···
1
+
From https://github.com/openbsd/ports/blob/master/net/p5-Net-SNMP/patches/patch-lib_Net_SNMP_Security_USM_pm
2
+
Tests for the additional algorithms have also been added.
4
+
diff --git a/MANIFEST b/MANIFEST
5
+
index 3430564..d3dd7f0 100644
8
+
@@ -40,3 +40,7 @@ t/usm-sha1-3des.t
10
+
t/usm-sha1-cfb192aes.t
16
+
diff --git a/lib/Net/SNMP/Security/USM.pm b/lib/Net/SNMP/Security/USM.pm
17
+
index a76ef56..0bcd52c 100644
18
+
--- a/lib/Net/SNMP/Security/USM.pm
19
+
+++ b/lib/Net/SNMP/Security/USM.pm
20
+
@@ -26,8 +26,9 @@ use Net::SNMP::Message qw(
24
+
-use Digest::HMAC_MD5();
25
+
-use Digest::HMAC_SHA1();
27
+
+use Digest::SHA qw( hmac_sha1 hmac_sha224 hmac_sha256 hmac_sha384 hmac_sha512 );
28
+
+use Digest::HMAC_MD5 qw ( hmac_md5 );
30
+
## Version of the Net::SNMP::Security::USM module
32
+
@@ -41,7 +42,9 @@ our @EXPORT_OK;
34
+
our %EXPORT_TAGS = (
36
+
- qw( AUTH_PROTOCOL_NONE AUTH_PROTOCOL_HMACMD5 AUTH_PROTOCOL_HMACSHA )
37
+
+ qw( AUTH_PROTOCOL_NONE AUTH_PROTOCOL_HMACMD5 AUTH_PROTOCOL_HMACSHA
38
+
+ AUTH_PROTOCOL_HMACSHA224 AUTH_PROTOCOL_HMACSHA256
39
+
+ AUTH_PROTOCOL_HMACSHA384 AUTH_PROTOCOL_HMACSHA512 )
42
+
qw( SECURITY_LEVEL_NOAUTHNOPRIV SECURITY_LEVEL_AUTHNOPRIV
43
+
@@ -64,9 +67,13 @@ $EXPORT_TAGS{ALL} = [ @EXPORT_OK ];
45
+
## RCC 3414 - Authentication protocols
47
+
-sub AUTH_PROTOCOL_NONE { '1.3.6.1.6.3.10.1.1.1' } # usmNoAuthProtocol
48
+
-sub AUTH_PROTOCOL_HMACMD5 { '1.3.6.1.6.3.10.1.1.2' } # usmHMACMD5AuthProtocol
49
+
-sub AUTH_PROTOCOL_HMACSHA { '1.3.6.1.6.3.10.1.1.3' } # usmHMACSHAAuthProtocol
50
+
+sub AUTH_PROTOCOL_NONE { '1.3.6.1.6.3.10.1.1.1' } # usmNoAuthProtocol
51
+
+sub AUTH_PROTOCOL_HMACMD5 { '1.3.6.1.6.3.10.1.1.2' } # usmHMACMD5AuthProtocol
52
+
+sub AUTH_PROTOCOL_HMACSHA { '1.3.6.1.6.3.10.1.1.3' } # usmHMACSHAAuthProtocol
53
+
+sub AUTH_PROTOCOL_HMACSHA224 { '1.3.6.1.6.3.10.1.1.4' } # usmHMAC128SHA224AuthProtocol
54
+
+sub AUTH_PROTOCOL_HMACSHA256 { '1.3.6.1.6.3.10.1.1.5' } # usmHMAC192SHA256AuthProtocol
55
+
+sub AUTH_PROTOCOL_HMACSHA384 { '1.3.6.1.6.3.10.1.1.6' } # usmHMAC256SHA384AuthProtocol
56
+
+sub AUTH_PROTOCOL_HMACSHA512 { '1.3.6.1.6.3.10.1.1.7' } # usmHMAC384SHA512AuthProtocol
58
+
## RFC 3414 - Privacy protocols
60
+
@@ -125,6 +132,7 @@ sub new
61
+
'_time_epoc' => time(), # snmpEngineBoots epoc
62
+
'_user_name' => q{}, # securityName
63
+
'_auth_data' => undef, # Authentication data
64
+
+ '_auth_maclen' => undef, # MAC length
65
+
'_auth_key' => undef, # authKey
66
+
'_auth_password' => undef, # Authentication password
67
+
'_auth_protocol' => AUTH_PROTOCOL_HMACMD5, # authProtocol
68
+
@@ -281,10 +289,10 @@ sub generate_request_msg
69
+
if ($pdu->security_level() > SECURITY_LEVEL_NOAUTHNOPRIV) {
71
+
# Save the location to fill in msgAuthenticationParameters later
72
+
- $auth_location = $msg->length() + 12 + length $pdu_buffer;
73
+
+ $auth_location = $msg->length() + $this->{_auth_maclen} + length $pdu_buffer;
75
+
# Set the msgAuthenticationParameters to all zeros
76
+
- $auth_params = pack 'x12';
77
+
+ $auth_params = pack "x$this->{_auth_maclen}";
