oops, the file format for the users file is the next:
#engine-id username auth_pass priv_pass auth_model priv_model
# engine-id, username and passwds can be either "quoted" or hex
# double quoted strings are c-style strings and take escape chars
80001F888059DC486145A26322 "pippo" "plutoxxx" "PLUTOxxx" MD5 DES
80001F888059DC486145A26322 "pippo2" "plutoxxx" "PLUTOxxx"
#defaults to MD5 DES
000000000000000000000002 "test1" "maplesyrup" "XXX"
# example from RFC3414
On 1/9/07, LEGO <luis.ontanon@xxxxxxxxx> wrote:
Here we go!
what's missing is:
* auth SHA1 -- RFC3414 section 7
* crypt AES -- RFC3826
* localized key cahching -- so that if a (mentally stable) system
administrator uses the same username/password for all nodes in a
network he has to add just one line to the users file, instead of one
for each authoritative engine as it works now. We want to do caching
instead of calculating the localized key every time because key
localization is a very intensive task)
sha1 and aes are (relatively) simple implementations (one function
mimics md5 the other one does the same with des), if you (or someone
else) takes care of those I'll go for the caching and we can get it
out complete very soon.
Testing with broken packets is welcome too, fuzz testing it against a
wide capture library would help but hand-crafted malformed packets
tests would have better aim.
However the most important test to be done is that it does no harm
while disabled. Weird runtime linking problems disallow me to build
with net-snmp so I cannot test it that way. I do not think that
net-snmp changes anything for this but verifying that everything that
worked before works afterwards it's a must.
Luis
On 1/9/07, lego@xxxxxxxxxxxxx <lego@xxxxxxxxxxxxx> wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=20353
>
> User: lego
> Date: 2007/01/09 06:38 PM
>
> Log:
> SNMPv3 USM decryption/authentication phase 1
>
> Directory: /trunk/epan/crypt/
> Changes Path Action
> +3 -1 Makefile.common Modified
> +120 -0 hmac.c Added
> +34 -0 hmac.h Added
>
> Directory: /trunk/epan/dissectors/
> Changes Path Action
> +603 -122 packet-snmp.c Modified
> +73 -0 packet-snmp.h Modified
>
> Directory: /trunk/epan/
> Changes Path Action
> +5 -0 Makefile.am Modified
> +1 -0 Makefile.common Modified
>
> Directory: /trunk/asn1/snmp/
> Changes Path Action
> +436 -8 packet-snmp-template.c Modified
> +73 -0 packet-snmp-template.h Modified
> +103 -20 snmp.cnf Modified
>
> _______________________________________________
> Wireshark-commits mailing list
> Wireshark-commits@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-commits
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan