Package uk.co.westhawk.snmp.util
Class SnmpUtilities
java.lang.Object
uk.co.westhawk.snmp.util.SnmpUtilities
This class contains utilities for key and authentication encoding.
See SNMP-USER-BASED-SM-MIB.
- Version:
- $Revision: 1.27 $ $Date: 2009/03/05 12:57:57 $
- Author:
- Tim Panton
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic final byte[]AESdecrypt(byte[] ciphertext, byte[] secretPrivacyKey, int engineBoots, int engineTime, byte[] salt) Decrypts using AES.static byte[]AESencrypt(byte[] plaintext, byte[] secretPrivacyKey, int engineBoots, int engineTime, byte[] salt) Encrypts bytes using AES.static booleanareBytesEqual(byte[] array1, byte[] array2) Compaires two byte arrays and returns if they are equal.static voidcopyFingerprintToSnmpMessage(int authenticationProtocol, byte[] computedFingerprint, byte[] message, int fpPos) Copies the calculated fingerprint to the message at the specified position.static final byte[]DESdecrypt(byte[] encryptedText, byte[] salt, byte[] secretPrivacyKey) Decryptes bytes using DES.static final byte[]DESencrypt(byte[] plain, byte[] secretPrivacyKey, byte[] salt) Encrypts bytes using DES.static voidDumps (prints) the byte array.static byte[]getAESInitialValue(int engineBoots, int engineTime, byte[] salt) Returns the first 128 bits of the localized key Kul are used as the AES encryption key.static final byte[]getAESKey(byte[] secretPrivacyKey) Returns the first 128 bits of the localized key Kul are used as the AES encryption key.static final byte[]getDESInitialValue(byte[] secretPrivacyKey, byte[] salt) Returns the DES initial value.static final byte[]getDESKey(byte[] secretPrivacyKey) Returns the DES key.static final byte[]getFingerPrintMD5(byte[] key, byte[] message) Returns the 12 byte MD5 fingerprint.static final byte[]getFingerPrintSHA1(byte[] key, byte[] message) Returns the 12 byte SHA1 fingerprint.static byte[]getFingerPrintSHA224(byte[] key, byte[] message) Create a fingerprint using the SHA-224 algorithm with length 28 bytes for SNMPv3.static byte[]getFingerPrintSHA256(byte[] key, byte[] message) Create a fingerprint using the SHA-256 algorithm with length 24 bytes.static byte[]getFingerPrintSHA384(byte[] key, byte[] message) Create a fingerprint using the SHA-384 algorithm with length 36 bytes.static byte[]getFingerPrintSHA512(byte[] key, byte[] message) Create a fingerprint using the SHA-512 algorithm with length 48 bytes.static byte[]getLocalizedKeyMD5(byte[] passwKey, String engineId) Converts the user's password and the SNMP Engine Id to the localized key using the MD5 protocol.static byte[]getLocalizedKeySHA1(byte[] passwKey, String engineId) Converts the user's password and the SNMP Engine Id to the localized key using the SHA protocol.static byte[]getLocalizedKeySHA224(byte[] passwKey, String snmpEngineId) Converts the user's password and the SNMP Engine Id to the localized keystatic byte[]getLocalizedKeySHA256(byte[] passwKey, String snmpEngineId) Converts the user's password and the SNMP Engine Id to the localized keystatic byte[]getLocalizedKeySHA384(byte[] passwKey, String snmpEngineId) Converts the user's password and the SNMP Engine Id to the localized keystatic byte[]getLocalizedKeySHA512(byte[] passwKey, String snmpEngineId) Converts the user's password and the SNMP Engine Id to the localized key using the SHA-512 protocol.static byte[]Returns the AES salt.static final byte[]getSaltDES(int snmpEngineBoots) Returns the DES salt.static StringgetSnmpVersionString(int version) Returns the String representation of the SNMP version number.static byte[]initFingerprint(int authenticationProtocol) Returns an `AsnOctets` object with a dummy fingerprint based on the authentication protocol.static bytelongToByte(long l) Converts one long value to its byte value.static byte[]longToByte(long[] l) Converts an array of long values to its array of byte values.static byte[]passwordToKeyMD5(String password) Converts the user's password to an authentication key using the MD5 protocol.static byte[]passwordToKeySHA1(String password) Converts the user's password to an authentication key using the SHA1 protocol.static byte[]passwordToKeySHA224(String userPrivacyPassword) Converts the user's passphrase into a 28-byte SHA-224 key by hashing one megabyte of repeated passphrase data.static byte[]passwordToKeySHA256(String userPrivacyPassword) Converts the user's passphrase into a 32-byte SHA-256 key by hashing one megabyte of repeated passphrase data.static byte[]passwordToKeySHA384(String userPrivacyPassword) Converts the user's passphrase into a 48-byte SHA-384 key by hashing one megabyte of repeated passphrase data.static byte[]passwordToKeySHA512(String userPrivacyPassword) Converts the user's passphrase into a 64-byte SHA-512 key by hashing one megabyte of repeated passphrase data.static byte[]Converts a hexadecimal ASCII string to a byte array.static StringtoHex(int val) Converts one int to a hexadecimal ASCII string.static StringtoHexString(byte[] bytes) Converts a byte array to a hexadecimal ASCII string.
-
Constructor Details
-
SnmpUtilities
public SnmpUtilities()
-
-
Method Details
-
getSnmpVersionString
Returns the String representation of the SNMP version number.- Parameters:
version- The version number- Returns:
- The corresponding String.
-
toBytes
Converts a hexadecimal ASCII string to a byte array. The method is case insensitive, so F7 works as well as f7. The string should have the form F7d820 and should omit the '0x'. This method is the reverse oftoHexString.- Parameters:
hexStr- The string representing a hexadecimal number- Returns:
- the byte array of hexStr
- See Also:
-
longToByte
Converts one long value to its byte value.- Parameters:
l- The long value- Returns:
- It's byte value
- Throws:
IllegalArgumentException- when l is not in between 0 and 255.- Since:
- 4_14
- See Also:
-
longToByte
Converts an array of long values to its array of byte values.- Parameters:
l- The array of longs- Returns:
- The array of bytes
- Throws:
IllegalArgumentException- when one of the longs is not in between 0 and 255.- Since:
- 4_14
- See Also:
-
dumpBytes
Dumps (prints) the byte array. Debug method.- Parameters:
headerStr- String that will be printed as headerbytes- Bytes to be dumped as hex.
-
toHexString
Converts a byte array to a hexadecimal ASCII string. The string will be in upper case and does not start with '0x'. This method is the reverse oftoBytes.- Parameters:
bytes- The byte array- Returns:
- The string representing the byte array
- See Also:
-
toHex
Converts one int to a hexadecimal ASCII string.- Parameters:
val- The integer- Returns:
- The hex string
-
areBytesEqual
public static boolean areBytesEqual(byte[] array1, byte[] array2) Compaires two byte arrays and returns if they are equal.- Parameters:
array1- the first byte arrayarray2- the second byte array- Returns:
- whether they are equal of not.
-
getLocalizedKeyMD5
Converts the user's password and the SNMP Engine Id to the localized key using the MD5 protocol. Described in SNMP-USER-BASED-SM-MIB.- Parameters:
passwKey- The password keyengineId- The SNMP engine Id- See Also:
-
getLocalizedKeySHA1
Converts the user's password and the SNMP Engine Id to the localized key using the SHA protocol.- Parameters:
passwKey- The printable user passwordengineId- The SNMP engine Id- See Also:
-
passwordToKeySHA1
Converts the user's password to an authentication key using the SHA1 protocol. Note, this is not the same as generating the localized key as is described in SNMP-USER-BASED-SM-MIB.- Parameters:
password- The printable user password- See Also:
-
passwordToKeyMD5
Converts the user's password to an authentication key using the MD5 protocol. Note, this is not the same as generating the localized key as is described in SNMP-USER-BASED-SM-MIB.- Parameters:
password- The printable user password- See Also:
-
getFingerPrintMD5
public static final byte[] getFingerPrintMD5(byte[] key, byte[] message) Returns the 12 byte MD5 fingerprint.- Parameters:
key- The keymessage- The message- See Also:
-
getFingerPrintSHA1
public static final byte[] getFingerPrintSHA1(byte[] key, byte[] message) Returns the 12 byte SHA1 fingerprint.- Parameters:
key- The keymessage- The message- See Also:
-
getSaltDES
public static final byte[] getSaltDES(int snmpEngineBoots) Returns the DES salt. The "salt" value is generated by concatenating the 32-bit snmpEngineBoots value with a 32-bit counter value that the encryption engine maintains. This 32-bit counter will be initialised to some arbitrary value at boot time.See "A Practical Guide to SNMPv3 and Network Management" section 6.8 Privacy, p 194.
