[AGENT++] TripleDES - SNMP++

[Pierre Pacchioni]

Hi Jochen,

Thanks for your feedback.
Yes it's help. It's more or less what we thought.
When do you think you can provide the new Priv::make_longer_key() method?
I'll check on my side why the draft didn't become an RFC and I'll keep you
informed.
Thanks again,
Pierre. 


Hi Pierre!

First a question to all: draft-reeder-snmpv3-usm-3desede-00.txt expired
and did not make it as rfc. Does anyone know why?

> I finally (re)started to work on adding TripleDES to Agent++.
> I read and understood (roughty) how the auth_priv.[h,cpp] mechanism work.
> I'm not sure I can take advantage of the virtual mechanism in place since
with
> TripleDES it is necessary to pass 3 keys. 
> Do you have any suggestion?

Yes ;-) Although 3DES uses 3 keys, the encrypt function will get them in
one byte array and split this array up into three subkeys and a
pre-initialization vector for the encryption.

> Moreover with libdes I found several 3DES implementations:
> - des_ecb3_encrypt()
> - des_3cbc_encrypt()
> - des_ede3_cbc_encrypt()
> etc ... 
> plus a "generic"
> des_encrypt3() and des_decrypt3()
> Could you please clarify which one should be used?

The draft http://www.snmp.com/eso/draft-reeder-snmpv3-usm-3desede-00.txt
uses EDE mode.

And from this draft I can see that obviously each author of privacy
protocols has his own ideas on how to extend keys if the password-to-key
algorithm creates a too short key:
- AES just hashes the generated key and adds the generated bytes to the key
- 3DES should call the password-to-key algorithm again, but with the
short key instead of the password.

So I will generalize the AuthPriv::password_to_key_priv() function to
call some Priv::make_longer_key() function.

Hope ths helps,
  Jochen