Hi Krishna, Can you please try the Net-SNMP-5.7.3 with OpenSSL-1.1.0g once? Hope there will be no issues with AES/DES!
On Fri, Sep 13, 2019 at 8:08 PM Krishna Chaitanya <chaitanya.m...@gmail.com> wrote: > On Fri, Sep 13, 2019 at 3:07 PM Krishna Chaitanya > <chaitanya.m...@gmail.com> wrote: > > > > On Fri, Sep 13, 2019 at 12:58 AM Krishna Chaitanya > > <chaitanya.m...@gmail.com> wrote: > > > > > > Hi Guys, > > > > > > I am facing the exact problem > > > https://sourceforge.net/p/net-snmp/mailman/message/19231076/ > > > > > > I am using authPriv, snmpd says USM processing completed, user > > > verified, but when trying to process scopedPDU it fails with "ASN.1 > > > parse error" Any ideas? > > > > > > If I give EngineID and Credentials, Wireshark is able to decrypt the > > > packet and display as getBulkRequest with proper OIDs. > > > Logs: > > > > > > dumph_recv: SNMP Version 02 01 03 Integer: 3 (0x03) > > > dumph_recv: SNMPv3 Message > > > dumph_recv: SNMP Version Number 02 01 03 Integer: 3 > (0x03) > > > dumph_recv: msgGlobalData > > > dumph_recv: msgID 02 04 32 93 78 21 Integer: > > > 848525345 (0x32937821) > > > dumph_recv: msgMaxSize 02 03 00 FF E3 Integer: > 65507 (0xFFE3) > > > dumph_recv: msgFlags 04 01 07 String: . > > > dumph_recv: msgSecurityModel 02 01 03 Integer: 3 > (0x03) > > > dumph_recv: SM msgSecurityParameters > > > usm: USM processing begun... > > > dumph_recv: msgAuthoritativeEngineID ################# > > > dumph_recv: msgAuthoritativeEngineBoots ####### > > > dumph_recv: msgAuthoritativeEngineTime ######### > > > dumph_recv: msgUserName ####### > > > dumph_recv: msgAuthenticationParameters ########### > > > dumph_recv: msgPrivacyParameters ########## > > > usm: match on user privUser > > > usm: Verification succeeded. > > > usm: USM processing completed. > > > dumph_recv: ScopedPDU > > > snmp_parse: Parsed SNMPv3 message (secName:privUser, > > > secLevel:authPriv): ASN.1 parse error in message > > > > > > Any help is appreciated. > > > > > The wireshark reports "Data not conforming to RFC3411", there was a bug > in > > earlier version, but even the latest version says this, so, probably > > something wrong > > with ASN.1 format? It expects the EngineID to be 8 bytes (after > > removing the 5 bytes of > > enterprise + 5th octet) for NET-SNMP enterprise, but its actually 12 > bytes? > > 04 11 80 00 1F 88 80 D2 F2 6E 14 8C 5F 4C 5D 00 (random + time) > > > > If I configure a custom engineId in snmpd.conf, then the wireshark > > error is gone, but the issue > > of ASN.1 error still persists. > > > > 04 0C 80 00 1f 88 04 22 68 65 6c 6c 6f 22 ("hello") > Did some experiments: At least able to get 1 combo working. > > With > NET-SNMP version: 5.7.3 + OpenSSL 1.0.2g 1 Mar 2016 > Both AES and DES doesn't work > > With > NET-SNMP version: 5.8 (git) + OpenSSL 1.1.1 11 Sep 2018 > AES works but DES doesn't. > > In the case of DES, the decrypted Scoped PDU is different compared > to Wireshark, so, probably decrypted wrongly. > > > _______________________________________________ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > -- With Best Regards, Anandaprabu V <https://www.linkedin.com/in/anandaprabu-v-10867671/> Cell : +91 9500650885 | Skype : prabuvaradharajan
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders