Adds AES256 with 3DES support for priv_protocol. #78

mashhurs · 2025-08-28T05:34:36Z

Description

This PR adds AES 256 with 3DES key extension support for priv protocol.

Closes EAS256 with 3DES support for priv protocol. #77

How to test?

Investigation details

There are various simulators and a bit after research I found https://github.com/lextudio/snmpsim which is actively maintained (and forked from https://github.com/etingof/snmpsim). The documentation doesn't provide much info and simply mentioned it has –v3-auth-proto with AES256. Reference: https://docs.lextudio.com/snmpsim/documentation/command-line-options#v3-auth-proto
Deep diving into the source code,

AES256 binds to config.usmAesCfb256Protocol -https://github.com/lextudio/snmpsim/blob/master/snmpsim/commands/cmd2rec.py#L54
snmpsim eventually depends on pysnmp package and it mentions config.usmAesCfb256Protocol is a non-standard option - https://github.com/pysnmp/pysnmp/blob/main/pysnmp/entity/config.py#L44
If we take a look at AES256 implementation, we can see it is actually non-standard Triple-DES implementation

RFC : https://datatracker.ietf.org/doc/html/draft-reeder-snmpv3-usm-3desede-00

Steps to test

I am not 100% sure which distribution https://github.com/lextudio/snmpsim is releasing. So, I have cloned it (https://github.com/mashhurs/snmpsim) and run on my own to make sure I get expected result.
Create /test-snmpsim/data folder and create self.snmprec and following data. Make sure your file name is exactly self.snmprec, otherwise we hit this issue Cannot retrieve data from snmpsim with SNMP V3 etingof/snmpsim#170, with the solution Cannot retrieve data from snmpsim with SNMP V3 etingof/snmpsim#170 (comment)

1.3.6.1.2.1.1.1.0|4|SNMP Simulator for AES256 with 3DES Key Extension Testing
1.3.6.1.2.1.1.2.0|6|1.3.6.1.4.1.8072.3.2.10
1.3.6.1.2.1.1.3.0|67|233425120
1.3.6.1.2.1.1.4.0|4|Test Administrator
1.3.6.1.2.1.1.5.0|4|test-agent
1.3.6.1.2.1.1.6.0|4|Test Location
1.3.6.1.2.1.1.7.0|2|72
1.3.6.1.2.1.1.8.0|67|0
1.3.6.1.2.1.2.1.0|2|2
1.3.6.1.2.1.2.2.1.1.1|2|1
1.3.6.1.2.1.2.2.1.1.2|2|2
1.3.6.1.2.1.2.2.1.2.1|4|lo
1.3.6.1.2.1.2.2.1.2.2|4|eth0
1.3.6.1.2.1.2.2.1.3.1|2|24
1.3.6.1.2.1.2.2.1.3.2|2|6
1.3.6.1.2.1.2.2.1.4.1|2|65536
1.3.6.1.2.1.2.2.1.4.2|2|1500
1.3.6.1.2.1.2.2.1.5.1|4|10000000000
1.3.6.1.2.1.2.2.1.5.2|4|1000000000
1.3.6.1.2.1.2.2.1.6.1|4x|
1.3.6.1.2.1.2.2.1.6.2|4x|00127962f940
1.3.6.1.2.1.2.2.1.7.1|2|1
1.3.6.1.2.1.2.2.1.7.2|2|1
1.3.6.1.2.1.2.2.1.8.1|2|1
1.3.6.1.2.1.2.2.1.8.2|2|1
1.3.6.1.2.1.2.2.1.9.1|67|0
1.3.6.1.2.1.2.2.1.9.2|67|0
1.3.6.1.2.1.2.2.1.10.1|70|0
1.3.6.1.2.1.2.2.1.10.2|70|0
1.3.6.1.2.1.2.2.1.11.1|70|0
1.3.6.1.2.1.2.2.1.11.2|70|0
1.3.6.1.2.1.2.2.1.12.1|70|0
1.3.6.1.2.1.2.2.1.12.2|70|0
1.3.6.1.2.1.2.2.1.13.1|70|0
1.3.6.1.2.1.2.2.1.13.2|70|0
1.3.6.1.2.1.2.2.1.14.1|70|0
1.3.6.1.2.1.2.2.1.14.2|70|0
1.3.6.1.2.1.2.2.1.15.1|70|0
1.3.6.1.2.1.2.2.1.15.2|70|0
1.3.6.1.2.1.2.2.1.16.1|70|0
1.3.6.1.2.1.2.2.1.16.2|70|0
1.3.6.1.2.1.2.2.1.17.1|70|0
1.3.6.1.2.1.2.2.1.17.2|70|0
1.3.6.1.2.1.2.2.1.18.1|70|0
1.3.6.1.2.1.2.2.1.18.2|70|0
1.3.6.1.2.1.2.2.1.19.1|70|0
1.3.6.1.2.1.2.2.1.19.2|70|0
1.3.6.1.2.1.2.2.1.20.1|70|0
1.3.6.1.2.1.2.2.1.20.2|70|0
1.3.6.1.2.1.2.2.1.21.1|70|0
1.3.6.1.2.1.2.2.1.21.2|70|0
1.3.6.1.2.1.2.2.1.22.1|70|0
1.3.6.1.2.1.2.2.1.22.2|70|0

