net-snmp 3.6.3 → 3.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CONTRIBUTING.md +3 -1
- package/README.md +28 -6
- package/index.js +126 -167
- package/package.json +1 -1
package/CONTRIBUTING.md
CHANGED
|
@@ -11,7 +11,9 @@ the developers managing and developing this open source project.
|
|
|
11
11
|
|
|
12
12
|
The issue tracker is the preferred channel for [bug reports](#bugs),
|
|
13
13
|
[features requests](#features) and [submitting pull
|
|
14
|
-
requests](#pull-requests).
|
|
14
|
+
requests](#pull-requests). Please prefer the issue tracker over
|
|
15
|
+
emailing individual project contributors as your first engagement
|
|
16
|
+
with the project.
|
|
15
17
|
|
|
16
18
|
## What to always do
|
|
17
19
|
|
package/README.md
CHANGED
|
@@ -231,11 +231,16 @@ RFC 3414:
|
|
|
231
231
|
|
|
232
232
|
This object contains constants to select a supported digest algorithm for SNMPv3
|
|
233
233
|
messages that require authentication:
|
|
234
|
-
* `md5` - for MD5 message authentication
|
|
235
|
-
* `sha` - for SHA message authentication
|
|
234
|
+
* `md5` - for HMAC-MD5 message authentication
|
|
235
|
+
* `sha` - for HMAC-SHA-1 message authentication
|
|
236
|
+
* `sha224` - for HMAC-SHA-224 message authentication
|
|
237
|
+
* `sha256` - for HMAC-SHA-256 message authentication
|
|
238
|
+
* `sha384` - for HMAC-SHA-384 message authentication
|
|
239
|
+
* `sha512` - for HMAC-SHA-512 message authentication
|
|
236
240
|
|
|
237
|
-
|
|
238
|
-
|
|
241
|
+
MD5 and SHA (actually SHA-1) are the hash algorithms specified in the original
|
|
242
|
+
SNMPv3 User-Based Security Model RFC (RFC 3414); the other four were added later
|
|
243
|
+
in RFC 7860.
|
|
239
244
|
|
|
240
245
|
## snmp.PrivProtocols
|
|
241
246
|
|
|
@@ -540,6 +545,7 @@ var options = {
|
|
|
540
545
|
trapPort: 162,
|
|
541
546
|
version: snmp.Version1,
|
|
542
547
|
backwardsGetNexts: true,
|
|
548
|
+
reportOidMismatchErrors: false,
|
|
543
549
|
idBitsSize: 32
|
|
544
550
|
};
|
|
545
551
|
|
|
@@ -567,7 +573,9 @@ is an object, and can contain the following items:
|
|
|
567
573
|
* `version` - Either `snmp.Version1` or `snmp.Version2c`, defaults to
|
|
568
574
|
`snmp.Version1`
|
|
569
575
|
* `backwardsGetNexts` - boolean to allow GetNext operations to retrieve lexicographically
|
|
570
|
-
|
|
576
|
+
preceding OIDs, defaults to `true`
|
|
577
|
+
* `reportOidMismatchErrors` - boolean to allow error reporting of OID mismatches between
|
|
578
|
+
requests and responses, defaults to `false`
|
|
571
579
|
* `idBitsSize` - Either `16` or `32`, defaults to `32`. Used to reduce the size
|
|
572
580
|
of the generated id for compatibility with some older devices.
|
|
573
581
|
|
|
@@ -592,6 +600,8 @@ var options = {
|
|
|
592
600
|
trapPort: 162,
|
|
593
601
|
version: snmp.Version3,
|
|
594
602
|
engineID: "8000B98380XXXXXXXXXXXXXXXXXXXXXXXX", // where the X's are random hex digits
|
|
603
|
+
backwardsGetNexts: true,
|
|
604
|
+
reportOidMismatchErrors: false,
|
|
595
605
|
idBitsSize: 32,
|
|
596
606
|
context: ""
|
|
597
607
|
};
|
|
@@ -3183,7 +3193,19 @@ Example programs are included under the module's `example` directory.
