SNMPv3 over DTLS #133
Open
SNMPv3 over DTLS #133
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pulling Changes
TSM doesn't use the Security Parameters part of the message, so set up SecurityParameters to have a default and Header, GetRequestMessage, and MessageFactory to not require them.
Added the SecurityModel enum to allow for either TSM or USM, keeping USM default. This required new constructors in GetRequestMessage to take in the SecurityModel
Test example:
var vList = new List<Variable>() { new Variable(new ObjectIdentifier("1.3.6.1.2.1.1.3.0")) };
var receiver = new IPEndPoint(ip, port);
var auth = TsmAuthenticationProvider.Instance;
IPrivacyProvider priv = new TsmPrivacyProvider(auth);
using var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var myCertCollection = store.Certificates.Find(X509FindType.FindByThumbprint, "", true);
var chain = new X509Chain();
chain.Build(myCertCollection[0]);
var client = new Client(new IPEndPoint(IPAddress.Any, 0));
client.LoadX509Certificate(chain);
client.SupportedCipherSuites.Add(TCipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);
var request = new GetRequestMessage(VersionCode.V3, Messenger.NextMessageId, Messenger.NextRequestId, new OctetString(user), new OctetString(string.Empty), vList, priv, Messenger.MaxMessageSize);
var reply = request.GetSecureResponse(timeout, receiver, client);
foreach (var v in reply.Pdu().Variables)
{
Console.WriteLine($"RESPONSE: {v}");
}
…perly - it uses C#7.0
lextm
requested changes
Dec 5, 2019
SharpSnmpLib/SecurityParameters.cs
Outdated
| @@ -104,6 +104,15 @@ public OctetString AuthenticationParameters | |||
| /// <value>The privacy parameters.</value> | |||
| public OctetString PrivacyParameters { get; private set; } | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Why do we need an empty constructor?
There was a problem hiding this comment.
This isn't a constructor. I'm not sure if you selected the wrong part of the code or if there's a problem with PrivacyParameters here?
| @@ -178,6 +192,13 @@ public Sequence ToSequence() | |||
| /// <returns></returns> | |||
| public ISnmpData GetData(VersionCode version) | |||
| { | |||
| //if empty SecurityParameters, return an empty OctetString | |||
There was a problem hiding this comment.
With TSM the security parameters have to be empty. Attached is a screen shot of the decrypted bytes to show that the security parameters are empty (an empty OctetString)
…arameters Put the namespaces back in order
…to Samples). Moved SecureMessageExtensions to SharpSnmpLib/Messaging and updated the namespace
|
I believe I have updated everything you've asked for except for the 2 I've asked for clarification on. Please let me know if there's anything further, and thank you for getting back to me so quickly |
lextm
approved these changes
Dec 6, 2019
|
Do you have a round about ETA on when this could be released? |
|
Nope. No ETA at this moment. I am trying to set up a local lab environment to test out the changes, so it can take a relatively long period. |
|
Understood, thank you! |
…essage to allow for SNMPv3 TSM Removed the username parameter in GetRequestMessage setup for TSM
…cting to a server through DTLS. Default is 1 second
Updated the DTLS2.Net library
Added targeting for netstandard2.1
lextm
reviewed
Jan 15, 2020
| @@ -82,14 +82,14 @@ public SecureDiscovery(int messageId, int requestId, int maxMessageSize) | |||
| /// <param name="responseTimeout">The time-out value, in milliseconds. The default value is 0, which indicates an infinite time-out period. Specifying -1 also indicates an infinite time-out period.</param> | |||
| /// <param name="receiver">The receiver.</param> | |||
| /// <returns></returns> | |||
| public ReportMessage GetResponse(int connectionTimeout, int responseTimeout, IPEndPoint receiver, Client client) | |||
| public async Task<ReportMessage> GetResponse(int connectionTimeout, int responseTimeout, IPEndPoint receiver, Client client) | |||
There was a problem hiding this comment.
Then you should rename it to GetResponseAsync.
lextm
reviewed
Jan 15, 2020
|
|
||
| namespace Lextm.SharpSnmpLib.Messaging | ||
| { | ||
| public static class SecureMessageExtensions | ||
| { | ||
| public static ISnmpMessage GetSecureResponse(this ISnmpMessage request, int connectionTimeout, int responseTimeout, IPEndPoint receiver, Client client) | ||
| public static async Task<ISnmpMessage> GetSecureResponse(this ISnmpMessage request, int connectionTimeout, int responseTimeout, IPEndPoint receiver, Client client) |
There was a problem hiding this comment.
It should be changed to GetSecureResponseAsync.
Simplified platform check.
|
|
Merging changes from master
lextm
force-pushed
the
master
branch
6 times, most recently
from
af8c507
to
83a3a43
Compare
…o LextudioMasterMerge
…lyzer.CSharp versions to match upstream master Few code feature updates in the DTLS specific stuff
|
Are there still plans to get this merged in at some point? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated to use DTLS2.Net to allow for SNMPv3 over DTLS. I updated DTLS.Net but since they haven't been responding to pull requests or issues I had use it from my fork and called it DTLS2.Net.
TSM doesn't use the Security Parameters part of the message, so set up SecurityParameters to have a default and Header, GetRequestMessage, and MessageFactory to not require them.
Added the SecurityModel enum to allow for either TSM or USM, keeping USM default. This required new constructors in GetRequestMessage to take in the SecurityModel
Test example: