problem in KeyChange.

Hi,

I tried with AdventNet SNMP API stack and I am having one doubt.


I have implemented to AES256 which is explained in the Internet
Draft http://tools.ietf.org/html/draft-blumenthal-aes-usm-04. Then I
am successfully query the agent with user is configured with AES256,
the privacy key is 32 octets length. But the problem is only when I
want to do the KeyChange process. I have started the agent and
successfully do the SNMP operation. After some time interval, I want
to change the authkey and privkey of the user from the manager. For
that I have followed the mechanism which is explained in KeyChange
Textual conventions. RFC3414.

Here my question, If a user is configured in authpriv security level
and privacy as AES256.
i) For authkey change, the delta length is still 16 or 20 octets
based on the authentication protocol and keyChange length is 32 or 40
octets.
ii) For PrivKey change, the delta length is 32 octets and
keyChange length is 64 octets. Please correct me if it is wrong.

For doing the keyChange calculation, I have followed the algorithm
which is explained in KeyChange Textual conventions. [Refer RFC3414
Page 37]. Herewith I have attached the code snippet of the following
implementation , please let me know whether the implementation is
correct?.

iterations = (lenOfDelta - 1)/16; /* integer division */

temp = keyOld;
for (i = 0; i < iterations; i++) {
temp = MD5 (temp || random);
delta[i*16 .. (i*16)+15] =
temp XOR keyNew[i*16 .. (i*16)+15];
}
temp = MD5 (temp || random);
delta[i*16 .. lenOfDelta-1] =
temp XOR keyNew[i*16 .. lenOfDelta-1];


----------- code snippet is ---------------------


/ This is an example application which is used to generate the
keyChange() value.

import java.security.MessageDigest;
import com.adventnet.snmp.snmp2.usm.*;
import java.util.*;

public class GenerateKeyChange
{

public static void main(String args[])
{

String authProtocol="SHA";
String oldprivPass="maplesyrup";
String newprivPass="newsyrup";

// '00000000 00000000 00000002'H
byte engineID[] = new byte[] {(byte)0x00, (byte)0x00 , (byte)0x00 ,
(byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 ,
(byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x02};

// '00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000'H
byte random[] = new byte[] { (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00 };

//Localized authkey for oldprivPass.
byte authkey[] = USMUtils.password_to_key(21, oldprivPass.getBytes(),
oldprivPass.getBytes().length, engineID, 47);

//Localized authkey for newprivPass.
byte newAuthkey[] = USMUtils.password_to_key(21,
newprivPass.getBytes(), newprivPass.getBytes().length, engineID, 47);

GenerateKeyChange keychange = new GenerateKeyChange();
byte keychan[] = keychange.genKeyChange(authkey, newAuthkey, random,
32);


/************ Results obtained ****************/
/* Localized authkey value.
52 6f 5e ed 9f cc e2 6f 89 64 c2 93 07 87 d8 2b fa 24 a9
24
67 42 6c 2f 4b 09 19 2b e1 0d fa ec

Localized newAuthKey.
87 02 1d 7b d9 d1 01 ba 05 ea 6e 3b f9 d9 bd 4a 0d ad 14 1a
f6 d8 03 71 b5 b3 cc de a9 83 11 c4

KeyChange value is
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
00 00 00 00 00 00 00 00 00 00 00 00 4f 86 e0 ad 03 35 be
93
6e 0d 0b 00 4d a8 8e 36 0d ad 14 1a f6 d8 03 71 b5 b3 cc
de
a9 83 11 c4
*/

}

public byte[] genKeyChange( byte oldkey[] , byte newkey[] , byte
random[], int keyLength)
{
int authProtocol=22;
MessageDigest md = null;
try
{
md = MessageDigest.getInstance("MD5");
}
catch(Exception e)
{
System.out.println(" EXXXV "+ e);
return null;
}

// step1:- copy the oldkey to temp variable.
byte temp[] = new byte[keyLength];
System.arraycopy(oldkey,0,temp,0,temp.length);

//step2:- temp || random.
// The random value is appended to the temp variable.

byte[] temp2 = new byte[random.length+temp.length];

System.arraycopy(temp,0,temp2,0,temp.length);
System.arraycopy(random,0,temp2,temp.length,random .length);

//step 3:- temp = MD5 (temp || random);
temp = md.digest(temp2);

// copy the temp variable to another variable.
byte temp3[] = new byte[temp.length];
System.arraycopy(temp,0,temp3,0,temp.length);


//step4: - keyNew[i*16 .. (i*16)+15] =
// temp XOR delta[i*16 .. (i*16)+15];
//Check the keylength.
if((keyLength - temp.length) >0 )
{
if((keyLength - temp.length) ==16)
{
for( int j=0; j < 16; j++)
newkey[j+16] ^= temp3[j];
}
}


//step 5:- keyNew[i*16 .. lenOfDelta-1] = temp XOR delta[i*16 ..
lenOfDelta-1];

for(int i=0;i<16;i++)
newkey[i] ^= temp[i];

// step6:- random value is appended with newkey.
byte[] keychange = new byte[random.length*2];
System.arraycopy(random,0,keychange,0,random.lengt h);
System.arraycopy(newkey,0,keychange,random.length, keyLength);


return keychange;
}



}


Look forward your thoughts.

Ravikumar