|
|
|
3183
3193
|
|
|
3184
3194
|
## Version 3.6.3 - 26/04/2022
|
|
3185
3195
|
|
|
3186
|
-
* Fix logic for v3 time
|
|
3196
|
+
* Fix logic for v3 time synchronization requirement
|
|
3197
|
+
|
|
3198
|
+
## Version 3.6.4 - 14/05/2022
|
|
3199
|
+
|
|
3200
|
+
* Ignore mismatched returned OIDs by default
|
|
3201
|
+
|
|
3202
|
+
## Version 3.7.0 - 04/06/2022
|
|
3203
|
+
|
|
3204
|
+
* Add SHA-2 authentication support (SHA-224, SHA-256, SHA-384, SHA-512)
|
|
3205
|
+
|
|
3206
|
+
## Version 3.7.1 - 05/06/2022
|
|
3207
|
+
|
|
3208
|
+
* Fix DES decrypt corruption issue
|
|
3187
3209
|
|
|
3188
3210
|
# License
|
|
3189
3211
|
|
package/index.js
CHANGED
|
@@ -138,7 +138,11 @@ _expandConstantObject (SecurityLevel);
|
|
|
138
138
|
var AuthProtocols = {
|
|
139
139
|
"1": "none",
|
|
140
140
|
"2": "md5",
|
|
141
|
-
"3": "sha"
|
|
141
|
+
"3": "sha",
|
|
142
|
+
"4": "sha224",
|
|
143
|
+
"5": "sha256",
|
|
144
|
+
"6": "sha384",
|
|
145
|
+
"7": "sha512"
|
|
142
146
|
};
|
|
143
147
|
|
|
144
148
|
_expandConstantObject (AuthProtocols);
|
|
@@ -875,7 +879,7 @@ var readPdu = function (reader, scoped) {
|
|
|
875
879
|
var contextEngineID;
|
|
876
880
|
var contextName;
|
|
877
881
|
if ( scoped ) {
|
|
878
|
-
reader.
|
|
882
|
+
reader = new ber.Reader (reader.readString (ber.Sequence | ber.Constructor, true));
|
|
879
883
|
contextEngineID = reader.readString (ber.OctetString, true);
|
|
880
884
|
contextName = reader.readString ();
|
|
881
885
|
}
|
|
@@ -918,22 +922,45 @@ var createDiscoveryPdu = function (context) {
|
|
|
918
922
|
var Authentication = {};
|
|
919
923
|
|
|
920
924
|
Authentication.HMAC_BUFFER_SIZE = 1024*1024;
|
|
921
|
-
Authentication.HMAC_BLOCK_SIZE = 64;
|
|
922
|
-
Authentication.AUTHENTICATION_CODE_LENGTH = 12;
|
|
923
|
-
Authentication.AUTH_PARAMETERS_PLACEHOLDER = Buffer.from('8182838485868788898a8b8c', 'hex');
|
|
924
925
|
|
|
925
926
|
Authentication.algorithms = {};
|
|
926
927
|
|
|
927
928
|
Authentication.algorithms[AuthProtocols.md5] = {
|
|
928
929
|
KEY_LENGTH: 16,
|
|
930
|
+
AUTHENTICATION_CODE_LENGTH: 12,
|
|
929
931
|
CRYPTO_ALGORITHM: 'md5'
|
|
930
932
|
};
|
|
931
933
|
|
|
932
934
|
Authentication.algorithms[AuthProtocols.sha] = {
|
|
933
935
|
KEY_LENGTH: 20,
|
|
936
|
+
AUTHENTICATION_CODE_LENGTH: 12,
|
|
934
937
|
CRYPTO_ALGORITHM: 'sha1'
|
|
935
938
|
};
|
|
936
939
|
|
|
940
|
+
Authentication.algorithms[AuthProtocols.sha224] = {
|
|
941
|
+
KEY_LENGTH: 28,
|
|
942
|
+
AUTHENTICATION_CODE_LENGTH: 16,
|
|
943
|
+
CRYPTO_ALGORITHM: 'sha224'
|
|
944
|
+
};
|
|
945
|
+
|
|
946
|
+
Authentication.algorithms[AuthProtocols.sha256] = {
|
|
947
|
+
KEY_LENGTH: 32,
|
|
948
|
+
AUTHENTICATION_CODE_LENGTH: 24,
|
|
949
|
+
CRYPTO_ALGORITHM: 'sha256'
|
|
950
|
+
};
|
|
951
|
+
|
|
952
|
+
Authentication.algorithms[AuthProtocols.sha384] = {
|
|
953
|
+
KEY_LENGTH: 48,
|
|
954
|
+
AUTHENTICATION_CODE_LENGTH: 32,
|
|
955
|
+
CRYPTO_ALGORITHM: 'sha384'
|
|
956
|
+
};
|
|
957
|
+
|
|
958
|
+
Authentication.algorithms[AuthProtocols.sha512] = {
|
|
959
|
+
KEY_LENGTH: 64,
|
|
960
|
+
AUTHENTICATION_CODE_LENGTH: 48,
|
|
961
|
+
CRYPTO_ALGORITHM: 'sha512'
|
|
962
|
+
};
|
|
963
|
+
|
|
937
964
|
Authentication.authToKeyCache = {};
|
|
938
965
|
|
|
939
966
|
Authentication.computeCacheKey = function (authProtocol, authPasswordString, engineID) {
|
|
@@ -947,10 +974,6 @@ Authentication.passwordToKey = function (authProtocol, authPasswordString, engin
|
|
|
947
974
|
var firstDigest;
|
|
948
975
|
var finalDigest;
|
|
949
976
|
var buf;
|
|
950
|
-
var bufOffset = 0;
|
