HP StorageWorks 2/140 FW 08.01.00 McDATA E/OS SNMP Support Manual (620-000131- - Page 505
The above two steps are repeated until the unused portion of the, keyNew component is L octets or less
View all HP StorageWorks 2/140 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 505 highlights
SNMPv3 MIB G length, the length of both the random and delta components is that fixed length; if P allows the length of K to be variable up to a particular maximum length, the length of the random component is that maximum length and the length of the delta component is any length less than or equal to that maximum length. For example, usmHMACMD5AuthProtocol requires K to be a fixed length of 16 octets and L - of 16 octets. usmHMACSHAAuthProtocol requires K to be a fixed length of 20 octets and L - of 20 octets. Other protocols may define other sizes, as deemed appropriate. When a requester wants to change the old key K to a new key keyNew on a remote entity, the 'random' component is obtained from either a true random generator, or from a pseudorandom generator, and the 'delta' component is computed as follows: • a temporary variable is initialized to the existing value of K; if the length of the keyNew is greater than L octets, then: • - the random component is appended to the value of the temporary variable, and the result is input to the the hash algorithm H to produce a digest value, and the temporary variable is set to this digest value; • - the value of the temporary variable is XOR-ed with the first (next) L-octets (16 octets in case of MD5) of the keyNew to produce the first (next) L-octets (16 octets in case of MD5) of the 'delta' component. The above two steps are repeated until the unused portion of the keyNew component is L octets or less,the random component is appended to the value of the temporary variable, and the result is input to the hash algorithm H to produce a digest value. This digest value, truncated if necessary to be the same length as the unused portion of the keyNew, is XOR-ed with the unused portion of the keyNew to produce the (final portion of the) 'delta' component. For example, using MD5 as the hash algorithm H: iterations = (lenOfDelta - 1)/16; /* integer division */ temp = keyOld; for (i = 0; i < iterations; i++) { temp = MD5 (temp || random); delta[i*16 .. (i*16)+15] = temp XOR keyNew[i*16 .. (i*16)+15]; } SNMPv3 MIB G-5