[erlang-questions] Reg: SNMP v3 not working with AES

Alex Anto Navis Lawrence laan.sachin@REDACTED
Wed May 31 10:10:19 CEST 2017


Hello friends,

I have been trying to make the SNMP v3 work with AES, but couldn't. Please
find the code in the below gist.

Erlang/OTP 19
Elixir: 1.4.2

https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb

*Problem:*
SNMP packet is sent out but there is no response from the server. Code gist
has the working Net-SNMP shell utility working command.
It fails in the receive block timeout since no packet is received (I
verified with wireshark). The same code works if it is the DES algorithm.

*Code:*

>From the erlang code for AES, it uses Local EngineBoots and EngineTime to
create the IV. SaltFun() is a incremental value which is sent as part of
the authorizationParameters in the UDP headers. I feel using local
engineBoots and engineTime might be wrong since the remote agent will not
have any idea about our snmp_manager boots and engine time. Any thoughts on
this ?

snmp_usm.erl.
aes_encrypt(PrivKey, Data, SaltFun, EngineBoots, EngineTime) ->
    AesKey = PrivKey,
    Salt = SaltFun(),
    IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
    EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES,
				   AesKey, IV, Data),
    {ok, binary_to_list(EncData), Salt}.

Any pointers will be really helpful. Thanks.


-- 
Thanks,
Alex Anto Navis. L
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170531/5df324e4/attachment.htm>


More information about the erlang-questions mailing list