/// <summary>Encode SNMP version 3 packet</summary>
/// <remarks>
/// Before encoding the packet into a byte array you need to ensure all required information is
/// set. Examples of required information is request type, Vbs (Oid + values pairs), USM settings including
/// SecretName, authentication method and secret (if needed), privacy method and secret (if needed), etc.
/// </remarks>
/// <returns>Byte array BER encoded SNMP packet.</returns>
public override byte[] Encode()
{
byte[] pkey = null;
byte[] akey = null;
if (messageFlags.Authentication && userSecurityModel.EngineId.Length > 0)
{
IAuthenticationDigest auth = Authentication.GetInstance(userSecurityModel.Authentication);
if (auth == null)
{
throw new SnmpException(SnmpException.EErrorCode.UnsupportedNoAuthPriv, "Invalid authentication protocol.");
}
akey = auth.PasswordToKey(userSecurityModel.AuthenticationSecret, userSecurityModel.EngineId);
if (messageFlags.Privacy && userSecurityModel.EngineId.Length > 0)
{
IPrivacyProtocol privacyProtocol = PrivacyProtocol.GetInstance(userSecurityModel.Privacy);
if (privacyProtocol == null)
{
throw new SnmpException(SnmpException.EErrorCode.UnsupportedPrivacyProtocol, "Specified privacy protocol is not supported.");
}
pkey = privacyProtocol.PasswordToKey(userSecurityModel.PrivacySecret, userSecurityModel.EngineId, auth);
}
}
return(Encode(akey, pkey));
}
/// <summary>Generate privacy key from authentication password and engine id</summary>
/// <returns>Privacy key on success or null on failure</returns>
public byte[] GeneratePrivacyKey()
{
if (userSecurityModel.Authentication == AuthenticationDigests.None)
{
return(null);
}
if (userSecurityModel.Privacy == EPrivacyProtocols.None)
{
return(null);
}
if (userSecurityModel.PrivacySecret == null || userSecurityModel.PrivacySecret.Length <= 0)
{
return(null);
}
IAuthenticationDigest authProto = Authentication.GetInstance(userSecurityModel.Authentication);
if (authProto != null)
{
IPrivacyProtocol privProto = PrivacyProtocol.GetInstance(userSecurityModel.Privacy);
if (privProto != null)
{
return(privProto.PasswordToKey(userSecurityModel.PrivacySecret, userSecurityModel.EngineId, authProto));
}
}
return(null);
}
/// <summary>Build cached authentication and privacy encryption keys if they are appropriate for the selected security mode.</summary>
/// <remarks>
/// This method should be called after discovery process has been completed and all security related values
/// have been set. For noAuthNoPriv, none of the keys are generated. authNoPriv will result in authentication
/// key cached. authPriv will generate authentication and privacy keys.
///
/// For successful key caching you need to set both relevant protocols and secret values.
/// </remarks>
public void BuildCachedSecurityKeys()
{
authenticationKey = privacyKey = null;
if (engineId == null || engineId.Length <= 0)
{
return;
}
if (authenticationSecret == null || authenticationSecret.Length <= 0)
{
return;
}
if (authenticationProtocol != AuthenticationDigests.None)
{
IAuthenticationDigest authProto = Security.Authentication.GetInstance(authenticationProtocol);
if (authProto != null)
{
authenticationKey = authProto.PasswordToKey(authenticationSecret, engineId);
if (privacyProtocol != EPrivacyProtocols.None && privacySecret != null && privacySecret.Length > 0)
{
IPrivacyProtocol privProto = PrivacyProtocol.GetInstance(privacyProtocol);
if (privProto != null)
{
privacyKey = privProto.PasswordToKey(privacySecret, engineId, authProto);
}
}
}
}
}
/// <summary>
/// Build cached authentication and privacy encryption keys if they are appropriate for the selected security mode.
/// </summary>
/// <remarks>
/// This method should be called after discovery process has been completed and all security related values
/// have been set. For noAuthNoPriv, none of the keys are generated. authNoPriv will result in authentication
/// key cached. authPriv will generate authentication and privacy keys.
///
/// For successful key caching you need to set both relevant protocols and secret values.
/// </remarks>
public void BuildCachedSecurityKeys()
{
_authenticationKey = _privacyKey = null;
if (_engineId == null || _engineId.Length <= 0)
{
return;
}
if (_authenticationSecret == null || _authenticationSecret.Length <= 0)
{
return;
}
if (_authenticationProtocol != AuthenticationDigests.None)
{
IAuthenticationDigest authProto = SnmpSharpNet.Authentication.GetInstance(_authenticationProtocol);
if (authProto != null)
{
_authenticationKey = authProto.PasswordToKey(_authenticationSecret, _engineId);
if (_privacyProtocol != PrivacyProtocols.None && _privacySecret != null && _privacySecret.Length > 0)
{
IPrivacyProtocol privProto = SnmpSharpNet.PrivacyProtocol.GetInstance(_privacyProtocol);
if (privProto != null)
{
_privacyKey = privProto.PasswordToKey(_privacySecret, _engineId, authProto);
}
}
}
}
}
/// <summary>
/// Generate privacy key from authentication password and engine id
/// </summary>
/// <returns>Privacy key on success or null on failure</returns>
public byte[] GeneratePrivacyKey()
{
if (USM.Authentication == AuthenticationDigests.None)
{
return(null);
}
if (USM.Privacy == PrivacyProtocols.None)
{
return(null);
}
if (USM.PrivacySecret == null || USM.PrivacySecret.Length <= 0)
{
return(null);
}
IAuthenticationDigest authProto = SnmpSharpNet.Authentication.GetInstance(USM.Authentication);
if (authProto != null)
{
IPrivacyProtocol privProto = SnmpSharpNet.PrivacyProtocol.GetInstance(USM.Privacy);
if (privProto != null)
{
return(privProto.PasswordToKey(USM.PrivacySecret, USM.EngineId, authProto));
}
}
return(null);
}
/// <summary>
/// Decode SNMP version 3 packet. This method will perform authentication check and decode privacy protected <see cref="ScopedPdu"/>. This method will
/// not check for the timeliness of the packet, correct engine boot value or engine id because it does not have a reference to the engine time prior to this call.
/// </summary>
/// <param name="berBuffer">BER encoded SNMP version 3 packet buffer</param>
/// <param name="length">Buffer length</param>
public override int Decode(byte[] berBuffer, int length)
{
byte[] pkey = null;
byte[] akey = null;
if (MsgFlags.Authentication && USM.EngineId.Length > 0)
{
IAuthenticationDigest auth = Authentication.GetInstance(USM.Authentication);
if (auth == null)
{
throw new SnmpException(SnmpException.UnsupportedNoAuthPriv, "Invalid authentication protocol.");
}
akey = auth.PasswordToKey(USM.AuthenticationSecret, USM.EngineId);
if (MsgFlags.Privacy && USM.EngineId.Length > 0)
{
IPrivacyProtocol privacyProtocol = PrivacyProtocol.GetInstance(USM.Privacy);
if (privacyProtocol == null)
{
throw new SnmpException(SnmpException.UnsupportedPrivacyProtocol, "Specified privacy protocol is not supported.");
}
pkey = privacyProtocol.PasswordToKey(USM.PrivacySecret, USM.EngineId, auth);
}
}
return(Decode(berBuffer, length, akey, pkey));
}
/// <summary>
/// Encode SNMP version 3 packet
/// </summary>
/// <remarks>
/// Before encoding the packet into a byte array you need to ensure all required information is
/// set. Examples of required information is request type, Vbs (Oid + values pairs), USM settings including
/// SecretName, authentication method and secret (if needed), privacy method and secret (if needed), etc.
