On Fri, Sep 13, 2019 at 3:07 PM Krishna Chaitanya
<chaitanya.m...@gmail.com> wrote:
>
> On Fri, Sep 13, 2019 at 12:58 AM Krishna Chaitanya
> <chaitanya.m...@gmail.com> wrote:
> >
> > Hi Guys,
> >
> > I am facing the exact problem
> > https://sourceforge.net/p/net-snmp/mailman/message/19231076/
> >
> > I am using authPriv, snmpd says USM processing completed, user
> > verified, but when trying to process scopedPDU it fails with "ASN.1
> > parse error" Any ideas?
> >
> > If I give EngineID and Credentials, Wireshark is able to decrypt the
> > packet and display as getBulkRequest with proper OIDs.
> > Logs:
> >
> > dumph_recv:           SNMP Version  02 01 03     Integer: 3 (0x03)
> > dumph_recv:           SNMPv3 Message
> > dumph_recv:             SNMP Version Number  02 01 03     Integer: 3 (0x03)
> > dumph_recv:             msgGlobalData
> > dumph_recv:               msgID  02 04 32 93 78 21     Integer:
> > 848525345 (0x32937821)
> > dumph_recv:               msgMaxSize  02 03 00 FF E3     Integer: 65507 
> > (0xFFE3)
> > dumph_recv:               msgFlags  04 01 07     String: .
> > dumph_recv:               msgSecurityModel  02 01 03     Integer: 3 (0x03)
> > dumph_recv:             SM msgSecurityParameters
> > usm: USM processing begun...
> > dumph_recv:               msgAuthoritativeEngineID  #################
> > dumph_recv:               msgAuthoritativeEngineBoots #######
> > dumph_recv:               msgAuthoritativeEngineTime #########
> > dumph_recv:               msgUserName  #######
> > dumph_recv:               msgAuthenticationParameters  ###########
> > dumph_recv:               msgPrivacyParameters  ##########
> > usm: match on user privUser
> > usm: Verification succeeded.
> > usm: USM processing completed.
> > dumph_recv:               ScopedPDU
> > snmp_parse: Parsed SNMPv3 message (secName:privUser,
> > secLevel:authPriv): ASN.1 parse error in message
> >
> > Any help is appreciated.
> >
> The wireshark reports "Data not conforming to RFC3411", there was a bug in
> earlier version, but even the latest version says this, so, probably
> something wrong
> with ASN.1 format? It expects the EngineID to be 8 bytes (after
> removing the 5 bytes of
> enterprise + 5th octet) for NET-SNMP enterprise, but its actually 12 bytes?
> 04 11 80 00 1F 88 80 D2 F2 6E 14 8C 5F 4C 5D 00 (random + time)
>
> If I configure a custom engineId in snmpd.conf, then the wireshark
> error is gone, but the issue
> of ASN.1 error still persists.
>
> 04 0C 80 00 1f 88 04 22 68 65 6c 6c 6f 22 ("hello")
Did some experiments: At least able to get 1 combo working.

With
NET-SNMP version:  5.7.3 + OpenSSL 1.0.2g  1 Mar 2016
  Both AES and DES doesn't work

With
NET-SNMP version:  5.8 (git) + OpenSSL 1.1.1  11 Sep 2018
AES works but DES doesn't.

In the case of DES, the decrypted Scoped PDU is different compared
to Wireshark, so, probably decrypted wrongly.


_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to