From c9296a11cd104db51ff19150d93b789d4b4517f7 Mon Sep 17 00:00:00 2001
From: Juha Keski-Saari <juha.keski-saari@elisa.fi>
Date: Thu, 1 Feb 2024 14:21:17 +0200
Subject: [PATCH 1/2] fix: enable all SHA ciphers supported by gosnmp

---
 plugins/inputs/snmp_trap/README.md         |   2 +-
 plugins/inputs/snmp_trap/snmp_trap.go      |  16 +-
 plugins/inputs/snmp_trap/snmp_trap_test.go | 469 ++++++++++-----------
 3 files changed, 243 insertions(+), 244 deletions(-)

diff --git a/plugins/inputs/snmp_trap/README.md b/plugins/inputs/snmp_trap/README.md
index 213745014078a..0977616de90de 100644
--- a/plugins/inputs/snmp_trap/README.md
+++ b/plugins/inputs/snmp_trap/README.md
@@ -71,7 +71,7 @@ details.
   ##
   ## Security Name.
   # sec_name = "myuser"
-  ## Authentication protocol; one of "MD5", "SHA" or "".
+  ## Authentication protocol; one of "MD5", "SHA", "SHA224", "SHA256", "SHA384", "SHA512" or "".
   # auth_protocol = "MD5"
   ## Authentication password.
   # auth_password = "pass"
diff --git a/plugins/inputs/snmp_trap/snmp_trap.go b/plugins/inputs/snmp_trap/snmp_trap.go
index 17c5417a9c21d..0479b3ef7f148 100644
--- a/plugins/inputs/snmp_trap/snmp_trap.go
+++ b/plugins/inputs/snmp_trap/snmp_trap.go
@@ -156,14 +156,14 @@ func (s *SnmpTrap) Start(acc telegraf.Accumulator) error {
 			authenticationProtocol = gosnmp.MD5
 		case "sha":
 			authenticationProtocol = gosnmp.SHA
-		//case "sha224":
-		//	authenticationProtocol = gosnmp.SHA224
-		//case "sha256":
-		//	authenticationProtocol = gosnmp.SHA256
-		//case "sha384":
-		//	authenticationProtocol = gosnmp.SHA384
-		//case "sha512":
-		//	authenticationProtocol = gosnmp.SHA512
+		case "sha224":
+			authenticationProtocol = gosnmp.SHA224
+		case "sha256":
+			authenticationProtocol = gosnmp.SHA256
+		case "sha384":
+			authenticationProtocol = gosnmp.SHA384
+		case "sha512":
+			authenticationProtocol = gosnmp.SHA512
 		case "":
 			authenticationProtocol = gosnmp.NoAuth
 		default:
diff --git a/plugins/inputs/snmp_trap/snmp_trap_test.go b/plugins/inputs/snmp_trap/snmp_trap_test.go
index 0af1ae83d074a..39bfed4208902 100644
--- a/plugins/inputs/snmp_trap/snmp_trap_test.go
+++ b/plugins/inputs/snmp_trap/snmp_trap_test.go
@@ -61,14 +61,14 @@ func newUsmSecurityParametersForV3(authProto string, privProto string, username
 		authenticationProtocol = gosnmp.MD5
 	case "sha":
 		authenticationProtocol = gosnmp.SHA
-	//case "sha224":
-	//	authenticationProtocol = gosnmp.SHA224
-	//case "sha256":
-	//	authenticationProtocol = gosnmp.SHA256
-	//case "sha384":
-	//	authenticationProtocol = gosnmp.SHA384
-	//case "sha512":
-	//	authenticationProtocol = gosnmp.SHA512
+	case "sha224":
+		authenticationProtocol = gosnmp.SHA224
+	case "sha256":
+		authenticationProtocol = gosnmp.SHA256
+	case "sha384":
+		authenticationProtocol = gosnmp.SHA384
+	case "sha512":
+		authenticationProtocol = gosnmp.SHA512
 	case "":
 		authenticationProtocol = gosnmp.NoAuth
 	default:
@@ -501,255 +501,254 @@ func TestReceiveTrap(t *testing.T) {
 				),
 			},
 		},
-		/*
-			//ordinary v3 coldstart trap SHA224 auth and no priv
-			{
-				name:      "v3 coldStart authShaNoPriv",
-				version:   gosnmp.Version3,
-				secName:   "authSha224NoPriv",
-				secLevel:  "authNoPriv",
-				authProto: "SHA224",
-				authPass:  "passpass",
