passkey calculation as a C extension

given the string overhead involved in the calculation.

Author: HoneyryderChuck

.gitignore

@@ -8,6 +8,7 @@
 /Gemfile.lock
 /vendor
 .env
+/ext/Makefile
 
 *.DS_Store
 *.sw[po]

Gemfile

@@ -5,7 +5,7 @@ ruby RUBY_VERSION
 
 gemspec
 
-gem "rake", "~> 12.3"
+gem "rake", "~> 13"
 gem "rspec", "~> 3.5"
 
 gem "pry"
@@ -36,3 +36,8 @@ else
   end
 
 end
+
+gem "jruby-openssl", "~> 0.14", platform: :jruby
+gem "ruby-prof"
+gem "rake-compiler"
+gem "benchmark-ips"

Rakefile

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 require "bundler/gem_tasks"
+require 'rake/extensiontask'
+
+Rake::ExtensionTask.new('netsnmp')
 
 begin
   require "rspec/core/rake_task"

ext/netsnmp/extconf.rb

@@ -0,0 +1,2 @@
+require 'mkmf'
+create_makefile 'netsnmp_ext'

ext/netsnmp/netsnmp_ext.c

@@ -0,0 +1,117 @@
+#include <ruby.h>
+// #include <openssl/ossl.h>
+// #include <openssl/evp.h>
+
+#define USM_LENGTH_EXPANDED_PASSPHRASE	(1024 * 1024)   /* 1Meg. */
+#define USM_LENGTH_KU_HASHBLOCK		64
+
+// // from https://github.com/ruby/openssl/blob/master/ext/openssl/ossl_digest.c
+// static void
+// ossl_digest_free(void *ctx)
+// {
+//     EVP_MD_CTX_destroy(ctx);
+// }
+
+// static const rb_data_type_t ossl_digest_type = {
+//     "OpenSSL/Digest",
+//     {
+// 	0, ossl_digest_free,
+//     },
+//     0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
+// };
+
+// #define GetDigest(obj, ctx) do { \
+//     TypedData_Get_Struct((obj), EVP_MD_CTX, &ossl_digest_type, (ctx)); \
+//     if (!(ctx)) { \
+// 	ossl_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \
+//     } \
+// } while (0)
+
+static VALUE mNETSNMP;
+static VALUE cNETSNMP_Sec_Params;
+
+// static VALUE NETSNMP_passkey(VALUE self, VALUE password)
+// {
+//   char *P;
+//   size_t P_len;
+//   int nbytes = USM_LENGTH_EXPANDED_PASSPHRASE,
+//       auth_type;
+//   EVP_MD_CTX     *ctx = NULL;
+//   u_int           i, pindex = 0;
+//   u_char          buf[USM_LENGTH_KU_HASHBLOCK], *bufp;
+//   unsigned char   *Ku;
+//   size_t          kulen;
+//   VALUE           digest;
+
+//   StringValue(password);
+//   P = RSTRING_PTR(password);
+//   P_len = RSTRING_LEN(password);
+
+//   digest = rb_funcall(self, rb_intern("digest"), 0);
+//   if (NIL_P(digest)) {
+//     // raise exception
+//   }
+//   rb_funcall(digest, rb_intern("reset"), 0);
+
+//   GetDigest(digest, ctx);
+
+//   while (nbytes > 0) {
+//     bufp = buf;
+//     for (i = 0; i < USM_LENGTH_KU_HASHBLOCK; i++) {
+//         *bufp++ = P[pindex++ % P_len];
+//     }
+//     if (!EVP_DigestUpdate(ctx, buf, USM_LENGTH_KU_HASHBLOCK))
+//       ossl_raise(eDigestError, "EVP_DigestUpdate");
+
+//     nbytes -= USM_LENGTH_KU_HASHBLOCK;
+//   }
+
+//   if (!EVP_DigestFinal_ex(ctx, &Ku, &kulen))
+//     ossl_raise(eDigestError, "EVP_DigestFinal_ex");
+
+//   memset(buf, 0, sizeof(buf));
+
+//   // TODO: trim to 16 bytes if auth protocol is md5
+
+//   return rb_usascii_str_new(Ku, kulen);
+// }
+
+
+static VALUE NETSNMP_expand_passphrase(VALUE self, VALUE password)
+{
+  char *P;
+  size_t P_len;
+  int nbytes = USM_LENGTH_EXPANDED_PASSPHRASE;
+  u_int           pindex = 0;
+  u_char          buf[USM_LENGTH_EXPANDED_PASSPHRASE], *bufp;
+
+  StringValue(password);
+  P = RSTRING_PTR(password);
+  P_len = RSTRING_LEN(password);
+
+  bufp = buf;
+  while (nbytes > 0) {
+    *bufp++ = P[pindex++ % P_len];
+    // if (!EVP_DigestUpdate(ctx, buf, USM_LENGTH_KU_HASHBLOCK))
+    //   ossl_raise(eDigestError, "EVP_DigestUpdate");
+
+    nbytes--;
+  }
+
+  // if (!EVP_DigestFinal_ex(ctx, &Ku, &kulen))
+  //   ossl_raise(eDigestError, "EVP_DigestFinal_ex");
+
+  // memset(buf, 0, sizeof(buf));
+
+  // TODO: trim to 16 bytes if auth protocol is md5
+
+  return rb_usascii_str_new((unsigned char *) buf, USM_LENGTH_EXPANDED_PASSPHRASE);
+}
+
+void Init_netsnmp_ext()
+{
+    mNETSNMP = rb_define_module("NETSNMP");
+    cNETSNMP_Sec_Params = rb_define_class_under(mNETSNMP, "SecurityParameters", rb_cObject);
+    // rb_define_method(cNETSNMP_Sec_Params, "passkey", NETSNMP_passkey, 1);
+    rb_define_method(cNETSNMP_Sec_Params, "expand_passphrase", NETSNMP_expand_passphrase, 1);
+}