- Parameters:
snmpEngineBoots- The (estimated) boots of the authoritative engine- Returns:
- The salt
-
getSaltAES
public static byte[] getSaltAES()Returns the AES salt.- Returns:
- The salt
-
getDESKey
Returns the DES key. The 16-byte secret privacy key is made up of 8 bytes that make up the DES key and 8 bytes used as a preinitialisation vector.- Parameters:
secretPrivacyKey- The secret privacy key- Returns:
- The key
- Throws:
PduException
-
getAESKey
Returns the first 128 bits of the localized key Kul are used as the AES encryption key.- Parameters:
secretPrivacyKey- The secret privacy key- Returns:
- The key
- Throws:
PduException
-
getDESInitialValue
public static final byte[] getDESInitialValue(byte[] secretPrivacyKey, byte[] salt) throws PduException Returns the DES initial value. The 16-byte secret privacy key is made up of 8 bytes that make up the DES key and 8 bytes used as a preinitialisation vector. The initialization vector that is used by the DES algorithm is the result of the 8-byte preinitialisation vector XOR-ed with the 8-byte "salt".- Parameters:
secretPrivacyKey- The secret privacy keysalt- The salt- Returns:
- The initial value
- Throws:
PduException
-
getAESInitialValue
public static byte[] getAESInitialValue(int engineBoots, int engineTime, byte[] salt) Returns the first 128 bits of the localized key Kul are used as the AES encryption key. RFC 3826 3.1.2.1 AES Encryption Key and IV. The 128-bit IV is obtained as the concatenation of the authoritative SNMP engine's 32-bit snmpEngineBoots, the SNMP engine's 32-bit snmpEngineTime, and a local 64-bit integer. The 64-bit integer is initialized to a pseudo-random value at boot time. -
AESencrypt
public static byte[] AESencrypt(byte[] plaintext, byte[] secretPrivacyKey, int engineBoots, int engineTime, byte[] salt) throws EncodingException Encrypts bytes using AES.- Parameters:
plaintext- The plain bytessecretPrivacyKey- The secret privacy keyengineBoots-engineTime-salt- The salt- Returns:
- The encrypted bytes
- Throws:
EncodingException
-
DESencrypt
public static final byte[] DESencrypt(byte[] plain, byte[] secretPrivacyKey, byte[] salt) throws EncodingException Encrypts bytes using DES. The plaintext needs to be a multiple of 8 octets. If it isn't, it will be padded at the end. This plaintext will be divided into 64-bit blocks. The plaintext for each block is XOR-ed with the "ciphertext" of the previous block. The result is then encrypted, added to the encrypted PDU portion of the message, and used as the "ciphertext" for the next block. For the first block, the initialization vector is used as the "ciphertext".- Parameters:
plain- The plain bytessecretPrivacyKey- The secret privacy keysalt- The salt- Returns:
- The encrypted bytes
- Throws:
EncodingException
-
DESdecrypt
public static final byte[] DESdecrypt(byte[] encryptedText, byte[] salt, byte[] secretPrivacyKey) throws DecodingException Decryptes bytes using DES.- If the length of the data portion is not a multiple of 8 bytes, the message is discarded.
- The first encrypted text block is decrypted. The decryption result is XOR-ed with the initialization vector, and the result is the first plaintext block.
- The rest of the encrypted text blocks are treated similarly. They are decrypted, with the results being XOR-ed with the previous encrypted text block to obtain the plaintext block.
