PrivKey

async_snmp::v3

Struct PrivKey 

Source 
pub struct PrivKey { /* private fields */ }
Expand description

Privacy key for encryption/decryption operations.

Derives encryption keys from a password and engine ID using the same process as authentication keys, then uses the appropriate portion based on the privacy protocol.

§Security

Key material is automatically zeroed from memory when the key is dropped, using the zeroize crate. This provides defense-in-depth against memory scraping attacks.

Implementations§

Source§

impl PrivKey

Source

pub fn from_password( auth_protocol: AuthProtocol, priv_protocol: PrivProtocol, password: &[u8], engine_id: &[u8], ) -> Self

Derive a privacy key from a password and engine ID.

The key derivation uses the same algorithm as authentication keys (RFC 3414 A.2), but the resulting key is used differently:

  • DES: first 8 bytes = key, last 8 bytes = pre-IV
  • AES: first 16/24/32 bytes = key (depending on AES variant)
§Performance Note

This method performs the full key derivation (~850μs for SHA-256). When polling many engines with shared credentials, use MasterKey and call PrivKey::from_master_key for each engine.

§Auth/Priv Protocol Compatibility

The authentication protocol must produce sufficient key material for the privacy protocol. If not, a warning is logged and the key will be shorter than required, leading to runtime panics during encryption.

Use AuthProtocol::is_compatible_with to check compatibility:

Privacy ProtocolRequired Auth Protocols
DES, AES-128Any (MD5+)
AES-192SHA-224+
AES-256SHA-256+
§Panics

Panics during encryption if the privacy protocol requires a longer key than the authentication protocol provides.

Source

pub fn from_password_extended( auth_protocol: AuthProtocol, priv_protocol: PrivProtocol, password: &[u8], engine_id: &[u8], key_extension: KeyExtension, ) -> Self

Derive a privacy key with optional key extension.

When key_extension is super::KeyExtension::Blumenthal, this method extends the localized key to the required length for the privacy protocol, even when the authentication protocol produces insufficient key material.

This enables combinations like SHA-1 + AES-256 for interoperability with net-snmp and other implementations that support draft-blumenthal-aes-usm-04.

Source

pub fn from_master_key( master: &MasterKey, priv_protocol: PrivProtocol, engine_id: &[u8], ) -> Self

Derive a privacy key from a master key and engine ID.

This is the efficient path when you have a cached MasterKey. The master key’s auth protocol must be compatible with the privacy protocol.

§Auth/Priv Protocol Compatibility

The authentication protocol used for the master key must produce sufficient key material for the privacy protocol. See AuthProtocol::is_compatible_with.

§Panics

Panics during encryption if the privacy protocol requires a longer key than the authentication protocol provides.

Source

pub fn from_bytes(protocol: PrivProtocol, key: impl Into<Vec<u8>>) -> Self

Create a privacy key from raw localized key bytes.

Source

pub fn protocol(&self) -> PrivProtocol

Get the privacy protocol.

Source

pub fn encryption_key(&self) -> &[u8]

Get the encryption key portion.

Source

pub fn encrypt( &mut self, plaintext: &[u8], engine_boots: u32, engine_time: u32, salt_counter: Option<&SaltCounter>, ) -> Result<(Bytes, Bytes)>

Encrypt data and return (ciphertext, privParameters).

§Arguments
  • plaintext - The data to encrypt (typically the serialized ScopedPDU)
  • engine_boots - The authoritative engine’s boot count
  • engine_time - The authoritative engine’s time
  • salt_counter - Optional shared salt counter; if None, uses internal counter
§Returns
  • Ok((ciphertext, priv_params)) on success
  • Err on encryption failure
Source

pub fn decrypt( &self, ciphertext: &[u8], engine_boots: u32, engine_time: u32, priv_params: &[u8], ) -> Result<Bytes>

Decrypt data using the privParameters from the message.

§Arguments
  • ciphertext - The encrypted data
  • engine_boots - The authoritative engine’s boot count (from message)
  • engine_time - The authoritative engine’s time (from message)
  • priv_params - The privParameters field from the message
§Returns
  • Ok(plaintext) on success
  • Err on decryption failure

Trait Implementations§

Source§

impl Clone for PrivKey

Source§

fn clone(&self) -> PrivKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PrivKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for PrivKey

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl Zeroize for PrivKey

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more