[erlang-questions] Reg: SNMP v3 not working with AES
Dominik Pawlak
dominik_pawlak@REDACTED
Wed May 31 13:41:16 CEST 2017
Hello Alex,
This looks similar to:
http://erlang.org/pipermail/erlang-questions/2016-September/090132.html
Basically, there was a bug for AES encryption in snmp library (exactly
what you are pointing in your mail). You can fix it by applying a patch
that is attached in the above post.
Best,
Dominik Pawlak
On 31.05.2017 10:10, Alex Anto Navis Lawrence wrote:
> Hello friends,
>
> I have been trying to make the SNMP v3 work with AES, but couldn't.
> Please find the code in the below gist.
>
> Erlang/OTP 19
> Elixir: 1.4.2
>
> https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb
> <https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb>
>
> *Problem:*
> SNMP packet is sent out but there is no response from the server. Code
> gist has the working Net-SNMP shell utility working command.
> It fails in the receive block timeout since no packet is received (I
> verified with wireshark). The same code works if it is the DES algorithm.
>
> *Code:*
>
> From the erlang code for AES, it uses Local EngineBoots and EngineTime
> to create the IV. SaltFun() is a incremental value which is sent as
> part of the authorizationParameters in the UDP headers. I feel using
> local engineBoots and engineTime might be wrong since the remote agent
> will not have any idea about our snmp_manager boots and engine time.
> Any thoughts on this ?
>
> |snmp_usm.erl. aes_encrypt(PrivKey, Data, SaltFun, EngineBoots,
> EngineTime) -> AesKey = PrivKey, Salt = SaltFun(), IV =
> list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]), EncData
> = crypto:block_encrypt(?BLOCK_CIPHER_AES, AesKey, IV, Data), {ok,
> binary_to_list(EncData), Salt}.|
>
> Any pointers will be really helpful. Thanks.
>
>
> --
> Thanks,
> Alex Anto Navis. L
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170531/1474fd75/attachment.htm>
More information about the erlang-questions
mailing list