Merge branch 'maint'

OTP-17783

3 files changed, 76 insertions, 17 deletions

diff --git a/lib/snmp/src/manager/snmpm_usm.erl b/lib/snmp/src/manager/snmpm_usm.erl
index 441618ec86..7ba91b86e7 100644
--- a/lib/snmp/src/manager/snmpm_usm.erl
+++ b/lib/snmp/src/manager/snmpm_usm.erl
@@ -70,6 +70,8 @@ process_incoming_msg(Packet, Data, SecParams, SecLevel) ->
     UsmSecParams =
 	case (catch snmp_pdus:dec_usm_security_parameters(SecParams)) of
 	    {'EXIT', Reason} ->
+                ?vlog("Failed decode USM security parameters: "
+                      "~n      ~p", [Reason]),
 		inc(snmpInASNParseErrs),
 		error({parseError, Reason}, []);
 	    Res ->
@@ -89,6 +91,8 @@ process_incoming_msg(Packet, Data, SecParams, SecLevel) ->
 	true ->
 	    ok;
 	false ->
+            ?vlog("Unknown USM engine id: "
+                  "~n      ~p", [MsgAuthEngineID]),
 	    SecData1 = [MsgUserName],
 	    error(usmStatsUnknownEngineIDs, 
 		  ?usmStatsUnknownEngineIDs_instance,
@@ -102,6 +106,9 @@ process_incoming_msg(Packet, Data, SecParams, SecLevel) ->
 	    {ok, User} ->
 		User;
 	    _ -> % undefined user
+                ?vlog("Unknown USM user: "
+                      "~n      Auth Engine ID: ~p"
+                      "~n      User Name:      ~p", [MsgAuthEngineID, MsgUserName]),
 		SecData2 = [MsgUserName],
 		error(usmStatsUnknownUserNames, 
 		      ?usmStatsUnknownUserNames_instance, %% OTP-3542
@@ -159,6 +166,8 @@ authenticate_incoming(Packet, UsmSecParams, UsmUser, SecLevel) ->
 		true -> 
 		    ok;
 		false -> 
+                    ?vlog("Not authenticated: "
+                          "~n      Sec Name: ~p", [SecName]),
 		    error(usmStatsWrongDigests,
 			  ?usmStatsWrongDigests_instance, SecName)
 	    end;
@@ -170,6 +179,8 @@ authenticate_incoming(Packet, UsmSecParams, UsmUser, SecLevel) ->
 
 	    
 is_auth(usmNoAuthProtocol, _, _, _, SecName, _, _, _) -> % 3.2.5
+    ?vlog("auth: Unsupported security levels: "
+          "~n      Sec Name: ~p", [SecName]),
     error(usmStatsUnsupportedSecLevels,
 	  ?usmStatsUnsupportedSecLevels_instance, SecName);
 is_auth(AuthProtocol, AuthKey, AuthParams, Packet, SecName,
@@ -200,6 +211,8 @@ is_auth(AuthProtocol, AuthKey, AuthParams, Packet, SecName,
 			    true;
 			%% OTP-4090 (OTP-3542)
 			false -> 
+                            ?vlog("Not in time window: "
+                                  "~n      Sec Name: ~p", [SecName]),
 			    error(usmStatsNotInTimeWindows,
 				  ?usmStatsNotInTimeWindows_instance,
 				  SecName,
@@ -282,6 +295,8 @@ do_decrypt(Data, #usm_user{sec_name = SecName,
     try_decrypt(PrivP, PrivKey, UsmSecParams, EncryptedPDU, SecName).
 
