RFC 2264
User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
3. Elements of Procedure This section describes the security related procedures followed by an SNMP engine when processing SNMP messages according to the User-based Security Model.
3.1. Generating an Outgoing SNMP Message This section describes the procedure followed by an SNMP engine whenever it generates a message containing a management operation (like a request, a response, a notification, or a report) on behalf of a user, with a particular securityLevel. 1) a) If any securityStateReference is passed (Response message), then information concerning the user is extracted from the cachedSecurityData. The securityEngineID and the securityLevel are extracted from the cachedSecurityData. The cachedSecurityData can now be discarded. Otherwise, b) based on the securityName, information concerning the user at the destination snmpEngineID, specified by the securityEngineID, is extracted from the Local Configuration Datastore (LCD, usmUserTable). If information about the user is absent from the LCD, then an error indication (unknownSecurityName) is returned to the calling module. 2) If the securityLevel specifies that the message is to be protected from disclosure, but the user does not support both an authentication and a privacy protocol then the message cannot be sent. An error indication (unsupportedSecurityLevel) is returned to the calling module. 3) If the securityLevel specifies that the message is to be authenticated, but the user does not support an authentication protocol, then the message cannot be sent. An error indication (unsupportedSecurityLevel) is returned to the calling module. 4) a) If the securityLevel specifies that the message is to be protected from disclosure, then the octet sequence representing the serialized scopedPDU is encrypted according to the user's privacy protocol. To do so a call is made to the privacy module that implements the user's privacy protocol according to the abstract primitive: statusInformation = -- success or failure encryptData( IN encryptKey -- user's localized privKey IN dataToEncrypt -- serialized scopedPDU OUT encryptedData -- serialized encryptedPDU OUT privParameters -- serialized privacy parameters )
statusInformation
indicates if the encryption process was successful or not.
encryptKey
the user's localized private privKey is the secret key that
can be used by the encryption algorithm.
dataToEncrypt
the serialized scopedPDU is the data that to be encrypted.
encryptedData
the encryptedPDU represents the encrypted scopedPDU,
encoded as an OCTET STRING.
privParameters
the privacy parameters, encoded as an OCTET STRING.
If the privacy module returns failure, then the message cannot
be sent and an error indication (encryptionError) is returned
to the calling module.
If the privacy module returns success, then the returned
privParameters are put into the msgPrivacyParameters field of
the securityParameters and the encryptedPDU serves as the
payload of the message being prepared.
Otherwise,
b) If the securityLevel specifies that the message is not to be
protected from disclosure, then the NULL string is encoded as
an OCTET STRING and put into the msgPrivacyParameters field of
the securityParameters and the plaintext scopedPDU serves as
the payload of the message being prepared.
5) The snmpEngineID is encoded as an OCTET STRING into the
msgAuthoritativeEngineID field of the securityParameters. Note
that an empty (zero length) snmpEngineID is OK for a Request
message, because that will cause the remote (authoritative) SNMP
engine to return a Report PDU with the proper snmpEngineID
included in the msgAuthoritativeEngineID in the
securityParameters of that returned Report PDU.
6) a) If the securityLevel specifies that the message is to be
authenticated, then the current values of snmpEngineBoots and
snmpEngineTime corresponding to the snmpEngineID from the LCD
are used.
Otherwise,
b) If this is a Response message, then the current value of
snmpEngineBoots and snmpEngineTime corresponding to the local
snmpEngineID from the LCD are used.
Otherwise,
c) If this is a Request message, then a zero value is used
for both snmpEngineBoots and snmpEngineTime. This zero value
gets used if snmpEngineID is empty.
The values are encoded as INTEGER respectively into the
msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime fields
of the securityParameters.
7) The userName is encoded as an OCTET STRING into the msgUserName
field of the securityParameters.
