From 17ee5bb7ed9eb63b17a406cb1463dd3186266d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Josef=20=C5=A0pa=C4=8Dek?= Date: Mon, 17 Jun 2024 12:46:50 +0200 Subject: [PATCH] Add patch to add tests for other USM scenarios --- ...-Add_tests_for_another_usm_scenarios.patch | 551 ++++++++++++++++++ perl-Net-SNMP.spec | 3 + 2 files changed, 554 insertions(+) create mode 100644 Net-SNMP-v6.0.1-Add_tests_for_another_usm_scenarios.patch diff --git a/Net-SNMP-v6.0.1-Add_tests_for_another_usm_scenarios.patch b/Net-SNMP-v6.0.1-Add_tests_for_another_usm_scenarios.patch new file mode 100644 index 0000000..883fbf3 --- /dev/null +++ b/Net-SNMP-v6.0.1-Add_tests_for_another_usm_scenarios.patch @@ -0,0 +1,551 @@ +From 0ce1418f8261764c1b34c4379ed6af6ef8073678 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Josef=20=C5=A0pa=C4=8Dek?= + +Date: Mon, 11 Mar 2024 21:08:32 +0100 +Subject: [PATCH 08/11] Add tests for another usm scenarios + +--- + MANIFEST | 3 + + t/usm-sha1-3des.t | 164 +++++++++++++++++++++++++++++++++++++++ + t/usm-sha1-aes.t | 169 +++++++++++++++++++++++++++++++++++++++++ + t/usm-sha1-cfb192aes.t | 169 +++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 505 insertions(+) + create mode 100644 t/usm-sha1-3des.t + create mode 100644 t/usm-sha1-aes.t + create mode 100644 t/usm-sha1-cfb192aes.t + +diff --git a/MANIFEST b/MANIFEST +index c750573..3430564 100644 +--- a/MANIFEST ++++ b/MANIFEST +@@ -36,4 +36,7 @@ t/ber.t + t/dsp.t + t/mp.t + t/usm-md5-des.t ++t/usm-sha1-3des.t ++t/usm-sha1-aes.t ++t/usm-sha1-cfb192aes.t + t/usm-sha1-des.t +diff --git a/t/usm-sha1-3des.t b/t/usm-sha1-3des.t +new file mode 100644 +index 0000000..5921ccf +--- /dev/null ++++ b/t/usm-sha1-3des.t +@@ -0,0 +1,164 @@ ++# -*- mode: perl -*- ++# ============================================================================ ++ ++# Test of the SNMPv3 User-based Security Model. ++ ++# Copyright (c) 2001-2009 David M. Town . ++# Copyright (c) 2024 Michal Josef Špaček . ++# All rights reserved. ++ ++# This program is free software; you may redistribute it and/or modify it ++# under the same terms as the Perl 5 programming language system itself. ++ ++# ============================================================================ ++ ++use strict; ++use Test; ++ ++BEGIN ++{ ++ $| = 1; ++ $^W = 1; ++ plan tests => 7 ++} ++ ++use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE); ++ ++# ++# Load the Net::SNMP::Security::USM module ++# ++ ++eval 'use Net::SNMP::Security::USM'; ++ ++my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE; ++ ++# ++# 1. Create the Net::SNMP::Security::USM object ++# ++ ++my ($u, $e); ++ ++eval ++{ ++ ($u, $e) = Net::SNMP::Security::USM->new( ++ -username => 'dtown', ++ -authpassword => 'maplesyrup', ++ -authprotocol => 'sha', ++ -privpassword => 'maplesyrup', ++ -privprotocol => '3des', ++ ); ++ ++ # "Perform" discovery... ++ $u->_engine_id_discovery(pack 'x11H2', '02'); ++ ++ # ...and synchronization ++ $u->_synchronize(10, time); ++}; ++ ++skip( ++ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object' ++); ++ ++# ++# 2. Check the localized authKey ++# ++ ++eval ++{ ++ $e = unpack 'H*', $u->auth_key(); ++}; ++ ++skip( ++ $skip, ++ ($@ || $e), ++ '6695febc9288e36282235fc7151f128497b38f3f', ++ 'Invalid authKey calculated' ++); ++ ++# ++# 3. Check the localized privKey ++# ++ ++eval ++{ ++ $e = unpack 'H*', $u->priv_key(); ++}; ++ ++skip( ++ $skip, ++ ($@ || $e), ++ '6695febc9288e36282235fc7151f128497b38f3f9b8b6d78936ba6e7d19dfd9c', ++ 'Invalid privKey calculated' ++); ++ ++# ++# 4. Create and initalize a Message ++# ++ ++my $m; ++ ++eval ++{ ++ ($m, $e) = Net::SNMP::Message->new(); ++ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8); ++ $e = $m->error(); ++}; ++ ++skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object'); ++ ++# ++# 5. Calculate the HMAC ++# ++ ++my $h; ++ ++eval ++{ ++ $h = unpack 'H*', $u->_auth_hmac($m); ++}; ++ ++skip($skip, $@, q{}, 'Calculate the HMAC failed'); ++ ++# ++# 6. Encrypt/descrypt the Message ++# ++ ++my $henc; ++ ++eval ++{ ++ my $salt; ++ my $len = $m->length(); ++ my $buff = $m->clear(); ++ my $encrypted = $u->_encrypt_data($m, $salt, $buff); ++ $henc = unpack 'H*', $encrypted; ++ $m->append($encrypted); ++ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING)); ++ $e = $u->error(); ++ # Remove padding if necessary ++ if ($len -= $m->length()) { ++ substr ${$m->reference()}, $len, -$len, q{}; ++ } ++}; ++ ++skip( ++ $skip, ++ ($@ || $e || $henc), ++ '042858d3a9fffa5afd8ef5cb338fdd79f452e13c0e77f4a918a069a84687c462726148c53198e6c97346', ++ 'Privacy failed', ++); ++ ++# ++# 7. Check the HMAC ++# ++ ++my $h2; ++ ++eval ++{ ++ $h2 = unpack 'H*', $u->_auth_hmac($m); ++}; ++ ++skip($skip, ($@ || $h2), $h, 'Authentication failed'); ++ ++# ============================================================================ +diff --git a/t/usm-sha1-aes.t b/t/usm-sha1-aes.t +new file mode 100644 +index 0000000..3e1b9f2 +--- /dev/null ++++ b/t/usm-sha1-aes.t +@@ -0,0 +1,169 @@ ++# -*- mode: perl -*- ++# ============================================================================ ++ ++# Test of the SNMPv3 User-based Security Model. ++ ++# Copyright (c) 2001-2009 David M. Town . ++# Copyright (c) 2024 Michal Josef Špaček . ++# All rights reserved. ++ ++# This program is free software; you may redistribute it and/or modify it ++# under the same terms as the Perl 5 programming language system itself. ++ ++# ============================================================================ ++ ++use strict; ++use Test; ++ ++BEGIN ++{ ++ $| = 1; ++ $^W = 1; ++ plan tests => 7 ++} ++ ++use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE); ++ ++# ++# Load the Net::SNMP::Security::USM module ++# ++ ++eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;'; ++ ++my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE; ++ ++# ++# 1. Create the Net::SNMP::Security::USM object ++# ++ ++my ($u, $e); ++ ++eval ++{ ++ ($u, $e) = Net::SNMP::Security::USM->new( ++ -username => 'dtown', ++ -authpassword => 'maplesyrup', ++ -authprotocol => 'sha1', ++ -privpassword => 'maplesyrup', ++ -privprotocol => 'aes', ++ ); ++ ++ # "Perform" discovery... ++ $u->_engine_id_discovery(pack 'x11H2', '02'); ++ ++ # ...and synchronization ++ $u->_synchronize(10, time); ++}; ++ ++skip( ++ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object' ++); ++ ++# ++# 2. Check the localized authKey ++# ++ ++eval ++{ ++ $e = unpack 'H*', $u->auth_key(); ++}; ++ ++skip( ++ $skip, ++ ($@ || $e), ++ '6695febc9288e36282235fc7151f128497b38f3f', ++ 'Invalid authKey calculated' ++); ++ ++# ++# 3. Check the localized privKey ++# ++ ++eval ++{ ++ $e = unpack 'H*', $u->priv_key(); ++}; ++ ++skip( ++ $skip, ++ ($@ || $e), ++ '6695febc9288e36282235fc7151f1284', ++ 'Invalid privKey calculated' ++); ++ ++# ++# 4. Create and initalize a Message ++# ++ ++my $m; ++ ++eval ++{ ++ ($m, $e) = Net::SNMP::Message->new(); ++ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8); ++ $e = $m->error(); ++}; ++ ++skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object'); ++ ++# ++# 5. Calculate the HMAC ++# ++ ++my $h; ++ ++eval ++{ ++ $h = unpack 'H*', $u->_auth_hmac($m); ++}; ++ ++skip($skip, $@, q{}, 'Calculate the HMAC failed'); ++ ++# ++# 6. Encrypt/descrypt the Message ++# ++ ++my $henc; ++ ++eval ++{ ++ my $engine_boots = 0; ++ my $engine_time = 1710186219; ++ my $salt; ++ my $len = $m->length(); ++ my $buff = $m->clear(); ++ $u->{_engine_boots} = $engine_boots; ++ $u->{_engine_time} = $engine_time; ++ my $encrypted = $u->_encrypt_data($m, $salt, $buff); ++ $henc = unpack 'H*', $encrypted; ++ $m->append($encrypted); ++ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time; ++ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING)); ++ $e = $u->error(); ++ # Remove padding if necessary ++ if ($len -= $m->length()) { ++ substr ${$m->reference()}, $len, -$len, q{}; ++ } ++}; ++ ++skip( ++ $skip, ++ ($@ || $e || $henc), ++ '0422c538d5445bbfb3a7b53b523349ce6ff3e38774bd14491703e6684aa485c48a9c217f', ++ 'Privacy failed', ++); ++ ++# ++# 7. Check the HMAC ++# ++ ++my $h2; ++ ++eval ++{ ++ $h2 = unpack 'H*', $u->_auth_hmac($m); ++}; ++ ++skip($skip, ($@ || $h2), $h, 'Authentication failed'); ++ ++# ============================================================================ +diff --git a/t/usm-sha1-cfb192aes.t b/t/usm-sha1-cfb192aes.t +new file mode 100644 +index 0000000..6f6898a +--- /dev/null ++++ b/t/usm-sha1-cfb192aes.t +@@ -0,0 +1,169 @@ ++# -*- mode: perl -*- ++# ============================================================================ ++ ++# Test of the SNMPv3 User-based Security Model. ++ ++# Copyright (c) 2001-2009 David M. Town . ++# Copyright (c) 2024 Michal Josef Špaček . ++# All rights reserved. ++ ++# This program is free software; you may redistribute it and/or modify it ++# under the same terms as the Perl 5 programming language system itself. ++ ++# ============================================================================ ++ ++use strict; ++use Test; ++ ++BEGIN ++{ ++ $| = 1; ++ $^W = 1; ++ plan tests => 7 ++} ++ ++use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE); ++ ++# ++# Load the Net::SNMP::Security::USM module ++# ++ ++eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;'; ++ ++my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE; ++ ++# ++# 1. Create the Net::SNMP::Security::USM object ++# ++ ++my ($u, $e); ++ ++eval ++{ ++ ($u, $e) = Net::SNMP::Security::USM->new( ++ -username => 'dtown', ++ -authpassword => 'maplesyrup', ++ -authprotocol => 'sha', ++ -privpassword => 'maplesyrup', ++ -privprotocol => 'cfb192-aes', ++ ); ++ ++ # "Perform" discovery... ++ $u->_engine_id_discovery(pack 'x11H2', '02'); ++ ++ # ...and synchronization ++ $u->_synchronize(10, time); ++}; ++ ++skip( ++ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object' ++); ++ ++# ++# 2. Check the localized authKey ++# ++ ++eval ++{ ++ $e = unpack 'H*', $u->auth_key(); ++}; ++ ++skip( ++ $skip, ++ ($@ || $e), ++ '6695febc9288e36282235fc7151f128497b38f3f', # RFC 3414 - A.3.2 ++ 'Invalid authKey calculated' ++); ++ ++# ++# 3. Check the localized privKey ++# ++ ++eval ++{ ++ $e = unpack 'H*', $u->priv_key(); ++}; ++ ++skip( ++ $skip, ++ ($@ || $e), ++ '6695febc9288e36282235fc7151f128497b38f3f505e07eb', ++ 'Invalid privKey calculated' ++); ++ ++# ++# 4. Create and initalize a Message ++# ++ ++my $m; ++ ++eval ++{ ++ ($m, $e) = Net::SNMP::Message->new(); ++ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8); ++ $e = $m->error(); ++}; ++ ++skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object'); ++ ++# ++# 5. Calculate the HMAC ++# ++ ++my $h; ++ ++eval ++{ ++ $h = unpack 'H*', $u->_auth_hmac($m); ++}; ++ ++skip($skip, $@, q{}, 'Calculate the HMAC failed'); ++ ++# ++# 6. Encrypt/descrypt the Message ++# ++ ++my $henc; ++ ++eval ++{ ++ my $engine_boots = 0; ++ my $engine_time = 1710186219; ++ my $salt; ++ my $len = $m->length(); ++ my $buff = $m->clear(); ++ $u->{_engine_boots} = $engine_boots; ++ $u->{_engine_time} = $engine_time; ++ my $encrypted = $u->_encrypt_data($m, $salt, $buff); ++ $henc = unpack 'H*', $encrypted; ++ $m->append($encrypted); ++ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time; ++ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING)); ++ $e = $u->error(); ++ # Remove padding if necessary ++ if ($len -= $m->length()) { ++ substr ${$m->reference()}, $len, -$len, q{}; ++ } ++}; ++ ++skip( ++ $skip, ++ ($@ || $e || $henc), ++ '042237eb7b044608e045878caba6d347f125edcad5b919d88d4c74d08b8040d105b3f29a', ++ 'Privacy failed', ++); ++ ++# ++# 7. Check the HMAC ++# ++ ++my $h2; ++ ++eval ++{ ++ $h2 = unpack 'H*', $u->_auth_hmac($m); ++}; ++ ++skip($skip, ($@ || $h2), $h, 'Authentication failed'); ++ ++# ============================================================================ +-- +2.45.1 + diff --git a/perl-Net-SNMP.spec b/perl-Net-SNMP.spec index a936905..03b4040 100644 --- a/perl-Net-SNMP.spec +++ b/perl-Net-SNMP.spec @@ -9,6 +9,7 @@ Source0: https://cpan.metacpan.org/authors/id/D/DT/DTOWN/Net-SNMP-v%{vers Patch0: Net-SNMP-v6.0.1-Switch_from_Socket6_to_Socket.patch Patch1: Net-SNMP-v6.0.1-Simple_rewrite_to_Digest-HMAC-helpers.patch Patch2: Net-SNMP-v6.0.1-Split_usm.t_to_two_parts.patch +Patch3: Net-SNMP-v6.0.1-Add_tests_for_another_usm_scenarios.patch BuildArch: noarch BuildRequires: coreutils @@ -77,6 +78,7 @@ with "%{_libexecdir}/%{name}/test". %patch -P0 -p1 %patch -P1 -p1 %patch -P2 -p1 +%patch -P3 -p1 perl -MConfig -pi -e 's|^#!.*perl|$Config{startperl}|' examples/*.pl chmod -c a-x examples/*.pl @@ -127,6 +129,7 @@ make test %changelog * Tue Jun 27 2024 Michal Josef Špaček - 6.0.1-42 +- Add patch to add tests for other USM scenarios - Add patch to rewrite usage of HMAC with same dependencies - Add patch to split test files for better readability - Improve patch for switch from Socket6 to Socket