|
951
|
-
var passwordIndex = 0;
|
|
952
|
-
var count = 0;
|
|
953
|
-
var password;
|
|
954
977
|
var cryptoAlgorithm = Authentication.algorithms[authProtocol].CRYPTO_ALGORITHM;
|
|
955
978
|
|
|
956
979
|
var cacheKey = Authentication.computeCacheKey(authProtocol, authPasswordString, engineID);
|
|
@@ -958,15 +981,8 @@ Authentication.passwordToKey = function (authProtocol, authPasswordString, engin
|
|
|
958
981
|
return Authentication.authToKeyCache[cacheKey];
|
|
959
982
|
}
|
|
960
983
|
|
|
961
|
-
buf = Buffer.alloc (Authentication.HMAC_BUFFER_SIZE);
|
|
962
|
-
|
|
963
|
-
|
|
964
|
-
while (count < Authentication.HMAC_BUFFER_SIZE) {
|
|
965
|
-
for (var i = 0; i < Authentication.HMAC_BLOCK_SIZE; i++) {
|
|
966
|
-
buf.writeUInt8(password[passwordIndex++ % password.length], bufOffset++);
|
|
967
|
-
}
|
|
968
|
-
count += Authentication.HMAC_BLOCK_SIZE;
|
|
969
|
-
}
|
|
984
|
+
buf = Buffer.alloc (Authentication.HMAC_BUFFER_SIZE, authPasswordString);
|
|
985
|
+
|
|
970
986
|
hashAlgorithm = crypto.createHash(cryptoAlgorithm);
|
|
971
987
|
hashAlgorithm.update(buf);
|
|
972
988
|
firstDigest = hashAlgorithm.digest();
|
|
@@ -983,94 +999,61 @@ Authentication.passwordToKey = function (authProtocol, authPasswordString, engin
|
|
|
983
999
|
return finalDigest;
|
|
984
1000
|
};
|
|
985
1001
|
|
|
986
|
-
Authentication.
|
|
987
|
-
|
|
988
|
-
|
|
1002
|
+
Authentication.getParametersLength = function (authProtocol) {
|
|
1003
|
+
return Authentication.algorithms[authProtocol].AUTHENTICATION_CODE_LENGTH;
|
|
1004
|
+
};
|
|
989
1005
|
|
|
990
|
-
|
|
991
|
-
|
|
992
|
-
messageBuffer.fill (0, authenticationParametersOffset, authenticationParametersOffset + Authentication.AUTHENTICATION_CODE_LENGTH);
|
|
1006
|
+
Authentication.writeParameters = function (messageBuffer, authProtocol, authPassword, engineID, digestInMessage) {
|
|
1007
|
+
var digestToAdd;
|
|
993
1008
|
|
|
994
1009
|
digestToAdd = Authentication.calculateDigest (messageBuffer, authProtocol, authPassword, engineID);
|
|
995
|
-
digestToAdd.copy (
|
|
1010
|
+
digestToAdd.copy (digestInMessage);
|
|
996
1011
|
// debug ("Added Auth Parameters: " + digestToAdd.toString('hex'));
|
|
997
1012
|
};
|
|
998
1013
|
|
|
999
1014
|
Authentication.isAuthentic = function (messageBuffer, authProtocol, authPassword, engineID, digestInMessage) {
|
|
1000
|
-
var
|
|
1015
|
+
var savedDigest;
|
|
1001
1016
|
var calculatedDigest;
|
|
1002
1017
|
|
|
1018
|
+
if (digestInMessage.length !== Authentication.algorithms[authProtocol].AUTHENTICATION_CODE_LENGTH)
|
|
1019
|
+
return false;
|
|
1020
|
+
|
|
1021
|
+
// save original authenticationParameters field in message
|
|
1022
|
+
savedDigest = Buffer.from (digestInMessage);
|
|
1023
|
+
|
|
1003
1024
|
// clear the authenticationParameters field in message
|
|
1004
|
-
|
|
1005
|
-
messageBuffer.fill (0, authenticationParametersOffset, authenticationParametersOffset + Authentication.AUTHENTICATION_CODE_LENGTH);
|
|
1025
|
+
digestInMessage.fill (0);
|
|
1006
1026
|
|
|
1007
1027
|
calculatedDigest = Authentication.calculateDigest (messageBuffer, authProtocol, authPassword, engineID);
|
|
1008
1028
|
|
|
1009
1029
|
// replace previously cleared authenticationParameters field in message
|
|
1010
|
-
|
|
1030
|
+
savedDigest.copy (digestInMessage);
|
|
1011
1031
|
|
|
1012
1032
|
// debug ("Digest in message: " + digestInMessage.toString('hex'));
|
|
1013
1033
|
// debug ("Calculated digest: " + calculatedDigest.toString('hex'));
|
|
1014
|
-
return calculatedDigest.equals (digestInMessage
|
|