8) a) If the securityLevel specifies that the message is to be
authenticated, the message is authenticated according to the
user's authentication protocol. To do so a call is made to the
authentication module that implements the user's
authentication protocol according to the abstract service
primitive:
statusInformation =
authenticateOutgoingMsg(
IN authKey -- the user's localized authKey
IN wholeMsg -- unauthenticated message
OUT authenticatedWholeMsg -- authenticated complete message
)
statusInformation
indicates if authentication was successful or not.
authKey
the user's localized private authKey is the secret key that
can be used by the authentication algorithm.
wholeMsg
the complete serialized message to be authenticated.
authenticatedWholeMsg
the same as the input given to the authenticateOutgoingMsg
service, but with msgAuthenticationParameters properly
filled in.
If the authentication module returns failure, then the message
cannot be sent and an error indication (authenticationFailure)
is returned to the calling module.
If the authentication module returns success, then the
msgAuthenticationParameters field is put into the
securityParameters and the authenticatedWholeMsg represents
the serialization of the authenticated message being prepared.
Otherwise,
b) If the securityLevel specifies that the message is not to
be authenticated then the NULL string is encoded as an OCTET
STRING into the msgAuthenticationParameters field of the
securityParameters. The wholeMsg is now serialized and then
represents the unauthenticated message being prepared.
9) The completed message with its length is returned to the
calling module with the statusInformation set to success.
3.2. Processing an Incoming SNMP Message
This section describes the procedure followed by an SNMP engine
whenever it receives a message containing a management operation on
behalf of a user, with a particular securityLevel.
To simplify the elements of procedure, the release of state
information is not always explicitly specified. As a general rule, if
state information is available when a message gets discarded, the
state information should also be released. Also, when an error
indication with an OID and value for an incremented counter is
returned, then the available information (like
securityStateReference) must be passed back to the caller so it can
generate a Report PDU.
1) If the received securityParameters is not the serialization
(according to the conventions of [RFC1906]) of an OCTET STRING
formatted according to the UsmSecurityParameters defined in
section 2.4, then the snmpInASNParseErrs counter [RFC1907] is
incremented, and an error indication (parseError) is returned to
the calling module. Note that we return without the OID and
value of the incremented counter, because in this case there is
not enough information to generate a Report PDU.
2) The values of the security parameter fields are extracted from
the securityParameters. The securityEngineID to be returned to
the caller is the value of the msgAuthoritativeEngineID field.
The cachedSecurityData is prepared and a securityStateReference
is prepared to reference this data. Values to be cached are:
msgUserName
securityEngineID
securityLevel
3) If the value of the msgAuthoritativeEngineID field in the
securityParameters is unknown then:
a) a non-authoritative SNMP engine that performs discovery may
optionally create a new entry in its Local Configuration
Datastore (LCD) and continue processing;
or
b) the usmStatsUnknownEngineIDs counter is incremented, and
an error indication (unknownEngineID) together with the
OID and value of the incremented counter is returned to
the calling module.
4) Information about the value of the msgUserName and
msgAuthoritativeEngineID fields is extracted from the Local
Configuration Datastore (LCD, usmUserTable). If no information
is available for the user, then the usmStatsUnknownUserNames
counter is incremented and an error indication
(unknownSecurityName) together with the OID and value of the
incremented counter is returned to the calling module.
5) If the information about the user indicates that it does not
support the securityLevel requested by the caller, then the
usmStatsUnsupportedSecLevels counter is incremented and an
error indication (unsupportedSecurityLevel) together with the
OID and value of the incremented counter is returned to the
calling module.
6) If the securityLevel specifies that the message is to be
authenticated, then the message is authenticated according to
the user's authentication protocol. To do so a call is made
to the authentication module that implements the user's
authentication protocol according to the abstract service
primitive:
statusInformation = -- success or failure
authenticateIncomingMsg(
IN authKey -- the user's localized authKey
IN authParameters -- as received on the wire
IN wholeMsg -- as received on the wire
OUT authenticatedWholeMsg -- checked for authentication
)
statusInformation
indicates if authentication was successful or not.
authKey
the user's localized private authKey is the secret key that
can be used by the authentication algorithm.
wholeMsg
the complete serialized message to be authenticated.
authenticatedWholeMsg
the same as the input given to the authenticateIncomingMsg
service, but after authentication has been checked.
