Does SNMP++ 3.5.1 and Agent++4.6.1 support SHA1/SHA128 for SNMPv3?

SNMP++/AGENT++
1

Hi,

I’m trying to figure out SNMP++ 3.5.1 and Agent++4.6.1 still support SHA1/SHA128 for SNMPv3 or not. If yes, can you please provide an example for ./snmpGet 127.0.0.1 … and ./snmpSet 127.0.0.1 … If not, do you have any ideas how to add SHA1/SHA128 into Agent++ 4.6.1. I need to use SHA1/SHA128 in the Agent++ multi_agent example.

I still saw SNMP++3.5.1 has SHA1 below
in snmp_pp\auth_priv.h:
const char *get_id_string() const { return “HMAC-SHA”; };
class HasherSHA1;

in src\auth_priv.cpp:
typedef EVP_MD_CTX* SHAHashStateType;
#define SHA1_INIT(s) evpAllocAndInit(s, EVP_sha1())
#define SHA1_PROCESS(s, p, l) EVP_DigestUpdate(*(s), p, l)
#define SHA1_DONE(s, k) evpDigestFinalAndFree(s, k)

class AuthSHA::HasherSHA1 : public AuthSHABase::Hasher

I also saw Agent++ 4.6.1 has SHA for “HMAC-SHA”
in: examples\multi_agent\src\agent.cpp
uut->addNewRow(“SHA”,
SNMP_AUTHPROTOCOL_HMACSHA, // #define SNMP_AUTHPROTOCOL_HMACSHA 3 ///< HMAC-SHA
SNMP_PRIVPROTOCOL_NONE,
“SHAUserAuthPassword”, “”, engineID, false);

vacm->addNewGroup(SNMP_SECURITY_MODEL_USM, "SHA",
                  "testNoPrivGroup", storageType_nonVolatile);

However, I tried ./snmpGet --help and many things for SHA1/SHA128 like below

./snmpGet 127.0.0.1 1.3.6.1.2.1.37.1.8.0 -v3 -P4700 -Cpublic -snSHA -sl1 -sm3 -cntestNoPrivGroup -authSHA -privNONE -uaAuthkey1 -upPrivkey1
./snmpGet 127.0.0.1 1.3.6.1.2.1.37.1.8.0 -v3 -P4700 -Cpublic -snSHA -sl1 -sm3 -cntestNoPrivGroup -ce80001370056F6B632D6F38366769742D3031125C -authSHA -privNONE -uaAuthkey1 -upPrivkey1

But kept getting error on SNMP++ side
SNMP++ Get to 127.0.0.1 SNMPV3 Retries=1 Timeout=1000ms
securityName= SHA, securityLevel= 1, securityModel= 3
contextName= testNoPrivGroup, contextEngineID=
(4)INFO : v3MP::EngineIdTable: Dont know engine id for (host) (port): (127.0.0.1), (4700)
(5)DEBUG : v3MP: Building message with (SecurityEngineID) (securityName) (securityLevel) (contextEngineID) (contextName): (), (SHA), (1), (), (testNoPrivGroup)
(3)INFO : v3MP: Message built OK
(4)DEBUG : SNMPMessage: return value for build message: (-1401)
(5)DEBUG : v3MP: Building message with (SecurityEngineID) (securityName) (securityLevel) (contextEngineID) (contextName): ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (SHA), (1), ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (testNoPrivGroup)
(3)INFO : v3MP: Message built OK
(4)DEBUG : SNMPMessage: return value for build message: (-1401)
(2)INFO : v3MP::EngineIdTable: replace entry (old id) (old host) (old port) (id) (host) (port): ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (127.0.0.1), (4700), ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (127.0.0.1), (4700)
Received a report pdu: SNMPv3: Unknown Context

VB nr: 0
Oid = 1.3.6.1.6.3.12.1.5.0
Value = 17
Syntax = 2

But kept getting error on Agent++ side
(8)INFO : v3MP::Cache: adding new entry (n) (msg id) (req id) (type): (0), (4849664), (0), (remote)
(8)INFO : v3MP::Cache: Found entry (n) (msg id) (type): (0), (4849664), (remote)
(5)DEBUG : v3MP: Building message with (SecurityEngineID) (securityName) (securityLevel) (contextEngineID) (contextName): ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (), (1), (), (testNoPrivGroup)
(A)DEBUG : ASN1: coding (context engine id) (context name): (), (testNoPrivGroup)
(A)DEBUG : ASN1: Encoding scoped PDU sequence (len): (50)
(3)INFO : v3MP: Message built OK
(5)INFO : USMUserNameTable: No entry for (user name) in table: (SHA)
(9)INFO : USMUserTable: Translated (user name) to (security name): (SHA), (SHA)
(8)INFO : v3MP::Cache: adding new entry (n) (msg id) (req id) (type): (0), (4849665), (26825), (remote)
(2)EVENT : RequestList: request received (id)(siz)(fro)(ver)(com)(type): (26825), (1), (127.0.0.1/57284), (SNMPv3), (SHA), (160)
(2)EVENT : RequestList: request received: (secmod)(seclev)(cid)(cname): : (3), (1), ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (testNoPrivGroup)
(7)DEBUG : Vacm: getViewName for: (model) (name) (level) (type) (context): (3), (SHA), (1), (1), (testNoPrivGroup)
(1)EVENT : RequestList: SNMPv3 (noSuchContext)(from): (testNoPrivGroup), (127.0.0.1/57284)
(8)INFO : v3MP::Cache: Found entry (n) (msg id) (type): (0), (4849665), (remote)
(5)DEBUG : v3MP: Building message with (SecurityEngineID) (securityName) (securityLevel) (contextEngineID) (contextName): ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (SHA), (1), ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (testNoPrivGroup)
(A)DEBUG : ASN1: coding (context engine id) (context name): ( 80 00 13 70 05 6F 6B 63 2D 6F 38 36 67 69 74 2D 30 31 12 5C …p.okc-o86git-01.), (testNoPrivGroup)
(A)DEBUG : ASN1: Encoding scoped PDU sequence (len): (69)
(3)INFO : v3MP: Message built OK

Thanks,
Phuoc

2

Hi,

in your command, you are setting a context that the agent does not have (Unknown Context). You either have to configure the agent for this context or you can just use the default (empty) context.
A working command for the atm_mib example agent is:
./snmpNext 127.0.0.1 -P4700 -v3 -snSHADES -authSHA -privDES -uaSHADESUserAuthPassword -upSHADESUserPrivPassword

Kind regards,
Jochen

3

Issues in the snmpGet command:

  • the context name. See jkatz reply.
  • the security level. Security level maps to 1 - noAuthNoPriv, 2 - AuthNoPriv, and 3 - AuthPriv. Since you are using authentication w/o privacy, use -sl2.
  • the authentication password. The snippet from the agent provides “SHAUserAuthPassword” as the password.
  • the logging may be too detailed. Try the “events” level of logging to remove the debug entries. Other logging levels include: original, events, verbose, full, and debug.

Try:

./snmpGet 127.0.0.1 1.3.6.1.2.1.37.1.8.0 -v3 -P4700 -snSHA -sl2 -authSHA -uaSHAUserAuthPassword -Levents