gosnmp

v3_usm_test.go
251 строка · 8.7 Кб
Перенос по словам
1
// Copyright 2020 The GoSNMP Authors. All rights reserved.  Use of this
2
// source code is governed by a BSD-style license that can be found in the
3
// LICENSE file.
4

5
package gosnmp
6

7
import (
8
	"encoding/hex"
9
	"io"
10
	"log"
11
	"testing"
12

13
	"github.com/stretchr/testify/require"
14
)
15

16
/**
17
 * This tests use hex dumps from real network traffic produced using net-snmp's snmpget with demo.snmplabs.com as SNMP agent.
18
 */
19

20
func authorativeEngineID(t *testing.T) string {
21
	// engine ID of demo.snmplabs.com
22
	engineID, err := hex.DecodeString("80004fb805636c6f75644dab22cc")
23
	require.NoError(t, err, "EngineId decoding failed.")
24

25
	return string(engineID)
26
}
27

28
func correctKeySHA224(t *testing.T) []byte {
29
	correctKey, err := hex.DecodeString("f2a2ebaa9677ad286255596286ca4fb7ec22f52405cb0aac334c5f15")
30
	require.NoError(t, err, "Correct key initialization failed.")
31

32
	return correctKey
33
}
34

35
func packetSHA224NoAuthentication(t *testing.T) []byte {
36
	packet, err := hex.DecodeString("308184020103300e02025f84020205c0040105020103043f303d040e80004fb805636c6f75644dab22cc02012b0203203ea5040f7573722d7368613232342d6e6f6e650410000000000000000000000000000000000400302e040e80004fb805636c6f75644dab22cc0400a01a02023ced020100020100300e300c06082b060102010101000500")
37

38
	require.NoError(t, err, "Non-authenticated packet data SHA224 decoding failed.")
39
	return packet
40
}
41

42
func packetSHA224Authenticated(t *testing.T) []byte {
43
	packet, err := hex.DecodeString("308184020103300e02025f84020205c0040105020103043f303d040e80004fb805636c6f75644dab22cc02012b0203203ea5040f7573722d7368613232342d6e6f6e65041066cd2d9b04cd48b02a9df0c77dc3415d0400302e040e80004fb805636c6f75644dab22cc0400a01a02023ced020100020100300e300c06082b060102010101000500")
44

45
	require.NoError(t, err, "Authenticated packet data SHA224 decoding failed.")
46
	return packet
47
}
48

49
func packetSHA224AuthenticationParams(t *testing.T) string {
50
	params, err := hex.DecodeString("66cd2d9b04cd48b02a9df0c77dc3415d")
51

52
	require.NoError(t, err, "Authentication parameters SHA224 decoding failed.")
53
	return string(params)
54
}
55

56
func TestAuthenticationSHA224(t *testing.T) {
57
	var err error
58

59
	sp := UsmSecurityParameters{
60
		localAESSalt:             0,
61
		localDESSalt:             0,
62
		AuthoritativeEngineBoots: 43,
63
		AuthoritativeEngineID:    authorativeEngineID(t),
64
		AuthoritativeEngineTime:  2113189,
65
		UserName:                 "usr-sha224-none",
66
		AuthenticationParameters: "",
67
		PrivacyParameters:        nil,
68
		AuthenticationProtocol:   SHA224,
69
		PrivacyProtocol:          0,
70
		AuthenticationPassphrase: "authkey1",
71
		PrivacyPassphrase:        "",
72
		SecretKey:                nil,
73
		Logger:                   NewLogger(log.New(io.Discard, "", 0)),
74
		PrivacyKey:               nil,
75
	}
76

77
	sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
78
		sp.AuthenticationPassphrase,
79
		sp.AuthoritativeEngineID)
80

81
	require.NoError(t, err, "Generation of key failed")
82
	require.Equal(t, correctKeySHA224(t), sp.SecretKey, "Wrong key generated")
83