If the authentication module returns failure, then the message
cannot be trusted, so the usmStatsWrongDigests counter is
incremented and an error indication (authenticationFailure)
together with the OID and value of the incremented counter is
returned to the calling module.
If the authentication module returns success, then the message
is authentic and can be trusted so processing continues.
7) If the securityLevel indicates an authenticated message, then
the local values of snmpEngineBoots and snmpEngineTime
corresponding to the value of the msgAuthoritativeEngineID
field are extracted from the Local Configuration Datastore.
a) If the extracted value of msgAuthoritativeEngineID is the
same as the value of snmpEngineID of the processing SNMP
engine (meaning this is the authoritative SNMP engine),
then if any of the following conditions is true, then the
message is considered to be outside of the Time Window:
- the local value of snmpEngineBoots is 2147483647;
- the value of the msgAuthoritativeEngineBoots field differs
from the local value of snmpEngineBoots; or,
- the value of the msgAuthoritativeEngineTime field differs
from the local notion of snmpEngineTime by more than
+/- 150 seconds.
If the message is considered to be outside of the Time Window
then the usmStatsNotInTimeWindows counter is incremented and
an error indication (notInTimeWindow) together with the OID
and value of the incremented counter is returned to the
calling module.
b) If the extracted value of msgAuthoritativeEngineID is not the
same as the value snmpEngineID of the processing SNMP engine
(meaning this is not the authoritative SNMP engine), then:
1) if at least one of the following conditions is true:
- the extracted value of the msgAuthoritativeEngineBoots
field is greater than the local notion of the value of
snmpEngineBoots; or,
- the extracted value of the msgAuthoritativeEngineBoots
field is equal to the local notion of the value of
snmpEngineBoots, the extracted value of
msgAuthoritativeEngineTime field is greater than the
value of latestReceivedEngineTime,
then the LCD entry corresponding to the extracted value
of the msgAuthoritativeEngineID field is updated, by
setting:
- the local notion of the value of snmpEngineBoots to
the value of the msgAuthoritativeEngineBoots field,
- the local notion of the value of snmpEngineTime to
the value of the msgAuthoritativeEngineTime field,
and
- the latestReceivedEngineTime to the value of the
value of the msgAuthoritativeEngineTime field.
2) if any of the following conditions is true, then the
message is considered to be outside of the Time Window:
- the local notion of the value of snmpEngineBoots is
2147483647;
- the value of the msgAuthoritativeEngineBoots field is
less than the local notion of the value of
snmpEngineBoots; or,
- the value of the msgAuthoritativeEngineBoots field is
equal to the local notion of the value of
snmpEngineBoots and the value of the
msgAuthoritativeEngineTime field is more than 150
seconds less than the local notion of of the value of
snmpEngineTime.
If the message is considered to be outside of the Time
Window then an error indication (notInTimeWindow) is
returned to the calling module;
Note that this means that a too old (possibly replayed)
message has been detected and is deemed unauthentic.
Note that this procedure allows for the value of
msgAuthoritativeEngineBoots in the message to be greater
than the local notion of the value of snmpEngineBoots to
allow for received messages to be accepted as authentic
when received from an authoritative SNMP engine that has
re-booted since the receiving SNMP engine last
(re-)synchronized.
Note that this procedure does not allow for automatic
time synchronization if the non-authoritative SNMP engine
has a real out-of-sync situation whereby the authoritative
SNMP engine is more than 150 seconds behind the
non-authoritative SNMP engine.
8) a) If the securityLevel indicates that the message was protected
from disclosure, then the OCTET STRING representing the
encryptedPDU is decrypted according to the user's privacy
protocol to obtain an unencrypted serialized scopedPDU value.