-				trap: gosnmp.SnmpTrap{
-					Variables: []gosnmp.SnmpPDU{
-						{
-							Name:  ".1.3.6.1.2.1.1.3.0",
-							Type:  gosnmp.TimeTicks,
-							Value: now,
-						},
-						{
-							Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
-							Type:  gosnmp.ObjectIdentifier,
-							Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
-						},
-					},
-				},
-				entries: []entry{
+		//ordinary v3 coldstart trap SHA224 auth and no priv
+		{
+			name:      "v3 coldStart authShaNoPriv",
+			version:   gosnmp.Version3,
+			secName:   "authSha224NoPriv",
+			secLevel:  "authNoPriv",
+			authProto: "SHA224",
+			authPass:  "passpass",
+			trap: gosnmp.SnmpTrap{
+				Variables: []gosnmp.SnmpPDU{
 					{
-						oid: ".1.3.6.1.6.3.1.1.4.1.0",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "snmpTrapOID.0",
-						},
+						Name:  ".1.3.6.1.2.1.1.3.0",
+						Type:  gosnmp.TimeTicks,
+						Value: now,
 					},
 					{
-						oid: ".1.3.6.1.6.3.1.1.5.1",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "coldStart",
-						},
+						Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
+						Type:  gosnmp.ObjectIdentifier,
+						Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
 					},
-					{
-						oid: ".1.3.6.1.2.1.1.3.0",
-						e: snmp.MibEntry{
-							MibName: "UNUSED_MIB_NAME",
-							OidText: "sysUpTimeInstance",
-						},
-					},
-				},
-				metrics: []telegraf.Metric{
-					testutil.MustMetric(
-						"snmp_trap", // name
-						map[string]string{ // tags
-							"oid":     ".1.3.6.1.6.3.1.1.5.1",
-							"name":    "coldStart",
-							"mib":     "SNMPv2-MIB",
-							"version": "3",
-							"source":  "127.0.0.1",
-						},
-						map[string]interface{}{ // fields
-							"sysUpTimeInstance": now,
-						},
-						fakeTime,
-					),
 				},
 			},
-			//ordinary v3 coldstart trap SHA256 auth and no priv
-			{
-				name:      "v3 coldStart authSha256NoPriv",
-				version:   gosnmp.Version3,
-				secName:   "authSha256NoPriv",
-				secLevel:  "authNoPriv",
-				authProto: "SHA256",
-				authPass:  "passpass",
-				trap: gosnmp.SnmpTrap{
-					Variables: []gosnmp.SnmpPDU{
-						{
-							Name:  ".1.3.6.1.2.1.1.3.0",
-							Type:  gosnmp.TimeTicks,
-							Value: now,
-						},
-						{
-							Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
-							Type:  gosnmp.ObjectIdentifier,
-							Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
-						},
-					},
-				},
-				entries: []entry{
-					{
-						oid: ".1.3.6.1.6.3.1.1.4.1.0",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "snmpTrapOID.0",
-						},
+			entries: []entry{
+				{
+					oid: ".1.3.6.1.6.3.1.1.4.1.0",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "snmpTrapOID.0",
+					},
+				},
+				{
+					oid: ".1.3.6.1.6.3.1.1.5.1",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "coldStart",
+					},
+				},
+				{
+					oid: ".1.3.6.1.2.1.1.3.0",
+					e: snmp.MibEntry{
+						MibName: "UNUSED_MIB_NAME",
+						OidText: "sysUpTimeInstance",
 					},
+				},
+			},
+			metrics: []telegraf.Metric{
+				testutil.MustMetric(
+					"snmp_trap", // name
+					map[string]string{ // tags
+						"oid":     ".1.3.6.1.6.3.1.1.5.1",
+						"name":    "coldStart",
+						"mib":     "SNMPv2-MIB",
+						"version": "3",
+						"source":  "127.0.0.1",
