net-snmp 3.20.0 → 3.21.0

package/README.md

@@ -91,7 +91,7 @@ for each shown in this table:
  * SNMP proxy forwarder for agent
  * AgentX subagent
  * IPv4 and IPv6
- 
+
 # Standards Compliance
 
 This module aims to be fully compliant with the following RFCs:
@@ -258,6 +258,34 @@ Security Model RFC (RFC 3414); 128-bit AES for SNMPv3 was added later in RFC 382
 localization.  Cisco and a number of other vendors commonly use the "Reeder" key
 localization variant.  Other encryption algorithms are not supported.
 
+### Compatibility note on DES and recent Node.js versions
+
+When using SNMPv3 with DES as the privacy protocol (`snmp.PrivProtocols.des`) on Node.js v17 or later, you may encounter the following error:
+
+```
+"error": {
+        "library": "digital envelope routines",
+        "reason": "unsupported",
+        "code": "ERR_OSSL_EVP_UNSUPPORTED",
+        "message": "error:0308010C:digital envelope routines::unsupported",
+        "stack": ["Error: error:0308010C:digital envelope routines::unsupported",
+           "at Cipheriv.createCipherBase (node:internal/crypto/cipher:121:19)",
+        ...
+}
+```
+
+This occurs because newer versions of Node.js have deprecated support for the DES algorithm in OpenSSL for security reasons. 
+
+**Workaround:**
+If you need to communicate with legacy devices that only support DES for SNMPv3, you can run Node.js with the `--openssl-legacy-provider` flag:
+
+```bash
+node --openssl-legacy-provider your-app.js
+```
+
+Whenever possible, it's recommended to use more secure encryption methods like AES (`snmp.PrivProtocols.aes`) instead of DES.
+
+
 ## snmp.AgentXPduType
 
 The Agent Extensibility (AgentX) Protocol specifies these PDUs in RFC 2741:
@@ -1635,7 +1663,7 @@ an object, possibly empty, and can contain the following fields:
  * `sockets` - an array of objects containing triples of `transport`, `address` and `port` that
  can be used to specify multiple socket listeners.  This option overrides any individual
  `transport`, `address` and `port` options.
- * `mibOptions` - an MIB options object that is passed to the `Mib` instance - see the MIB section
+ * `mibOptions` - a MIB options object that is passed to the `Mib` instance - see the MIB section
  for further details on this - defaults to the empty object.
 
 The `mib` parameter is optional, and sets the agent's singleton `Mib` instance.
@@ -2661,7 +2689,9 @@ var options = {
     master: "localhost",
     masterPort: 705,
     timeout: 0,
-    description: "Node net-snmp AgentX sub-agent"
+    description: "Node net-snmp AgentX sub-agent",
+    mibOptions: {},
+    mib: undefined
 };
 
 subagent = snmp.createSubagent (options);
@@ -2676,6 +2706,12 @@ The `options` parameter is a mandatory object, possibly empty, and can contain t
  * `timeout` - set the session-wide timeout on the master agent - defaults to 0, which
  means no session-wide timeout is set.
  * `description` - a textual description of the subagent.
+ * `mibOptions` - n MIB options object that is passed to the `Mib` instance - see the MIB section
+ for further details on this - defaults to the empty object.
+ * `mib` - sets the agent's singleton `Mib` instance.  If not supplied, the agent creates itself
+ a new empty `Mib` singleton.  If supplied, the `Mib` instance needs to be created and populated as
+ per the [Mib Module](#mib-module) section.
+
 
 ## subagent.getMib ()
 
@@ -3477,6 +3513,14 @@ Example programs are included under the module's `example` directory.
 
