<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    I guess not that many people are using snmp in erlang. I should have
    made the PR a long time ago, but I never had the time. If you want,
    go ahead and use the patch as base for a PR.<br>
    <br>
    Best,<br>
    Dominik<br>
    <br>
    <div class="moz-cite-prefix">On 31.05.2017 18:42, Alex Anto Navis
      Lawrence wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAMsDG5pOT5zPiD4qzFuHuGVVxq-KnaSTHim+drCxU9NU8CWT_Q@mail.gmail.com">
      <div dir="ltr">Hi Dominik,
        <div><br>
        </div>
        <div>Thanks a lot for the help. I was on the same line of fix
          based on <a href="https://www.ietf.org/rfc/rfc3826.txt"
            moz-do-not-send="true">RFC-3826</a> (3.1.2.1. AES Encryption
          Key and IV) where I got the response and got stuck with
          decryption problem.</div>
        <div><br>
        </div>
        <div>Now I saw the patch and applied the remaining changes(<a
            href="https://github.com/alexnavis/otp/tree/fix_snmp_v3_aes"
            moz-do-not-send="true">git</a>) on decryption got the whole
          thing workings. Thanks a lot for your help, you saved a lot
          for me. 👍</div>
        <div><br>
        </div>
        <div>Any idea on this why this is not fixed in latest erlang
          code. ?. Can i be any help to make this to raise for a PR for
          the same. ?</div>
        <div><br>
        </div>
        <div>Thanks,</div>
        <div>Alex</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, May 31, 2017 at 7:41 PM,
          Dominik Pawlak <span dir="ltr"><<a
              href="mailto:dominik_pawlak@yahoo.co.uk" target="_blank"
              moz-do-not-send="true">dominik_pawlak@yahoo.co.uk</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF"> Hello Alex,<br>
              This looks similar to:<br>
              <a class="m_4988979721684751569moz-txt-link-freetext"
href="http://erlang.org/pipermail/erlang-questions/2016-September/090132.html"
                target="_blank" moz-do-not-send="true">http://erlang.org/pipermail/<wbr>erlang-questions/2016-<wbr>September/090132.html</a><br>
              <br>
              Basically, there was a bug for AES encryption in snmp
              library (exactly what you are pointing in your mail). You
              can fix it by applying a patch that is attached in the
              above post.<br>
              <br>
              Best,<br>
              Dominik Pawlak
              <div>
                <div class="h5"><br>
                  <br>
                  <div class="m_4988979721684751569moz-cite-prefix">On
                    31.05.2017 10:10, Alex Anto Navis Lawrence wrote:<br>
                  </div>
                </div>
              </div>
              <blockquote type="cite">
                <div>
                  <div class="h5">
                    <div dir="ltr">
                      <div class="gmail_quote">
                        <div dir="ltr">Hello friends,
                          <div><br>
                          </div>
                          <div>I have been trying to make the SNMP v3
                            work with AES, but couldn't. Please find the
                            code in the below gist.</div>
                          <div><br>
                          </div>
                          <div>Erlang/OTP 19<br clear="all">
                            <div>Elixir: 1.4.2</div>
                            <div><br>
                            </div>
                            <div><a
href="https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb"
                                target="_blank" moz-do-not-send="true">https://gist.github.com/alexna<wbr>vis/8eec113cabc47a43a5a6d1eb87<wbr>0352fb</a><br>
                            </div>
                            <div><br>
                            </div>
                            <div><b>Problem:</b></div>
                            <div>SNMP packet is sent out but there is no
                              response from the server. Code gist has
                              the working Net-SNMP shell utility working
                              command.</div>
                            <div>It fails in the receive block timeout
                              since no packet is received (I verified
                              with wireshark). The same code works if it
                              is the DES algorithm.</div>
                            <div><br>
                            </div>
                            <div><b>Code:</b></div>
                            <div>
                              <p>From the erlang code for AES, it uses
                                Local EngineBoots and EngineTime to
                                create the IV. SaltFun() is a
                                incremental value which is sent as part
                                of the authorizationParameters in the
                                UDP headers. I feel using local
                                engineBoots and engineTime might be
                                wrong since the remote agent will not
                                have any idea about our snmp_manager
                                boots and engine time. Any thoughts on
                                this ?</p>
                              <pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:11.9px;margin-top:0px;margin-bottom:16px;font-stretch:normal;line-height:1.45;word-wrap:normal;padding:16px;overflow:auto;background-color:rgb(246,248,250);border-radius:3px;color:rgb(36,41,46)"><code style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:11.9px;padding:0px;margin:0px;background:transparent;border-radius:3px;word-break:normal;border:0px;display:inline;overflow:visible;line-height:inherit;word-wrap:normal">snmp_usm.erl.
aes_encrypt(PrivKey, Data, SaltFun, EngineBoots, EngineTime) ->
    AesKey = PrivKey,
    Salt = SaltFun(),
    IV = list_to_binary([?i32(EngineBoo<wbr>ts), ?i32(EngineTime) | Salt]),
    EncData = crypto:block_encrypt(?BLOCK_CI<wbr>PHER_AES, 
                                   AesKey, IV, Data),
    {ok, binary_to_list(EncData), Salt}.</code></pre>
                              <p>Any pointers will be really helpful.
                                Thanks.</p>
                              <span class="m_4988979721684751569HOEnZb"><font
                                  color="#888888">
                                  <p><br>
                                  </p>
                                </font></span></div>
                          </div>
                        </div>
                      </div>
                      -- <br>
                      <div class="m_4988979721684751569gmail_signature"
                        data-smartmail="gmail_signature">
                        <div dir="ltr">Thanks,
                          <div>Alex Anto Navis. L</div>
                        </div>
                      </div>
                    </div>
                    <br>
                    <fieldset
                      class="m_4988979721684751569mimeAttachmentHeader"></fieldset>
                    <br>
                  </div>
                </div>
                <pre>______________________________<wbr>_________________
erlang-questions mailing list
<a class="m_4988979721684751569moz-txt-link-abbreviated" href="mailto:erlang-questions@erlang.org" target="_blank" moz-do-not-send="true">erlang-questions@erlang.org</a>
<a class="m_4988979721684751569moz-txt-link-freetext" href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank" moz-do-not-send="true">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a>
</pre>
              </blockquote>
              <br>
            </div>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div class="gmail_signature" data-smartmail="gmail_signature">
          <div dir="ltr">Thanks,
            <div>Alex Anto Navis. L</div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>