[erlang-bugs] snmp agent inform w/AES privacy not working
Daniel Goertzen
daniel.goertzen@REDACTED
Mon Feb 24 23:57:21 CET 2014
I am struggling to get SNMP informs with AES privacy working. I have no
problems with DES privacy on informs.
In snmpa_usm.erl I see that the *local engine* boots and time is passed to
snmp_usm:aes_encrypt() which forms part of the IV....
However RFC 3826 states that the *authoritative* engine boots and time
should be used, and in the case of informs the authoritative engine is the
inform target engine, not the local engine....
[from RFC 3826]
3.1.2.1. AES Encryption Key and IV
The first 128 bits of the localized key Kul are used as the AES
encryption key. The 128-bit IV is obtained as the concatenation of
the authoritative SNMP engine's 32-bit snmpEngineBoots, the SNMP
engine's 32-bit snmpEngineTime, and a local 64-bit integer. The 64-
bit integer is initialized to a pseudo-random value at boot time.
Could this be why AES privacy is not working for informs?
Dan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20140224/34b4980d/attachment.htm>
More information about the erlang-bugs
mailing list