[erlang-questions] Reg: SNMP v3 not working with AES

Alex Anto Navis Lawrence laan.sachin@REDACTED
Wed May 31 18:42:06 CEST 2017


Hi Dominik,

Thanks a lot for the help. I was on the same line of fix based on RFC-3826
<https://www.ietf.org/rfc/rfc3826.txt> (3.1.2.1. AES Encryption Key and IV)
where I got the response and got stuck with decryption problem.

Now I saw the patch and applied the remaining changes(git
<https://github.com/alexnavis/otp/tree/fix_snmp_v3_aes>) on decryption got
the whole thing workings. Thanks a lot for your help, you saved a lot for
me. ��

Any idea on this why this is not fixed in latest erlang code. ?. Can i be
any help to make this to raise for a PR for the same. ?

Thanks,
Alex

On Wed, May 31, 2017 at 7:41 PM, Dominik Pawlak <dominik_pawlak@REDACTED>
wrote:

> Hello Alex,
> This looks similar to:
> http://erlang.org/pipermail/erlang-questions/2016-September/090132.html
>
> Basically, there was a bug for AES encryption in snmp library (exactly
> what you are pointing in your mail). You can fix it by applying a patch
> that is attached in the above post.
>
> Best,
> Dominik Pawlak
>
>
> On 31.05.2017 10:10, Alex Anto Navis Lawrence wrote:
>
> Hello friends,
>
> I have been trying to make the SNMP v3 work with AES, but couldn't. Please
> find the code in the below gist.
>
> Erlang/OTP 19
> Elixir: 1.4.2
>
> https://gist.github.com/alexnavis/8eec113cabc47a43a5a6d1eb870352fb
>
> *Problem:*
> SNMP packet is sent out but there is no response from the server. Code
> gist has the working Net-SNMP shell utility working command.
> It fails in the receive block timeout since no packet is received (I
> verified with wireshark). The same code works if it is the DES algorithm.
>
> *Code:*
>
> From the erlang code for AES, it uses Local EngineBoots and EngineTime to
> create the IV. SaltFun() is a incremental value which is sent as part of
> the authorizationParameters in the UDP headers. I feel using local
> engineBoots and engineTime might be wrong since the remote agent will not
> have any idea about our snmp_manager boots and engine time. Any thoughts on
> this ?
>
> snmp_usm.erl.
> aes_encrypt(PrivKey, Data, SaltFun, EngineBoots, EngineTime) ->
>     AesKey = PrivKey,
>     Salt = SaltFun(),
>     IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
>     EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES,
> 				   AesKey, IV, Data),
>     {ok, binary_to_list(EncData), Salt}.
>
> Any pointers will be really helpful. Thanks.
>
>
> --
> Thanks,
> Alex Anto Navis. L
>
>
> _______________________________________________
> erlang-questions mailing listerlang-questions@REDACTED://erlang.org/mailman/listinfo/erlang-questions
>
>
>


-- 
Thanks,
Alex Anto Navis. L
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170601/d9d1bc7a/attachment.htm>


More information about the erlang-questions mailing list