 try_decrypt(usmNoPrivProtocol, _, _, _, SecName) -> % 3.2.5
+    ?vlog("decrypt: Unsupported security levels: "
+          "~n      Sec Name: ~p", [SecName]),
     error(usmStatsUnsupportedSecLevels, 
 	  ?usmStatsUnsupportedSecLevels_instance, SecName);
 try_decrypt(usmDESPrivProtocol, 
@@ -290,7 +305,10 @@ try_decrypt(usmDESPrivProtocol,
     case (catch des_decrypt(PrivKey, MsgPrivParams, EncryptedPDU)) of
 	{ok, DecryptedData} ->
 	    DecryptedData;
-	_ ->
+	_Error ->
+            ?vlog("USM DES decrypt failed: "
+                  "~n      Sec Name: ~p"
+                  "~n      Error:    ~p", [SecName, _Error]),
 	    error(usmStatsDecryptionErrors, 
 		  ?usmStatsDecryptionErrors, SecName)
     end;
@@ -299,7 +317,10 @@ try_decrypt(usmAesCfb128Protocol,
     case (catch aes_decrypt(PrivKey, UsmSecParams, EncryptedPDU)) of
 	{ok, DecryptedData} ->
 	    DecryptedData;
-	_ ->
+	_Error ->
+            ?vlog("USM AES-CFB-128 decrypt failed: "
+                  "~n      Sec Name: ~p"
+                  "~n      Error:    ~p", [SecName, _Error]),
 	    error(usmStatsDecryptionErrors, 
 		  ?usmStatsDecryptionErrors, SecName)
     end.
@@ -336,7 +357,9 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel) ->
 			 User#usm_user.priv,
  			 User#usm_user.priv_key};
 		    _ ->
-                        ?vlog("generate_outgoing_msg -> (usm) user not found"),
+                        ?vlog("[outgoing] Failed get USM User from sec name: "
+                              "~n      Sec Engine ID: ~p"
+                              "~n      Sec Name:      ~p", [SecEngineID, SecName]),
 			error(unknownSecurityName)
 		end;
 	    [MsgUserName] ->
@@ -388,19 +411,30 @@ generate_outgoing_msg(Message, SecEngineID, SecName, SecData, SecLevel) ->
 encrypt(Data, PrivProtocol, PrivKey, SecLevel, EngineBoots, EngineTime) ->
     case snmp_misc:is_priv(SecLevel) of
 	false -> % 3.1.4b
+            ?vtrace("encrypt -> [3.1.4b]"),
 	    {Data, []};
 	true -> % 3.1.4a
+            ?vtrace("encrypt -> [3.1.4a]"),
 	    case (catch try_encrypt(PrivProtocol, PrivKey, Data, EngineBoots, EngineTime)) of
 		{ok, ScopedPduData, MsgPrivParams} ->
 		    {snmp_pdus:enc_oct_str_tag(ScopedPduData), MsgPrivParams};
 		{error, Reason} ->
+                    ?vlog("try encrypt error: "
+                          "~n      Protocol: ~p"
+                          "~n      Reason:   ~p", [PrivProtocol, Reason]),
 		    error(Reason);
-		_ ->
+		_Error ->
+                    ?vlog("try encrypt unexpected failure: "
+                          "~n      Protocol: ~p"
+                          "~n      Error:    ~p", [PrivProtocol, _Error]),
 		    error(encryptionError)
 	    end
     end.
 
 try_encrypt(usmNoPrivProtocol, _PrivKey, _Data, _EngineBoots, _EngineTime) -> % 3.1.2
+    ?vlog("encrypt: Unsupported security levels: "
+          "~n      Engine Boots: ~p"
+          "~n      Engine Time:  ~p", [_EngineBoots, _EngineTime]),
     error(unsupportedSecurityLevel);
 try_encrypt(usmDESPrivProtocol, PrivKey, Data, _EngineBoots, _EngineTime) ->
     des_encrypt(PrivKey, Data);
diff --git a/lib/snmp/test/snmp_manager_SUITE.erl b/lib/snmp/test/snmp_manager_SUITE.erl
index af333f0833..466a32772e 100644
--- a/lib/snmp/test/snmp_manager_SUITE.erl
+++ b/lib/snmp/test/snmp_manager_SUITE.erl
@@ -182,6 +182,7 @@ groups() ->
      {all,                  [], all_cases()},
      {start_and_stop_tests, [], start_and_stop_tests_cases()},
      {misc_tests,           [], misc_tests_cases()},
+     {usm_priv_aes_tests,   [], usm_priv_aes_tests_cases()},
      {user_tests,           [], user_tests_cases()},
      {agent_tests,          [], agent_tests_cases()},
      {request_tests,        [], request_tests_cases()},
@@ -212,16 +213,17 @@ inet_backend_socket_cases() ->
 
