[SNMP4J] snmp v3 evaluation comments

[Tjip Pasma]

Hi

I have been evaluating (mainly snmp v3) Snmp4j for some time now and so
far i like what i see.

I have a few comments i thought i would post here:

1. Calculation time of encryption keys could be improved significantly 
	Creating 1000 localized users (authPriv) with
usm.addUser(userName, engineID, user) takes 114 seconds (Core2
Duo at 2GHz). 
	The majority of time is spent calculating encryptionkey in
"passwordToKey" and the majority of time in that method is spent
calculating the digest of the password. (doing 1 million % operations
aint good for performance)

	public byte[] passwordToKey(OctetString passwordString, byte[]
engineID)
	....
	    /* Use while loop until we've done 1 Megabyte */
	    while (count < 1048576) {
	      for (int i = 0; i < 64; ++i) {
	        /* Take the next octet of the password, wrapping */
	        /* to the beginning of the password as necessary.*/
	        buf[i] = password[password_index++ % password.length];
	      }
	      md.update(buf);
	      count += 64;
	    }
	    digest = md.digest();
	....



	performance improvement suggestion:
	public byte[] passwordToKey(OctetString passwordString, byte[]
engineID)
	...
	    int pwCountInBuf = (256/pw_length);
	    byte[] buf = new byte[pwCountInBuf*pw_length];
	    
	    digest = (byte[])pwDigestCache.get(protoName +
passwordString); 
	    
	    if(digest == null)
	    {
	        for(int i = 0; i < pwCountInBuf; i++)
	            System.arraycopy(password, 0, buf, i*pw_length,
pw_length);
	        int countMax = 1048576/buf.length;
	        /* Use while loop until we've done 1 Megabyte */
	        while (count < countMax) 
	        {
	            md.update(buf);
	            count++;
	        }
	        if(countMax*buf.length < 1048576)
	            md.update(buf, 0, 1048576-countMax*buf.length);
	            
	        digest = md.digest();
	        pwDigestCache.put(protoName + passwordString, digest); 
	    }
	...

	Several thing is changed here:
	A buffer (up to 256 bytes) is filled with an integer count of
passwords. This buffer is passed to md.update until 1Mbytes is reached.
	A digest cache is used, this cache store the digest value of the
password when this is extended to 1Mbyte.
	Creating 1000 localized users (authPriv) with
usm.addUser(userName, engineID, user) ~ 50 seconds (Core2 Duo at 2GHz),
with caching disabled.
	Using caching it takes 0,3 seconds to create 1000 localized
users that have same user profile. (username / passwords.....)


2. Extend UsmUserEntry with a precalculated digest of the password.
Creating a "UsmUserEntry" would then calculate the password digest.
This would allow a system to only calculate password digest once. 



3. Simulation of an agent replacement (hardware replacement) have a
small bug.
The case is that an agent is continously polled. After some time this
agent is replaced with another agents with different snmpEngineid, but
identical usm settings.
If the new agent becomes active while retransmissions is active then the
retransmission will fail even though that the "snmpEngineid" change is
correctly identified.
The problem is that the framework sets the contextEngineid to the value
of the old snmpEngineId during the first transmission, but doesnt update
this value when the new snmpEngineId is discovered.
Its a small bug, but nevertheless a bug :-)

KindRegards
Tjip Pasma
System Engineer, Ericsson Denmark