gosnmp
/
v3_usm_test.go
251 строка · 8.7 Кб
1// Copyright 2020 The GoSNMP Authors. All rights reserved. Use of this
2// source code is governed by a BSD-style license that can be found in the
3// LICENSE file.
4
5package gosnmp
6
7import (
8"encoding/hex"
9"io"
10"log"
11"testing"
12
13"github.com/stretchr/testify/require"
14)
15
16/**
17* This tests use hex dumps from real network traffic produced using net-snmp's snmpget with demo.snmplabs.com as SNMP agent.
18*/
19
20func authorativeEngineID(t *testing.T) string {
21// engine ID of demo.snmplabs.com
22engineID, err := hex.DecodeString("80004fb805636c6f75644dab22cc")
23require.NoError(t, err, "EngineId decoding failed.")
24
25return string(engineID)
26}
27
28func correctKeySHA224(t *testing.T) []byte {
29correctKey, err := hex.DecodeString("f2a2ebaa9677ad286255596286ca4fb7ec22f52405cb0aac334c5f15")
30require.NoError(t, err, "Correct key initialization failed.")
31
32return correctKey
33}
34
35func packetSHA224NoAuthentication(t *testing.T) []byte {
36packet, err := hex.DecodeString("308184020103300e02025f84020205c0040105020103043f303d040e80004fb805636c6f75644dab22cc02012b0203203ea5040f7573722d7368613232342d6e6f6e650410000000000000000000000000000000000400302e040e80004fb805636c6f75644dab22cc0400a01a02023ced020100020100300e300c06082b060102010101000500")
37
38require.NoError(t, err, "Non-authenticated packet data SHA224 decoding failed.")
39return packet
40}
41
42func packetSHA224Authenticated(t *testing.T) []byte {
43packet, err := hex.DecodeString("308184020103300e02025f84020205c0040105020103043f303d040e80004fb805636c6f75644dab22cc02012b0203203ea5040f7573722d7368613232342d6e6f6e65041066cd2d9b04cd48b02a9df0c77dc3415d0400302e040e80004fb805636c6f75644dab22cc0400a01a02023ced020100020100300e300c06082b060102010101000500")
44
45require.NoError(t, err, "Authenticated packet data SHA224 decoding failed.")
46return packet
47}
48
49func packetSHA224AuthenticationParams(t *testing.T) string {
50params, err := hex.DecodeString("66cd2d9b04cd48b02a9df0c77dc3415d")
51
52require.NoError(t, err, "Authentication parameters SHA224 decoding failed.")
53return string(params)
54}
55
56func TestAuthenticationSHA224(t *testing.T) {
57var err error
58
59sp := UsmSecurityParameters{
60localAESSalt: 0,
61localDESSalt: 0,
62AuthoritativeEngineBoots: 43,
63AuthoritativeEngineID: authorativeEngineID(t),
64AuthoritativeEngineTime: 2113189,
65UserName: "usr-sha224-none",
66AuthenticationParameters: "",
67PrivacyParameters: nil,
68AuthenticationProtocol: SHA224,
69PrivacyProtocol: 0,
70AuthenticationPassphrase: "authkey1",
71PrivacyPassphrase: "",
72SecretKey: nil,
73Logger: NewLogger(log.New(io.Discard, "", 0)),
74PrivacyKey: nil,
75}
76
77sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
78sp.AuthenticationPassphrase,
79sp.AuthoritativeEngineID)
80
81require.NoError(t, err, "Generation of key failed")
82require.Equal(t, correctKeySHA224(t), sp.SecretKey, "Wrong key generated")
83
84srcPacket := packetSHA224NoAuthentication(t)
85err = sp.authenticate(srcPacket)
86require.NoError(t, err, "Authentication of packet failed")
87
88require.Equal(t, packetSHA224Authenticated(t), srcPacket, "Wrong message authentication parameters.")
89}
90
91func TestIsAuthenticaSHA224(t *testing.T) {
92var err error
93
94sp := UsmSecurityParameters{
95localAESSalt: 0,
96localDESSalt: 0,
97AuthoritativeEngineBoots: 43,
98AuthoritativeEngineID: authorativeEngineID(t),
99AuthoritativeEngineTime: 2113189,
100UserName: "usr-sha224-none",
101AuthenticationParameters: packetSHA224AuthenticationParams(t),
102PrivacyParameters: nil,
103AuthenticationProtocol: SHA224,
104PrivacyProtocol: 0,
105AuthenticationPassphrase: "authkey1",
106PrivacyPassphrase: "",
107SecretKey: nil,
108PrivacyKey: nil,
109Logger: NewLogger(log.New(io.Discard, "", 0)),
110}
111
112sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
113sp.AuthenticationPassphrase,
114sp.AuthoritativeEngineID)
115
116require.NoError(t, err, "Generation of key failed")
117require.Equal(t, correctKeySHA224(t), sp.SecretKey, "Wrong key generated")
118
119srcPacket := packetSHA224NoAuthentication(t)
120
121snmpPacket := SnmpPacket{
122SecurityParameters: &sp,
123}
124
125authentic, err := sp.isAuthentic(srcPacket, &snmpPacket)
126require.NoError(t, err, "Authentication check of key failed")
127require.True(t, authentic, "Packet was not considered to be authentic")
128}
129
130func correctKeySHA512(t *testing.T) []byte {
131correctKey, err := hex.DecodeString("c336e5e6396926813d623984610e8f0cd7f419da75c82ac50927c84fd92027f7cdd849ce983036dca67bfb1e8fde2a8c2d45cd2f0d3e0b0b929f7dda462a58cf")
132require.NoError(t, err, "Correct key initialization failed.")
