vb.netaessnmpsharp-snmp

SharpSNMP: Using SNMP v3 with AES Privacy

I have configured 2 users on a SNMP v3 server (a Cisco router):

  1. A user that uses DES as the privacy method (desuser)
  2. A user that uses AES 128 as the privacy method (aesuser)

The privacy password and the authentication password for both the users were set to the same: 12345678 for testing purposes.

Using the code in the link below (at end of question), I was able to perform SNMP v3 queries using DES as the privacy method. For this I used the following command line args:

-v=3 -l=authPriv -a=MD5 -A=12345678 -x=DES -X=12345678 -u=desuser 10.10.10.1 1.3.6.1.2.1.2.2.1.7.1

The above worked without any issue.

I then tried to use AES 128 as the privacy method by changing the privacy method and the user on the command line args as below:

-v=3 -l=authPriv -a=MD5 -A=12345678 -x=AES -X=12345678 -u=aesuser 10.10.10.1 1.3.6.1.2.1.2.2.1.7.1

This resulted in a TimeoutException: TimeoutException

I am able to use both these users (aesuser and desuser) on other SNMP agents without any issue.

Please let me know:

  1. What needs to be specified in the command line arg -x when using AES 128? Should it be just AES or AES128?

  2. When I reviewed the code for snmpget (in the link at the end), I noticed that the value assigned to the command line arg -x is assigned to a variable called privacy. However, this variable is never used later in the code when setting the IPrivacyProvider object. The only two code paths available when setting the this object is DESPrivacyProvider and DefaultPrivacyProvider. (see code extract below) Shouldn't these be something like AESPrivacyProvider that would enable the AES privacy method on the code?

Code extract from the snmpget project's Program.vb:

    Dim priv As IPrivacyProvider
    If ((level And Levels.Privacy) = Levels.Privacy) Then
        priv = New AESPrivacyProvider(New OctetString(privPhrase), auth)
    Else
        priv = New DefaultPrivacyProvider(auth)
    End If

https://github.com/lextm/sharpsnmplib/blob/master/Samples/VB.NET/snmpget/

Solution

  • http://help.sharpsnmp.com/html/T_Lextm_SharpSnmpLib_Security_AESPrivacyProvider.htm

    As the documentation states, AES support is experimental.

    You can write your own privacy provider to handle such algorithms, and it is purely a cryptography challenge and does not fall in #SNMP's scope (which only covers core SNMP features).