  * Fix set value for counter, gauge and unsigned integer types
 
+# Version 3.20.1 - 26/04/2025
+
+ * Update documentation with compatibility note on DES and recent Node.js versions
+
+# Version 3.21.0 - 26/04/2025
+
+ * Add AgentX subagent mib and mibOptions on initialization
+
 # License
 
 Copyright (c) 2020 Mark Abrahams <mark@abrahams.co.nz>

package/index.js

@@ -1,21 +1,25 @@
 
 // Copyright 2013 Stephen Vickers <stephen.vickers.sv@gmail.com>
 
-var ber = require ("asn1-ber").Ber;
-var smartbuffer = require ("smart-buffer");
-var dgram = require ("dgram");
-var net = require ("net");
-var events = require ("events");
-var util = require ("util");
-var crypto = require ("crypto");
-var mibparser = require ("./lib/mib");
+const ber = require ("asn1-ber").Ber;
+const smartbuffer = require ("smart-buffer");
+const dgram = require ("dgram");
+const net = require ("net");
+const events = require ("events");
+const util = require ("util");
+const crypto = require ("crypto");
+const mibparser = require ("./lib/mib");
+const Buffer = require('buffer').Buffer;
+
 var DEBUG = false;
 
-var MIN_SIGNED_INT32 = -2147483648;
-var MAX_SIGNED_INT32 = 2147483647;
-var MIN_UNSIGNED_INT32 = 0;
-var MAX_UNSIGNED_INT32 = 4294967295;
-var MAX_UNSIGNED_INT64 = 18446744073709551615;
+const MIN_SIGNED_INT32 = -2147483648;
+const MAX_SIGNED_INT32 = 2147483647;
+const MIN_UNSIGNED_INT32 = 0;
+const MAX_UNSIGNED_INT32 = 4294967295;
+const MAX_UNSIGNED_INT64 = 18446744073709551615;
+
+const DES_IMPLEMENTATION = 'library';
 
 function debug (line) {
 	if ( DEBUG ) {
@@ -1378,7 +1382,6 @@ Encryption.encryptPduDes = function (scopedPdu, privProtocol, privPassword, auth
 	var paddedScopedPduLength;
 	var paddedScopedPdu;
 	var encryptedPdu;
-	var cipher;
 
 	encryptionKey = Encryption.generateLocalizedKey (des, authProtocol, privPassword, engine.engineID);
 	privLocalizedKey = Authentication.passwordToKey (authProtocol, privPassword, engine.engineID);
@@ -1396,7 +1399,8 @@ Encryption.encryptPduDes = function (scopedPdu, privProtocol, privPassword, auth
 	for (i = 0; i < iv.length; i++) {
 		iv[i] = preIv[i] ^ salt[i];
 	}
-	
+
+
 	if (scopedPdu.length % des.BLOCK_LENGTH == 0) {
 		paddedScopedPdu = scopedPdu;
 	} else {
@@ -1404,9 +1408,14 @@ Encryption.encryptPduDes = function (scopedPdu, privProtocol, privPassword, auth
 		paddedScopedPdu = Buffer.alloc (paddedScopedPduLength);
 		scopedPdu.copy (paddedScopedPdu, 0, 0, scopedPdu.length);
 	}
-	cipher = crypto.createCipheriv (des.CRYPTO_ALGORITHM, encryptionKey, iv);
-	encryptedPdu = cipher.update (paddedScopedPdu);
-	encryptedPdu = Buffer.concat ([encryptedPdu, cipher.final()]);
+
+	if (DES_IMPLEMENTATION === 'native') {
+		// TODO: Implement native encryption
+	} else {
+		const cipher = crypto.createCipheriv (des.CRYPTO_ALGORITHM, encryptionKey, iv);
+		encryptedPdu = cipher.update (paddedScopedPdu);
+		encryptedPdu = Buffer.concat ([encryptedPdu, cipher.final()]);
+	}
 	// Encryption.debugEncrypt (encryptionKey, iv, paddedScopedPdu, encryptedPdu);
 
 	return {
@@ -1424,7 +1433,6 @@ Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters,
 	var iv;
 	var i;
 	var decryptedPdu;
-	var decipher;
 
