROTOCOL_HMACMD5 AUTH_PROTOCOL_HMACSHA )
    19. 

  19. +      qw( AUTH_PROTOCOL_NONE AUTH_PROTOCOL_HMACMD5 AUTH_PROTOCOL_HMACSHA
    20. 

  20. +          AUTH_PROTOCOL_HMACSHA224 AUTH_PROTOCOL_HMACSHA256.
    21. 

  21. +          AUTH_PROTOCOL_HMACSHA384 AUTH_PROTOCOL_HMACSHA512 )
    22. 

  22.     ],
    23. 

  23.     levels     => [
    24. 

  24.        qw( SECURITY_LEVEL_NOAUTHNOPRIV SECURITY_LEVEL_AUTHNOPRIV
    25. 

  25. @@ -63,9 +65,13 @@
    26. 

  26.  
    27. 

  27.  ## RCC 3414 - Authentication protocols
    28. 

  28.  
    29. 

  29. -sub AUTH_PROTOCOL_NONE    { '1.3.6.1.6.3.10.1.1.1' } # usmNoAuthProtocol
    30. 

  30. -sub AUTH_PROTOCOL_HMACMD5 { '1.3.6.1.6.3.10.1.1.2' } # usmHMACMD5AuthProtocol
    31. 

  31. -sub AUTH_PROTOCOL_HMACSHA { '1.3.6.1.6.3.10.1.1.3' } # usmHMACSHAAuthProtocol
    32. 

  32. +sub AUTH_PROTOCOL_NONE       { '1.3.6.1.6.3.10.1.1.1' } # usmNoAuthProtocol
    33. 

  33. +sub AUTH_PROTOCOL_HMACMD5    { '1.3.6.1.6.3.10.1.1.2' } # usmHMACMD5AuthProtocol
    34. 

  34. +sub AUTH_PROTOCOL_HMACSHA    { '1.3.6.1.6.3.10.1.1.3' } # usmHMACSHAAuthProtocol
    35. 

  35. +sub AUTH_PROTOCOL_HMACSHA224 { '1.3.6.1.6.3.10.1.1.4' } # usmHMAC128SHA224AuthProtocol
    36. 

  36. +sub AUTH_PROTOCOL_HMACSHA256 { '1.3.6.1.6.3.10.1.1.5' } # usmHMAC192SHA256AuthProtocol
    37. 

  37. +sub AUTH_PROTOCOL_HMACSHA384 { '1.3.6.1.6.3.10.1.1.6' } # usmHMAC256SHA384AuthProtocol
    38. 

  38. +sub AUTH_PROTOCOL_HMACSHA512 { '1.3.6.1.6.3.10.1.1.7' } # usmHMAC384SHA512AuthProtocol
    39. 

  39.  
    40. 

  40.  ## RFC 3414 - Privacy protocols
    41. 

  41.  
    42. 

  42. @@ -124,6 +130,7 @@
    43. 

  43.        '_time_epoc'          => time(),                # snmpEngineBoots epoc
    44. 

  44.        '_user_name'          => q{},                   # securityName 
    45. 

  45.        '_auth_data'          => undef,                 # Authentication data
    46. 

  46. +      '_auth_maclen'        => undef,                 # MAC length
    47. 

  47.        '_auth_key'           => undef,                 # authKey 
    48. 

  48.        '_auth_password'      => undef,                 # Authentication password 
    49. 

  49.        '_auth_protocol'      => AUTH_PROTOCOL_HMACMD5, # authProtocol
    50. 

  50. @@ -280,10 +287,10 @@
    51. 

  51.     if ($pdu->security_level() > SECURITY_LEVEL_NOAUTHNOPRIV) {
    52. 

  52.  
    53. 

  53.        # Save the location to fill in msgAuthenticationParameters later
    54. 

  54. -      $auth_location = $msg->length() + 12 + length $pdu_buffer;
    55. 

  55. +      $auth_location = $msg->length() + $this->{_auth_maclen} + length $pdu_buffer;
    56. 

  56.  
    57. 

  57.        # Set the msgAuthenticationParameters to all zeros
    58. 

  58. -      $auth_params = pack 'x12';
    59. 

  59. +      $auth_params = pack "x$this->{_auth_maclen}";
    60. 

  60.     }
    61. 

  61.  
    62. 

  62.     if (!defined $msg->prepare(OCTET_STRING, $auth_params)) {
    63. 

  63. @@ -418,12 +425,12 @@
    64. 

  64.     # to compute the HMAC properly.
    65. 

  65.  
    66. 

  66.     if (my $len = length $auth_params) {
    67. 

  67. -      if ($len != 12) {
    68. 

  68. +      if ($len != $this->{_auth_maclen}) {
    69. 

  69.           return $this->_error(
    70. 

  70.              'The msgAuthenticationParameters length of %d is invalid', $len
    71. 

  71.           );
    72. 

  72.        }
    73. 

  73. -      substr ${$msg->reference}, ($msg->index() - 12), 12, pack 'x12';
    74. 

