Hi Krishna,

Can you please try the Net-SNMP-5.7.3 with OpenSSL-1.1.0g once? Hope there
will be no issues with AES/DES!

On Fri, Sep 13, 2019 at 8:08 PM Krishna Chaitanya <chaitanya.m...@gmail.com>
wrote:

> On Fri, Sep 13, 2019 at 3:07 PM Krishna Chaitanya
> <chaitanya.m...@gmail.com> wrote:
> >
> > On Fri, Sep 13, 2019 at 12:58 AM Krishna Chaitanya
> > <chaitanya.m...@gmail.com> wrote:
> > >
> > > Hi Guys,
> > >
> > > I am facing the exact problem
> > > https://sourceforge.net/p/net-snmp/mailman/message/19231076/
> > >
> > > I am using authPriv, snmpd says USM processing completed, user
> > > verified, but when trying to process scopedPDU it fails with "ASN.1
> > > parse error" Any ideas?
> > >
> > > If I give EngineID and Credentials, Wireshark is able to decrypt the
> > > packet and display as getBulkRequest with proper OIDs.
> > > Logs:
> > >
> > > dumph_recv:           SNMP Version  02 01 03     Integer: 3 (0x03)
> > > dumph_recv:           SNMPv3 Message
> > > dumph_recv:             SNMP Version Number  02 01 03     Integer: 3
> (0x03)
> > > dumph_recv:             msgGlobalData
> > > dumph_recv:               msgID  02 04 32 93 78 21     Integer:
> > > 848525345 (0x32937821)
> > > dumph_recv:               msgMaxSize  02 03 00 FF E3     Integer:
> 65507 (0xFFE3)
> > > dumph_recv:               msgFlags  04 01 07     String: .
> > > dumph_recv:               msgSecurityModel  02 01 03     Integer: 3
> (0x03)
> > > dumph_recv:             SM msgSecurityParameters
> > > usm: USM processing begun...
> > > dumph_recv:               msgAuthoritativeEngineID  #################
> > > dumph_recv:               msgAuthoritativeEngineBoots #######
> > > dumph_recv:               msgAuthoritativeEngineTime #########
> > > dumph_recv:               msgUserName  #######
> > > dumph_recv:               msgAuthenticationParameters  ###########
> > > dumph_recv:               msgPrivacyParameters  ##########
> > > usm: match on user privUser
> > > usm: Verification succeeded.
> > > usm: USM processing completed.
> > > dumph_recv:               ScopedPDU
> > > snmp_parse: Parsed SNMPv3 message (secName:privUser,
> > > secLevel:authPriv): ASN.1 parse error in message
> > >
> > > Any help is appreciated.
> > >
> > The wireshark reports "Data not conforming to RFC3411", there was a bug
> in
> > earlier version, but even the latest version says this, so, probably
> > something wrong
> > with ASN.1 format? It expects the EngineID to be 8 bytes (after
> > removing the 5 bytes of
> > enterprise + 5th octet) for NET-SNMP enterprise, but its actually 12
> bytes?
> > 04 11 80 00 1F 88 80 D2 F2 6E 14 8C 5F 4C 5D 00 (random + time)
> >
> > If I configure a custom engineId in snmpd.conf, then the wireshark
> > error is gone, but the issue
> > of ASN.1 error still persists.
> >
> > 04 0C 80 00 1f 88 04 22 68 65 6c 6c 6f 22 ("hello")
> Did some experiments: At least able to get 1 combo working.
>
> With
> NET-SNMP version:  5.7.3 + OpenSSL 1.0.2g  1 Mar 2016
>   Both AES and DES doesn't work
>
> With
> NET-SNMP version:  5.8 (git) + OpenSSL 1.1.1  11 Sep 2018
> AES works but DES doesn't.
>
> In the case of DES, the decrypted Scoped PDU is different compared
> to Wireshark, so, probably decrypted wrongly.
>
>
> _______________________________________________
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>


-- 
With Best Regards,
Anandaprabu V <https://www.linkedin.com/in/anandaprabu-v-10867671/>
Cell : +91 9500650885 | Skype : prabuvaradharajan
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to