+					},
+					map[string]interface{}{ // fields
+						"sysUpTimeInstance": now,
+					},
+					fakeTime,
+				),
+			},
+		},
+		//ordinary v3 coldstart trap SHA256 auth and no priv
+		{
+			name:      "v3 coldStart authSha256NoPriv",
+			version:   gosnmp.Version3,
+			secName:   "authSha256NoPriv",
+			secLevel:  "authNoPriv",
+			authProto: "SHA256",
+			authPass:  "passpass",
+			trap: gosnmp.SnmpTrap{
+				Variables: []gosnmp.SnmpPDU{
 					{
-						oid: ".1.3.6.1.6.3.1.1.5.1",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "coldStart",
-						},
+						Name:  ".1.3.6.1.2.1.1.3.0",
+						Type:  gosnmp.TimeTicks,
+						Value: now,
 					},
 					{
-						oid: ".1.3.6.1.2.1.1.3.0",
-						e: snmp.MibEntry{
-							MibName: "UNUSED_MIB_NAME",
-							OidText: "sysUpTimeInstance",
-						},
-					},
-				},
-				metrics: []telegraf.Metric{
-					testutil.MustMetric(
-						"snmp_trap", // name
-						map[string]string{ // tags
-							"oid":     ".1.3.6.1.6.3.1.1.5.1",
-							"name":    "coldStart",
-							"mib":     "SNMPv2-MIB",
-							"version": "3",
-							"source":  "127.0.0.1",
-						},
-						map[string]interface{}{ // fields
-							"sysUpTimeInstance": now,
-						},
-						fakeTime,
-					),
+						Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
+						Type:  gosnmp.ObjectIdentifier,
+						Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
+					},
 				},
 			},
-			//ordinary v3 coldstart trap SHA384 auth and no priv
-			{
-				name:      "v3 coldStart authSha384NoPriv",
-				version:   gosnmp.Version3,
-				secName:   "authSha384NoPriv",
-				secLevel:  "authNoPriv",
-				authProto: "SHA384",
-				authPass:  "passpass",
-				trap: gosnmp.SnmpTrap{
-					Variables: []gosnmp.SnmpPDU{
-						{
-							Name:  ".1.3.6.1.2.1.1.3.0",
-							Type:  gosnmp.TimeTicks,
-							Value: now,
-						},
-						{
-							Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
-							Type:  gosnmp.ObjectIdentifier,
-							Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
-						},
-					},
-				},
-				entries: []entry{
-					{
-						oid: ".1.3.6.1.6.3.1.1.4.1.0",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "snmpTrapOID.0",
-						},
+			entries: []entry{
+				{
+					oid: ".1.3.6.1.6.3.1.1.4.1.0",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "snmpTrapOID.0",
+					},
+				},
+				{
+					oid: ".1.3.6.1.6.3.1.1.5.1",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "coldStart",
 					},
+				},
+				{
+					oid: ".1.3.6.1.2.1.1.3.0",
+					e: snmp.MibEntry{
+						MibName: "UNUSED_MIB_NAME",
+						OidText: "sysUpTimeInstance",
+					},
+				},
+			},
+			metrics: []telegraf.Metric{
+				testutil.MustMetric(
+					"snmp_trap", // name
+					map[string]string{ // tags
+						"oid":     ".1.3.6.1.6.3.1.1.5.1",
+						"name":    "coldStart",
+						"mib":     "SNMPv2-MIB",
+						"version": "3",
+						"source":  "127.0.0.1",
+					},
+					map[string]interface{}{ // fields
+						"sysUpTimeInstance": now,
+					},
+					fakeTime,
+				),
+			},
+		},
+		//ordinary v3 coldstart trap SHA384 auth and no priv
+		{
+			name:      "v3 coldStart authSha384NoPriv",
+			version:   gosnmp.Version3,
+			secName:   "authSha384NoPriv",
+			secLevel:  "authNoPriv",
+			authProto: "SHA384",
+			authPass:  "passpass",
