On 8 March 2010 16:55, Shehzad Qureshi <shez...@gmail.com> wrote: > I'm writing a small application that takes an Ethernet frame (straight > from the kernel) and parses the SNMP data included within against a > set of rules to determine if the packet should be forwarded or > dropped. The application is for a small embedded gateway that sits > between the agent and client. > > So far I have been able to parse all the relevant data up to the > security parameters but when it comes to decrypting the AES-encrypted > pdu data using the privacy parameters, I am stumped. Whatever I print > out is garbage (I check my results against wireshark's results).
All I can suggest is that you try comparing the results of your code, with the equivalent results using the Net-SNMP library. Run an AES-encrypted query against an Net-SNMP-based agent, and check that this decrypts the request correctly. Use a debugger (or print statements) to dump the input parameters to the 'sc_decrypt()' routine. Then tweak your decryption code to take the "incoming packet" from a file rather than the network, and run this with the same packet received by the Net-SNMP agent. Compare the parameters passed to sc_decrypt with the corresponding information received or calculated by your decryption code. In particular, check that the value of IV that you calculate matches that passed to sc_decrypt(). If you can find something different in the data values you are working with, that should guide you as to where the problem might lie. Dave ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