1034
|
+
return calculatedDigest.equals (digestInMessage);
|
|
1015
1035
|
};
|
|
1016
1036
|
|
|
1017
1037
|
Authentication.calculateDigest = function (messageBuffer, authProtocol, authPassword, engineID) {
|
|
1018
1038
|
var authKey = Authentication.passwordToKey (authProtocol, authPassword, engineID);
|
|
1019
1039
|
|
|
1020
|
-
// Adapted from RFC3147 Section 6.3.1. Processing an Outgoing Message
|
|
1021
|
-
var hashAlgorithm;
|
|
1022
|
-
var kIpad;
|
|
1023
|
-
var kOpad;
|
|
1024
|
-
var firstDigest;
|
|
1025
|
-
var finalDigest;
|
|
1026
|
-
var truncatedDigest;
|
|
1027
|
-
var i;
|
|
1028
1040
|
var cryptoAlgorithm = Authentication.algorithms[authProtocol].CRYPTO_ALGORITHM;
|
|
1029
|
-
|
|
1030
|
-
|
|
1031
|
-
|
|
1032
|
-
|
|
1033
|
-
authKey = hashAlgorithm.digest ();
|
|
1034
|
-
}
|
|
1035
|
-
|
|
1036
|
-
// MD(K XOR opad, MD(K XOR ipad, msg))
|
|
1037
|
-
kIpad = Buffer.alloc (Authentication.HMAC_BLOCK_SIZE);
|
|
1038
|
-
kOpad = Buffer.alloc (Authentication.HMAC_BLOCK_SIZE);
|
|
1039
|
-
for (i = 0; i < authKey.length; i++) {
|
|
1040
|
-
kIpad[i] = authKey[i] ^ 0x36;
|
|
1041
|
-
kOpad[i] = authKey[i] ^ 0x5c;
|
|
1042
|
-
}
|
|
1043
|
-
kIpad.fill (0x36, authKey.length);
|
|
1044
|
-
kOpad.fill (0x5c, authKey.length);
|
|
1045
|
-
|
|
1046
|
-
// inner MD
|
|
1047
|
-
hashAlgorithm = crypto.createHash (cryptoAlgorithm);
|
|
1048
|
-
hashAlgorithm.update (kIpad);
|
|
1049
|
-
hashAlgorithm.update (messageBuffer);
|
|
1050
|
-
firstDigest = hashAlgorithm.digest ();
|
|
1051
|
-
// outer MD
|
|
1052
|
-
hashAlgorithm = crypto.createHash (cryptoAlgorithm);
|
|
1053
|
-
hashAlgorithm.update (kOpad);
|
|
1054
|
-
hashAlgorithm.update (firstDigest);
|
|
1055
|
-
finalDigest = hashAlgorithm.digest ();
|
|
1056
|
-
|
|
1057
|
-
truncatedDigest = Buffer.alloc (Authentication.AUTHENTICATION_CODE_LENGTH);
|
|
1058
|
-
finalDigest.copy (truncatedDigest, 0, 0, Authentication.AUTHENTICATION_CODE_LENGTH);
|
|
1059
|
-
return truncatedDigest;
|
|
1041
|
+
var hmacAlgorithm = crypto.createHmac (cryptoAlgorithm, authKey);
|
|
1042
|
+
hmacAlgorithm.update (messageBuffer);
|
|
1043
|
+
var digest = hmacAlgorithm.digest ();
|
|
1044
|
+
return digest.subarray (0, Authentication.algorithms[authProtocol].AUTHENTICATION_CODE_LENGTH);
|
|
1060
1045
|
};
|
|
1061
1046
|
|
|
1062
1047
|
var Encryption = {};
|
|
1063
1048
|
|
|
1064
|
-
Encryption.PRIV_PARAMETERS_PLACEHOLDER = Buffer.from ('9192939495969798', 'hex');
|
|
1065
|
-
|
|
1066
1049
|
Encryption.encryptPdu = function (privProtocol, scopedPdu, privPassword, authProtocol, engine) {
|
|
1067
1050
|
var encryptFunction = Encryption.algorithms[privProtocol].encryptPdu;
|
|
1068
1051
|
return encryptFunction (scopedPdu, privProtocol, privPassword, authProtocol, engine);
|
|
1069
1052
|
};
|
|
1070
1053
|
|
|
1071
|
-
Encryption.decryptPdu = function (privProtocol, encryptedPdu, privParameters, privPassword, authProtocol, engine
|
|
1054
|
+
Encryption.decryptPdu = function (privProtocol, encryptedPdu, privParameters, privPassword, authProtocol, engine) {
|
|
1072
1055
|
var decryptFunction = Encryption.algorithms[privProtocol].decryptPdu;
|
|
1073
|
-
return decryptFunction (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine
|
|
1056
|
+
return decryptFunction (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine);
|
|
1074
1057
|
};
|
|
1075
1058
|
|
|
1076
1059
|
Encryption.debugEncrypt = function (encryptionKey, iv, plainPdu, encryptedPdu) {
|
|
@@ -1196,7 +1179,7 @@ Encryption.encryptPduDes = function (scopedPdu, privProtocol, privPassword, auth
|
|
|
1196
1179
|
};
|
|
1197
1180
|
};
|
|
1198
1181
|
|
|
1199
|
-
Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine
|
|
1182
|
+
Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine) {
|
|
1200
1183
|
var des = Encryption.algorithms[PrivProtocols.des];
|
|
1201
1184
|
var privLocalizedKey;
|
|
1202
1185
|
var decryptionKey;
|
|
@@ -1220,23 +1203,9 @@ Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters,
|
|
|
1220
1203
|
}
|
|
1221
1204
|
|
|
1222
1205
|
decipher = crypto.createDecipheriv (des.CRYPTO_ALGORITHM, decryptionKey, iv);
|
|
1223
|
-
|
|
1224
|
-
decipher.setAutoPadding(false);
|
|
1225
|
-
}
|
|
1206
|
+
decipher.setAutoPadding(false);
|
|
1226
1207
|
decryptedPdu = decipher.update (encryptedPdu);
|
|
1227
|
-
|
|
1228
|
-
// - where sometimes a decrypt error is thrown with decipher.final()
|
|
1229
|
-
// It replaces this line which should have been sufficient:
|
|
1230
|
-
// decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
|
|
1231
|
-
try {
|
|
1232
|
-
decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
|
|
1233
|
-
} catch (error) {
|
|
1234
|
-
// debug("Decrypt error: " + error);
|
|
1235
|
-
decipher = crypto.createDecipheriv (des.CRYPTO_ALGORITHM, decryptionKey, iv);
|
|
1236
|
-
decipher.setAutoPadding(false);
|
|
1237
|
-
decryptedPdu = decipher.update (encryptedPdu);
|
|
1238
|
-
decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
|
|
1239
|
-
}
|
|
1208
|
+
decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
|
|
1240
1209
|
// Encryption.debugDecrypt (decryptionKey, iv, encryptedPdu, decryptedPdu);
|
|
1241
1210
|
|
|
1242
1211
|
return decryptedPdu;
|
|
@@ -1301,13 +1270,6 @@ Encryption.decryptPduAes = function (encryptedPdu, privProtocol, privParameters,
|
|
|
1301
1270
|
return decryptedPdu;
|
|
1302
1271
|
};
|
|
1303
1272
|
|
|
1304
|
-
Encryption.addParametersToMessageBuffer = function (messageBuffer, msgPrivacyParameters) {
|
|
1305
|
-
var privacyParametersOffset;
|
|
1306
|
-
|
|
1307
|
-
privacyParametersOffset = messageBuffer.indexOf (Encryption.PRIV_PARAMETERS_PLACEHOLDER);
|
|
1308
|
-
msgPrivacyParameters.copy (messageBuffer, privacyParametersOffset, 0, Encryption.DES_IV_LENGTH);
|
|
1309
|
-
};
|
|
1310
|
-
|
|
1311
1273
|
Encryption.algorithms = {};
|
|
1312
1274
|
|
|
1313
1275
|
Encryption.algorithms[PrivProtocols.des] = {
|
|
@@ -1391,6 +1353,29 @@ Message.prototype.toBufferV3 = function () {
|
|
|
1391
1353
|
if (this.buffer)
|
|
1392
1354
|
return this.buffer;
|
|
1393
1355
|
|
|
1356
|
+
// ScopedPDU
|
|
1357
|
+
var scopedPduWriter = new ber.Writer ();
|
|
1358
|
+
scopedPduWriter.startSequence ();
|
|
1359
|
+
var contextEngineID = this.pdu.contextEngineID ? this.pdu.contextEngineID : this.msgSecurityParameters.msgAuthoritativeEngineID;
|
|
1360
|
+
if ( contextEngineID.length == 0 ) {
|
|
1361
|
+
scopedPduWriter.writeString ("");
|
|
1362
|
+
} else {
|
|
1363
|
+
scopedPduWriter.writeBuffer (contextEngineID, ber.OctetString);
|
|
1364
|
+
}
|
|
1365
|
+
scopedPduWriter.writeString (this.pdu.contextName);
|
|
1366
|
+
this.pdu.toBuffer (scopedPduWriter);
|
|
1367
|
+
scopedPduWriter.endSequence ();
|
|
1368
|
+
|
|
1369
|
+
if ( this.hasPrivacy() ) {
|
|
1370
|
+
var authoritativeEngine = {
|
|
1371
|
+
engineID: this.msgSecurityParameters.msgAuthoritativeEngineID,
|
|
1372
|
+
engineBoots: this.msgSecurityParameters.msgAuthoritativeEngineBoots,
|
|
1373
|
+
engineTime: this.msgSecurityParameters.msgAuthoritativeEngineTime,
|
|
1374
|
+
};
|
|
1375
|
+
encryptionResult = Encryption.encryptPdu (this.user.privProtocol, scopedPduWriter.buffer,
|
|
1376
|
+
this.user.privKey, this.user.authProtocol, authoritativeEngine);
|
|
1377
|
+
}
|
|
1378
|
+
|
|
1394
1379
|
var writer = new ber.Writer ();
|
|
1395
1380
|
|
|
1396
1381
|
writer.startSequence ();
|
|
@@ -1408,77 +1393,56 @@ Message.prototype.toBufferV3 = function () {
|
|
|
1408
1393
|
writer.endSequence ();
|
|
1409
1394
|
|
|
1410
1395
|
// msgSecurityParameters
|
|
1411
|
-
|
|
1412
|
-
|
|
1413
|
-
//
|
|
1396
|
+
writer.startSequence (ber.OctetString);
|
|
1397
|
+
writer.startSequence ();
|
|
1398
|
+
//writer.writeString (this.msgSecurityParameters.msgAuthoritativeEngineID);
|
|
1414
1399
|
// writing a zero-length buffer fails - should fix asn1-ber for this condition
|
|
1415
1400
|
if ( this.msgSecurityParameters.msgAuthoritativeEngineID.length == 0 ) {
|
|
1416
|
-
|
|
1401
|
+
writer.writeString ("");
|
|
1417
1402
|
} else {
|
|
1418
|
-
|
|
1403
|
+
writer.writeBuffer (this.msgSecurityParameters.msgAuthoritativeEngineID, ber.OctetString);
|
|
1419
1404
|
}
|
|
1420
|
-
|
|
1421
|
-
|
|
1422
|
-
|
|
1405
|
+
writer.writeInt (this.msgSecurityParameters.msgAuthoritativeEngineBoots);
|
|
1406
|
+
writer.writeInt (this.msgSecurityParameters.msgAuthoritativeEngineTime);
|
|
1407
|
+
writer.writeString (this.msgSecurityParameters.msgUserName);
|
|
1423
1408
|
|
|
1409
|
+
var msgAuthenticationParameters = '';
|
|
1424
1410
|
if ( this.hasAuthentication() ) {
|
|
1425
|
-
|
|
1426
|
-
|
|
1427
|
-
|
|
1428
|
-
msgSecurityParametersWriter.writeBuffer (this.msgSecurityParameters.msgAuthenticationParameters, ber.OctetString);
|
|
1411
|
+
var authParametersLength = Authentication.getParametersLength (this.user.authProtocol);
|
|
1412
|
+
msgAuthenticationParameters = Buffer.alloc (authParametersLength);
|
|
1413
|
+
writer.writeBuffer (msgAuthenticationParameters, ber.OctetString);
|
|
1429
1414
|
} else {
|
|
1430
|
-
|
|
1415
|
+
writer.writeString ("");
|
|
1431
1416
|
}
|
|
1417
|
+
var msgAuthenticationParametersOffset = writer._offset - msgAuthenticationParameters.length;
|
|
1432
1418
|
|
|
1433
1419
|
if ( this.hasPrivacy() ) {
|
|
1434
|
-
|
|
1435
|
-
// should never happen where msgFlags has no privacy but privacy parameters still present
|
|
1436
|
-
} else if ( this.msgSecurityParameters.msgPrivacyParameters.length > 0 ) {
|
|
1437
|
-
msgSecurityParametersWriter.writeBuffer (this.msgSecurityParameters.msgPrivacyParameters, ber.OctetString);
|
|
1438
|
-
} else {
|
|
1439
|
-
msgSecurityParametersWriter.writeString ("");
|
|
1440
|
-
}
|
|
1441
|
-
msgSecurityParametersWriter.endSequence ();
|
|
1442
|
-
|
|
1443
|
-
writer.writeBuffer (msgSecurityParametersWriter.buffer, ber.OctetString);
|
|
1444
|
-
|
|
1445
|
-
// ScopedPDU
|
|
1446
|
-
var scopedPduWriter = new ber.Writer ();
|
|
1447
|
-
scopedPduWriter.startSequence ();
|
|
1448
|
-
var contextEngineID = this.pdu.contextEngineID ? this.pdu.contextEngineID : this.msgSecurityParameters.msgAuthoritativeEngineID;
|
|
1449
|
-
if ( contextEngineID.length == 0 ) {
|
|
1450
|
-
scopedPduWriter.writeString ("");
|
|
1420
|
+
writer.writeBuffer (encryptionResult.msgPrivacyParameters, ber.OctetString);
|
|
1451
1421
|
} else {
|
|
1452
|
-
|
|
1422
|
+
writer.writeString ("");
|
|
1453
1423
|
}
|
|
1454
|
-
|
|
1455
|
-
|
|
1456
|
-
|
|
1424
|
+
msgAuthenticationParametersOffset -= writer._offset;
|
|
1425
|
+
writer.endSequence ();
|
|
1426
|
+
writer.endSequence ();
|
|
1427
|
+
msgAuthenticationParametersOffset += writer._offset;
|
|
1457
1428
|
|
|
1458
1429
|
if ( this.hasPrivacy() ) {