+			trap: gosnmp.SnmpTrap{
+				Variables: []gosnmp.SnmpPDU{
 					{
-						oid: ".1.3.6.1.6.3.1.1.5.1",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "coldStart",
-						},
+						Name:  ".1.3.6.1.2.1.1.3.0",
+						Type:  gosnmp.TimeTicks,
+						Value: now,
 					},
 					{
-						oid: ".1.3.6.1.2.1.1.3.0",
-						e: snmp.MibEntry{
-							MibName: "UNUSED_MIB_NAME",
-							OidText: "sysUpTimeInstance",
-						},
-					},
-				},
-				metrics: []telegraf.Metric{
-					testutil.MustMetric(
-						"snmp_trap", // name
-						map[string]string{ // tags
-							"oid":     ".1.3.6.1.6.3.1.1.5.1",
-							"name":    "coldStart",
-							"mib":     "SNMPv2-MIB",
-							"version": "3",
-							"source":  "127.0.0.1",
-						},
-						map[string]interface{}{ // fields
-							"sysUpTimeInstance": now,
-						},
-						fakeTime,
-					),
+						Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
+						Type:  gosnmp.ObjectIdentifier,
+						Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
+					},
 				},
 			},
-			//ordinary v3 coldstart trap SHA512 auth and no priv
-			{
-				name:      "v3 coldStart authShaNoPriv",
-				version:   gosnmp.Version3,
-				secName:   "authSha512NoPriv",
-				secLevel:  "authNoPriv",
-				authProto: "SHA512",
-				authPass:  "passpass",
-				trap: gosnmp.SnmpTrap{
-					Variables: []gosnmp.SnmpPDU{
-						{
-							Name:  ".1.3.6.1.2.1.1.3.0",
-							Type:  gosnmp.TimeTicks,
-							Value: now,
-						},
-						{
-							Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
-							Type:  gosnmp.ObjectIdentifier,
-							Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
-						},
-					},
-				},
-				entries: []entry{
-					{
-						oid: ".1.3.6.1.6.3.1.1.4.1.0",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "snmpTrapOID.0",
-						},
+			entries: []entry{
+				{
+					oid: ".1.3.6.1.6.3.1.1.4.1.0",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "snmpTrapOID.0",
+					},
+				},
+				{
+					oid: ".1.3.6.1.6.3.1.1.5.1",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "coldStart",
+					},
+				},
+				{
+					oid: ".1.3.6.1.2.1.1.3.0",
+					e: snmp.MibEntry{
+						MibName: "UNUSED_MIB_NAME",
+						OidText: "sysUpTimeInstance",
 					},
+				},
+			},
+			metrics: []telegraf.Metric{
+				testutil.MustMetric(
+					"snmp_trap", // name
+					map[string]string{ // tags
+						"oid":     ".1.3.6.1.6.3.1.1.5.1",
+						"name":    "coldStart",
+						"mib":     "SNMPv2-MIB",
+						"version": "3",
+						"source":  "127.0.0.1",
+					},
+					map[string]interface{}{ // fields
+						"sysUpTimeInstance": now,
+					},
+					fakeTime,
+				),
+			},
+		},
+		//ordinary v3 coldstart trap SHA512 auth and no priv
+		{
+			name:      "v3 coldStart authShaNoPriv",
+			version:   gosnmp.Version3,
+			secName:   "authSha512NoPriv",
+			secLevel:  "authNoPriv",
+			authProto: "SHA512",
+			authPass:  "passpass",
+			trap: gosnmp.SnmpTrap{
+				Variables: []gosnmp.SnmpPDU{
 					{
-						oid: ".1.3.6.1.6.3.1.1.5.1",
-						e: snmp.MibEntry{
-							MibName: "SNMPv2-MIB",
-							OidText: "coldStart",
-						},
+						Name:  ".1.3.6.1.2.1.1.3.0",
+						Type:  gosnmp.TimeTicks,
+						Value: now,
 					},
 					{
-						oid: ".1.3.6.1.2.1.1.3.0",
-						e: snmp.MibEntry{
