Wireshark · Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 20353: /trunk/ /trunk/epan/crypt/: Makefile.common hmac.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 20353: /trunk/ /trunk/epan/crypt/: M

Date: Tue, 9 Jan 2007 19:43:10 +0100

Here we go!

what's missing is:

* auth SHA1 -- RFC3414 section 7
* crypt AES -- RFC3826

* localized key cahching -- so that if a (mentally stable) system
administrator uses the same username/password for all nodes in a
network he has to add just one line to the users file, instead of one
for each authoritative engine as it works now. We want to do caching
instead of calculating the localized key every time because key
localization is a very intensive task)

sha1 and aes are (relatively) simple implementations (one function
mimics md5 the other one does  the same with des), if you (or someone
else) takes care of those I'll go for the caching and we can get it
out complete very soon.

Testing with broken packets is welcome too, fuzz testing it against a
wide capture library would help but hand-crafted malformed packets
tests would have better aim.

However the most important test to be done is that it does no harm
while disabled. Weird runtime linking problems disallow me to build
with net-snmp so I cannot test it that way. I do not think that
net-snmp changes anything for this but verifying that everything that
worked before works afterwards it's a must.

Luis

On 1/9/07, lego@xxxxxxxxxxxxx <lego@xxxxxxxxxxxxx> wrote:

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=20353

User: lego
Date: 2007/01/09 06:38 PM

Log:
 SNMPv3 USM decryption/authentication phase 1

Directory: /trunk/epan/crypt/
  Changes    Path               Action
  +3 -1      Makefile.common    Modified
  +120 -0    hmac.c             Added
  +34 -0     hmac.h             Added

Directory: /trunk/epan/dissectors/
  Changes    Path             Action
  +603 -122  packet-snmp.c    Modified
  +73 -0     packet-snmp.h    Modified

Directory: /trunk/epan/
  Changes    Path               Action
  +5 -0      Makefile.am        Modified
  +1 -0      Makefile.common    Modified

Directory: /trunk/asn1/snmp/
  Changes    Path                      Action
  +436 -8    packet-snmp-template.c    Modified
  +73 -0     packet-snmp-template.h    Modified
  +103 -20   snmp.cnf                  Modified

_______________________________________________
Wireshark-commits mailing list
Wireshark-commits@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-commits



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Follow-Ups:
- Re: [Wireshark-dev] [Wireshark-commits] rev 20353: /trunk/ /trunk/epan/crypt/: Makefile.common hmac.c hmac.h /trunk/epan/dissectors/: packet-snmp.c packet-snmp.h /trunk/epan/: Makefile.am Makefile.common /trunk/asn1/snmp/: packet-snmp-template.c ...
  - From: LEGO
- [Wireshark-dev] SNMPv3 USM crypto support (was: Re: [Wireshark-commits] rev 20353: /trunk/ /trunk/epan/crypt/: Makefile.common hmac.c hmac.h /trunk/epan/dissectors/: packet-snmp.c packet-snmp.h /trunk/epan/: Makefile.am Makefile.common /trunk/asn1/snmp/: packet-snmp-template.c ...)
  - From: Thomas Anders