To do so a call is made to the privacy module that implements
the user's privacy protocol according to the abstract
primitive:
statusInformation = -- success or failure
decryptData(
IN decryptKey -- the user's localized privKey
IN privParameters -- as received on the wire
IN encryptedData -- encryptedPDU as received
OUT decryptedData -- serialized decrypted scopedPDU
)
statusInformation
indicates if the decryption process was successful or not.
decryptKey
the user's localized private privKey is the secret key that
can be used by the decryption algorithm.
privParameters
the msgPrivacyParameters, encoded as an OCTET STRING.
encryptedData
the encryptedPDU represents the encrypted scopedPDU, encoded
as an OCTET STRING.
decryptedData
the serialized scopedPDU if decryption is successful.
If the privacy module returns failure, then the message can
not be processed, so the usmStatsDecryptionErrors counter is
incremented and an error indication (decryptionError) together
with the OID and value of the incremented counter is returned
to the calling module.
If the privacy module returns success, then the decrypted
scopedPDU is the message payload to be returned to the calling
module.
Otherwise,
b) The scopedPDU component is assumed to be in plain text
and is the message payload to be returned to the calling
module.
9) The maxSizeResponseScopedPDU is calculated. This is the
maximum size allowed for a scopedPDU for a possible Response
message. Provision is made for a message header that allows the
same securityLevel as the received Request.
10) The securityName for the user is retrieved from the
usmUserTable.
11) The security data is cached as cachedSecurityData, so that a
possible response to this message can and will use the same
authentication and privacy secrets, the same securityLevel and
the same value for msgAuthoritativeEngineID. Information to be
saved/cached is as follows:
msgUserName,
usmUserAuthProtocol, usmUserAuthKey
usmUserPrivProtocol, usmUserPrivKey
securityEngineID, securityLevel
12) The statusInformation is set to success and a return is made to
the calling module passing back the OUT parameters as specified
in the processIncomingMsg primitive.
4. Discovery
The User-based Security Model requires that a discovery process
obtains sufficient information about other SNMP engines in order to
communicate with them. Discovery requires an non-authoritative SNMP
engine to learn the authoritative SNMP engine's snmpEngineID value
before communication may proceed. This may be accomplished by
generating a Request message with a securityLevel of noAuthNoPriv, a
msgUserName of "initial", a msgAuthoritativeEngineID value of zero
length, and the varBindList left empty. The response to this message
will be a Report message containing the snmpEngineID of the
authoritative SNMP engine as the value of the
msgAuthoritativeEngineID field within the msgSecurityParameters
field. It contains a Report PDU with the usmStatsUnknownEngineIDs
counter in the varBindList.
If authenticated communication is required, then the discovery
process should also establish time synchronization with the
authoritative SNMP engine. This may be accomplished by sending an
authenticated Request message with the value of msgAuthoritativeEngineID set to the newly learned snmpEngineID and with the values of msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime set to zero. The response to this authenticated message will be a Report message containing the up to date values of the authoritative SNMP engine's snmpEngineBoots and snmpEngineTime as the value of the msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime fields respectively. It also contains the usmStatsNotInTimeWindows counter in the varBindList of the Report PDU. The time synchronization then happens automatically as part of the procedures in section 3.2 step 7b. See also section 2.3. 5. Definitions SNMP-USER-BASED-SM-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, snmpModules, Counter32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, TestAndIncr, RowStatus, RowPointer, StorageType, AutonomousType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString, SnmpEngineID, snmpAuthProtocols, snmpPrivProtocols FROM SNMP-FRAMEWORK-MIB; snmpUsmMIB MODULE-IDENTITY LAST-UPDATED "9711200000Z" -- 20 Nov 1997, midnight ORGANIZATION "SNMPv3 Working Group" CONTACT-INFO "WG-email: snmpv3@tis.com Subscribe: majordomo@tis.com In msg body: subscribe snmpv3 Chair: Russ Mundy Trusted Information Systems postal: 3060 Washington Rd Glenwood MD 21738 USA email: mundy@tis.com phone: +1-301-854-6889 Co-editor Uri Blumenthal IBM T. J. Watson Research postal: 30 Saw Mill River Pkwy, Hawthorne, NY 10532 USA email: uri@watson.ibm.com
phone: +1-914-784-7964
Co-editor: Bert Wijnen
IBM T. J. Watson Research
postal: Schagen 33
3461 GL Linschoten
Netherlands
email: wijnen@vnet.ibm.com
phone: +31-348-432-794
"
DESCRIPTION "The management information definitions for the
SNMP User-based Security Model.
