Re: snmp(1) & snmpd(8) saner crypto defaults

[Martijn van Duren]

To be absolutely clear: this only changes the defaults and only means
that people using snmp(1) against appliances with crappy digest/cipher
need to specify the crappy parameters via -a and -x. They will continue
to keep working.
In a similar fashion people using clients that don't support AES or the
SHA-2 set of digests can set DES with HMAC-sha1 or HMAC-md5 in
snmpd.conf(5) to keep things working.

On 10/28/19 8:02 AM, Martijn van Duren wrote:
> At the moment we are neither consistent nor really secure in what we 
> offer by default for snmp. For snmp(1) we default to MD-5 and DES and
> for snmpd(8) we default to SHA-1 and DES. Both are horrendously out of
> date.
> 
> Diff below updates both tools to use SHA-256 and AES by default.
> SHA-256 should still be reasonably secure by todays standards and less
> straining on older architectures, but I'm not objecting if people prefer
> to move to SHA-384 or HSA-512 by default.
> 
> Note that perl snmp client doesn't support the SHA-2 family of
> functions, so people using check_snmp_* with icinga or the likes will
> have to explicitly set auth to sha-1 if they want this to continue
> working. I once looked at the snmp code behind these tools and realised
> that I can't do perl.
> If someone out there with perl skills, who knows the perl community
> (because we want to upstream this) and wants to pick this up but doesn't
> know snmp I'm willing to help out in the specs department.
> 
> Thoughts? OK?
> 
> martijn@
> 
> Index: usr.bin/snmp/snmp.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/snmp/snmp.1,v
> retrieving revision 1.8
> diff -u -p -r1.8 snmp.1
> --- usr.bin/snmp/snmp.1       26 Oct 2019 17:43:52 -0000      1.8
> +++ usr.bin/snmp/snmp.1       28 Oct 2019 06:58:09 -0000
> @@ -178,7 +178,7 @@ Options are
>  or
>  .Cm SHA-512 .
>  This option defaults to
> -.Cm MD5 .
> +.Cm SHA-256 .
>  This option is only used by
>  .Fl v Cm 3 .
>  .It Fl C Ar appopt
> @@ -401,6 +401,8 @@ protocol.
>  Options are
>  .Cm DES
>  and
> +.Cm AES .
> +This option defaults to
>  .Cm AES .
>  This option is only used by
>  .Fl v Cm 3 .
> Index: usr.bin/snmp/snmpc.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/snmp/snmpc.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 snmpc.c
> --- usr.bin/snmp/snmpc.c      26 Oct 2019 19:34:15 -0000      1.17
> +++ usr.bin/snmp/snmpc.c      28 Oct 2019 06:58:09 -0000
> @@ -433,7 +433,7 @@ main(int argc, char *argv[])
>                       err(1, "usm_init");
>               if (seclevel & SNMP_MSGFLAG_AUTH) {
>                       if (md == NULL)
> -                             md = EVP_md5();
> +                             md = EVP_sha256();
>                       if (authkey == NULL)
>                               errx(1, "No authKey or authPassword specified");
>                       if (usm_setauth(sec, md, authkey, authkeylen,
> @@ -442,7 +442,7 @@ main(int argc, char *argv[])
>               }
>               if (seclevel & SNMP_MSGFLAG_PRIV) {
>                       if (cipher == NULL)
> -                             cipher = EVP_des_cbc();
> +                             cipher = EVP_aes_128_cfb128();
>                       if (privkey == NULL)
>                               errx(1, "No privKey or privPassword specified");
>                       if (usm_setpriv(sec, cipher, privkey, privkeylen,
> Index: usr.sbin/snmpd/snmpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/snmpd.conf.5,v
> retrieving revision 1.40
> diff -u -p -r1.40 snmpd.conf.5
> --- usr.sbin/snmpd/snmpd.conf.5       9 Aug 2019 08:12:04 -0000       1.40
> +++ usr.sbin/snmpd/snmpd.conf.5       28 Oct 2019 06:58:09 -0000
> @@ -249,7 +249,7 @@ must be either
>  or
>  .Ic hmac-sha512 .
>  If omitted the default is
> -.Ic hmac-sha1 .
> +.Ic hmac-sha256 .
>  .Pp
>  With
>  .Ic enckey
> @@ -265,7 +265,7 @@ algorithm can be either
>  or
>  .Ic aes
>  and defaults to
> -.Ic des .
> +.Ic aes .
>  .Pp
>  Any user account that has encryption enabled requires authentication to
>  be enabled too.
> Index: usr.sbin/snmpd/snmpd.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/snmpd.h,v
> retrieving revision 1.85
> diff -u -p -r1.85 snmpd.h
> --- usr.sbin/snmpd/snmpd.h    11 Jun 2019 05:36:32 -0000      1.85
> +++ usr.sbin/snmpd/snmpd.h    28 Oct 2019 06:58:09 -0000
> @@ -541,7 +541,7 @@ enum usmauth {
>       AUTH_SHA512     /* usmHMAC384SHA512AuthProtocol. RFC7860 */
>  };
>  
> -#define AUTH_DEFAULT AUTH_SHA1       /* Default digest */
> +#define AUTH_DEFAULT AUTH_SHA256     /* Default digest */
>  
>  enum usmpriv {
>       PRIV_NONE = 0,
> @@ -549,7 +549,7 @@ enum usmpriv {
>       PRIV_AES        /* CFB128-AES-128, RFC3826 */
>  };
>  
> -#define PRIV_DEFAULT PRIV_DES        /* Default cipher */
> +#define PRIV_DEFAULT PRIV_AES        /* Default cipher */
>  
>  struct usmuser {
>       char                    *uu_name;
>