 	privLocalizedKey = Authentication.passwordToKey (authProtocol, privPassword, engine.engineID);
 	decryptionKey = Buffer.alloc (des.KEY_LENGTH);
@@ -1437,11 +1445,15 @@ Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters,
 	for (i = 0; i < iv.length; i++) {
 		iv[i] = preIv[i] ^ salt[i];
 	}
-	
-	decipher = crypto.createDecipheriv (des.CRYPTO_ALGORITHM, decryptionKey, iv);
-	decipher.setAutoPadding(false);
-	decryptedPdu = decipher.update (encryptedPdu);
-	decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
+
+	if (DES_IMPLEMENTATION === 'native') {
+		// TODO: Implement native decryption
+	} else {
+		const decipher = crypto.createDecipheriv (des.CRYPTO_ALGORITHM, decryptionKey, iv);
+		decipher.setAutoPadding (false);
+		decryptedPdu = decipher.update (encryptedPdu);
+		decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
+	}
 	// Encryption.debugDecrypt (decryptionKey, iv, encryptedPdu, decryptedPdu);
 
 	return decryptedPdu;
@@ -2021,13 +2033,15 @@ var Session = function (target, authenticator, options) {
 
 	DEBUG = options.debug;
 
-	this.engine = new Engine (options.engineID);
+	this.engine = new Engine ({
+		engineId: options.engineID
+	});
 	this.reqs = {};
 	this.reqCount = 0;
 
 	this.dgram = dgram.createSocket (this.transport);
 	this.dgram.unref();
-	
+
 	var me = this;
 	this.dgram.on ("message", me.onMsg.bind (me));
 	this.dgram.on ("close", me.onClose.bind (me));
@@ -2255,7 +2269,7 @@ Session.prototype.inform = function () {
 
 	/**
 	 ** Support the following signatures:
-	 ** 
+	 **
 	 **    typeOrOid, varbinds, options, callback
 	 **    typeOrOid, varbinds, callback
 	 **    typeOrOid, options, callback
@@ -2333,7 +2347,7 @@ Session.prototype.inform = function () {
 		};
 		pduVarbinds.push (varbind);
 	}
-	
+
 	options.port = this.trapPort;
 
 	this.simpleGet (InformRequestPdu, feedCb, pduVarbinds, responseCb, options);
@@ -2453,7 +2467,7 @@ Session.prototype.registerRequest = function (req) {
 Session.prototype.send = function (req, noWait) {
 	try {
 		var me = this;
-		
+
 		var buffer = req.message.toBuffer ();
 
 		this.dgram.send (buffer, 0, buffer.length, req.port, this.target,
@@ -2471,7 +2485,7 @@ Session.prototype.send = function (req, noWait) {
 	} catch (error) {
 		req.responseCb (error);
 	}
-	
+
 	return this;
 };
 
@@ -2723,7 +2737,7 @@ Session.prototype.trap = function () {
 
 	/**
 	 ** Support the following signatures:
-		** 
+		**
 		**    typeOrOid, varbinds, options, callback
 		**    typeOrOid, varbinds, agentAddr, callback
 		**    typeOrOid, varbinds, callback
@@ -2766,7 +2780,7 @@ Session.prototype.trap = function () {
 		};
 		pduVarbinds.push (varbind);
 	}
-	
+
 	var id = _generateId (this.idBitsSize);
 
 	if (this.version == Version2c || this.version == Version3 ) {
@@ -2990,7 +3004,8 @@ Session.createV3 = function (target, user, options) {
 	return new Session (target, user, options);
 };
 
-var Engine = function (engineID, engineBoots, engineTime) {
+var Engine = function (engineOptions) {
+	const { engineID } = engineOptions;
 	if ( engineID ) {
 		if ( ! (engineID instanceof Buffer) ) {
 			engineID = engineID.replace('0x', '');
@@ -3056,7 +3071,7 @@ Listener.prototype.startListening = function () {
 