84
	srcPacket := packetSHA224NoAuthentication(t)
85
	err = sp.authenticate(srcPacket)
86
	require.NoError(t, err, "Authentication of packet failed")
87

88
	require.Equal(t, packetSHA224Authenticated(t), srcPacket, "Wrong message authentication parameters.")
89
}
90

91
func TestIsAuthenticaSHA224(t *testing.T) {
92
	var err error
93

94
	sp := UsmSecurityParameters{
95
		localAESSalt:             0,
96
		localDESSalt:             0,
97
		AuthoritativeEngineBoots: 43,
98
		AuthoritativeEngineID:    authorativeEngineID(t),
99
		AuthoritativeEngineTime:  2113189,
100
		UserName:                 "usr-sha224-none",
101
		AuthenticationParameters: packetSHA224AuthenticationParams(t),
102
		PrivacyParameters:        nil,
103
		AuthenticationProtocol:   SHA224,
104
		PrivacyProtocol:          0,
105
		AuthenticationPassphrase: "authkey1",
106
		PrivacyPassphrase:        "",
107
		SecretKey:                nil,
108
		PrivacyKey:               nil,
109
		Logger:                   NewLogger(log.New(io.Discard, "", 0)),
110
	}
111

112
	sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
113
		sp.AuthenticationPassphrase,
114
		sp.AuthoritativeEngineID)
115

116
	require.NoError(t, err, "Generation of key failed")
117
	require.Equal(t, correctKeySHA224(t), sp.SecretKey, "Wrong key generated")
118

119
	srcPacket := packetSHA224NoAuthentication(t)
120

121
	snmpPacket := SnmpPacket{
122
		SecurityParameters: &sp,
123
	}
124

125
	authentic, err := sp.isAuthentic(srcPacket, &snmpPacket)
126
	require.NoError(t, err, "Authentication check of key failed")
127
	require.True(t, authentic, "Packet was not considered to be authentic")
128
}
129

130
func correctKeySHA512(t *testing.T) []byte {
131
	correctKey, err := hex.DecodeString("c336e5e6396926813d623984610e8f0cd7f419da75c82ac50927c84fd92027f7cdd849ce983036dca67bfb1e8fde2a8c2d45cd2f0d3e0b0b929f7dda462a58cf")
132
	require.NoError(t, err, "Correct key initialization failed.")
133

134
	return correctKey
135
}
136

137
func packetSHA512NoAuthentication(t *testing.T) []byte {
138
	packet, err := hex.DecodeString("3081a4020103300e0202366e020205c0040105020103045f305d040e80004fb805636c6f75644dab22cc02012b0203203eea040f7573722d7368613531322d6e6f6e6504300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400302e040e80004fb805636c6f75644dab22cc0400a01a020214d9020100020100300e300c06082b060102010101000500")
139

140
	require.NoError(t, err, "Not-authenticated packet data SHA512 decoding failed.")
141
	return packet
142
}
143

144
func packetSHA512Authenticated(t *testing.T) []byte {
145
	packet, err := hex.DecodeString("3081a4020103300e0202366e020205c0040105020103045f305d040e80004fb805636c6f75644dab22cc02012b0203203eea040f7573722d7368613531322d6e6f6e65043026f8087ced336a394642b8698eba9810929a9bfa44afbf43975a7ad6c4cc55bd279b549a77ec56d791467612747d6f570400302e040e80004fb805636c6f75644dab22cc0400a01a020214d9020100020100300e300c06082b060102010101000500")
146

147
	require.NoError(t, err, "Authenticated packet data SHA512 decoding failed.")
148
	return packet
149
}
150

151
func packetSHA512AuthenticationParams(t *testing.T) string {
152
	params, err := hex.DecodeString("26f8087ced336a394642b8698eba9810929a9bfa44afbf43975a7ad6c4cc55bd279b549a77ec56d791467612747d6f57")
153

154
	require.NoError(t, err, "Authentication parameters SHA512 decoding failed.")
155
	return string(params)
156
}
157

