usmUserPrivKeyChange fails for users with SHA and DES

Fri, 16 Dec 2005 01:15:16 -0800

Hello All

 

 I am getting a generic error if I tried to change the privacy key using snmpusm if the initial user was configured with SHA and DES. I don’t think the problem is with snmpusm. Another SNMPv3 tool (Silver Creek) also fails with the same error. It works fine if the user is configured with MD5 and DES.

 

Details:

- I have ported net-snmp 5.2.1 to vxWorks and I have ported openssl algorithms ( MD5, SHA. AES and DES). The SNMP agent works fine with getting and setting mib objects when configured with the above authentication protocols and encryption protocols.

- I have configured an “admin” user with SHA1 and DES and gave RW access to all MIBS

- I have cloned a new user using snmpusm and I could change the authentication key but not the privacy key

 

- I have debugged this further and I found that it has to do with key lengths of the privacy key when the authentication protocol is SHA. My understanding was that the localized privacy key lengths depend upon the corresponding authentication protocol of the user. So if MD5 and DES are used, privacy key length is 16 bytes and if SHA and DES are used the privacy key length is 20 bytes. Am I wrong? Please clarify.

 

- Function trace in netsnmp code:

 write_usmUserPrivKeyChange() à decode_keychange()

 

 decode_keychange() returns SNMP_GEN_ERR because it fails the following test

 if (oldkey_len * 2) != kcstring_len)

 The actual values for oldkey_len == 20; kcstring_len == 32

 

 

The SNMP USM commands are below

 

-> snmpusm -v3 -u admin -l authPriv -a SHA -A xxxxxauthtest -x DES -X xxxxxprivtest xxx.xxx.xxx.xxx create test admin

-> User successfully created

 

-> snmpusm -v3 -u admin -l authPriv -a SHA -A xxxxxauthtest -x DES -X xxxxxprivtest xxx.xxx.xxx.xxx -Ca passwd xxxxxauthtest xxxxxauthyyyy test

  

-> SNMPv3 Key(s) successfully changed.

 

-> snmpusm -v3 -u admin -l authPriv -a SHA -A xxxxxauthtest -x DES -X xxxxxprivtest xxx.xxx.xxx.xxx -Cx passwd xxxxxprivtest xxxxxprivyyyy test

-> Error in packet.

      Reason: (genError) A general failure occured Failed object:

      SNMP-USER-BASED-SM-MIB::usmUserPrivKeyChange.".........Fa"."test"

 

 

Thanks

Anil

    

 

 

Reply via email to