  74. +         substr ${$msg->reference}, ($msg->index() - $this->{_auth_maclen}), $this->{_auth_maclen}, pack "x$this->{_auth_maclen}";
    75. 

  75.     }
    76. 

  76.  
    77. 

  77.     # msgPrivacyParameters::=OCTET STRING
    78. 

  78. @@ -747,6 +754,18 @@
    79. 

  79.        quotemeta AUTH_PROTOCOL_HMACMD5,   AUTH_PROTOCOL_HMACMD5,
    80. 

  80.        '(?:hmac-)?sha(?:-?1|-96)?',       AUTH_PROTOCOL_HMACSHA,
    81. 

  81.        quotemeta AUTH_PROTOCOL_HMACSHA,   AUTH_PROTOCOL_HMACSHA,
    82. 

  82. +      '(?:hmac-)?sha(?:-?224)',          AUTH_PROTOCOL_HMACSHA224,
    83. 

  83. +      'usmHMAC128SHA224AuthProtocol',    AUTH_PROTOCOL_HMACSHA224,
    84. 

  84. +      quotemeta AUTH_PROTOCOL_HMACSHA224,AUTH_PROTOCOL_HMACSHA224,
    85. 

  85. +      '(?:hmac-)?sha(?:-?256)',          AUTH_PROTOCOL_HMACSHA256,
    86. 

  86. +      'usmHMAC192SHA256AuthProtocol',    AUTH_PROTOCOL_HMACSHA256,
    87. 

  87. +      quotemeta AUTH_PROTOCOL_HMACSHA256,AUTH_PROTOCOL_HMACSHA256,
    88. 

  88. +      '(?:hmac-)?sha(?:-?384)',          AUTH_PROTOCOL_HMACSHA384,
    89. 

  89. +      'usmHMAC256SHA384AuthProtocol',    AUTH_PROTOCOL_HMACSHA384,
    90. 

  90. +      quotemeta AUTH_PROTOCOL_HMACSHA384,AUTH_PROTOCOL_HMACSHA384,
    91. 

  91. +      '(?:hmac-)?sha(?:-?512)',          AUTH_PROTOCOL_HMACSHA512,
    92. 

  92. +      'usmHMAC384SHA512AuthProtocol',    AUTH_PROTOCOL_HMACSHA512,
    93. 

  93. +      quotemeta AUTH_PROTOCOL_HMACSHA512,AUTH_PROTOCOL_HMACSHA512,
    94. 

  94.     };
    95. 

  95.  
    96. 

  96.     sub _auth_protocol
    97. 

  97. @@ -1099,8 +1118,7 @@
    98. 

  98.     }
    99. 

  99.  
    100. 

  100.     # Set the msgAuthenticationParameters
    101. 

  101. -   substr ${$msg->reference}, -$auth_location, 12, $this->_auth_hmac($msg);
    102. 

  102. -
    103. 

  103. +   substr ${$msg->reference}, -$auth_location, $this->{_auth_maclen}, $this->_auth_hmac($msg);
    104. 

  104.     return TRUE;
    105. 

  105.  }
    106. 

  106.  
    107. 

  107. @@ -1125,7 +1143,7 @@
    108. 

  108.     return q{} if (!defined($this->{_auth_data}) || !defined $msg);
    109. 

  109.  
    110. 

  110.     return substr
    111. 

  111. -      $this->{_auth_data}->reset()->add(${$msg->reference()})->digest(), 0, 12;
    112. 

  112. +      $this->{_auth_data}(${$msg->reference()}, $this->{_auth_key}), 0, $this->{_auth_maclen};
    113. 

  113.  }
    114. 

  114.  
    115. 

  115.  sub _auth_data_init
    116. 

  116. @@ -1140,13 +1158,33 @@
    117. 

  117.  
    118. 

  118.     if ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACMD5) {
    119. 

  119.  
    120. 

  120. -      $this->{_auth_data} =
    121. 

  121. -         Digest::HMAC->new($this->{_auth_key}, 'Digest::MD5');
    122. 

  122. +      $this->{_auth_data} = \&hmac_md5;
    123. 

  123. +      $this->{_auth_maclen} = 12;
    124. 

  124.  
    125. 

  125.     } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA) {
    126. 

  126.  
    127. 

  127. -      $this->{_auth_data} =
    128. 

  128. -         Digest::HMAC->new($this->{_auth_key}, 'Digest::SHA1');
    129. 

  129. +      $this->{_auth_data} = \&hmac_sha1;
    130. 

  130. +      $this->{_auth_maclen} = 12;
    131. 

  131. +
    132. 

  132. +   } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA224) {
    133. 

  133. +
    134. 

  134. +      $this->{_auth_data} = \&hmac_sha224;
    135. 

  135. +      $this->{_auth_maclen} = 16;
    136. 

  136. +
    137. 

  137. +   } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA256) {
    138. 

  138. +
    139. 