Run snmpsim responder with:

python3 snmpsim/commands/responder.py \
    --data-dir=/test-snmpsim/data \
    --agent-udpv4-endpoint=127.0.0.1:1161 \
    --v3-user=testuser \
    --v3-auth-proto=SHA \
    --v3-auth-key=authp123 \
    --v3-priv-proto=AES256 \
    --v3-priv-key=privpass123 \
    --v3-only \
    --log-level=debug

Create a Logstash pipeline

input {
  snmp {
    hosts => [{ host => "udp:127.0.0.1/1161" version=>'3' timeout => 10000 }]
    security_name => "testuser"
    auth_protocol => "sha"
    auth_pass => "authp123"
    priv_protocol => "aes256with3desKey"
    priv_pass => "privpass123"
    security_level => "authPriv"
    get => [
      "1.3.6.1.2.1.1.1.0",  # sysDescr
    ]
    interval => 10
  }
}

output {
  stdout {
    codec => rubydebug
  }
}

Run Logstash
Logs

~/Dev/elastic/others/snmpsim (master*) » python3 snmpsim/commands/responder.py \
    --data-dir=/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/test-snmpsim/data \
    --agent-udpv4-endpoint=127.0.0.1:1161 \
    --v3-user=testuser \
    --v3-auth-proto=SHA \
    --v3-auth-key=authp123 \
    --v3-priv-proto=AES256BLMT \
    --v3-priv-key=privpass123 \
    --v3-only \
    --log-level=debug
Using "NullReporter" activity reporting method with params  
Scanning "/Users/mashhur/.snmpsim/variation" directory for variation modules... 
Directory "/Users/mashhur/.snmpsim/variation" does not exist 
Scanning "/usr/local/share/snmpsim/variation" directory for variation modules... 
Directory "/usr/local/share/snmpsim/variation" does not exist 
Scanning "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/snmpsim/variation" directory for variation modules... 
Directory "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/snmpsim/variation" does not exist 
Scanning "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/share/snmpsim/variation" directory for variation modules... 
Directory "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/share/snmpsim/variation" does not exist 
Scanning "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation" directory for variation modules... 
A total of 9 modules found in /Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation 
Initializing variation modules... 
Variation module "error" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/error.py" loaded OK 
Variation module "notification" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/notification.py" loaded OK 
Variation module "subprocess" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/subprocess.py" loaded OK 
ERROR Variation module "redis" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/redis.py" load FAILED: Redis connect parameters not specified 
Variation module "delay" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/delay.py" loaded OK 
Variation module "multiplex" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/multiplex.py" loaded OK 
Variation module "numeric" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/numeric.py" loaded OK 
ERROR Variation module "sql" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/sql.py" load FAILED: database type not specified 
Variation module "writecache" from "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/.venv/lib/python3.13/site-packages/snmpsim/variation/writecache.py" loaded OK 
--- SNMP Engine configuration 
SNMPv3 EngineID: 0x80004fb8054d696b732d4d3472ae7a80 
  --- Simulation data recordings configuration 
  SNMPv3 Context Engine ID: 0x80004fb8054d696b732d4d3472ae7a80 
  Scanning "/Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/test-snmpsim/data" directory for  *.dump, *.MVC, *.sapwalk, *.snmpwalk, *.snmprec, *.snmprec.bz2 data files... 
    Configuring /Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/test-snmpsim/data/self.snmprec controller 
    SNMPv1/2c community name:  
    SNMPv3 Context Name: d41d8cd98f00b204e9800998ecf8427e or  
  --- SNMPv3 USM configuration 
PRIV_PROTOCOLS[v3_priv_protos[v3User]]: (1, 3, 6, 1, 4, 1, 9, 12, 6, 1, 2)
v3_priv_keys[v3User]: privpass123
  SNMPv3 USM SecurityName: testuser 
  SNMPv3 USM authentication key: authp123, authentication protocol: SHA 
  SNMPv3 USM encryption (privacy) key: privpass123, encryption protocol: AES256BLMT 
  Maximum number of variable bindings in SNMP response: 64 
  --- Transport configuration 
  Listening at UDP/IPv4 endpoint 127.0.0.1:1161, transport ID 1.3.6.1.6.1.1.0