"
::= { snmpModules 4 }
-- Administrative assignments ****************************************
usmMIBObjects OBJECT IDENTIFIER ::= { snmpUsmMIB 1 }
usmMIBConformance OBJECT IDENTIFIER ::= { snmpUsmMIB 2 }
-- Identification of Authentication and Privacy Protocols ************
usmNoAuthProtocol OBJECT-IDENTITY
STATUS current
DESCRIPTION "No Authentication Protocol."
::= { snmpAuthProtocols 1 }
usmHMACMD5AuthProtocol OBJECT-IDENTITY
STATUS current
DESCRIPTION "The HMAC-MD5-96 Digest Authentication Protocol."
REFERENCE "- H. Krawczyk, M. Bellare, R. Canetti HMAC:
Keyed-Hashing for Message Authentication,
RFC2104, Feb 1997.
- Rivest, R., Message Digest Algorithm MD5, RFC1321.
"
::= { snmpAuthProtocols 2 }
usmHMACSHAAuthProtocol OBJECT-IDENTITY
STATUS current
DESCRIPTION "The HMAC-SHA-96 Digest Authentication Protocol."
REFERENCE "- H. Krawczyk, M. Bellare, R. Canetti, HMAC:
Keyed-Hashing for Message Authentication,
RFC2104, Feb 1997.
- Secure Hash Algorithm. NIST FIPS 180-1.
"
::= { snmpAuthProtocols 3 }
usmNoPrivProtocol OBJECT-IDENTITY
STATUS current
DESCRIPTION "No Privacy Protocol."
::= { snmpPrivProtocols 1 }
usmDESPrivProtocol OBJECT-IDENTITY
STATUS current
DESCRIPTION "The CBC-DES Symmetric Encryption Protocol."
REFERENCE "- Data Encryption Standard, National Institute of
Standards and Technology. Federal Information
Processing Standard (FIPS) Publication 46-1.
Supersedes FIPS Publication 46,
(January, 1977; reaffirmed January, 1988).
- Data Encryption Algorithm, American National
Standards Institute. ANSI X3.92-1981,
(December, 1980).
- DES Modes of Operation, National Institute of
Standards and Technology. Federal Information
Processing Standard (FIPS) Publication 81,
(December, 1980).
- Data Encryption Algorithm - Modes of Operation,
American National Standards Institute.
ANSI X3.106-1983, (May 1983).
"
::= { snmpPrivProtocols 2 }
-- Textual Conventions ***********************************************
KeyChange ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Every definition of an object with this syntax must identify
a protocol P, a secret key K, and a hash algorithm H
that produces output of L octets.
The object's value is a manager-generated, partially-random
value which, when modified, causes the value of the secret
key K, to be modified via a one-way function.
The value of an instance of this object is the concatenation
of two components: first a 'random' component and then a
'delta' component.
The lengths of the random and delta components
are given by the corresponding value of the protocol P;
if P requires K to be a fixed length, the length of both the
random and delta components is that fixed length; if P
allows the length of K to be variable up to a particular
maximum length, the length of the random component is that
maximum length and the length of the delta component is any
length less than or equal to that maximum length.
For example, usmHMACMD5AuthProtocol requires K to be a fixed
length of 16 octets and L - of 16 octets.
usmHMACSHAAuthProtocol requires K to be a fixed length of
20 octets and L - of 20 octets. Other protocols may define
other sizes, as deemed appropriate.