- Parameters:
encryptedText- The encrypted textsalt- The saltsecretPrivacyKey- The secret privacy key- Returns:
- The decrypted bytes
- Throws:
DecodingException
-
AESdecrypt
public static final byte[] AESdecrypt(byte[] ciphertext, byte[] secretPrivacyKey, int engineBoots, int engineTime, byte[] salt) throws DecodingException Decrypts using AES. Note that it uses the _forward_ cipher mode.- Parameters:
ciphertext-secretPrivacyKey- The secret privacy keyengineBoots-engineTime-salt- The salt- Returns:
- The dencrypted bytes
- Throws:
DecodingException
-
passwordToKeySHA256
Converts the user's passphrase into a 32-byte SHA-256 key by hashing one megabyte of repeated passphrase data. (Based on the MD5/SHA1 approach in RFC 3414, extended for SHA-256.)- Parameters:
userPrivacyPassword- The user's passphrase
-
passwordToKeySHA384
Converts the user's passphrase into a 48-byte SHA-384 key by hashing one megabyte of repeated passphrase data. (Based on the MD5/SHA1 approach in RFC 3414, extended for SHA-384.)- Parameters:
userPrivacyPassword- The user's passphrase
-
passwordToKeySHA224
Converts the user's passphrase into a 28-byte SHA-224 key by hashing one megabyte of repeated passphrase data. (Based on the MD5/SHA1 approach in RFC 3414, extended for SHA-224.)- Parameters:
userPrivacyPassword- The user's passphrase
-
passwordToKeySHA512
Converts the user's passphrase into a 64-byte SHA-512 key by hashing one megabyte of repeated passphrase data. (Based on the MD5/SHA1 approach in RFC 3414, extended for SHA-512.)- Parameters:
userPrivacyPassword- The user's passphrase- Returns:
- A 64-byte derived key
-
getLocalizedKeySHA256
Converts the user's password and the SNMP Engine Id to the localized key- Parameters:
passwKey- The password keysnmpEngineId- The SNMP engine Id- Returns:
- localized key using the SHA-256 protocol
-
getLocalizedKeySHA384
Converts the user's password and the SNMP Engine Id to the localized key- Parameters:
passwKey- The password keysnmpEngineId- The SNMP engine Id- Returns:
- localized key using the SHA-384 protocol
-
getLocalizedKeySHA224
Converts the user's password and the SNMP Engine Id to the localized key- Parameters:
passwKey- The password keysnmpEngineId- The SNMP engine Id- Returns:
- localized key using the SHA-224 protocol
-
getFingerPrintSHA256
public static byte[] getFingerPrintSHA256(byte[] key, byte[] message) Create a fingerprint using the SHA-256 algorithm with length 24 bytes.- Parameters:
key- The key to use for the first digestmessage- The message to use for the second digest- Returns:
- The fingerprint of the message
-
getLocalizedKeySHA512
Converts the user's password and the SNMP Engine Id to the localized key using the SHA-512 protocol.- Parameters:
passwKey- The password keysnmpEngineId- The SNMP engine Id- Returns:
- localized key using the SHA-512 protocol
-
getFingerPrintSHA512
public static byte[] getFingerPrintSHA512(byte[] key, byte[] message) Create a fingerprint using the SHA-512 algorithm with length 48 bytes.- Parameters:
key- The key to use for the first digestmessage- The message to use for the second digest- Returns:
- The fingerprint of the message
-
getFingerPrintSHA224
public static byte[] getFingerPrintSHA224(byte[] key, byte[] message) Create a fingerprint using the SHA-224 algorithm with length 28 bytes for SNMPv3.- Parameters:
key- The key to use for the first digestmessage- The message to use for the second digest- Returns:
- The fingerprint of the message
-
getFingerPrintSHA384
public static byte[] getFingerPrintSHA384(byte[] key, byte[] message) Create a fingerprint using the SHA-384 algorithm with length 36 bytes.- Parameters:
key- The key to use for the first digestmessage- The message to use for the second digest- Returns:
- The fingerprint of the message
-
initFingerprint
public static byte[] initFingerprint(int authenticationProtocol) Returns an `AsnOctets` object with a dummy fingerprint based on the authentication protocol. Returns an empty `AsnOctets` if authentication is not used.- Parameters:
authenticationProtocol- The authentication protocol (e.g., SHA256, SHA1, etc.).- Returns:
- The corresponding fingerprint byte array
-
copyFingerprintToSnmpMessage
public static void copyFingerprintToSnmpMessage(int authenticationProtocol, byte[] computedFingerprint, byte[] message, int fpPos) Copies the calculated fingerprint to the message at the specified position.- Parameters:
authenticationProtocol- The authentication protocol (e.g., SHA256, SHA1, etc.).computedFingerprint- The calculated fingerprint.message- The message to which the fingerprint will be copied.fpPos- The position in the message where the fingerprint will be copied.
-