80
+
if (!defined $msg->prepare(OCTET_STRING, $auth_params)) {
81
+
@@ -419,12 +427,12 @@ sub process_incoming_msg
82
+
# to compute the HMAC properly.
84
+
if (my $len = length $auth_params) {
86
+
+ if ($len != $this->{_auth_maclen}) {
87
+
return $this->_error(
88
+
'The msgAuthenticationParameters length of %d is invalid', $len
91
+
- substr ${$msg->reference}, ($msg->index() - 12), 12, pack 'x12';
92
+
+ substr ${$msg->reference}, ($msg->index() - $this->{_auth_maclen}), $this->{_auth_maclen}, pack "x$this->{_auth_maclen}";
95
+
# msgPrivacyParameters::=OCTET STRING
96
+
@@ -748,6 +756,18 @@ sub _auth_password
97
+
quotemeta AUTH_PROTOCOL_HMACMD5, AUTH_PROTOCOL_HMACMD5,
98
+
'(?:hmac-)?sha(?:-?1|-96)?', AUTH_PROTOCOL_HMACSHA,
99
+
quotemeta AUTH_PROTOCOL_HMACSHA, AUTH_PROTOCOL_HMACSHA,
100
+
+ '(?:hmac-)?sha(?:-?224)', AUTH_PROTOCOL_HMACSHA224,
101
+
+ 'usmHMAC128SHA224AuthProtocol', AUTH_PROTOCOL_HMACSHA224,
102
+
+ quotemeta AUTH_PROTOCOL_HMACSHA224,AUTH_PROTOCOL_HMACSHA224,
103
+
+ '(?:hmac-)?sha(?:-?256)', AUTH_PROTOCOL_HMACSHA256,
104
+
+ 'usmHMAC192SHA256AuthProtocol', AUTH_PROTOCOL_HMACSHA256,
105
+
+ quotemeta AUTH_PROTOCOL_HMACSHA256,AUTH_PROTOCOL_HMACSHA256,
106
+
+ '(?:hmac-)?sha(?:-?384)', AUTH_PROTOCOL_HMACSHA384,
107
+
+ 'usmHMAC256SHA384AuthProtocol', AUTH_PROTOCOL_HMACSHA384,
108
+
+ quotemeta AUTH_PROTOCOL_HMACSHA384,AUTH_PROTOCOL_HMACSHA384,
109
+
+ '(?:hmac-)?sha(?:-?512)', AUTH_PROTOCOL_HMACSHA512,
110
+
+ 'usmHMAC384SHA512AuthProtocol', AUTH_PROTOCOL_HMACSHA512,
111
+
+ quotemeta AUTH_PROTOCOL_HMACSHA512,AUTH_PROTOCOL_HMACSHA512,
115
+
@@ -1100,7 +1120,7 @@ sub _authenticate_outgoing_msg
118
+
# Set the msgAuthenticationParameters
119
+
- substr ${$msg->reference}, -$auth_location, 12, $this->_auth_hmac($msg);
120
+
+ substr ${$msg->reference}, -$auth_location, $this->{_auth_maclen}, $this->_auth_hmac($msg);
124
+
@@ -1126,7 +1146,7 @@ sub _auth_hmac
125
+
return q{} if (!defined($this->{_auth_data}) || !defined $msg);
128
+
- $this->{_auth_data}->reset()->add(${$msg->reference()})->digest(), 0, 12;
129
+
+ $this->{_auth_data}(${$msg->reference()}, $this->{_auth_key}), 0, $this->{_auth_maclen};
132
+
sub _auth_data_init
133
+
@@ -1141,16 +1161,35 @@ sub _auth_data_init
135
+
if ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACMD5) {
137
+
- $this->{_auth_data} =
138
+
- Digest::HMAC_MD5->new($this->{_auth_key});
139
+
+ $this->{_auth_data} = \&hmac_md5;
140
+
+ $this->{_auth_maclen} = 12;
142
+
} elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA) {