When a requestor wants to change the old key K to a new
key keyNew on a remote entity, the 'random' component is
obtained from either a true random generator, or from a
pseudorandom generator, and the 'delta' component is
computed as follows:
- a temporary variable is initialized to the existing value
of K;
- if the length of the keyNew is greater than L octets,
then:
- the random component is appended to the value of the
temporary variable, and the result is input to the
the hash algorithm H to produce a digest value, and
the temporary variable is set to this digest value;
- the value of the temporary variable is XOR-ed with
the first (next) L-octets (16 octets in case of MD5)
of the keyNew to produce the first (next) L-octets
(16 octets in case of MD5) of the 'delta' component.
- the above two steps are repeated until the unused
portion of the delta component is L octets or less,
- the random component is appended to the value of the
temporary variable, and the result is input to the
hash algorithm H to produce a digest value;
- this digest value, truncated if necessary to be the same
length as the unused portion of the keyNew, is XOR-ed
with the unused portion of the keyNew to produce the
(final portion of the) 'delta' component.
For example, using MD5 as the hash algorithm H:
iterations = (lenOfDelta - 1)/16; /* integer division */
temp = keyOld;
for (i = 0; i < iterations; i++) {
temp = MD5 (temp || random);
delta[i*16 .. (i*16)+15] =
temp XOR keyNew[i*16 .. (i*16)+15];
}
temp = MD5 (temp || random);
delta[i*16 .. lenOfDelta-1] =
temp XOR keyNew[i*16 .. lenOfDelta-1];
The 'random' and 'delta' components are then concatenated as
described above, and the resulting octet string is sent to
the receipient as the new value of an instance of this
object.
At the receiver side, when an instance of this object is set
to a new value, then a new value of K is computed as follows:
- a temporary variable is initialized to the existing value
of K;
- if the length of the delta component is greater than L
octets, then:
- the random component is appended to the value of the
temporary variable, and the result is input to the
the hash algorithm H to produce a digest value, and
the temporary variable is set to this digest value;
- the value of the temporary variable is XOR-ed with
the first (next) L-octets (16 octets in case of MD5)
of the delta component to produce the first (next)
L-octets (16 octets in case of MD5) of the new value
of K.
- the above two steps are repeated until the unused
portion of the delta component is L octets or less,
- the random component is appended to the value of the
temporary variable, and the result is input to the
hash algorithm H to produce a digest value;
- this digest value, truncated if necessary to be the same
length as the unused portion of the delta component, is
XOR-ed with the unused portion of the delta component to
produce the (final portion of the) new value of K.
For example, using MD5 as the hash algorithm H:
iterations = (lenOfDelta - 1)/16; /* integer division */
temp = keyOld;
for (i = 0; i < iterations; i++) {
temp = MD5 (temp || random);
keyNew[i*16 .. (i*16)+15] =
temp XOR delta[i*16 .. (i*16)+15];
}
temp = MD5 (temp || random);
keyNew[i*16 .. lenOfDelta-1] =
temp XOR delta[i*16 .. lenOfDelta-1];
The value of an object with this syntax, whenever it is
retrieved by the management protocol, is always the zero
length string.
"
SYNTAX OCTET STRING
-- Statistics for the User-based Security Model **********************
usmStats OBJECT IDENTIFIER ::= { usmMIBObjects 1 }
usmStatsUnsupportedSecLevels OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The total number of packets received by the SNMP
engine which were dropped because they requested a
securityLevel that was unknown to the SNMP engine
or otherwise unavailable.
"
::= { usmStats 1 }
usmStatsNotInTimeWindows OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The total number of packets received by the SNMP
engine which were dropped because they appeared
outside of the authoritative SNMP engine's window.
"
::= { usmStats 2 }
usmStatsUnknownUserNames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The total number of packets received by the SNMP
engine which were dropped because they referenced a
user that was not known to the SNMP engine.
