PrivKey

async_snmp::v3

Struct PrivKey 

Source 
pub struct PrivKey { /* private fields */ }
Expand description

Privacy key for encryption/decryption operations.

Derives encryption keys from a password and engine ID using the same process as authentication keys, then uses the appropriate portion based on the privacy protocol.

§Security

Key material is automatically zeroed from memory when the key is dropped, using the zeroize crate. This provides defense-in-depth against memory scraping attacks.

Implementations§

Source§

impl PrivKey

Source

pub fn from_password( auth_protocol: AuthProtocol, priv_protocol: PrivProtocol, password: &[u8], engine_id: &[u8], ) -> Self

Derive a privacy key from a password and engine ID.

The key derivation uses the same algorithm as authentication keys (RFC 3414 A.2), but the resulting key is used differently:

  • DES: first 8 bytes = key, last 8 bytes = pre-IV
  • 3DES: first 24 bytes = key, last 8 bytes = pre-IV
  • AES: first 16/24/32 bytes = key (depending on AES variant)

Key extension is automatically applied when needed based on the auth/priv protocol combination:

  • AES-192/256 with SHA-1 or MD5: Blumenthal extension (draft-blumenthal-aes-usm-04)
  • 3DES with SHA-1 or MD5: Reeder extension (draft-reeder-snmpv3-usm-3desede-00)
§Performance Note

This method performs the full key derivation (~850μs for SHA-256). When polling many engines with shared credentials, use MasterKey and call PrivKey::from_master_key for each engine.

§Example
use async_snmp::{AuthProtocol, PrivProtocol, v3::PrivKey};

let engine_id = [0x80, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04];

// SHA-1 only produces 20 bytes, but AES-256 needs 32.
// Blumenthal extension is automatically applied.
let priv_key = PrivKey::from_password(
    AuthProtocol::Sha1,
    PrivProtocol::Aes256,
    b"password",
    &engine_id,
);
Source

pub fn from_master_key( master: &MasterKey, priv_protocol: PrivProtocol, engine_id: &[u8], ) -> Self

Derive a privacy key from a master key and engine ID.

This is the efficient path when you have a cached MasterKey. Key extension is automatically applied when needed based on the auth/priv protocol combination:

  • AES-192/256 with SHA-1 or MD5: Blumenthal extension (draft-blumenthal-aes-usm-04)
  • 3DES with SHA-1 or MD5: Reeder extension (draft-reeder-snmpv3-usm-3desede-00)
§Example
use async_snmp::{AuthProtocol, MasterKey, PrivProtocol, v3::PrivKey};

let master = MasterKey::from_password(AuthProtocol::Sha1, b"password");
let engine_id = [0x80, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04];

// SHA-1 only produces 20 bytes, but AES-256 needs 32.
// Blumenthal extension is automatically applied.
let priv_key = PrivKey::from_master_key(&master, PrivProtocol::Aes256, &engine_id);
Source

pub fn from_bytes(protocol: PrivProtocol, key: impl Into<Vec<u8>>) -> Self

Create a privacy key from raw localized key bytes.

Source

pub fn protocol(&self) -> PrivProtocol

Get the privacy protocol.

Source

pub fn encryption_key(&self) -> &[u8]

Get the encryption key portion.

Source

pub fn encrypt( &mut self, plaintext: &[u8], engine_boots: u32, engine_time: u32, salt_counter: Option<&SaltCounter>, ) -> PrivacyResult<(Bytes, Bytes)>

Encrypt data and return (ciphertext, privParameters).

§Arguments
  • plaintext - The data to encrypt (typically the serialized ScopedPDU)
  • engine_boots - The authoritative engine’s boot count
  • engine_time - The authoritative engine’s time
  • salt_counter - Optional shared salt counter; if None, uses internal counter
§Returns
  • Ok((ciphertext, priv_params)) on success
  • Err on encryption failure
Source

pub fn decrypt( &self, ciphertext: &[u8], engine_boots: u32, engine_time: u32, priv_params: &[u8], ) -> PrivacyResult<Bytes>

Decrypt data using the privParameters from the message.

§Arguments
  • ciphertext - The encrypted data
  • engine_boots - The authoritative engine’s boot count (from message)
  • engine_time - The authoritative engine’s time (from message)
  • priv_params - The privParameters field from the message
§Returns
  • Ok(plaintext) on success
  • Err on decryption failure

Trait Implementations§

Source§

impl Clone for PrivKey

Source§

fn clone(&self) -> PrivKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PrivKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for PrivKey

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl Zeroize for PrivKey

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more