[erlang-questions] Reg: SNMP v3 not working with AES

Alex Anto Navis Lawrence laan.sachin@REDACTED
Wed May 31 18:42:06 CEST 2017

Hi Dominik,

Thanks a lot for the help. I was on the same line of fix based on RFC-3826
<https://www.ietf.org/rfc/rfc3826.txt> ( AES Encryption Key and IV)
where I got the response and got stuck with decryption problem.

Now I saw the patch and applied the remaining changes(git
<https://github.com/alexnavis/otp/tree/fix_snmp_v3_aes>) on decryption got
the whole thing workings. Thanks a lot for your help, you saved a lot for
me. ��

Any idea on this why this is not fixed in latest erlang code. ?. Can i be
any help to make this to raise for a PR for the same. ?


On Wed, May 31, 2017 at 7:41 PM, Dominik Pawlak <dominik_pawlak@REDACTED>

> Hello Alex,
> This looks similar to:
> http://erlang.org/pipermail/erlang-questions/2016-September/090132.html
> Basically, there was a bug for AES encryption in snmp library (exactly
> what you are pointing in your mail). You can fix it by applying a patch
> that is attached in the above post.
> Best,
> Dominik Pawlak
> On 31.05.2017 10:10, Alex Anto Navis Lawrence wrote:
> Hello friends,
> I have been trying to make the SNMP v3 work with AES, but couldn't. Please
> find the code in the below gist.
> Erlang/OTP 19
> Elixir: 1.4.2
> https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb
> *Problem:*
> SNMP packet is sent out but there is no response from the server. Code
> gist has the working Net-SNMP shell utility working command.
> It fails in the receive block timeout since no packet is received (I
> verified with wireshark). The same code works if it is the DES algorithm.
> *Code:*
> From the erlang code for AES, it uses Local EngineBoots and EngineTime to
> create the IV. SaltFun() is a incremental value which is sent as part of
> the authorizationParameters in the UDP headers. I feel using local
> engineBoots and engineTime might be wrong since the remote agent will not
> have any idea about our snmp_manager boots and engine time. Any thoughts on
> this ?
> snmp_usm.erl.
> aes_encrypt(PrivKey, Data, SaltFun, EngineBoots, EngineTime) ->
>     AesKey = PrivKey,
>     Salt = SaltFun(),
>     IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
>     EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES,
> 				   AesKey, IV, Data),
>     {ok, binary_to_list(EncData), Salt}.
> Any pointers will be really helpful. Thanks.
> --
> Thanks,
> Alex Anto Navis. L
> _______________________________________________
> erlang-questions mailing listerlang-questions@REDACTED://erlang.org/mailman/listinfo/erlang-questions

Alex Anto Navis. L
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170601/d9d1bc7a/attachment.htm>

More information about the erlang-questions mailing list