"
::= { usmStats 3 }
usmStatsUnknownEngineIDs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The total number of packets received by the SNMP
engine which were dropped because they referenced an
snmpEngineID that was not known to the SNMP engine.
"
::= { usmStats 4 }
usmStatsWrongDigests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The total number of packets received by the SNMP
engine which were dropped because they didn't
contain the expected digest value.
"
::= { usmStats 5 }
usmStatsDecryptionErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The total number of packets received by the SNMP
engine which were dropped because they could not be
decrypted.
"
::= { usmStats 6 }
-- The usmUser Group ************************************************
usmUser OBJECT IDENTIFIER ::= { usmMIBObjects 2 }
usmUserSpinLock OBJECT-TYPE
SYNTAX TestAndIncr
MAX-ACCESS read-write
STATUS current
DESCRIPTION "An advisory lock used to allow several cooperating
Command Generator Applications to coordinate their
use of facilities to alter secrets in the
usmUserTable.
"
::= { usmUser 1 }
-- The table of valid users for the User-based Security Model ********
usmUserTable OBJECT-TYPE
SYNTAX SEQUENCE OF UsmUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The table of users configured in the SNMP engine's
Local Configuration Datastore (LCD)."
::= { usmUser 2 }
usmUserEntry OBJECT-TYPE
SYNTAX UsmUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A user configured in the SNMP engine's Local
Configuration Datastore (LCD) for the User-based
Security Model.
"
INDEX { usmUserEngineID,
usmUserName
}
::= { usmUserTable 1 }
UsmUserEntry ::= SEQUENCE
{
usmUserEngineID SnmpEngineID,
usmUserName SnmpAdminString,
usmUserSecurityName SnmpAdminString,
usmUserCloneFrom RowPointer,
usmUserAuthProtocol AutonomousType,
usmUserAuthKeyChange KeyChange,
usmUserOwnAuthKeyChange KeyChange,
usmUserPrivProtocol AutonomousType,
usmUserPrivKeyChange KeyChange,
usmUserOwnPrivKeyChange KeyChange,
usmUserPublic OCTET STRING,
usmUserStorageType StorageType,
usmUserStatus RowStatus
}
usmUserEngineID OBJECT-TYPE
SYNTAX SnmpEngineID
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An SNMP engine's administratively-unique identifier.
In a simple agent, this value is always that agent's
own snmpEngineID value.
The value can also take the value of the snmpEngineID
of a remote SNMP engine with which this user can
communicate.
"
::= { usmUserEntry 1 }
usmUserName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A human readable string representing the name of
the user.
This is the (User-based Security) Model dependent
security ID.
"
::= { usmUserEntry 2 }
usmUserSecurityName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION "A human readable string representing the user in
Security Model independent format.
The default transformation of the User-based Security
Model dependent security ID to the securityName and
vice versa is the identity function so that the
securityName is the same as the userName.
"
::= { usmUserEntry 3 }
usmUserCloneFrom OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-create
STATUS current
DESCRIPTION "A pointer to another conceptual row in this
usmUserTable. The user in this other conceptual
row is called the clone-from user.
When a new user is created (i.e., a new conceptual
row is instantiated in this table), the privacy and
authentication parameters of the new user are cloned
from its clone-from user.
The first time an instance of this object is set by
a management operation (either at or after its
instantiation), the cloning process is invoked.
Subsequent writes are successful but invoke no
action to be taken by the receiver.
The cloning process fails with an 'inconsistentName'
error if the conceptual row representing the
clone-from user is not in an active state when the
cloning process is invoked.
Cloning also causes the initial values of the secret
authentication key and the secret encryption key of
the new user to be set to the same value as the
corresponding secret of the clone-from user.
When this object is read, the ZeroDotZero OID
is returned.
"
::= { usmUserEntry 4 }
usmUserAuthProtocol OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "An indication of whether messages sent on behalf of
this user to/from the SNMP engine identified by
usmUserEngineID, can be authenticated, and if so,
the type of authentication protocol which is used.