Using /Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/test-snmpsim/data/self.snmprec controller selected by contextName "", transport ID 1.3.6.1.6.1.1.0, source address 127.0.0.1 
SNMP EngineID 0x80004fb8054d696b732d4d3472ae7a80, transportDomain (1, 3, 6, 1, 6, 1, 1, 0), transportAddress ('127.0.0.1', 62250), securityModel 3, securityName testuser, securityLevel 3 
Opening /Users/mashhur/Dev/elastic/ls-plugins/logstash-integration-snmp/test-snmpsim/data/self.snmprec controller 
Request var-binds: 1.3.6.1.2.1.1.1.0=<>, 1.3.6.1.2.1.1.2.0=<>, 1.3.6.1.2.1.1.3.0=<>, 1.3.6.1.2.1.1.4.0=<>, 1.3.6.1.2.1.1.5.0=<>, 1.3.6.1.2.1.1.6.0=<>, 1.3.6.1.2.1.1.7.0=<>, 1.3.6.1.2.1.2.1.0=<>, 1.3.6.1.2.1.2.2.1.1.1=<>, 1.3.6.1.2.1.2.2.1.1.2=<>, 1.3.6.1.2.1.2.2.1.2.1=<>, 1.3.6.1.2.1.2.2.1.2.2=<>, 1.3.6.1.2.1.2.2.1.3.1=<>, 1.3.6.1.2.1.2.2.1.3.2=<>, 1.3.6.1.2.1.2.2.1.4.1=<>, 1.3.6.1.2.1.2.2.1.4.2=<>, 1.3.6.1.2.1.2.2.1.5.1=<>, 1.3.6.1.2.1.2.2.1.5.2=<>, 1.3.6.1.2.1.2.2.1.6.1=<>, 1.3.6.1.2.1.2.2.1.6.2=<>, 1.3.6.1.2.1.2.2.1.7.1=<>, 1.3.6.1.2.1.2.2.1.7.2=<>, 1.3.6.1.2.1.2.2.1.8.1=<>, 1.3.6.1.2.1.2.2.1.8.2=<>, 1.3.6.1.2.1.2.2.1.9.1=<>, 1.3.6.1.2.1.2.2.1.9.2=<>, 1.3.6.1.2.1.2.2.1.10.1=<>, 1.3.6.1.2.1.2.2.1.10.2=<>, 1.3.6.1.2.1.2.2.1.11.1=<>, 1.3.6.1.2.1.2.2.1.11.2=<>, 1.3.6.1.2.1.2.2.1.12.1=<>, 1.3.6.1.2.1.2.2.1.12.2=<>, 1.3.6.1.2.1.2.2.1.13.1=<>, 1.3.6.1.2.1.2.2.1.13.2=<>, 1.3.6.1.2.1.2.2.1.14.1=<>, 1.3.6.1.2.1.2.2.1.14.2=<>, 1.3.6.1.2.1.2.2.1.15.1=<>, 1.3.6.1.2.1.2.2.1.15.2=<>, 1.3.6.1.2.1.2.2.1.16.1=<>, 1.3.6.1.2.1.2.2.1.16.2=<>, 1.3.6.1.2.1.2.2.1.17.1=<>, 1.3.6.1.2.1.2.2.1.17.2=<>, 1.3.6.1.2.1.2.2.1.18.1=<>, 1.3.6.1.2.1.2.2.1.18.2=<>, 1.3.6.1.2.1.2.2.1.19.1=<>, 1.3.6.1.2.1.2.2.1.19.2=<>, 1.3.6.1.2.1.2.2.1.20.1=<>, 1.3.6.1.2.1.2.2.1.20.2=<>, 1.3.6.1.2.1.2.2.1.21.1=<>, 1.3.6.1.2.1.2.2.1.21.2=<>, 1.3.6.1.2.1.2.2.1.22.1=<>, 1.3.6.1.2.1.2.2.1.22.2=<>, flags: EXACT, GET 
