[erlang-questions] Reg: SNMP v3 not working with AES
Dominik Pawlak
dominik_pawlak@REDACTED
Thu Jun 1 09:52:00 CEST 2017
I guess not that many people are using snmp in erlang. I should have
made the PR a long time ago, but I never had the time. If you want, go
ahead and use the patch as base for a PR.
Best,
Dominik
On 31.05.2017 18:42, Alex Anto Navis Lawrence wrote:
> Hi Dominik,
>
> Thanks a lot for the help. I was on the same line of fix based on
> RFC-3826 <https://www.ietf.org/rfc/rfc3826.txt> (3.1.2.1. AES
> Encryption Key and IV) where I got the response and got stuck with
> decryption problem.
>
> Now I saw the patch and applied the remaining changes(git
> <https://github.com/alexnavis/otp/tree/fix_snmp_v3_aes>) on decryption
> got the whole thing workings. Thanks a lot for your help, you saved a
> lot for me.
>
> Any idea on this why this is not fixed in latest erlang code. ?. Can i
> be any help to make this to raise for a PR for the same. ?
>
> Thanks,
> Alex
>
> On Wed, May 31, 2017 at 7:41 PM, Dominik Pawlak
> <dominik_pawlak@REDACTED <mailto:dominik_pawlak@REDACTED>> wrote:
>
> Hello Alex,
> This looks similar to:
> http://erlang.org/pipermail/erlang-questions/2016-September/090132.html
> <http://erlang.org/pipermail/erlang-questions/2016-September/090132.html>
>
> Basically, there was a bug for AES encryption in snmp library
> (exactly what you are pointing in your mail). You can fix it by
> applying a patch that is attached in the above post.
>
> Best,
> Dominik Pawlak
>
>
> On 31.05.2017 10:10, Alex Anto Navis Lawrence wrote:
>> Hello friends,
>>
>> I have been trying to make the SNMP v3 work with AES, but
>> couldn't. Please find the code in the below gist.
>>
>> Erlang/OTP 19
>> Elixir: 1.4.2
>>
>> https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb
>> <https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb>
>>
>> *Problem:*
>> SNMP packet is sent out but there is no response from the server.
>> Code gist has the working Net-SNMP shell utility working command.
>> It fails in the receive block timeout since no packet is received
>> (I verified with wireshark). The same code works if it is the DES
>> algorithm.
>>
>> *Code:*
>>
>> From the erlang code for AES, it uses Local EngineBoots and
>> EngineTime to create the IV. SaltFun() is a incremental value
>> which is sent as part of the authorizationParameters in the UDP
>> headers. I feel using local engineBoots and engineTime might be
>> wrong since the remote agent will not have any idea about our
>> snmp_manager boots and engine time. Any thoughts on this ?
>>
>> |snmp_usm.erl. aes_encrypt(PrivKey, Data, SaltFun, EngineBoots,
>> EngineTime) -> AesKey = PrivKey, Salt = SaltFun(), IV =
>> list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
>> EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES, AesKey, IV,
>> Data), {ok, binary_to_list(EncData), Salt}.|
>>
>> Any pointers will be really helpful. Thanks.
>>
>>
>> --
>> Thanks,
>> Alex Anto Navis. L
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
>> http://erlang.org/mailman/listinfo/erlang-questions
>> <http://erlang.org/mailman/listinfo/erlang-questions>
>
>
>
>
> --
> Thanks,
> Alex Anto Navis. L
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170601/b2481b8f/attachment.htm>
More information about the erlang-questions
mailing list