Add patch to add tests for other USM scenarios

This commit is contained in:
Michal Josef Špaček 2024-06-17 12:46:50 +02:00
parent 1a1973d29d
commit 17ee5bb7ed
2 changed files with 554 additions and 0 deletions

View File

@ -0,0 +1,551 @@
From 0ce1418f8261764c1b34c4379ed6af6ef8073678 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Josef=20=C5=A0pa=C4=8Dek?=
<michal.josef.spacek@gmail.com>
Date: Mon, 11 Mar 2024 21:08:32 +0100
Subject: [PATCH 08/11] Add tests for another usm scenarios
---
MANIFEST | 3 +
t/usm-sha1-3des.t | 164 +++++++++++++++++++++++++++++++++++++++
t/usm-sha1-aes.t | 169 +++++++++++++++++++++++++++++++++++++++++
t/usm-sha1-cfb192aes.t | 169 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 505 insertions(+)
create mode 100644 t/usm-sha1-3des.t
create mode 100644 t/usm-sha1-aes.t
create mode 100644 t/usm-sha1-cfb192aes.t
diff --git a/MANIFEST b/MANIFEST
index c750573..3430564 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -36,4 +36,7 @@ t/ber.t
t/dsp.t
t/mp.t
t/usm-md5-des.t
+t/usm-sha1-3des.t
+t/usm-sha1-aes.t
+t/usm-sha1-cfb192aes.t
t/usm-sha1-des.t
diff --git a/t/usm-sha1-3des.t b/t/usm-sha1-3des.t
new file mode 100644
index 0000000..5921ccf
--- /dev/null
+++ b/t/usm-sha1-3des.t
@@ -0,0 +1,164 @@
+# -*- mode: perl -*-
+# ============================================================================
+
+# Test of the SNMPv3 User-based Security Model.
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
+# All rights reserved.
+
+# This program is free software; you may redistribute it and/or modify it
+# under the same terms as the Perl 5 programming language system itself.
+
+# ============================================================================
+
+use strict;
+use Test;
+
+BEGIN
+{
+ $| = 1;
+ $^W = 1;
+ plan tests => 7
+}
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
+
+#
+# Load the Net::SNMP::Security::USM module
+#
+
+eval 'use Net::SNMP::Security::USM';
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
+
+#
+# 1. Create the Net::SNMP::Security::USM object
+#
+
+my ($u, $e);
+
+eval
+{
+ ($u, $e) = Net::SNMP::Security::USM->new(
+ -username => 'dtown',
+ -authpassword => 'maplesyrup',
+ -authprotocol => 'sha',
+ -privpassword => 'maplesyrup',
+ -privprotocol => '3des',
+ );
+
+ # "Perform" discovery...
+ $u->_engine_id_discovery(pack 'x11H2', '02');
+
+ # ...and synchronization
+ $u->_synchronize(10, time);
+};
+
+skip(
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
+);
+
+#
+# 2. Check the localized authKey
+#
+
+eval
+{
+ $e = unpack 'H*', $u->auth_key();
+};
+
+skip(
+ $skip,
+ ($@ || $e),
+ '6695febc9288e36282235fc7151f128497b38f3f',
+ 'Invalid authKey calculated'
+);
+
+#
+# 3. Check the localized privKey
+#
+
+eval
+{
+ $e = unpack 'H*', $u->priv_key();
+};
+
+skip(
+ $skip,
+ ($@ || $e),
+ '6695febc9288e36282235fc7151f128497b38f3f9b8b6d78936ba6e7d19dfd9c',
+ 'Invalid privKey calculated'
+);
+
+#
+# 4. Create and initalize a Message
+#
+
+my $m;
+
+eval
+{
+ ($m, $e) = Net::SNMP::Message->new();
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
+ $e = $m->error();
+};
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
+
+#
+# 5. Calculate the HMAC
+#
+
+my $h;
+
+eval
+{
+ $h = unpack 'H*', $u->_auth_hmac($m);
+};
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
+
+#
+# 6. Encrypt/descrypt the Message
+#
+
+my $henc;
+
+eval
+{
+ my $salt;
+ my $len = $m->length();
+ my $buff = $m->clear();
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
+ $henc = unpack 'H*', $encrypted;
+ $m->append($encrypted);
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
+ $e = $u->error();
+ # Remove padding if necessary
+ if ($len -= $m->length()) {
+ substr ${$m->reference()}, $len, -$len, q{};
+ }
+};
+
+skip(
+ $skip,
+ ($@ || $e || $henc),
+ '042858d3a9fffa5afd8ef5cb338fdd79f452e13c0e77f4a918a069a84687c462726148c53198e6c97346',
+ 'Privacy failed',
+);
+
+#
+# 7. Check the HMAC
+#
+
+my $h2;
+
+eval
+{
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
+};
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
+
+# ============================================================================
diff --git a/t/usm-sha1-aes.t b/t/usm-sha1-aes.t
new file mode 100644
index 0000000..3e1b9f2
--- /dev/null
+++ b/t/usm-sha1-aes.t
@@ -0,0 +1,169 @@
+# -*- mode: perl -*-
+# ============================================================================
+
+# Test of the SNMPv3 User-based Security Model.
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
+# All rights reserved.
+
+# This program is free software; you may redistribute it and/or modify it
+# under the same terms as the Perl 5 programming language system itself.
+
+# ============================================================================
+
+use strict;
+use Test;
+
+BEGIN
+{
+ $| = 1;
+ $^W = 1;
+ plan tests => 7
+}
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
+
+#
+# Load the Net::SNMP::Security::USM module
+#
+
+eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;';
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
+
+#
+# 1. Create the Net::SNMP::Security::USM object
+#
+
+my ($u, $e);
+
+eval
+{
+ ($u, $e) = Net::SNMP::Security::USM->new(
+ -username => 'dtown',
+ -authpassword => 'maplesyrup',
+ -authprotocol => 'sha1',
+ -privpassword => 'maplesyrup',
+ -privprotocol => 'aes',
+ );
+
+ # "Perform" discovery...