/// </remarks>
/// <returns>Byte array BER encoded SNMP packet.</returns>
public override byte[] encode()
{
MutableByte buffer = new MutableByte();
// encode the global message data sequence header information
MutableByte globalMessageData = new MutableByte();
// if message id is 0 then generate a new, random message id
if (_messageId.Value == 0)
{
Random rand = new Random();
_messageId.Value = rand.Next(1, Int32.MaxValue);
}
// encode message id
_messageId.encode(globalMessageData);
// encode max message size
_maxMessageSize.encode(globalMessageData);
// message flags
_msgFlags.encode(globalMessageData);
// security model code
_securityModel.Value = _userSecurityModel.Type;
_securityModel.encode(globalMessageData);
// add global message data to the main buffer
// encode sequence header and add data
AsnType.BuildHeader(buffer, SnmpConstants.SMI_SEQUENCE, globalMessageData.Length);
buffer.Append(globalMessageData);
MutableByte packetHeader = new MutableByte(buffer);
// before going down this road, check if this is a discovery packet
OctetString savedUserName = new OctetString();
bool privacy = _msgFlags.Privacy;
bool authentication = _msgFlags.Authentication;
bool reportable = _msgFlags.Reportable;
if (_userSecurityModel.EngineId.Length <= 0)
{
// save USM settings prior to encoding a Discovery packet
savedUserName.Set(_userSecurityModel.SecurityName);
_userSecurityModel.SecurityName.Reset(); // delete security name for discovery packets
_msgFlags.Authentication = false;
_msgFlags.Privacy = false;
_msgFlags.Reportable = true;
}
_userSecurityModel.encode(buffer);
if (_userSecurityModel.EngineId.Length <= 0)
{
// restore saved USM values
_userSecurityModel.SecurityName.Set(savedUserName);
_msgFlags.Authentication = authentication;
_msgFlags.Privacy = privacy;
_msgFlags.Reportable = reportable;
}
// Check if privacy encryption is required
MutableByte encodedPdu = new MutableByte();
if (_msgFlags.Privacy && _userSecurityModel.EngineId.Length > 0)
{
IPrivacyProtocol privacyProtocol = PrivacyProtocol.GetInstance(_userSecurityModel.Privacy);
if (privacyProtocol == null)
{
throw new SnmpException(SnmpException.UnsupportedPrivacyProtocol, "Specified privacy protocol is not supported.");
}
// Get BER encoded ScopedPdu
MutableByte unencryptedPdu = new MutableByte();
_scopedPdu.encode(unencryptedPdu);
byte[] privacyParameters = null;
// we have to expand the key
IAuthenticationDigest auth = Authentication.GetInstance(_userSecurityModel.Authentication);
if (auth == null)
{
throw new SnmpException(SnmpException.UnsupportedNoAuthPriv, "Invalid authentication protocol. noAuthPriv mode not supported.");
}
byte[] pkey = privacyProtocol.PasswordToKey(_userSecurityModel.PrivacySecret, _userSecurityModel.EngineId, auth);
byte[] encryptedBuffer = privacyProtocol.Encrypt(unencryptedPdu, 0, unencryptedPdu.Length, pkey, _userSecurityModel.EngineBoots, _userSecurityModel.EngineTime, out privacyParameters, auth);
_userSecurityModel.PrivacyParameters.Set(privacyParameters);
OctetString encryptedOctetString = new OctetString(encryptedBuffer);
encryptedOctetString.encode(encodedPdu);
// now redo packet encoding
buffer.Reset();
buffer.Set(packetHeader);
_userSecurityModel.encode(buffer);
int preEncodedLength = encodedPdu.Length;
buffer.Append(encodedPdu);
if (_maxMessageSize.Value != 0)
{
// verify compliance with maximum message size
if ((encodedPdu.Length - preEncodedLength) > _maxMessageSize)
{
throw new SnmpException(SnmpException.MaximumMessageSizeExceeded, "ScopedPdu exceeds maximum message size.");
}
}
}
else
{
_scopedPdu.encode(encodedPdu);
buffer.Append(encodedPdu);
}
int preVersionLength = buffer.Length;
base.encode(buffer);
int versionHeaderLength = buffer.Length - preVersionLength;
if (_msgFlags.Authentication && _userSecurityModel.EngineId.Length > 0)
{
_userSecurityModel.Authenticate(ref buffer);
// Now re-encode the packet with the authentication information
_userSecurityModel.encode(packetHeader);
packetHeader.Append(encodedPdu);
base.encode(packetHeader);
buffer = packetHeader;
}
return(buffer);
}
