Hi there!
I am in the process of implementing a SNMPv3 agent here at work.
For testing purposes i test our agent with net-snmp (v5.10-git@82862da) with OpenSSL-1.1.1.
And i also test against the pysnmp testserver demo.pysnmp.com.
I actually do not know who is responsible for the testserver and what version it is...
While doing so i found that some authentication/privacy algorythms are maybe not working as expected?
I am interested in finding out why and how, also to make my own implementation better.
As far as i can tell the error could also be on the net-snmp side, but i am unsure.
Is anyone interested in working on this?
Here a table of all tested combinations:
pysnmp
0: None
1: DES
2: 3DES
3: AES128
4: AES192
4: AES192C
5: AES256
5: AES256C
0: None
OK
---
---
---
---
---
---
---
1: MD5
OK
OK
not supported
OK
Decryption error
OK
Decryption error
OK
2: SHA1
OK
OK
not supported
OK
Decryption error
OK
Decryption error
OK
3: SHA2-224
Decryption error
Decryption error
not supported
Decryption error
Decryption error
Decryption error
Decryption error
Decryption error
4: SHA2-256
OK
OK
not supported
OK
Decryption error
OK
Decryption error
OK
5: SHA2-384
OK
OK
not supported
OK
Decryption error
OK
Decryption error
OK
6: SHA2-512
Timeout!
Decryption error
not supported
Timeout!
Decryption error
Timeout!
Decryption error
Timeout!
legend:
"---": impossible combination
"not supported": net-snmp does not support 3DES, so it can't be tested
"Timeout": pysnmp is not sending anything after time syncronisation -> needs fix!
"Decryption error": pysnmp has sent an answer, but net-snmp couldn't decrypt -> those ones need fix
The "C" at the end of privacy algos is for "Cisco", which means key localization is done with reeder-draft.
Those without the "C" have key localization according to blumethal-draft.
While it seems that the reeder implementation is the "standard" for pysnmp, the blumenthal ones don't seem to work at a
Hi there!
I am in the process of implementing a SNMPv3 agent here at work.
For testing purposes i test our agent with net-snmp (v5.10-git@82862da) with OpenSSL-1.1.1.
And i also test against the pysnmp testserver demo.pysnmp.com. I actually do not know who is responsible for the testserver and what version it is...
While doing so i found that some authentication/privacy algorythms are maybe not working as expected?
I am interested in finding out why and how, also to make my own implementation better.
As far as i can tell the error could also be on the net-snmp side, but i am unsure.
Is anyone interested in working on this?
Here a table of all tested combinations:
legend:
"---": impossible combination
"not supported": net-snmp does not support 3DES, so it can't be tested
"Timeout": pysnmp is not sending anything after time syncronisation -> needs fix!
"Decryption error": pysnmp has sent an answer, but net-snmp couldn't decrypt -> those ones need fix
The "C" at the end of privacy algos is for "Cisco", which means key localization is done with reeder-draft.
Those without the "C" have key localization according to blumethal-draft.
While it seems that the reeder implementation is the "standard" for pysnmp, the blumenthal ones don't seem to work at a