144
+
- $this->{_auth_data} =
145
+
- Digest::HMAC_SHA1->new($this->{_auth_key});
146
+
+ $this->{_auth_data} = \&hmac_sha1;
147
+
+ $this->{_auth_maclen} = 12;
149
+
+ } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA224) {
151
+
+ $this->{_auth_data} = \&hmac_sha224;
152
+
+ $this->{_auth_maclen} = 16;
154
+
+ } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA256) {
156
+
+ $this->{_auth_data} = \&hmac_sha256;
157
+
+ $this->{_auth_maclen} = 24;
159
+
+ } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA384) {
161
+
+ $this->{_auth_data} = \&hmac_sha384;
162
+
+ $this->{_auth_maclen} = 32;
164
+
+ } elsif ($this->{_auth_protocol} eq AUTH_PROTOCOL_HMACSHA512) {
166
+
+ $this->{_auth_data} = \&hmac_sha512;
167
+
+ $this->{_auth_maclen} = 48;
171
+
return $this->_error(
172
+
'The authProtocol "%s" is unknown', $this->{_auth_protocol}
174
+
@@ -1628,6 +1667,10 @@ sub _auth_key_validate
176
+
AUTH_PROTOCOL_HMACMD5, [ 16, 'HMAC-MD5' ],
177
+
AUTH_PROTOCOL_HMACSHA, [ 20, 'HMAC-SHA1' ],
178
+
+ AUTH_PROTOCOL_HMACSHA224, [ 28, 'HMAC-SHA224' ],
179
+
+ AUTH_PROTOCOL_HMACSHA256, [ 32, 'HMAC-SHA256' ],
180
+
+ AUTH_PROTOCOL_HMACSHA384, [ 48, 'HMAC-SHA384' ],
181
+
+ AUTH_PROTOCOL_HMACSHA512, [ 64, 'HMAC-SHA512' ],
184
+
if (!exists $key_len->{$this->{_auth_protocol}}) {
185
+
@@ -1783,8 +1826,12 @@ sub _password_localize
189
+
- AUTH_PROTOCOL_HMACMD5, 'Digest::MD5',
190
+
- AUTH_PROTOCOL_HMACSHA, 'Digest::SHA',
191
+
+ AUTH_PROTOCOL_HMACMD5, ['Digest::MD5', ],
192
+
+ AUTH_PROTOCOL_HMACSHA, ['Digest::SHA', 1],
193
+
+ AUTH_PROTOCOL_HMACSHA224, ['Digest::SHA', 224],
194
+
+ AUTH_PROTOCOL_HMACSHA256, ['Digest::SHA', 256],
195
+
+ AUTH_PROTOCOL_HMACSHA384, ['Digest::SHA', 384],
196
+
+ AUTH_PROTOCOL_HMACSHA512, ['Digest::SHA', 512],
199
+
if (!exists $digests->{$this->{_auth_protocol}}) {
200
+
@@ -1793,7 +1840,12 @@ sub _password_localize
204
+
- my $digest = $digests->{$this->{_auth_protocol}}->new;
206
+
+ if (!defined($digests->{$this->{_auth_protocol}}[1])) {
207
+
+ $digest = $digests->{$this->{_auth_protocol}}[0]->new;
209
+
+ $digest = $digests->{$this->{_auth_protocol}}[0]->new($digests->{$this->{_auth_protocol}}[1]);
212
+
# Create the initial digest using the password
214
+
diff --git a/t/usm-sha224-aes.t b/t/usm-sha224-aes.t
215
+
new file mode 100644
216
+
index 0000000..e7d118e
218
+
+++ b/t/usm-sha224-aes.t
220
+
+# -*- mode: perl -*-
221
+
+# ============================================================================
223
+
+# Test of the SNMPv3 User-based Security Model.
