[SNMP4J] Problem in KeyChange.

ravi kumar ravikumar1984 at gmail.com
Fri Dec 21 18:28:55 CET 2007 

Hi All,

 I am using AdventNet SNMP API.

I have implemented to  AES256 which is explained in the Internet Draft
http://tools.ietf.org/html/draft-blumenthal-aes-usm-04. Then I am
successfully query the agent with user is configured with AES256, the
privacy key is 32 octets length. But the problem is only when I want to do
the KeyChange process. I have started the agent and successfully do the SNMP
operation. After some time interval, I want to change the authkey and
privkey of the user from the manager. For that I have followed the mechanism
which is explained in KeyChange Textual conventions. RFC3414.

 Here my question, If a user is configured in authpriv security level and
privacy as AES256.
     i) For authkey change, the delta length is still 16 or 20 octets based
on the authentication protocol and keyChange length is 32 or 40 octets.
    ii) For PrivKey change, the delta length is 32 octets and keyChange
length is 64 octets. Please correct me if it is wrong.

For doing the keyChange calculation, I have followed the algorithm which is
explained in KeyChange Textual conventions. [Refer RFC3414 Page 37].
Herewith I have attached the code snippet of the following implementation ,
please let me know whether the implementation is correct?.  Because I am not
getting adequate information about KeyChange for AES256 in the web.

 iterations = (lenOfDelta - 1)/16; /* integer division */

              temp = keyOld;
              for (i = 0; i < iterations; i++) {
                  temp = MD5 (temp || random);
                  delta[i*16 .. (i*16)+15] =
                         temp XOR keyNew[i*16 .. (i*16)+15];
              }
              temp = MD5 (temp || random);
              delta[i*16 .. lenOfDelta-1] =
                     temp XOR keyNew[i*16 .. lenOfDelta-1];




// This is an example application which is used to generate the keyChange()
value.
// Ravikumar

import java.security.MessageDigest;
import com.adventnet.snmp.snmp2.usm.*;
import java.util.*;

public class GenerateKeyChange
{

    public static void main(String args[])
    {

    String authProtocol="SHA";
    String oldprivPass="maplesyrup";
    String newprivPass="newsyrup";

    // '00000000 00000000 00000002'H
    byte engineID[] = new byte[] {(byte)0x00, (byte)0x00 , (byte)0x00 ,
(byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00
, (byte)0x00 , (byte)0x00 , (byte)0x02};

    // '00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000'H
    byte random[] = new byte[] { (byte)0x00, (byte)0x00,
(byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00 };

    //Localized authkey for oldprivPass.
    byte authkey[] = USMUtils.password_to_key(21, oldprivPass.getBytes(),
oldprivPass.getBytes().length, engineID, 47);

    //Localized authkey for newprivPass.
    byte newAuthkey[] = USMUtils.password_to_key(21, newprivPass.getBytes(),
newprivPass.getBytes().length, engineID, 47);

    GenerateKeyChange keychange = new GenerateKeyChange();
    byte keychan[] = keychange.genKeyChange(authkey, newAuthkey, random,32);


     /************  Results obtained ****************/
         /* Localized authkey value.
            52 6f 5e ed 9f cc e2 6f 89 64 c2 93 07 87 d8 2b fa 24 a9 24
            67 42 6c 2f 4b 09 19 2b e1 0d fa ec

       Localized newAuthKey.
       87 02 1d 7b d9 d1 01 ba 05 ea 6e 3b f9 d9 bd 4a 0d ad 14 1a
           f6 d8 03 71 b5 b3 cc de a9 83 11 c4

        KeyChange value is
            00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            00 00 00 00 00 00 00 00 00 00 00 00 4f 86 e0 ad 03 35 be 93
            6e 0d 0b 00 4d a8 8e 36 0d ad 14 1a f6 d8 03 71 b5 b3 cc de
            a9 83 11 c4
    */

    }

    public byte[] genKeyChange( byte oldkey[] , byte newkey[] , byte
random[], int keyLength)
    {
        int authProtocol=22;
        MessageDigest md = null;
        try
        {
            md = MessageDigest.getInstance("MD5");
        }
        catch(Exception e)
        {
          System.out.println(" EXXXV "+ e);
            return null;
        }

        // step1:- copy the oldkey to temp variable.
        byte temp[] = new byte[keyLength];
        System.arraycopy(oldkey,0,temp,0,temp.length);

        //step2:-  temp || random.
        // The random value is appended to the temp variable.

        byte[] temp2 = new byte[random.length+temp.length];

        System.arraycopy(temp,0,temp2,0,temp.length);
        System.arraycopy(random,0,temp2,temp.length,random.length);

        //step 3:-   temp = MD5 (temp || random);
        temp = md.digest(temp2);

               // copy the temp variable to another variable.
        byte temp3[] = new byte[temp.length];
        System.arraycopy(temp,0,temp3,0,temp.length);


             //step4: -    keyNew[i*16 .. (i*16)+15] =
                //            temp XOR delta[i*16 .. (i*16)+15];
                //Check the keylength.
        if((keyLength - temp.length) >0 )
        {
            if((keyLength - temp.length) ==16)
            {
                for( int j=0; j < 16; j++)
                   newkey[j+16] ^= temp3[j];
            }
        }


        //step 5:- keyNew[i*16 .. lenOfDelta-1] = temp XOR delta[i*16 ..
lenOfDelta-1];

        for(int i=0;i<16;i++)
                   newkey[i] ^= temp[i];

        // step6:-  random value is appended with newkey.
        byte[] keychange = new byte[random.length*2];
                   System.arraycopy(random,0,keychange,0,random.length);
        System.arraycopy(newkey,0,keychange,random.length,keyLength);


        return keychange;
    }

}


---- Look forward your thoughts. ----------
Cheers
Ravikumar

More information about the SNMP4J mailing list