-							MibName: "UNUSED_MIB_NAME",
-							OidText: "sysUpTimeInstance",
-						},
-					},
-				},
-				metrics: []telegraf.Metric{
-					testutil.MustMetric(
-						"snmp_trap", // name
-						map[string]string{ // tags
-							"oid":     ".1.3.6.1.6.3.1.1.5.1",
-							"name":    "coldStart",
-							"mib":     "SNMPv2-MIB",
-							"version": "3",
-							"source":  "127.0.0.1",
-						},
-						map[string]interface{}{ // fields
-							"sysUpTimeInstance": now,
-						},
-						fakeTime,
-					),
-				},
-			},*/
+						Name:  ".1.3.6.1.6.3.1.1.4.1.0", // SNMPv2-MIB::snmpTrapOID.0
+						Type:  gosnmp.ObjectIdentifier,
+						Value: ".1.3.6.1.6.3.1.1.5.1", // coldStart
+					},
+				},
+			},
+			entries: []entry{
+				{
+					oid: ".1.3.6.1.6.3.1.1.4.1.0",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "snmpTrapOID.0",
+					},
+				},
+				{
+					oid: ".1.3.6.1.6.3.1.1.5.1",
+					e: snmp.MibEntry{
+						MibName: "SNMPv2-MIB",
+						OidText: "coldStart",
+					},
+				},
+				{
+					oid: ".1.3.6.1.2.1.1.3.0",
+					e: snmp.MibEntry{
+						MibName: "UNUSED_MIB_NAME",
+						OidText: "sysUpTimeInstance",
+					},
+				},
+			},
+			metrics: []telegraf.Metric{
+				testutil.MustMetric(
+					"snmp_trap", // name
+					map[string]string{ // tags
+						"oid":     ".1.3.6.1.6.3.1.1.5.1",
+						"name":    "coldStart",
+						"mib":     "SNMPv2-MIB",
+						"version": "3",
+						"source":  "127.0.0.1",
+					},
+					map[string]interface{}{ // fields
+						"sysUpTimeInstance": now,
+					},
+					fakeTime,
+				),
+			},
+		},
 		//ordinary v3 coldstart trap SHA auth and no priv
 		{
 			name:      "v3 coldStart authShaNoPriv",

From 91cb9e12a446133f0f62a352cb315ab877e81e90 Mon Sep 17 00:00:00 2001
From: Juha Keski-Saari <juha.keski-saari@elisa.fi>
Date: Thu, 1 Feb 2024 16:43:30 +0200
Subject: [PATCH 2/2] chore: update sample.conf to match implementation

---
 plugins/inputs/snmp_trap/README.md   | 2 +-
 plugins/inputs/snmp_trap/sample.conf | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/inputs/snmp_trap/README.md b/plugins/inputs/snmp_trap/README.md
index 0977616de90de..498efe49ff369 100644
--- a/plugins/inputs/snmp_trap/README.md
+++ b/plugins/inputs/snmp_trap/README.md
@@ -65,7 +65,7 @@ details.
   ## Deprecated in 1.20.0; no longer running snmptranslate
   ## Timeout running snmptranslate command
   # timeout = "5s"
-  ## Snmp version
+  ## Snmp version; one of "1", "2c" or "3".
   # version = "2c"
   ## SNMPv3 authentication and encryption options.
   ##
diff --git a/plugins/inputs/snmp_trap/sample.conf b/plugins/inputs/snmp_trap/sample.conf
index a9aadde84564b..62b891f73f113 100644
--- a/plugins/inputs/snmp_trap/sample.conf
+++ b/plugins/inputs/snmp_trap/sample.conf
@@ -17,13 +17,13 @@
   ## Deprecated in 1.20.0; no longer running snmptranslate
   ## Timeout running snmptranslate command
   # timeout = "5s"
-  ## Snmp version
+  ## Snmp version; one of "1", "2c" or "3".
   # version = "2c"
   ## SNMPv3 authentication and encryption options.
   ##
   ## Security Name.
   # sec_name = "myuser"
-  ## Authentication protocol; one of "MD5", "SHA" or "".
+  ## Authentication protocol; one of "MD5", "SHA", "SHA224", "SHA256", "SHA384", "SHA512" or "".
   # auth_protocol = "MD5"
   ## Authentication password.
   # auth_password = "pass"