133
134return correctKey
135}
136
137func packetSHA512NoAuthentication(t *testing.T) []byte {
138packet, err := hex.DecodeString("3081a4020103300e0202366e020205c0040105020103045f305d040e80004fb805636c6f75644dab22cc02012b0203203eea040f7573722d7368613531322d6e6f6e6504300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400302e040e80004fb805636c6f75644dab22cc0400a01a020214d9020100020100300e300c06082b060102010101000500")
139
140require.NoError(t, err, "Not-authenticated packet data SHA512 decoding failed.")
141return packet
142}
143
144func packetSHA512Authenticated(t *testing.T) []byte {
145packet, err := hex.DecodeString("3081a4020103300e0202366e020205c0040105020103045f305d040e80004fb805636c6f75644dab22cc02012b0203203eea040f7573722d7368613531322d6e6f6e65043026f8087ced336a394642b8698eba9810929a9bfa44afbf43975a7ad6c4cc55bd279b549a77ec56d791467612747d6f570400302e040e80004fb805636c6f75644dab22cc0400a01a020214d9020100020100300e300c06082b060102010101000500")
146
147require.NoError(t, err, "Authenticated packet data SHA512 decoding failed.")
148return packet
149}
150
151func packetSHA512AuthenticationParams(t *testing.T) string {
152params, err := hex.DecodeString("26f8087ced336a394642b8698eba9810929a9bfa44afbf43975a7ad6c4cc55bd279b549a77ec56d791467612747d6f57")
153
154require.NoError(t, err, "Authentication parameters SHA512 decoding failed.")
155return string(params)
156}
157
158func TestAuthenticationSHA512(t *testing.T) {
159var err error
160
161sp := UsmSecurityParameters{
162localAESSalt: 0,
163localDESSalt: 0,
164AuthoritativeEngineBoots: 43,
165AuthoritativeEngineID: authorativeEngineID(t),
166AuthoritativeEngineTime: 2113258,
167UserName: "usr-sha512-none",
168AuthenticationParameters: "",
169PrivacyParameters: nil,
170AuthenticationProtocol: SHA512,
171PrivacyProtocol: 0,
172AuthenticationPassphrase: "authkey1",
173PrivacyPassphrase: "",
174SecretKey: nil,
175PrivacyKey: nil,
176Logger: NewLogger(log.New(io.Discard, "", 0)),
177}
178
179sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
180sp.AuthenticationPassphrase,
181sp.AuthoritativeEngineID)
182
183require.NoError(t, err, "Generation of key failed")
184require.Equal(t, correctKeySHA512(t), sp.SecretKey, "Wrong key generated")
185
186srcPacket := packetSHA512NoAuthentication(t)
187err = sp.authenticate(srcPacket)
188require.NoError(t, err, "Generation of key failed")
189
190require.Equal(t, packetSHA512Authenticated(t), srcPacket, "Wrong message authentication parameters.")
191}
192
193func TestIsAuthenticaSHA512(t *testing.T) {
194var err error
195
196sp := UsmSecurityParameters{
197localAESSalt: 0,
198localDESSalt: 0,
199AuthoritativeEngineBoots: 43,
200AuthoritativeEngineID: authorativeEngineID(t),
201AuthoritativeEngineTime: 2113189,
202UserName: "usr-sha512-none",
203AuthenticationParameters: packetSHA512AuthenticationParams(t),
204PrivacyParameters: nil,
205AuthenticationProtocol: SHA512,
206PrivacyProtocol: 0,
207AuthenticationPassphrase: "authkey1",
208PrivacyPassphrase: "",
209SecretKey: nil,
210Logger: NewLogger(log.New(io.Discard, "", 0)),
211PrivacyKey: nil,
212}
213
214sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
215sp.AuthenticationPassphrase,
216sp.AuthoritativeEngineID)
217
218require.NoError(t, err, "Generation of key failed")
219require.Equal(t, correctKeySHA512(t), sp.SecretKey, "Wrong key generated")
220
221srcPacket := packetSHA512NoAuthentication(t)
222
223snmpPacket := SnmpPacket{
224SecurityParameters: &sp,
225}
226
227authentic, err := sp.isAuthentic(srcPacket, &snmpPacket)
228require.NoError(t, err, "Authentication check of key failed")
229require.True(t, authentic, "Packet was not considered to be authentic")
230}
231
232func BenchmarkSingleHash(b *testing.B) {
233SetPwdCache()
234
235engineID, _ := hex.DecodeString("80004fb805636c6f75644dab22cc")
236
237for i := MD5; i < SHA512; i++ {
238b.Run(b.Name()+i.String(), func(b *testing.B) {
239for n := 0; n < b.N; n++ {
240_, err := genlocalkey(i, "authkey1", string(engineID))
241if err != nil {
242b.Fatal(err)
243}
244}
245})
246}
247
248passwordKeyHashMutex.RLock()
249b.Logf("cache size %d", len(passwordKeyHashCache))
250passwordKeyHashMutex.RUnlock()
251}
252