|
|
1459
|
-
var authoritativeEngine = {
|
|
1460
|
-
engineID: this.msgSecurityParameters.msgAuthoritativeEngineID,
|
|
1461
|
-
engineBoots: this.msgSecurityParameters.msgAuthoritativeEngineBoots,
|
|
1462
|
-
engineTime: this.msgSecurityParameters.msgAuthoritativeEngineTime,
|
|
1463
|
-
};
|
|
1464
|
-
encryptionResult = Encryption.encryptPdu (this.user.privProtocol, scopedPduWriter.buffer,
|
|
1465
|
-
this.user.privKey, this.user.authProtocol, authoritativeEngine);
|
|
1466
1430
|
writer.writeBuffer (encryptionResult.encryptedPdu, ber.OctetString);
|
|
1467
1431
|
} else {
|
|
1468
1432
|
writer.writeBuffer (scopedPduWriter.buffer);
|
|
1469
1433
|
}
|
|
1470
1434
|
|
|
1435
|
+
msgAuthenticationParametersOffset -= writer._offset;
|
|
1471
1436
|
writer.endSequence ();
|
|
1437
|
+
msgAuthenticationParametersOffset += writer._offset;
|
|
1472
1438
|
|
|
1473
1439
|
this.buffer = writer.buffer;
|
|
1474
1440
|
|
|
1475
|
-
if ( this.hasPrivacy() ) {
|
|
1476
|
-
Encryption.addParametersToMessageBuffer(this.buffer, encryptionResult.msgPrivacyParameters);
|
|
1477
|
-
}
|
|
1478
|
-
|
|
1479
1441
|
if ( this.hasAuthentication() ) {
|
|
1480
|
-
|
|
1481
|
-
|
|
1442
|
+
msgAuthenticationParameters = this.buffer.subarray (msgAuthenticationParametersOffset,
|
|
1443
|
+
msgAuthenticationParametersOffset + msgAuthenticationParameters.length);
|
|
1444
|
+
Authentication.writeParameters (this.buffer, this.user.authProtocol, this.user.authKey,
|
|
1445
|
+
this.msgSecurityParameters.msgAuthoritativeEngineID, msgAuthenticationParameters);
|
|
1482
1446
|
}
|
|
1483
1447
|
|
|
1484
1448
|
return this.buffer;
|
|
@@ -1513,23 +1477,10 @@ Message.prototype.decryptPdu = function (user, responseCb) {
|
|
|
1513
1477
|
decryptedPduReader = new ber.Reader (decryptedPdu);
|
|
1514
1478
|
this.pdu = readPdu(decryptedPduReader, true);
|
|
1515
1479
|
return true;
|
|
1516
|
-
|
|
1517
|
-
|
|
1518
|
-
|
|
1519
|
-
|
|
1520
|
-
} catch (possibleTruncationError) {
|
|
1521
|
-
try {
|
|
1522
|
-
decryptedPdu = Encryption.decryptPdu(user.privProtocol, this.encryptedPdu,
|
|
1523
|
-
this.msgSecurityParameters.msgPrivacyParameters, user.privKey, user.authProtocol,
|
|
1524
|
-
this.msgSecurityParameters.msgAuthoritativeEngineID, true);
|
|
1525
|
-
decryptedPduReader = new ber.Reader (decryptedPdu);
|
|
1526
|
-
this.pdu = readPdu(decryptedPduReader, true);
|
|
1527
|
-
return true;
|
|
1528
|
-
} catch (error) {
|
|
1529
|
-
responseCb (new ResponseInvalidError ("Failed to decrypt PDU: " + error,
|
|
1530
|
-
ResponseInvalidCode.ECouldNotDecrypt));
|
|
1531
|
-
return false;
|
|
1532
|
-
}
|
|
1480
|
+
} catch (error) {
|
|
1481
|
+
responseCb (new ResponseInvalidError ("Failed to decrypt PDU: " + error,
|
|
1482
|
+
ResponseInvalidCode.ECouldNotDecrypt));
|
|
1483
|
+
return false;
|
|
1533
1484
|
}
|
|
1534
1485
|
|
|
1535
1486
|
};
|
|
@@ -1734,7 +1685,7 @@ Message.createFromBuffer = function (buffer, user) {
|
|
|
1734
1685
|
message.msgSecurityParameters.msgAuthoritativeEngineBoots = msgSecurityParametersReader.readInt ();
|
|
1735
1686
|
message.msgSecurityParameters.msgAuthoritativeEngineTime = msgSecurityParametersReader.readInt ();
|
|
1736
1687
|
message.msgSecurityParameters.msgUserName = msgSecurityParametersReader.readString ();
|
|
1737
|
-
message.msgSecurityParameters.msgAuthenticationParameters =
|
|
1688
|
+
message.msgSecurityParameters.msgAuthenticationParameters = msgSecurityParametersReader.readString (ber.OctetString, true);
|
|
1738
1689
|