 Listener.prototype.send = function (message, rinfo, socket) {
 	// var me = this;
-	
+
 	var buffer = message.toBuffer ();
 
 	socket.send (buffer, 0, buffer.length, rinfo.port, rinfo.address, function (error, bytes) {
@@ -3335,7 +3350,9 @@ SimpleAccessControlModel.prototype.isAccessAllowed = function (securityModel, se
 var Receiver = function (options, callback) {
 	DEBUG = options.debug;
 	this.authorizer = new Authorizer (options);
-	this.engine = new Engine (options.engineID);
+	this.engine = new Engine ({
+		engineId: options.engineID
+	});
 
 	this.engineBoots = 0;
 	this.engineTime = 10;
@@ -3662,7 +3679,7 @@ ModuleStore.prototype.getProvidersForModule = function (moduleName) {
 							// (See lib/mibs/SNMPv2-TC.mib#L186.)
 							if ( syntax == "RowStatus" &&
 									"IMPORTS" in mibModule &&
-									Array.isArray(mibModule.IMPORTS["SNMPv2-TC"]) && 
+									Array.isArray(mibModule.IMPORTS["SNMPv2-TC"]) &&
 									mibModule.IMPORTS["SNMPv2-TC"].includes("RowStatus") ) {
 
 								// Mark this column as being rowStatus
@@ -4011,7 +4028,7 @@ MibNode.prototype.getNextInstanceNode = function () {
 		childrenAddresses = Object.keys (node.children).sort ( (a, b) => a - b);
 		node = node.children[childrenAddresses[0]];
 		if ( ! node ) {
-			// unexpected 
+			// unexpected
 			return null;
 		}
 	}
@@ -4674,7 +4691,7 @@ Mib.prototype.getTableCells = function (table, byRows, includeInstances) {
 	} else {
 		return data;
 	}
-	
+
 };
 
 Mib.prototype.getTableSingleCell = function (table, columnNumber, rowIndex) {
@@ -4850,7 +4867,9 @@ MibRequest.prototype.isTabular = function () {
 var Agent = function (options, callback, mib) {
 	DEBUG = options.debug;
 	this.listener = new Listener (options, this);
-	this.engine = new Engine (options.engineID);
+	this.engine = new Engine ({
+		engineId: options.engineID
+	});
 	this.authorizer = new Authorizer (options);
 	this.callback = callback || function () {};
 	const mibOptions = mib?.options || options?.mibOptions || {};
@@ -5070,7 +5089,7 @@ Agent.prototype.tryCreateInstance = function (varbind, requestType) {
 					typeof rowStatusColumn == "number" &&
 					column === rowStatusColumn ) {
 
-				if ( (varbind.value === RowStatus["createAndGo"] || varbind.value === RowStatus["createAndWait"]) && 
+				if ( (varbind.value === RowStatus["createAndGo"] || varbind.value === RowStatus["createAndWait"]) &&
 						provider.createHandler !== null ) {
 
 					// The create handler will return an array
@@ -5554,7 +5573,7 @@ Agent.prototype.getBulkRequest = function (socket, requestMessage, rinfo) {
 	}
 
 	if ( requestPdu.nonRepeaters < requestVarbinds.length ) {
-	
+
 		for (var v = requestPdu.nonRepeaters ; v < requestVarbinds.length ; v++ ) {
 			startOid.push (requestVarbinds[v].oid);
 		}
@@ -5766,7 +5785,7 @@ AgentXPdu.prototype.readHeader = function (buffer) {
 	this.version = buffer.readUInt8 ();
 	this.pduType = buffer.readUInt8 ();
 	this.flags = buffer.readUInt8 ();
-	buffer.readUInt8 ();   // reserved byte 
+	buffer.readUInt8 ();   // reserved byte
 	this.sessionID = buffer.readUInt32BE ();
 	this.transactionID = buffer.readUInt32BE ();
 	this.packetID = buffer.readUInt32BE ();
@@ -5836,7 +5855,7 @@ AgentXPdu.createFromVariables = function (vars) {
 					+ "' in created PDU");
 
 	}
-	
+
 	return pdu;
 };
 
