1

I am creating a c++ project using the net-snmp libraries i build, I was able to interface with my hardware via SNMP v2c as well as SNMP v3 (authNoPriv). However, this was unsuccessful when I tried using authPriv, is there any advice on this?

What I suspect is that net-snmp does not support AES.

When i tried to run net-snmp directly, I see for the privacy protocol there's only the option for DES. So I would like to confirm does net-snmp supports both AES128 and DES privacy protocol?

googledoodle
  • 11
  • 3
  • https://stackoverflow.com/questions/32566585/does-net-snmp-support-aes-192-and-aes-256-encryption Even AES 192/256 are now supported. So what you suspected is wrong. – Lex Li Apr 10 '19 at 13:11

1 Answers1

0

  1. For authNoPriv, I was returned with the Authentication failure when I used SHA-1 Authentication Protocol

  2. For authPriv, I couldn't establish any connection with the SNMP hardware.

I suspect there is something wrong in my code, as there was no issue with authNoPriv with MD5 Authentication Protocol, but the above errors occur when I configured to the respective the security protocol.

// Definitions
const char * user = "snmpuser";
const char * our_v3_passphrase = "passphrase";
const char * our_v3_privphrase = "privphrase";
struct snmp_session session;

SOCK_STARTUP;

// Initialize the SNMP library
snmp_sess_init(&session);
session.peername = _strdup(argv[1])

// set the SNMP version number
session.version = SNMP_VERSION_3;

session.securityNameLen = strlen(session.securityName);

// set the security level
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV; // SNMP_SEC_LEVEL_AUTHNOPRIV (for authNoPriv)

// set the authentication protocol
session.securityAuthProto = usmHMACMD5AuthProtocol; // usmHMACSHA1AuthProtocol
session.securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN; // USM_AUTH_PROTO_SHA_LEN
session.securityAuthKeyLen = USM_AUTH_KU_LEN;

// set authentication key to a hashed version of passphrase
if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (u_char *)our_v3_passphrase, strlen(our_v3_passphrase), session.securityAuthKey, &session.securityAuthKeyLen) != SNMPERR_SUCCESS) {
    snmp_perror(argv[0]);
    snmp_log(LOG_ERR, "Error generating Ku from authentication passphrase. \n");
    SOCK_CLEANUP;
    exit(1);
}

// set the privacy protocol
session.securityPrivProto = usmAES128PrivProtocol; // usmDESPrivProtocol
session.securityAuthProtoLen = USM_PRIV_PROTO_AES128_LEN; // USM_PRIV_PROTO_DES_LEN
session.securityAuthKeyLen = USM_PRIV_KU_LEN;

// set privacy key to a hashed version of privphrase
if (generate_Ku(session.securityAuthProto, session.securityAuthProtoLen, (u_char *)our_v3_privphrase, strlen(our_v3_privphrase), session.securityPrivKey, &session.securityPrivKeyLen) != SNMPERR_SUCCESS) {
    snmp_perror(argv[0]);
    snmp_log(LOG_ERR, "Error generating Ku from authentication passphrase. \n");
    SOCK_CLEANUP;
    exit(1);
}
googledoodle
  • 11
  • 3
  • 1
    Shouldn't it be `session.securityPrivProtoLen` and `session.securityPrivKeyLen` below `session.securityPrivProto`? – PHD Aug 27 '21 at 03:50