225
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
226
+
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
227
+
+# All rights reserved.
229
+
+# This program is free software; you may redistribute it and/or modify it
230
+
+# under the same terms as the Perl 5 programming language system itself.
232
+
+# ============================================================================
244
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
247
+
+# Load the Net::SNMP::Security::USM module
250
+
+eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;';
252
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
255
+
+# 1. Create the Net::SNMP::Security::USM object
262
+
+ ($u, $e) = Net::SNMP::Security::USM->new(
263
+
+ -username => 'dtown',
264
+
+ -authpassword => 'maplesyrup',
265
+
+ -authprotocol => 'sha224',
266
+
+ -privpassword => 'maplesyrup',
267
+
+ -privprotocol => 'aes',
270
+
+ # "Perform" discovery...
271
+
+ $u->_engine_id_discovery(pack 'x11H2', '02');
273
+
+ # ...and synchronization
274
+
+ $u->_synchronize(10, time);
278
+
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
282
+
+# 2. Check the localized authKey
287
+
+ $e = unpack 'H*', $u->auth_key();
293
+
+ '0bd8827c6e29f8065e08e09237f177e410f69b90e1782be682075674',
294
+
+ 'Invalid authKey calculated'
298
+
+# 3. Check the localized privKey
303
+
+ $e = unpack 'H*', $u->priv_key();
309
+
+ '0bd8827c6e29f8065e08e09237f177e4',
310
+
+ 'Invalid privKey calculated'
314
+
+# 4. Create and initialize a Message
321
+
+ ($m, $e) = Net::SNMP::Message->new();
322
+
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
323
+
+ $e = $m->error();
326
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
329
+
+# 5. Calculate the HMAC
336
+
+ $h = unpack 'H*', $u->_auth_hmac($m);
339
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
342
+
+# 6. Encrypt/descrypt the Message
349
+
+ my $engine_boots = 0;
350
+
+ my $engine_time = 1710186219;
352
+
+ my $len = $m->length();
353
+
+ my $buff = $m->clear();
354
+
+ $u->{_engine_boots} = $engine_boots;
355
+
+ $u->{_engine_time} = $engine_time;
356
+
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
357
+
+ $henc = unpack 'H*', $encrypted;
358
+
+ $m->append($encrypted);
359
+
+ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time;
360
+
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
361
+
+ $e = $u->error();
362
+
+ # Remove padding if necessary
363
+
+ if ($len -= $m->length()) {
364
+
+ substr ${$m->reference()}, $len, -$len, q{};
370
+
+ ($@ || $e || $henc),
371
+
+ '042228c5467793ab001f4be546de4b990f90998b09d43f2baaffb52a5d36457cef3b5ab7',
372
+
+ 'Privacy failed',
376
+
+# 7. Check the HMAC
383
+
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
386
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
388
+
+# ============================================================================
389
+
diff --git a/t/usm-sha256-aes.t b/t/usm-sha256-aes.t
390
+
new file mode 100644
391
+
index 0000000..4521187
393
+
+++ b/t/usm-sha256-aes.t
395
+
+# -*- mode: perl -*-
396
+
+# ============================================================================
398
+
+# Test of the SNMPv3 User-based Security Model.
400
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
401
+
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
402
+
+# All rights reserved.
404
+
+# This program is free software; you may redistribute it and/or modify it
405
+
+# under the same terms as the Perl 5 programming language system itself.
407
+
+# ============================================================================
419
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
422
+
+# Load the Net::SNMP::Security::USM module
425
+
+eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;';
427
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
430
+
+# 1. Create the Net::SNMP::Security::USM object
437
+
+ ($u, $e) = Net::SNMP::Security::USM->new(
438
+
+ -username => 'dtown',
439
+
+ -authpassword => 'maplesyrup',
440
+
+ -authprotocol => 'sha256',
441
+
+ -privpassword => 'maplesyrup',
442
+
+ -privprotocol => 'aes',
445
+
+ # "Perform" discovery...