@@ -6071,7 +6090,7 @@ AgentXPdu.packetID = 1;
 
 var Subagent = function (options) {
 	DEBUG = options.debug;
-	this.mib = new Mib ();
+	this.mib = options?.mib ?? new Mib (options?.mibOptions);
 	this.master = options.master || 'localhost';
 	this.masterPort = options.masterPort || 705;
 	this.timeout = options.timeout || 0;

package/lib/des-ecb.js

@@ -0,0 +1,147 @@
+const { Buffer } = require('buffer');
+
+// --- Lookup tables ---
+const PC1 = [
+    57, 49, 41, 33, 25, 17, 9,
+    1, 58, 50, 42, 34, 26, 18,
+    10, 2, 59, 51, 43, 35, 27,
+    19, 11, 3, 60, 52, 44, 36,
+    63, 55, 47, 39, 31, 23, 15,
+    7, 62, 54, 46, 38, 30, 22,
+    14, 6, 61, 53, 45, 37, 29,
+    21, 13, 5, 28, 20, 12, 4
+];
+const PC2 = [
+    14, 17, 11, 24, 1, 5,
+    3, 28, 15, 6, 21, 10,
+    23, 19, 12, 4, 26, 8,
+    16, 7, 27, 20, 13, 2,
+    41, 52, 31, 37, 47, 55,
+    30, 40, 51, 45, 33, 48,
+    44, 49, 39, 56, 34, 53,
+    46, 42, 50, 36, 29, 32
+];
+const SHIFTS = [
+    1, 1, 2, 2, 2, 2, 2, 2,
+    1, 2, 2, 2, 2, 2, 2, 1
+];
+const IP = [
+    58, 50, 42, 34, 26, 18, 10, 2,
+    60, 52, 44, 36, 28, 20, 12, 4,
+    62, 54, 46, 38, 30, 22, 14, 6,
+    64, 56, 48, 40, 32, 24, 16, 8,
+    57, 49, 41, 33, 25, 17, 9, 1,
+    59, 51, 43, 35, 27, 19, 11, 3,
+    61, 53, 45, 37, 29, 21, 13, 5,
+    63, 55, 47, 39, 31, 23, 15, 7
+];
+const IP_INV = [
+    40, 8, 48, 16, 56, 24, 64, 32,
+    39, 7, 47, 15, 55, 23, 63, 31,
+    38, 6, 46, 14, 54, 22, 62, 30,
+    37, 5, 45, 13, 53, 21, 61, 29,
+    36, 4, 44, 12, 52, 20, 60, 28,
+    35, 3, 43, 11, 51, 19, 59, 27,
+    34, 2, 42, 10, 50, 18, 58, 26,
+    33, 1, 41, 9, 49, 17, 57, 25
+];
+
+// --- Utility functions ---
+function permute(input, table) {
+    const output = new Array(table.length);
+    for (let i = 0; i < table.length; i++) {
+        output[i] = input[table[i] - 1];
+    }
+    return output;
+}
+
+function leftShift(arr, n) {
+    return arr.slice(n).concat(arr.slice(0, n));
+}
+
+function xor(a, b) {
+    return a.map((v, i) => v ^ b[i]);
+}
+
+function toBits(buf) {
+    const bits = [];
+    for (let byte of buf) {
+        for (let i = 7; i >= 0; i--) {
+            bits.push((byte >> i) & 1);
+        }
+    }
+    return bits;
+}
+
+function fromBits(bits) {
+    const buf = Buffer.alloc(bits.length / 8);
+    for (let i = 0; i < bits.length; i += 8) {
+        let byte = 0;
+        for (let j = 0; j < 8; j++) {
+            byte |= bits[i + j] << (7 - j);
+        }
+        buf[i / 8] = byte;
+    }
+    return buf;
+}
+
+// --- Key scheduling ---
+function createSubkeys(keyBits) {
+    let permuted = permute(keyBits, PC1);
+    let C = permuted.slice(0, 28);
+    let D = permuted.slice(28, 56);
+    const subkeys = [];
+
+    for (let shift of SHIFTS) {
+        C = leftShift(C, shift);
+        D = leftShift(D, shift);
+        subkeys.push(permute(C.concat(D), PC2));
+    }
+
+    return subkeys;
+}
+
+// --- Main f-function ---
+function f(R, K) {
+    // Expand, XOR, S-boxes, permute
+    // For simplicity, we'll fake it with XOR only (not real S-boxes)
+    return xor(R, K.slice(0, 32));
+}
+
+// --- Core DES block encrypt ---
+function desBlock(inputBits, subkeys) {
+    let permuted = permute(inputBits, IP);
+    let L = permuted.slice(0, 32);
+    let R = permuted.slice(32, 64);
+
+    for (let i = 0; i < 16; i++) {
+        const temp = R;
+        R = xor(L, f(R, subkeys[i]));
+        L = temp;
+    }
+
+    const preOutput = R.concat(L);
+    return permute(preOutput, IP_INV);
+}
+
+// --- Public API ---
+function encryptBlock(key, block) {
+    const keyBits = toBits(key);
+    const inputBits = toBits(block);
+    const subkeys = createSubkeys(keyBits);
+    const outputBits = desBlock(inputBits, subkeys);
+    return fromBits(outputBits);
+}
+
+function decryptBlock(key, block) {
+    const keyBits = toBits(key);
+    const inputBits = toBits(block);
+    const subkeys = createSubkeys(keyBits).reverse();
+    const outputBits = desBlock(inputBits, subkeys);
+    return fromBits(outputBits);
+}
+
+module.exports = {
+    encryptBlock,
+    decryptBlock,
+};

