Last modified by Frank Fock on 2024/05/25 20:28
Show last authors
1 If a SNMPv3 security name is used by different agents (comand responders), it is necessary to **localize the keys** (passphrases) per agent. Key localization needs the authoritative engine ID of the target agent for the computation of the localized keys.
2
3 If agents do not use static engine IDs (which is **not** conforming to the SNMPv3 standard), this approach is not feasible because the engine ID might have changed between computation. In this case, a **separate USM instance** is required for each such agent.
4
5 The code snippets below illustrate these two approaches:
6
7 ==== Key Localization ====
8
9 {{code language="java"}}
10 OctetString sharedUserName = new OctetString("sharedUser");
11 Target[] targets = <some SNMPv3 SecureTarget instances>
12 DefaultUdpTransportMapping transport = new DefaultUdpTransportMapping();
13 Snmp snmp = new Snmp(transport);
14 snmp.listen();
15
16 // discover engine IDs and add localized users
17 SecurityProtocols secProtocols = SecurityProtocols.getInstance();
18 for (int i=0; i<targets.length; i++) {
19 Target t = targets[i];
20 byte[] engineID = snmp.discoverAuthoritativeEngineID(t.getAddress(), t.getTimeout());
21 OctetString authKey = new OctetString("md5Passphrase");
22 authKey = securityProtocols.passwordToKey(AuthMD5.getID(), authKey, engineID.getValue());
23 OctetString privKey = new OctetString("desPassphrase");
24 privKey = securityProtocols.passwordToKey(PrivDES.getID(), AuthMD5.getID(), privKey, egineID.getValue());
25 snmp.getUSM().addLocalizedUser(engineID, sharedUserName,
26 AuthMD5.getID(), authKey,
27 PrivDES.getID(), privKey);
28 }
29 {{/code}}
30
31 ==== USM Separation ====
32
33 {{code language="java"}}
34 SecurityProtocols.getInstance().addDefaultProtocols();
35
36 DefaultUdpTransportMapping transportCluster1 =
37 new DefaultUdpTransportMapping(new UdpAddress("0.0.0.0/0"));
38 DefaultUdpTransportMapping transportCluster2 =
39 new DefaultUdpTransportMapping(new UdpAddress("0.0.0.0/0"));
40
41 MessageDispatcher dispCluster1 = new MessageDispatcherImpl();
42 MessageDispatcher dispCluster2 = new MessageDispatcherImpl();
43
44 Snmp snmpCluster1 = new Snmp(dispCluster1, transportCluster1);
45 Snmp snmpCluster2 = new Snmp(dispCluster2, transportCluster1);
46
47 dispCluster1.addMessageProcessingModel(new MPv1());
48 dispCluster2.addMessageProcessingModel(new MPv2c());
49 localEngineID1 = new OctetString(
50 MPv3.createLocalEngineID(new OctetString("Cluster1"+
51 System.currentTimeMillis())));
52 localEngineID2 = new OctetString(
53 MPv3.createLocalEngineID(new OctetString("Cluster2"+
54 System.currentTimeMillis())));
55
56 USM usmCluster1 = new USM(SecurityProtocols.getInstance(), localEngineID1, 0);
57 USM usmCluster2 = new USM(SecurityProtocols.getInstance(), localEngineID2, 0);
58
59 dispCluster1.addMessageProcessingModel(new MPv3(usmCluster1));
60 dispCluster2.addMessageProcessingModel(new MPv3(usmCluster2));
61
62 snmpCluster1.getUSM().addUser(sharedUserName,
63 AuthMD5.getID(), new OctetString("md5Passphrase"),
64 PrivDES.getID(), new OctetString("desPassphrase"));
65 snmpCluster2.getUSM().addUser(sharedUserName,
66 AuthMD5.getID(), new OctetString("md5Passphrase"),
67 PrivDES.getID(), new OctetString("desPassphrase"));
68
69 transportCluster1.listen();
70 transportCluster2.listen();
71 {{/code}}