446
+
+ $u->_engine_id_discovery(pack 'x11H2', '02');
448
+
+ # ...and synchronization
449
+
+ $u->_synchronize(10, time);
453
+
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
457
+
+# 2. Check the localized authKey
462
+
+ $e = unpack 'H*', $u->auth_key();
468
+
+ '8982e0e549e866db361a6b625d84cccc11162d453ee8ce3a6445c2d6776f0f8b',
469
+
+ 'Invalid authKey calculated'
473
+
+# 3. Check the localized privKey
478
+
+ $e = unpack 'H*', $u->priv_key();
484
+
+ '8982e0e549e866db361a6b625d84cccc',
485
+
+ 'Invalid privKey calculated'
489
+
+# 4. Create and initialize a Message
496
+
+ ($m, $e) = Net::SNMP::Message->new();
497
+
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
498
+
+ $e = $m->error();
501
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
504
+
+# 5. Calculate the HMAC
511
+
+ $h = unpack 'H*', $u->_auth_hmac($m);
514
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
517
+
+# 6. Encrypt/descrypt the Message
524
+
+ my $engine_boots = 0;
525
+
+ my $engine_time = 1710186219;
527
+
+ my $len = $m->length();
528
+
+ my $buff = $m->clear();
529
+
+ $u->{_engine_boots} = $engine_boots;
530
+
+ $u->{_engine_time} = $engine_time;
531
+
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
532
+
+ $henc = unpack 'H*', $encrypted;
533
+
+ $m->append($encrypted);
534
+
+ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time;
535
+
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
536
+
+ $e = $u->error();
537
+
+ # Remove padding if necessary
538
+
+ if ($len -= $m->length()) {
539
+
+ substr ${$m->reference()}, $len, -$len, q{};
545
+
+ ($@ || $e || $henc),
546
+
+ '0422863d06faf464369a298b66062e54374ba3b4a0f862162d25ba72130038f8befc9e21',
547
+
+ 'Privacy failed',
551
+
+# 7. Check the HMAC
558
+
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
561
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
563
+
+# ============================================================================
564
+
diff --git a/t/usm-sha384-aes.t b/t/usm-sha384-aes.t
565
+
new file mode 100644
566
+
index 0000000..e88ca4a
568
+
+++ b/t/usm-sha384-aes.t
570
+
+# -*- mode: perl -*-
571
+
+# ============================================================================
573
+
+# Test of the SNMPv3 User-based Security Model.
575
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
576
+
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
577
+
+# All rights reserved.
579
+
+# This program is free software; you may redistribute it and/or modify it
580
+
+# under the same terms as the Perl 5 programming language system itself.
582
+
+# ============================================================================
594
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
597
+
+# Load the Net::SNMP::Security::USM module
600
+
+eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;';
602
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
605
+
+# 1. Create the Net::SNMP::Security::USM object
612
+
+ ($u, $e) = Net::SNMP::Security::USM->new(
613
+
+ -username => 'dtown',
614
+
+ -authpassword => 'maplesyrup',
615
+
+ -authprotocol => 'sha384',
616
+
+ -privpassword => 'maplesyrup',
617
+
+ -privprotocol => 'aes',
620
+
+ # "Perform" discovery...