package/lib/des.js

@@ -0,0 +1,53 @@
+const { Buffer } = require('buffer');
+const des = require('./des-ecb');
+
+// --- CBC Mode wrapper ---
+function encrypt(key, iv, plaintext) {
+    if (plaintext.length % 8 !== 0) {
+        throw new Error('DES plaintext must be multiple of 8 bytes');
+    }
+
+    let prevBlock = Buffer.from(iv);
+    let out = Buffer.alloc(plaintext.length);
+
+    for (let i = 0; i < plaintext.length; i += 8) {
+        const block = Buffer.alloc(8);
+        for (let j = 0; j < 8; j++) {
+            block[j] = plaintext[i + j] ^ prevBlock[j];
+        }
+
+        const encryptedBlock = des.encryptBlock(key, block);
+
+        encryptedBlock.copy(out, i);
+        prevBlock = encryptedBlock;
+    }
+
+    return out;
+}
+
+function decrypt(key, iv, ciphertext) {
+    if (ciphertext.length % 8 !== 0) {
+        throw new Error('DES ciphertext must be multiple of 8 bytes');
+    }
+
+    let prevBlock = Buffer.from(iv);
+    let out = Buffer.alloc(ciphertext.length);
+
+    for (let i = 0; i < ciphertext.length; i += 8) {
+        const block = ciphertext.slice(i, i + 8);
+        const decryptedBlock = des.decryptBlock(key, block);
+
+        for (let j = 0; j < 8; j++) {
+            out[i + j] = decryptedBlock[j] ^ prevBlock[j];
+        }
+
+        prevBlock = block;
+    }
+
+    return out;
+}
+
+module.exports = {
+    encrypt,
+    decrypt,
+};

package/lib/mib.js

@@ -655,7 +655,7 @@ const MIB = function (dir) {
                     if (unresolvedObjects.length > 0) {
                         for (const unresolved of unresolvedObjects) {
                             const obj = this.Modules[ModuleName][unresolved];
-                            
+
                             const { oidString, nameString, unresolvedObject } = this.getOidAndNamePaths(obj['OBJECT IDENTIFIER'], unresolved, ModuleName);
                             this.Modules[ModuleName][unresolved].NameSpace = nameString;
                             this.Modules[ModuleName][unresolved].OID = oidString;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "net-snmp",
-  "version": "3.20.0",
+  "version": "3.21.0",
   "description": "JavaScript implementation of the Simple Network Management Protocol (SNMP)",
   "main": "index.js",
   "directories": {