 all_cases() -> 
     [
-     {group, start_and_stop_tests}, 
-     {group, misc_tests}, 
-     {group, user_tests}, 
-     {group, agent_tests}, 
-     {group, request_tests}, 
-     {group, request_tests_mt}, 
-     {group, event_tests}, 
-     {group, event_tests_mt}, 
-     discovery, 
-     {group, tickets}, 
+     {group, start_and_stop_tests},
+     {group, misc_tests},
+     {group, usm_priv_aes_tests},
+     {group, user_tests},
+     {group, agent_tests},
+     {group, request_tests},
+     {group, request_tests_mt},
+     {group, event_tests},
+     {group, event_tests_mt},
+     discovery,
+     {group, tickets},
      {group, ipv6},
      {group, ipv6_mt},
      {group, v3}
@@ -241,6 +243,11 @@ start_and_stop_tests_cases() ->
 misc_tests_cases() ->
     [
      info,
+     {group, usm_priv_aes_tests}
+    ].
+
+usm_priv_aes_tests_cases() ->
+    [
      usm_priv_aes,
      usm_sha224_priv_aes,
      usm_sha256_priv_aes,
@@ -480,6 +487,14 @@ init_per_group2(ipv6 = GroupName, Config) ->
     init_per_group_ipv6(GroupName, Config);
 %% init_per_group2(v3 = GroupName, Config) ->
 %%     ?LIB:init_group_top_dir(GroupName, Config);
+init_per_group2(usm_priv_aes_tests = GroupName, Config) ->
+    %% Check crypto support
+    case snmp_misc:is_crypto_supported(aes_128_cfb128) of
+        true ->
+            ?LIB:init_group_top_dir(GroupName, Config);
+        false ->
+            throw({skip, {not_supported, aes_128_cfb128}})
+    end;
 init_per_group2(GroupName, Config) ->
     ?LIB:init_group_top_dir(GroupName, Config).
 
diff --git a/lib/snmp/test/snmp_manager_config_SUITE.erl b/lib/snmp/test/snmp_manager_config_SUITE.erl
index 28768537d0..c70040b2a7 100644
--- a/lib/snmp/test/snmp_manager_config_SUITE.erl
+++ b/lib/snmp/test/snmp_manager_config_SUITE.erl
@@ -2363,10 +2363,15 @@ register_usm_user_using_function(Conf) when is_list(Conf) ->
                 {no, Reason} ->
                     ?SKIP({unsupported_encryption, Reason});
                 yes ->
-                    ok
+                    case snmp_misc:is_crypto_supported(aes_cfb128) of
+                        true ->
+                            ok;
+                        false ->
+                            ?SKIP({unsupported_crypto, aes_cfb128})
+                    end
             end;
         {error, Reason} ->
-            ?SKIP({failed_starting_crypto, Reason})
+                    ?SKIP({failed_starting_crypto, Reason})
     end,
      
     ConfDir = ?config(manager_conf_dir, Conf),
@@ -2509,7 +2514,12 @@ update_usm_user_info(Conf) when is_list(Conf) ->
                 {no, Reason} ->
                     ?SKIP({unsupported_encryption, Reason});
                 yes ->
-                    ok
+                    case snmp_misc:is_crypto_supported(aes_cfb128) of
+                        true ->
+                            ok;
+                        false ->
+                            ?SKIP({unsupported_crypto, aes_cfb128})
+                    end
             end;
         {error, Reason} ->
             ?SKIP({failed_starting_crypto, Reason})