  139. +      $this->{_auth_data} = \&hmac_sha256;
    140. 

  140. +      $this->{_auth_maclen} = 24;
    141. 

  141. +
    142. 

  142. +   } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA384) {
    143. 

  143. +
    144. 

  144. +      $this->{_auth_data} = \&hmac_sha384;
    145. 

  145. +      $this->{_auth_maclen} = 32;
    146. 

  146. +
    147. 

  147. +   } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA512) {
    148. 

  148. +
    149. 

  149. +      $this->{_auth_data} = \&hmac_sha512;
    150. 

  150. +      $this->{_auth_maclen} = 48;
    151. 

  151.  
    152. 

  152.     } else {
    153. 

  153.  
    154. 

  154. @@ -1391,7 +1429,7 @@
    155. 

  155.     if ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACMD5) {
    156. 

  156.        $this->{_priv_data}->{hash} = Digest::MD5->new();
    157. 

  157.     } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA) {
    158. 

  158. -      $this->{_priv_data}->{hash} = Digest::SHA1->new();
    159. 

  159. +      $this->{_priv_data}->{hash} = Digest::SHA->new();
    160. 

  160.     }
    161. 

  161.  
    162. 

  162.     return TRUE;
    163. 

  163. @@ -1626,7 +1664,11 @@
    164. 

  164.     my $key_len =
    165. 

  165.     {
    166. 

  166.        AUTH_PROTOCOL_HMACMD5,    [ 16, 'HMAC-MD5'  ],
    167. 

  167. -      AUTH_PROTOCOL_HMACSHA,    [ 20, 'HMAC-SHA1' ],
    168. 

  168. +      AUTH_PROTOCOL_HMACSHA,    [ 20, 'HMAC-SHA' ],
    169. 

  169. +      AUTH_PROTOCOL_HMACSHA224, [ 28, 'HMAC-SHA224' ],
    170. 

  170. +      AUTH_PROTOCOL_HMACSHA256, [ 32, 'HMAC-SHA256' ],
    171. 

  171. +      AUTH_PROTOCOL_HMACSHA384, [ 48, 'HMAC-SHA384' ],
    172. 

  172. +      AUTH_PROTOCOL_HMACSHA512, [ 64, 'HMAC-SHA512' ],
    173. 

  173.     };
    174. 

  174.  
    175. 

  175.     if (!exists $key_len->{$this->{_auth_protocol}}) {
    176. 

  176. @@ -1681,7 +1723,7 @@
    177. 

  177.        if ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACMD5) {
    178. 

  178.           $hnnn = Digest::MD5->new();
    179. 

  179.        } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA) {
    180. 

  180. -         $hnnn = Digest::SHA1->new();
    181. 

  181. +         $hnnn = Digest::SHA->new();
    182. 

  182.        } else {
    183. 

  183.           return $this->_error(
    184. 

  184.              'The authProtocol "%s" is unknown', $this->{_auth_protocol}
    185. 

  185. @@ -1782,9 +1824,13 @@
    186. 

  186.  
    187. 

  187.     my $digests =
    188. 

  188.     {
    189. 

  189. -      AUTH_PROTOCOL_HMACMD5,  'Digest::MD5',
    190. 

  190. -      AUTH_PROTOCOL_HMACSHA,  'Digest::SHA1',
    191. 

  191. -   };
    192. 

  192. +      AUTH_PROTOCOL_HMACMD5,    ['Digest::MD5', ],
    193. 

  193. +      AUTH_PROTOCOL_HMACSHA,    ['Digest::SHA', 1],
    194. 

  194. +      AUTH_PROTOCOL_HMACSHA224, ['Digest::SHA', 224],
    195. 

  195. +      AUTH_PROTOCOL_HMACSHA256, ['Digest::SHA', 256],
    196. 

  196. +      AUTH_PROTOCOL_HMACSHA384, ['Digest::SHA', 384],
    197. 

  197. +      AUTH_PROTOCOL_HMACSHA512, ['Digest::SHA', 512],
    198. 

  198. +  };
    199. 

  199.  
    200. 

  200.     if (!exists $digests->{$this->{_auth_protocol}}) {
    201. 

  201.        return $this->_error(
    202. 

  202. @@ -1792,7 +1838,12 @@
    203. 

  203.        );
    204. 

  204.     }
    205. 

  205.  
    206. 

  206. -   my $digest = $digests->{$this->{_auth_protocol}}->new;
    207. 

  207. +   my $digest;
    208. 

  208. +   if (!defined($digests->{$this->{_auth_protocol}}[1])) {
    209. 

  209. +       $digest = $digests->{$this->{_auth_protocol}}[0]->new;
    210. 

  210. +       } else {
    211. 

  211. +       $digest = $digests->{$this->{_auth_protocol}}[0]->new($digests->{$this->{_auth_protocol}}[1]);
    212. 

  212. +       }
    213. 

  213.  
    214. 

  214.     # Create the initial digest using the password
    215. 

  215.  
    216.