[erlang-questions] Reg: SNMP v3 not working with AES

Dominik Pawlak dominik_pawlak@REDACTED
Wed May 31 13:41:16 CEST 2017

Hello Alex,
This looks similar to:

Basically, there was a bug for AES encryption in snmp library (exactly 
what you are pointing in your mail). You can fix it by applying a patch 
that is attached in the above post.

Dominik Pawlak

On 31.05.2017 10:10, Alex Anto Navis Lawrence wrote:
> Hello friends,
> I have been trying to make the SNMP v3 work with AES, but couldn't. 
> Please find the code in the below gist.
> Erlang/OTP 19
> Elixir: 1.4.2
> https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb 
> <https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb>
> *Problem:*
> SNMP packet is sent out but there is no response from the server. Code 
> gist has the working Net-SNMP shell utility working command.
> It fails in the receive block timeout since no packet is received (I 
> verified with wireshark). The same code works if it is the DES algorithm.
> *Code:*
> From the erlang code for AES, it uses Local EngineBoots and EngineTime 
> to create the IV. SaltFun() is a incremental value which is sent as 
> part of the authorizationParameters in the UDP headers. I feel using 
> local engineBoots and engineTime might be wrong since the remote agent 
> will not have any idea about our snmp_manager boots and engine time. 
> Any thoughts on this ?
> |snmp_usm.erl. aes_encrypt(PrivKey, Data, SaltFun, EngineBoots, 
> EngineTime) -> AesKey = PrivKey, Salt = SaltFun(), IV = 
> list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]), EncData 
> = crypto:block_encrypt(?BLOCK_CIPHER_AES, AesKey, IV, Data), {ok, 
> binary_to_list(EncData), Salt}.|
> Any pointers will be really helpful. Thanks.
> -- 
> Thanks,
> Alex Anto Navis. L
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170531/1474fd75/attachment.htm>

More information about the erlang-questions mailing list