Problem in KeyChange.

Hi All,

I am using AdventNet SNMP API.

I have implemented to AES256 which is explained in the Internet Draft http://tools.ietf.org/html/draft-blumenthal-aes-usm-04. Then I am successfully query the agent with user is configured with AES256, the privacy key is 32 octets length. But the problem is only when I want to do the KeyChange process. I have started the agent and successfully do the SNMP operation. After some time interval, I want to change the authkey and privkey of the user from the manager. For that I have followed the mechanism which is explained in KeyChange Textual conventions. RFC3414.

Here my question, If a user is configured in authpriv security level and privacy as AES256.
i) For authkey change, the delta length is still 16 or 20 octets based on the authentication protocol and keyChange length is 32 or 40 octets.
ii) For PrivKey change, the delta length is 32 octets and keyChange length is 64 octets. Please correct me if it is wrong.

For doing the keyChange calculation, I have followed the algorithm which is explained in KeyChange Textual conventions. [Refer RFC3414 Page 37]. Herewith I have attached the code snippet of the following implementation , please let me know whether the implementation is correct?. Because I am not getting adequate information about KeyChange for AES256 in the web.

iterations = (lenOfDelta - 1)/16; /* integer division */

temp = keyOld;
for (i = 0; i < iterations; i++) {
temp = MD5 (temp || random);
delta[i*16 .. (i*16)+15] =
temp XOR keyNew[i*16 .. (i*16)+15];

}
temp = MD5 (temp || random);
delta[i*16 .. lenOfDelta-1] =
temp XOR keyNew[i*16 .. lenOfDelta-1];




// This is an example application which is used to generate the keyChange() value.
// Ravikumar

import java.security.MessageDigest;
import com.adventnet.snmp.snmp2.usm.*;
import java.util.*;

public class GenerateKeyChange
{

public static void main(String args[])
{

String authProtocol="SHA";
String oldprivPass="maplesyrup";
String newprivPass="newsyrup";

// '00000000 00000000 00000002'H
byte engineID[] = new byte[] {(byte)0x00, (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x00 , (byte)0x02};

// '00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000'H
byte random[] = new byte[] { (byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00 };

//Localized authkey for oldprivPass.
byte authkey[] = USMUtils.password_to_key(21, oldprivPass.getBytes(), oldprivPass.getBytes().length, engineID, 47);

//Localized authkey for newprivPass.
byte newAuthkey[] = USMUtils.password_to_key(21, newprivPass.getBytes(), newprivPass.getBytes().length, engineID, 47);

GenerateKeyChange keychange = new GenerateKeyChange();
byte keychan[] = keychange.genKeyChange (authkey, newAuthkey, random,32);


/************ Results obtained ****************/
/* Localized authkey value.
52 6f 5e ed 9f cc e2 6f 89 64 c2 93 07 87 d8 2b fa 24 a9 24
67 42 6c 2f 4b 09 19 2b e1 0d fa ec

Localized newAuthKey.
87 02 1d 7b d9 d1 01 ba 05 ea 6e 3b f9 d9 bd 4a 0d ad 14 1a
f6 d8 03 71 b5 b3 cc de a9 83 11 c4

KeyChange value is
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 4f 86 e0 ad 03 35 be 93
6e 0d 0b 00 4d a8 8e 36 0d ad 14 1a f6 d8 03 71 b5 b3 cc de
a9 83 11 c4
*/

}

public byte[] genKeyChange( byte oldkey[] , byte newkey[] , byte random[], int keyLength)
{
int authProtocol=22;
MessageDigest md = null;
try
{
md = MessageDigest.getInstance("MD5");
}
catch(Exception e)
{
System.out.println(" EXXXV "+ e);
return null;
}

// step1:- copy the oldkey to temp variable.
byte temp[] = new byte[keyLength];
System.arraycopy(oldkey,0,temp,0,temp.length);

//step2:- temp || random.
// The random value is appended to the temp variable.

byte[] temp2 = new byte[random.length+temp.length];

System.arraycopy(temp,0,temp2,0,temp.length);
System.arraycopy (random,0,temp2,temp.length,random.length);

//step 3:- temp = MD5 (temp || random);
temp = md.digest(temp2);

// copy the temp variable to another variable.
byte temp3[] = new byte[ temp.length];
System.arraycopy(temp,0,temp3,0,temp.length);


//step4: - keyNew[i*16 .. (i*16)+15] =
// temp XOR delta[i*16 .. (i*16)+15];
//Check the keylength.
if((keyLength - temp.length) >0 )
{
if((keyLength - temp.length) ==16)
{
for( int j=0; j < 16; j++)
newkey[j+16] ^= temp3[j];
}
}


//step 5:- keyNew[i*16 .. lenOfDelta-1] = temp XOR delta[i*16 .. lenOfDelta-1];

for(int i=0;i<16;i++)
newkey[i] ^= temp[i];

// step6:- random value is appended with newkey.
byte[] keychange = new byte[random.length*2];
System.arraycopy(random,0,keychange,0,random.lengt h);
System.arraycopy (newkey,0,keychange,random.length,keyLength);


return keychange;
}

}


---- Look forward your thoughts. ----------
Cheers
Ravikumar

--
This message was sent on behalf of ravikumar1984@gmail.com at openSubscriber.com
http://www.opensubscriber.com/messag...net/topic.html

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users