Before encryption, the 'native' objects must be encoded into a
formatted Octet String. After decryption, the Octet String must
be decoded to obtain the 'native' objects.
Fields which contain integers must be in network byte order prior
to encryption of the formatted octet string. The network byte
order for the Internet protocol suite is big endian. The Berkeley
Software Distribution (BSD) functions htons and htonl will convert
two and four byte integers, respectively, from host to network
byte order. Likewise, the BSD functions ntohs and ntohl will
convert integers from network byte order to host byte order.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Salt |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| String ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
The data type of the non-encrypted 'native' data:
1 = Integer32
2 = OCTET STRING
Length
The length in octets of the native object sub-field of the
Octet String, exclusive of any optional padding. Note that the
Integrity Check sub-fields (CRC, OID-tail, Time Stamp, Source
IPv4 address) are not included in this length value, but since
the IC sub-fields are always present and are of fixed length,
there is no impediment to proper packet parsing.
Salt
The Salt field is two octets in length and is used to ensure the
uniqueness of the encryption key used to encrypt each object.
The most significant bit (leftmost) of the Salt field
MUST be set (1). The contents of each Salt field in a given
SNMP packet must be unique. This two-byte field must be in
network byte order (big endian).
String
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| CRC (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OID-tail (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time Stamp (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source IPv4 address (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Object/Padding ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The plain-text String field consists of six logical sub-fields:
the CRC, OID-tail, Time Stamp, Source IPv4 address and native Object
sub-fields (all of which are required), and the optional Padding
sub-field. The String field MUST be treated as a counted-string
of undistinguished octets, and not as a standard C/UNIX-style
null-terminated, printable ASCII string.
CRC Sub-field
The CRC sub-field contains a 32-bit CRC (CRC-32) calculated
over the following concatenated sub-fields of the String:
the OID-tail, Time Stamp, Source IPv4 address and unpadded native
Object fields. The CRC sub-field acts as an integrity check on
the decrypted data. This four-byte field must be in
network byte order (big endian).
OID-tail Sub-field
The OID-tail sub-field contains the least significant four octets
of the Object ID of the varbind. This field is included as an
integrity check on the OID of the varbind. This four-byte field
must be in network byte order (big endian).
Time Stamp Sub-field
The Time Stamp sub-field contains a 32-bit unsigned integer
value representing the time the encrypted message was assembled.
This field acts as an integrity check by facilitating the
disposal of stale or replayed messages. The time window of
acceptance is implementation dependent, and may be the subject
of local (i.e. managed entity) policy configuration. The Time
Stamp is relative time, in units of seconds, referenced to the
sysUpTime object of the managed entity. This four-byte field
must be in network byte order (big endian).
Source IPv4 address Sub-field
The Source IPv4 address sub-field contains an unsigned 32-bit
representation of the IPv4 address of the source of the encrypted
message. This is an added check to allow verification of the
source of the varbind. This four-byte field must be in
network byte order (big endian).
The CRC, OID-tail, Time Stamp, and Source IPv4 address sub-fields are
collectively hereinafter referred to as the Integrity Check (IC)
sub-fields.
Object/Padding Sub-field
Object
The Object sub-field contains the actual or native
object data followed by padding, if necessary.
If the 'native' data type is Integer32, this field
must be in network byte order (big endian).
Padding
If the combined length (in octets) of the non-encrypted
CRC, OID-tail, Time Stamp, Source IPv4 address, and native
Object sub-fields is not an even multiple of 16, then the
Padding sub-field MUST be present. If it is present, the
length of the Padding sub-field is variable, between 1 and
15 octets. The value of the pad octets MUST be zero.
Encrypting/Decrypting the String Field
The entire String field MUST be encrypted as follows, prior to
transmission:
Construct a plain-text version of the String field by
concatenating the CRC, OID-tail, Time Stamp, Source IPv4 address
and native Object sub-fields. If necessary, pad the resulting
string until its length (in octets) is an even multiple
of 16. It is required that zero octets (0x00) be used
for padding. Call this plain-text P.
Shared Secret
The shared secret is formed from the MAC (hardware)
address of the primary management interface of the
managed device (containing the RADIUS Client). The
MAC address is represented as upper-cased, dashed-ASCII
string, e.g. 08-00-2B-11-22-33. This string is not
null-terminated.
Authenticator
The 128-bit authenticator is a manageable object. This
field is a 16 byte (not null-terminated) ascii string. The
pre-defined factory default value is an Enterasys
Networks trade secret. The user is advised to change
it from the default value after initial configuration
of the system.
Call the shared secret S, the [pseudo-random] 128-bit
Authenticator R, and the contents of the Salt field A.
Break P into 16 octet chunks p(1), p(2)...p(i),
where i = len(P)/16. Call the cipher-text blocks
c(1), c(2)...c(i) and the final cipher-text C. Intermediate
values b(1), b(2)...c(i) are required. Encryption
performed in the following manner ('+' indicates concatenation):
b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1)
b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2)
. .
. .
. .
b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i)
The resulting encrypted String field will contain
c(1)+c(2)+...+c(i). |