On Fri, Sep 13, 2019 at 3:07 PM Krishna Chaitanya <chaitanya.m...@gmail.com> wrote: > > On Fri, Sep 13, 2019 at 12:58 AM Krishna Chaitanya > <chaitanya.m...@gmail.com> wrote: > > > > Hi Guys, > > > > I am facing the exact problem > > https://sourceforge.net/p/net-snmp/mailman/message/19231076/ > > > > I am using authPriv, snmpd says USM processing completed, user > > verified, but when trying to process scopedPDU it fails with "ASN.1 > > parse error" Any ideas? > > > > If I give EngineID and Credentials, Wireshark is able to decrypt the > > packet and display as getBulkRequest with proper OIDs. > > Logs: > > > > dumph_recv: SNMP Version 02 01 03 Integer: 3 (0x03) > > dumph_recv: SNMPv3 Message > > dumph_recv: SNMP Version Number 02 01 03 Integer: 3 (0x03) > > dumph_recv: msgGlobalData > > dumph_recv: msgID 02 04 32 93 78 21 Integer: > > 848525345 (0x32937821) > > dumph_recv: msgMaxSize 02 03 00 FF E3 Integer: 65507 > > (0xFFE3) > > dumph_recv: msgFlags 04 01 07 String: . > > dumph_recv: msgSecurityModel 02 01 03 Integer: 3 (0x03) > > dumph_recv: SM msgSecurityParameters > > usm: USM processing begun... > > dumph_recv: msgAuthoritativeEngineID ################# > > dumph_recv: msgAuthoritativeEngineBoots ####### > > dumph_recv: msgAuthoritativeEngineTime ######### > > dumph_recv: msgUserName ####### > > dumph_recv: msgAuthenticationParameters ########### > > dumph_recv: msgPrivacyParameters ########## > > usm: match on user privUser > > usm: Verification succeeded. > > usm: USM processing completed. > > dumph_recv: ScopedPDU > > snmp_parse: Parsed SNMPv3 message (secName:privUser, > > secLevel:authPriv): ASN.1 parse error in message > > > > Any help is appreciated. > > > The wireshark reports "Data not conforming to RFC3411", there was a bug in > earlier version, but even the latest version says this, so, probably > something wrong > with ASN.1 format? It expects the EngineID to be 8 bytes (after > removing the 5 bytes of > enterprise + 5th octet) for NET-SNMP enterprise, but its actually 12 bytes? > 04 11 80 00 1F 88 80 D2 F2 6E 14 8C 5F 4C 5D 00 (random + time) > > If I configure a custom engineId in snmpd.conf, then the wireshark > error is gone, but the issue > of ASN.1 error still persists. > > 04 0C 80 00 1f 88 04 22 68 65 6c 6c 6f 22 ("hello") Did some experiments: At least able to get 1 combo working.
With NET-SNMP version: 5.7.3 + OpenSSL 1.0.2g 1 Mar 2016 Both AES and DES doesn't work With NET-SNMP version: 5.8 (git) + OpenSSL 1.1.1 11 Sep 2018 AES works but DES doesn't. In the case of DES, the decrypted Scoped PDU is different compared to Wireshark, so, probably decrypted wrongly. _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