Response var-binds: 1.3.6.1.2.1.1.1.0=<SNMP Simulator for AES256 with 3DES Key Extension Testing>, 1.3.6.1.2.1.1.2.0=<1.3.6.1.4.1.8072.3.2.10>, 1.3.6.1.2.1.1.3.0=<233425120>, 1.3.6.1.2.1.1.4.0=<Test Administrator>, 1.3.6.1.2.1.1.5.0=<test-agent>, 1.3.6.1.2.1.1.6.0=<Test Location>, 1.3.6.1.2.1.1.7.0=<72>, 1.3.6.1.2.1.2.1.0=<2>, 1.3.6.1.2.1.2.2.1.1.1=<1>, 1.3.6.1.2.1.2.2.1.1.2=<2>, 1.3.6.1.2.1.2.2.1.2.1=<lo>, 1.3.6.1.2.1.2.2.1.2.2=<eth0>, 1.3.6.1.2.1.2.2.1.3.1=<24>, 1.3.6.1.2.1.2.2.1.3.2=<6>, 1.3.6.1.2.1.2.2.1.4.1=<65536>, 1.3.6.1.2.1.2.2.1.4.2=<1500>, 1.3.6.1.2.1.2.2.1.5.1=<10000000000>, 1.3.6.1.2.1.2.2.1.5.2=<1000000000>, 1.3.6.1.2.1.2.2.1.6.1=<>, 1.3.6.1.2.1.2.2.1.6.2=<0x00127962f940>, 1.3.6.1.2.1.2.2.1.7.1=<1>, 1.3.6.1.2.1.2.2.1.7.2=<1>, 1.3.6.1.2.1.2.2.1.8.1=<1>, 1.3.6.1.2.1.2.2.1.8.2=<1>, 1.3.6.1.2.1.2.2.1.9.1=<0>, 1.3.6.1.2.1.2.2.1.9.2=<0>, 1.3.6.1.2.1.2.2.1.10.1=<0>, 1.3.6.1.2.1.2.2.1.10.2=<0>, 1.3.6.1.2.1.2.2.1.11.1=<0>, 1.3.6.1.2.1.2.2.1.11.2=<0>, 1.3.6.1.2.1.2.2.1.12.1=<0>, 1.3.6.1.2.1.2.2.1.12.2=<0>, 1.3.6.1.2.1.2.2.1.13.1=<0>, 1.3.6.1.2.1.2.2.1.13.2=<0>, 1.3.6.1.2.1.2.2.1.14.1=<0>, 1.3.6.1.2.1.2.2.1.14.2=<0>, 1.3.6.1.2.1.2.2.1.15.1=<0>, 1.3.6.1.2.1.2.2.1.15.2=<0>, 1.3.6.1.2.1.2.2.1.16.1=<0>, 1.3.6.1.2.1.2.2.1.16.2=<0>, 1.3.6.1.2.1.2.2.1.17.1=<0>, 1.3.6.1.2.1.2.2.1.17.2=<0>, 1.3.6.1.2.1.2.2.1.18.1=<0>, 1.3.6.1.2.1.2.2.1.18.2=<0>, 1.3.6.1.2.1.2.2.1.19.1=<0>, 1.3.6.1.2.1.2.2.1.19.2=<0>, 1.3.6.1.2.1.2.2.1.20.1=<0>, 1.3.6.1.2.1.2.2.1.20.2=<0>, 1.3.6.1.2.1.2.2.1.21.1=<0>, 1.3.6.1.2.1.2.2.1.21.2=<0>, 1.3.6.1.2.1.2.2.1.22.1=<0>, 1.3.6.1.2.1.2.2.1.22.2=<0>