621
+
+ $u->_engine_id_discovery(pack 'x11H2', '02');
623
+
+ # ...and synchronization
624
+
+ $u->_synchronize(10, time);
628
+
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
632
+
+# 2. Check the localized authKey
637
+
+ $e = unpack 'H*', $u->auth_key();
643
+
+ '3b298f16164a11184279d5432bf169e2d2a48307de02b3d3f7e2b4f36eb6f0455a53689a3937eea07319a633d2ccba78',
644
+
+ 'Invalid authKey calculated'
648
+
+# 3. Check the localized privKey
653
+
+ $e = unpack 'H*', $u->priv_key();
659
+
+ '3b298f16164a11184279d5432bf169e2',
660
+
+ 'Invalid privKey calculated'
664
+
+# 4. Create and initialize a Message
671
+
+ ($m, $e) = Net::SNMP::Message->new();
672
+
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
673
+
+ $e = $m->error();
676
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
679
+
+# 5. Calculate the HMAC
686
+
+ $h = unpack 'H*', $u->_auth_hmac($m);
689
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
692
+
+# 6. Encrypt/descrypt the Message
699
+
+ my $engine_boots = 0;
700
+
+ my $engine_time = 1710186219;
702
+
+ my $len = $m->length();
703
+
+ my $buff = $m->clear();
704
+
+ $u->{_engine_boots} = $engine_boots;
705
+
+ $u->{_engine_time} = $engine_time;
706
+
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
707
+
+ $henc = unpack 'H*', $encrypted;
708
+
+ $m->append($encrypted);
709
+
+ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time;
710
+
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
711
+
+ $e = $u->error();
712
+
+ # Remove padding if necessary
713
+
+ if ($len -= $m->length()) {
714
+
+ substr ${$m->reference()}, $len, -$len, q{};
720
+
+ ($@ || $e || $henc),
721
+
+ '0422850967bbff81be49aefadf9b6ee3eedb9093609fcfc813a21bdf09b469965923bfc0',
722
+
+ 'Privacy failed',
726
+
+# 7. Check the HMAC
733
+
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
736
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
738
+
+# ============================================================================
739
+
diff --git a/t/usm-sha512-aes.t b/t/usm-sha512-aes.t
740
+
new file mode 100644
741
+
index 0000000..c5eadf3
743
+
+++ b/t/usm-sha512-aes.t
745
+
+# -*- mode: perl -*-
746
+
+# ============================================================================
748
+
+# Test of the SNMPv3 User-based Security Model.
750
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
751
+
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
752
+
+# All rights reserved.
754
+
+# This program is free software; you may redistribute it and/or modify it
755
+
+# under the same terms as the Perl 5 programming language system itself.
757
+
+# ============================================================================
769
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
772
+
+# Load the Net::SNMP::Security::USM module
775
+
+eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;';
777
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
780
+
+# 1. Create the Net::SNMP::Security::USM object
787
+
+ ($u, $e) = Net::SNMP::Security::USM->new(
788
+
+ -username => 'dtown',
789
+
+ -authpassword => 'maplesyrup',
790
+
+ -authprotocol => 'sha512',
791
+
+ -privpassword => 'maplesyrup',
792
+
+ -privprotocol => 'aes',
795
+
+ # "Perform" discovery...
796
+
+ $u->_engine_id_discovery(pack 'x11H2', '02');
798
+
+ # ...and synchronization
799
+
+ $u->_synchronize(10, time);
803
+
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
807
+
+# 2. Check the localized authKey
812
+
+ $e = unpack 'H*', $u->auth_key();
818
+
+ '22a5a36cedfcc085807a128d7bc6c2382167ad6c0dbc5fdff856740f3d84c099ad1ea87a8db096714d9788bd544047c9021e4229ce27e4c0a69250adfcffbb0b',
819
+
+ 'Invalid authKey calculated'
823
+
+# 3. Check the localized privKey
828
+
+ $e = unpack 'H*', $u->priv_key();
834
+
+ '22a5a36cedfcc085807a128d7bc6c238',
835
+
+ 'Invalid privKey calculated'
839
+
+# 4. Create and initialize a Message
846
+
+ ($m, $e) = Net::SNMP::Message->new();
847
+
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
848
+
+ $e = $m->error();
851
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
854
+
+# 5. Calculate the HMAC
861
+
+ $h = unpack 'H*', $u->_auth_hmac($m);
864
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
867
+
+# 6. Encrypt/descrypt the Message
874
+
+ my $engine_boots = 0;
875
+
+ my $engine_time = 1710186219;
877
+
+ my $len = $m->length();
878
+
+ my $buff = $m->clear();
879
+
+ $u->{_engine_boots} = $engine_boots;
880
+
+ $u->{_engine_time} = $engine_time;
881
+
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
882
+
+ $henc = unpack 'H*', $encrypted;
883
+
+ $m->append($encrypted);
884
+
+ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time;
885
+
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
886
+
+ $e = $u->error();
887
+
+ # Remove padding if necessary
888
+
+ if ($len -= $m->length()) {
889
+
+ substr ${$m->reference()}, $len, -$len, q{};
895
+
+ ($@ || $e || $henc),
896
+
+ '0422bae4cdb263a0936b189051e9b1759183b16d07c9a7d8bf633d6dd2e817a2ac2fe742',
897
+
+ 'Privacy failed',
901
+
+# 7. Check the HMAC
908
+
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
911
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
913
+
+# ============================================================================
pyrox.dev