lib/netsnmp.rb

@@ -51,6 +51,7 @@ def xor(other)
 require "netsnmp/message"
 require "netsnmp/encryption/des"
 require "netsnmp/encryption/aes"
+require "netsnmp_ext" if RUBY_ENGINE == "ruby"
 
 require "netsnmp/client"
 

lib/netsnmp/security_parameters.rb

@@ -191,22 +191,23 @@ def localize_key(key)
 
     def passkey(password)
       digest.reset
-      password_index = 0
+      digest << expand_passphrase(password)
 
-      # buffer = +""
+      dig = digest.digest
+      dig = dig[0, 16] if @auth_protocol == :md5
+      dig || ""
+    end
+
+    def expand_passphrase(password)
+      buffer = "".b
       password_length = password.length
       while password_index < 1048576
         initial = password_index % password_length
-        rotated = String(password[initial..-1]) + String(password[0, initial])
-        buffer = (rotated * (64 / rotated.length)) + String(rotated[0, 64 % rotated.length])
+        rotated = String(password.byteslice(initial..-1)) + String(password.byteslice(0, initial))
+        buffer << (rotated * (64 / rotated.length)) + String(rotated.byteslice(0, 64 % rotated.length))
         password_index += 64
-        digest << buffer
-        buffer.clear
       end
-
-      dig = digest.digest
-      dig = dig[0, 16] if @auth_protocol == :md5
-      dig || ""
+      buffer
     end
 
     def digest

netsnmp.gemspec

@@ -21,6 +21,9 @@ Gem::Specification.new do |gem|
   # Manifest
   gem.files = Dir["LICENSE.txt", "README.md", "AUTHORS", "lib/**/*.rb", "sig/**/*.rbs"]
   gem.require_paths = ["lib"]
+  if RUBY_ENGINE == "ruby"
+    gem.extensions = ["ext/extconf.rb"]
+  end
 
   gem.add_runtime_dependency "parslet"
   gem.metadata["rubygems_mfa_required"] = "true"

spec/support/specs.sh

@@ -23,6 +23,11 @@ cd /home
 bundle -v
 bundle install
 
+
+if [[ "$RUBY_ENGINE" = "ruby" ]]; then
+  bundle exec rake compile
+fi
+
 if [[ ${RUBY_VERSION:0:1} = "3" ]]; then
   export RUBYOPT='-rbundler/setup -rrbs/test/setup'
   export RBS_TEST_RAISE=true