sharpsnmplib icon indicating copy to clipboard operation
sharpsnmplib copied to clipboard

Published 20 hours ago verified publisher icon lextudio

SNMPv3 over DTLS

Open kdurkin77 opened this issue 5 years ago • 6 comments

Updated to use DTLS2.Net to allow for SNMPv3 over DTLS. I updated DTLS.Net but since they haven't been responding to pull requests or issues I had use it from my fork and called it DTLS2.Net.

TSM doesn't use the Security Parameters part of the message, so set up SecurityParameters to have a default and Header, GetRequestMessage, and MessageFactory to not require them.

Added the SecurityModel enum to allow for either TSM or USM, keeping USM default. This required new constructors in GetRequestMessage to take in the SecurityModel

Test example:

var vList = new List<Variable>() { new Variable(new ObjectIdentifier("1.3.6.1.2.1.1.3.0")) };
var receiver = new IPEndPoint(ip, port);
var auth = TsmAuthenticationProvider.Instance;
IPrivacyProvider priv = new TsmPrivacyProvider(auth);

using var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var myCertCollection = store.Certificates.Find(X509FindType.FindByThumbprint, "", true);

var chain = new X509Chain();
chain.Build(myCertCollection[0]);

var client = new Client(new IPEndPoint(IPAddress.Any, 0));
client.LoadX509Certificate(chain);
client.SupportedCipherSuites.Add(TCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);

var request = new GetRequestMessage(VersionCode.V3, Messenger.NextMessageId, Messenger.NextRequestId, new OctetString(user), new OctetString(string.Empty), vList, priv, Messenger.MaxMessageSize);
var reply = request.GetSecureResponse(timeout, receiver, client);

foreach (var v in reply.Pdu().Variables)
{
	Console.WriteLine($"RESPONSE: {v}");
}

kdurkin77 avatar Dec 05 '19 21:12 kdurkin77

I believe I have updated everything you've asked for except for the 2 I've asked for clarification on. Please let me know if there's anything further, and thank you for getting back to me so quickly

kdurkin77 avatar Dec 06 '19 20:12 kdurkin77

Do you have a round about ETA on when this could be released?

kdurkin77 avatar Dec 10 '19 16:12 kdurkin77

Nope. No ETA at this moment. I am trying to set up a local lab environment to test out the changes, so it can take a relatively long period.

lextm avatar Dec 10 '19 18:12 lextm

Understood, thank you!

kdurkin77 avatar Dec 10 '19 19:12 kdurkin77

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

:white_check_mark: kdurkin77
:x: kmiller77

kmiller77 seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Apr 27 '20 20:04 CLAassistant