docs/input-snmp.asciidoc

edmocosta

We also need to register the protocol extension after this line:

 SecurityProtocols.getInstance().addPrivacyProtocol(new PrivAES256With3DESKeyExtension());

mashhurs · 2025-10-03T21:08:09Z

Rebased after landing CI matrix update: #79

mashhurs requested a review from edmocosta August 28, 2025 05:34

mashhurs self-assigned this Aug 28, 2025

edmocosta reviewed Aug 28, 2025

View reviewed changes

docs/input-snmp.asciidoc Outdated Show resolved Hide resolved

mashhurs requested a review from edmocosta August 28, 2025 23:17

edmocosta reviewed Aug 29, 2025

View reviewed changes

edmocosta approved these changes Aug 29, 2025

View reviewed changes

mashhurs marked this pull request as draft September 2, 2025 18:41

mashhurs added 4 commits October 3, 2025 14:07

Adds AES256 with 3DES support for priv_protocol.

b9eeef1

Rename the introduced priv protocol to aes256with3desKey

a4377d6

Register AES256 with 3DES extension protocol, add tecnical preview note.

6ab7fd8

Update plugin version in the jar definition.

4c7084e

mashhurs force-pushed the aes256-with-3des-support branch from 90555ca to 4c7084e Compare October 3, 2025 21:07

mashhurs marked this pull request as ready for review October 6, 2025 16:47

mashhurs added the enhancement New feature or request label Oct 6, 2025

mashhurs merged commit 1f5d7f6 into logstash-plugins:main Oct 7, 2025
3 checks passed

mashhurs deleted the aes256-with-3des-support branch October 7, 2025 19:07

This was referenced Oct 7, 2025

Add an integration test for non-standard AES256 with Triple DES. #80

Merged

Setup snmpsim to test AES256 with Triple-DES standard. #81

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Adds AES256 with 3DES support for priv_protocol. #78

Adds AES256 with 3DES support for priv_protocol. #78

Uh oh!

mashhurs commented Aug 28, 2025 •

edited

Loading

Uh oh!

Uh oh!

edmocosta left a comment •

edited

Loading

Uh oh!

mashhurs commented Oct 3, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Adds AES256 with 3DES support for priv_protocol. #78

Adds AES256 with 3DES support for priv_protocol. #78

Uh oh!

Conversation

mashhurs commented Aug 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

How to test?

Investigation details

Steps to test

Uh oh!

Uh oh!

edmocosta left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

mashhurs commented Oct 3, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

mashhurs commented Aug 28, 2025 •

edited

Loading

edmocosta left a comment •

edited

Loading