[erlang-bugs] snmp agent inform w/AES privacy not working

Daniel Goertzen <>
Mon Feb 24 23:57:21 CET 2014


I am struggling to get SNMP informs with AES privacy working.  I have no
problems with DES privacy on informs.

In snmpa_usm.erl I see that the *local engine* boots and time is passed to
snmp_usm:aes_encrypt() which forms part of the IV....



However RFC 3826 states that the *authoritative* engine boots and time
should be used, and in the case of informs the authoritative engine is the
inform target engine, not the local engine....

[from RFC 3826]

3.1.2.1.  AES Encryption Key and IV

   The first 128 bits of the localized key Kul are used as the AES
   encryption key.  The 128-bit IV is obtained as the concatenation of
   the authoritative SNMP engine's 32-bit snmpEngineBoots, the SNMP
   engine's 32-bit snmpEngineTime, and a local 64-bit integer.  The 64-
   bit integer is initialized to a pseudo-random value at boot time.



Could this be why AES privacy is not working for informs?

Dan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20140224/34b4980d/attachment.html>


More information about the erlang-bugs mailing list