message.msgSecurityParameters.msgPrivacyParameters = Buffer.from(msgSecurityParametersReader.readString (ber.OctetString, true));
|
|
1739
1690
|
|
|
1740
1691
|
if ( message.hasPrivacy() ) {
|
|
@@ -1828,6 +1779,10 @@ var Session = function (target, authenticator, options) {
|
|
|
1828
1779
|
? options.backwardsGetNexts
|
|
1829
1780
|
: true;
|
|
1830
1781
|
|
|
1782
|
+
this.reportOidMismatchErrors = (typeof options.reportOidMismatchErrors !== 'undefined')
|
|
1783
|
+
? options.reportOidMismatchErrors
|
|
1784
|
+
: false;
|
|
1785
|
+
|
|
1831
1786
|
DEBUG = options.debug;
|
|
1832
1787
|
|
|
1833
1788
|
this.engine = new Engine (options.engineID);
|
|
@@ -1870,6 +1825,8 @@ function _generateId (bitSize) {
|
|
|
1870
1825
|
}
|
|
1871
1826
|
|
|
1872
1827
|
Session.prototype.get = function (oids, responseCb) {
|
|
1828
|
+
var reportOidMismatchErrors = this.reportOidMismatchErrors;
|
|
1829
|
+
|
|
1873
1830
|
function feedCb (req, message) {
|
|
1874
1831
|
var pdu = message.pdu;
|
|
1875
1832
|
var varbinds = [];
|
|
@@ -1879,10 +1836,10 @@ Session.prototype.get = function (oids, responseCb) {
|
|
|
1879
1836
|
+ "match response OIDs", ResponseInvalidCode.EReqResOidNoMatch));
|
|
1880
1837
|
} else {
|
|
1881
1838
|
for (var i = 0; i < req.message.pdu.varbinds.length; i++) {
|
|
1882
|
-
if (req.message.pdu.varbinds[i].oid != pdu.varbinds[i].oid) {
|
|
1839
|
+
if ( reportOidMismatchErrors && req.message.pdu.varbinds[i].oid != pdu.varbinds[i].oid ) {
|
|
1883
1840
|
req.responseCb (new ResponseInvalidError ("OID '"
|
|
1884
1841
|
+ req.message.pdu.varbinds[i].oid
|
|
1885
|
-
+ "' in request at
|
|
1842
|
+
+ "' in request at position '" + i + "' does not "
|
|
1886
1843
|
+ "match OID '" + pdu.varbinds[i].oid + "' in response "
|
|
1887
1844
|
+ "at position '" + i + "'", ResponseInvalidCode.EReqResOidNoMatch));
|
|
1888
1845
|
return;
|
|
@@ -1984,7 +1941,7 @@ Session.prototype.getBulk = function () {
|
|
|
1984
1941
|
pdu.varbinds[respIndex].oid)) {
|
|
1985
1942
|
req.responseCb (new ResponseInvalidError ("OID '"
|
|
1986
1943
|
+ req.message.pdu.varbinds[reqIndex].oid
|
|
1987
|
-
+ "' in request at
|
|
1944
|
+
+ "' in request at position '" + (reqIndex)
|
|
1988
1945
|
+ "' does not precede OID '"
|
|
1989
1946
|
+ pdu.varbinds[respIndex].oid
|
|
1990
1947
|
+ "' in response at position '" + (respIndex) + "'",
|
|
@@ -2294,6 +2251,8 @@ Session.prototype.send = function (req, noWait) {
|
|
|
2294
2251
|
};
|
|
2295
2252
|
|
|
2296
2253
|
Session.prototype.set = function (varbinds, responseCb) {
|
|
2254
|
+
var reportOidMismatchErrors = this.reportOidMismatchErrors;
|
|
2255
|
+
|
|
2297
2256
|
function feedCb (req, message) {
|
|
2298
2257
|
var pdu = message.pdu;
|
|
2299
2258
|
var varbinds = [];
|
|
@@ -2303,10 +2262,10 @@ Session.prototype.set = function (varbinds, responseCb) {
|
|
|
2303
2262
|
+ "match response OIDs", ResponseInvalidCode.EReqResOidNoMatch));
|
|
2304
2263
|
} else {
|
|
2305
2264
|
for (var i = 0; i < req.message.pdu.varbinds.length; i++) {
|
|
2306
|
-
if (req.message.pdu.varbinds[i].oid != pdu.varbinds[i].oid) {
|
|
2265
|
+
if ( reportOidMismatchErrors && req.message.pdu.varbinds[i].oid != pdu.varbinds[i].oid ) {
|
|
2307
2266
|
req.responseCb (new ResponseInvalidError ("OID '"
|
|
2308
2267
|
+ req.message.pdu.varbinds[i].oid
|
|
2309
|
-
+ "' in request at
|
|
2268
|
+
+ "' in request at position '" + i + "' does not "
|
|
2310
2269
|
+ "match OID '" + pdu.varbinds[i].oid + "' in response "
|
|
2311
2270
|
+ "at position '" + i + "'", ResponseInvalidCode.EReqResOidNoMatch));
|
|
2312
2271
|
return;
|