+ $u->_engine_id_discovery(pack 'x11H2', '02');
+
+ # ...and synchronization
+ $u->_synchronize(10, time);
+};
+
+skip(
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
+);
+
+#
+# 2. Check the localized authKey
+#
+
+eval
+{
+ $e = unpack 'H*', $u->auth_key();
+};
+
+skip(
+ $skip,
+ ($@ || $e),
+ '6695febc9288e36282235fc7151f128497b38f3f',
+ 'Invalid authKey calculated'
+);
+
+#
+# 3. Check the localized privKey
+#
+
+eval
+{
+ $e = unpack 'H*', $u->priv_key();
+};
+
+skip(
+ $skip,
+ ($@ || $e),
+ '6695febc9288e36282235fc7151f1284',
+ 'Invalid privKey calculated'
+);
+
+#
+# 4. Create and initalize a Message
+#
+
+my $m;
+
+eval
+{
+ ($m, $e) = Net::SNMP::Message->new();
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
+ $e = $m->error();
+};
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
+
+#
+# 5. Calculate the HMAC
+#
+
+my $h;
+
+eval
+{
+ $h = unpack 'H*', $u->_auth_hmac($m);
+};
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
+
+#
+# 6. Encrypt/descrypt the Message
+#
+
+my $henc;
+
+eval
+{
+ my $engine_boots = 0;
+ my $engine_time = 1710186219;
+ my $salt;
+ my $len = $m->length();
+ my $buff = $m->clear();
+ $u->{_engine_boots} = $engine_boots;
+ $u->{_engine_time} = $engine_time;
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
+ $henc = unpack 'H*', $encrypted;
+ $m->append($encrypted);
+ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time;
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
+ $e = $u->error();
+ # Remove padding if necessary
+ if ($len -= $m->length()) {
+ substr ${$m->reference()}, $len, -$len, q{};
+ }
+};
+
+skip(
+ $skip,
+ ($@ || $e || $henc),
+ '0422c538d5445bbfb3a7b53b523349ce6ff3e38774bd14491703e6684aa485c48a9c217f',
+ 'Privacy failed',
+);
+
+#
+# 7. Check the HMAC
+#
+
+my $h2;
+
+eval
+{
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
+};
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
+
+# ============================================================================
diff --git a/t/usm-sha1-cfb192aes.t b/t/usm-sha1-cfb192aes.t
new file mode 100644
index 0000000..6f6898a
--- /dev/null
+++ b/t/usm-sha1-cfb192aes.t
@@ -0,0 +1,169 @@
+# -*- mode: perl -*-
+# ============================================================================
+
+# Test of the SNMPv3 User-based Security Model.
+
+# Copyright (c) 2001-2009 David M. Town <dtown@cpan.org>.
+# Copyright (c) 2024 Michal Josef Špaček <skim@cpan.org>.
+# All rights reserved.
+
+# This program is free software; you may redistribute it and/or modify it
+# under the same terms as the Perl 5 programming language system itself.
+
+# ============================================================================
+
+use strict;
+use Test;
+
+BEGIN
+{
+ $| = 1;
+ $^W = 1;
+ plan tests => 7
+}
+
+use Net::SNMP::Message qw(SEQUENCE OCTET_STRING FALSE);
+
+#
+# Load the Net::SNMP::Security::USM module
+#
+
+eval 'use Net::SNMP::Security::USM; use Crypt::Rijndael;';
+
+my $skip = ($@ =~ /locate (:?\S+\.pm)/) ? $@ : FALSE;
+
+#
+# 1. Create the Net::SNMP::Security::USM object
+#
+
+my ($u, $e);
+
+eval
+{
+ ($u, $e) = Net::SNMP::Security::USM->new(
+ -username => 'dtown',
+ -authpassword => 'maplesyrup',
+ -authprotocol => 'sha',
+ -privpassword => 'maplesyrup',
+ -privprotocol => 'cfb192-aes',
+ );
+
+ # "Perform" discovery...
+ $u->_engine_id_discovery(pack 'x11H2', '02');
+
+ # ...and synchronization
+ $u->_synchronize(10, time);
+};
+
+skip(
+ $skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Security::USM object'
+);
+
+#
+# 2. Check the localized authKey
+#
+
+eval
+{
+ $e = unpack 'H*', $u->auth_key();
+};
+
+skip(
+ $skip,
+ ($@ || $e),
+ '6695febc9288e36282235fc7151f128497b38f3f', # RFC 3414 - A.3.2
+ 'Invalid authKey calculated'
+);
+
+#
+# 3. Check the localized privKey
+#
+
+eval
+{
+ $e = unpack 'H*', $u->priv_key();
+};
+
+skip(
+ $skip,
+ ($@ || $e),
+ '6695febc9288e36282235fc7151f128497b38f3f505e07eb',
+ 'Invalid privKey calculated'
+);
+
+#
+# 4. Create and initalize a Message
+#
+
+my $m;
+
+eval
+{
+ ($m, $e) = Net::SNMP::Message->new();
+ $m->prepare(SEQUENCE, pack('H*', 'deadbeef') x 8);
+ $e = $m->error();
+};
+
+skip($skip, ($@ || $e), q{}, 'Failed to create Net::SNMP::Message object');
+
+#
+# 5. Calculate the HMAC
+#
+
+my $h;
+
+eval
+{
+ $h = unpack 'H*', $u->_auth_hmac($m);
+};
+
+skip($skip, $@, q{}, 'Calculate the HMAC failed');
+
+#
+# 6. Encrypt/descrypt the Message
+#
+
+my $henc;
+
+eval
+{
+ my $engine_boots = 0;
+ my $engine_time = 1710186219;
+ my $salt;
+ my $len = $m->length();
+ my $buff = $m->clear();
+ $u->{_engine_boots} = $engine_boots;
+ $u->{_engine_time} = $engine_time;
+ my $encrypted = $u->_encrypt_data($m, $salt, $buff);
+ $henc = unpack 'H*', $encrypted;
+ $m->append($encrypted);
+ substr $salt, 0, 0, pack 'NN', $engine_boots, $engine_time;
+ $u->_decrypt_data($m, $salt, $m->process(OCTET_STRING));
+ $e = $u->error();
+ # Remove padding if necessary
+ if ($len -= $m->length()) {
+ substr ${$m->reference()}, $len, -$len, q{};
+ }
+};
+
+skip(
+ $skip,
+ ($@ || $e || $henc),
+ '042237eb7b044608e045878caba6d347f125edcad5b919d88d4c74d08b8040d105b3f29a',
+ 'Privacy failed',
+);
+
+#
+# 7. Check the HMAC
+#
+
+my $h2;
+
+eval
+{
+ $h2 = unpack 'H*', $u->_auth_hmac($m);
+};
+
+skip($skip, ($@ || $h2), $h, 'Authentication failed');
+
+# ============================================================================
--
2.45.1

View File

@ -9,6 +9,7 @@ Source0: https://cpan.metacpan.org/authors/id/D/DT/DTOWN/Net-SNMP-v%{vers
Patch0: Net-SNMP-v6.0.1-Switch_from_Socket6_to_Socket.patch
Patch1: Net-SNMP-v6.0.1-Simple_rewrite_to_Digest-HMAC-helpers.patch
Patch2: Net-SNMP-v6.0.1-Split_usm.t_to_two_parts.patch
Patch3: Net-SNMP-v6.0.1-Add_tests_for_another_usm_scenarios.patch
BuildArch: noarch
BuildRequires: coreutils
@ -77,6 +78,7 @@ with "%{_libexecdir}/%{name}/test".
%patch -P0 -p1
%patch -P1 -p1
%patch -P2 -p1
%patch -P3 -p1
perl -MConfig -pi -e 's|^#!.*perl|$Config{startperl}|' examples/*.pl
chmod -c a-x examples/*.pl
@ -127,6 +129,7 @@ make test
%changelog
* Tue Jun 27 2024 Michal Josef Špaček <mspacek@redhat.com> - 6.0.1-42
- Add patch to add tests for other USM scenarios
- Add patch to rewrite usage of HMAC with same dependencies
- Add patch to split test files for better readability
- Improve patch for switch from Socket6 to Socket