158
func TestAuthenticationSHA512(t *testing.T) {
159
	var err error
160

161
	sp := UsmSecurityParameters{
162
		localAESSalt:             0,
163
		localDESSalt:             0,
164
		AuthoritativeEngineBoots: 43,
165
		AuthoritativeEngineID:    authorativeEngineID(t),
166
		AuthoritativeEngineTime:  2113258,
167
		UserName:                 "usr-sha512-none",
168
		AuthenticationParameters: "",
169
		PrivacyParameters:        nil,
170
		AuthenticationProtocol:   SHA512,
171
		PrivacyProtocol:          0,
172
		AuthenticationPassphrase: "authkey1",
173
		PrivacyPassphrase:        "",
174
		SecretKey:                nil,
175
		PrivacyKey:               nil,
176
		Logger:                   NewLogger(log.New(io.Discard, "", 0)),
177
	}
178

179
	sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
180
		sp.AuthenticationPassphrase,
181
		sp.AuthoritativeEngineID)
182

183
	require.NoError(t, err, "Generation of key failed")
184
	require.Equal(t, correctKeySHA512(t), sp.SecretKey, "Wrong key generated")
185

186
	srcPacket := packetSHA512NoAuthentication(t)
187
	err = sp.authenticate(srcPacket)
188
	require.NoError(t, err, "Generation of key failed")
189

190
	require.Equal(t, packetSHA512Authenticated(t), srcPacket, "Wrong message authentication parameters.")
191
}
192

193
func TestIsAuthenticaSHA512(t *testing.T) {
194
	var err error
195

196
	sp := UsmSecurityParameters{
197
		localAESSalt:             0,
198
		localDESSalt:             0,
199
		AuthoritativeEngineBoots: 43,
200
		AuthoritativeEngineID:    authorativeEngineID(t),
201
		AuthoritativeEngineTime:  2113189,
202
		UserName:                 "usr-sha512-none",
203
		AuthenticationParameters: packetSHA512AuthenticationParams(t),
204
		PrivacyParameters:        nil,
205
		AuthenticationProtocol:   SHA512,
206
		PrivacyProtocol:          0,
207
		AuthenticationPassphrase: "authkey1",
208
		PrivacyPassphrase:        "",
209
		SecretKey:                nil,
210
		Logger:                   NewLogger(log.New(io.Discard, "", 0)),
211
		PrivacyKey:               nil,
212
	}
213

214
	sp.SecretKey, err = genlocalkey(sp.AuthenticationProtocol,
215
		sp.AuthenticationPassphrase,
216
		sp.AuthoritativeEngineID)
217

218
	require.NoError(t, err, "Generation of key failed")
219
	require.Equal(t, correctKeySHA512(t), sp.SecretKey, "Wrong key generated")
220

221
	srcPacket := packetSHA512NoAuthentication(t)
222

223
	snmpPacket := SnmpPacket{
224
		SecurityParameters: &sp,
225
	}
226

227
	authentic, err := sp.isAuthentic(srcPacket, &snmpPacket)
228
	require.NoError(t, err, "Authentication check of key failed")
229
	require.True(t, authentic, "Packet was not considered to be authentic")
230
}
231

232
func BenchmarkSingleHash(b *testing.B) {
233
	SetPwdCache()
234

235
	engineID, _ := hex.DecodeString("80004fb805636c6f75644dab22cc")
236

237
	for i := MD5; i < SHA512; i++ {
238
		b.Run(b.Name()+i.String(), func(b *testing.B) {
239
			for n := 0; n < b.N; n++ {
240
				_, err := genlocalkey(i, "authkey1", string(engineID))
241
				if err != nil {
242
					b.Fatal(err)
243
				}
244
			}
245
		})
246
	}
247

248
	passwordKeyHashMutex.RLock()
249
	b.Logf("cache size %d", len(passwordKeyHashCache))
250
	passwordKeyHashMutex.RUnlock()
251
}
252
gosnmp

Использование cookies