An instance of this object is created concurrently
with the creation of any other object instance for
the same user (i.e., as part of the processing of
the set operation which creates the first object
instance in the same conceptual row). Once created,
the value of an instance of this object can not be
changed.
If a set operation tries to set a value for an unknown
or unsupported protocol, then a wrongValue error must
be returned.
"
DEFVAL { usmHMACMD5AuthProtocol }
::= { usmUserEntry 5 }
usmUserAuthKeyChange OBJECT-TYPE
SYNTAX KeyChange -- typically (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "An object, which when modified, causes the secret
authentication key used for messages sent on behalf
of this user to/from the SNMP engine identified by
usmUserEngineID, to be modified via a one-way
function.
The associated protocol is the usmUserAuthProtocol.
The associated secret key is the user's secret
authentication key (authKey). The associated hash
algorithm is the algorithm used by the user's
usmUserAuthProtocol.
When creating a new user, it is an 'inconsistentName'
error for a Set operation to refer to this object
unless it is previously or concurrently initialized
through a set operation on the corresponding value
of usmUserCloneFrom.
"
DEFVAL { ''H } -- the empty string
::= { usmUserEntry 6 }
usmUserOwnAuthKeyChange OBJECT-TYPE
SYNTAX KeyChange -- typically (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Behaves exactly as usmUserAuthKeyChange, with one
notable difference: in order for the Set operation
to succeed, the usmUserName of the operation
requester must match the usmUserName that
indexes the row which is targeted by this
operation.
The idea here is that access to this column can be
public, since it will only allow a user to change
his own secret authentication key (authKey).
"
DEFVAL { ''H } -- the empty string
::= { usmUserEntry 7 }
usmUserPrivProtocol OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "An indication of whether messages sent on behalf of
this user to/from the SNMP engine identified by
usmUserEngineID, can be protected from disclosure,
and if so, the type of privacy protocol which is used.
An instance of this object is created concurrently
with the creation of any other object instance for
the same user (i.e., as part of the processing of
the set operation which creates the first object
instance in the same conceptual row). Once created,
the value of an instance of this object can not be
changed.
If a set operation tries to set a value for an unknown
or unsupported protocol, then a wrongValue error must
be returned.
"
DEFVAL { usmNoPrivProtocol }
::= { usmUserEntry 8 }
usmUserPrivKeyChange OBJECT-TYPE
SYNTAX KeyChange -- typically (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "An object, which when modified, causes the secret
encryption key used for messages sent on behalf
of this user to/from the SNMP engine identified by
usmUserEngineID, to be modified via a one-way
function.
The associated protocol is the usmUserPrivProtocol.
The associated secret key is the user's secret
privacy key (privKey). The associated hash
algorithm is the algorithm used by the user's
usmUserAuthProtocol.
When creating a new user, it is an 'inconsistentName'
error for a set operation to refer to this object
unless it is previously or concurrently initialized
through a set operation on the corresponding value
of usmUserCloneFrom.
"
DEFVAL { ''H } -- the empty string
::= { usmUserEntry 9 }
usmUserOwnPrivKeyChange OBJECT-TYPE
SYNTAX KeyChange -- typically (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Behaves exactly as usmUserPrivKeyChange, with one
notable difference: in order for the Set operation
to succeed, the usmUserName of the operation
requester must match the usmUserName that indexes
the row which is targeted by this operation.
The idea here is that access to this column can be
public, since it will only allow a user to change
his own secret privacy key (privKey).
"
DEFVAL { ''H } -- the empty string
::= { usmUserEntry 10 }
usmUserPublic OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "A publicly-readable value which is written as part
of the procedure for changing a user's secret
authentication and/or privacy key, and later read to
determine whether the change of the secret was
effected.
"
DEFVAL { ''H } -- the empty string
::= { usmUserEntry 11 }
usmUserStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The storage type for this conceptual row.
Conceptual rows having the value 'permanent'
must allow write-access at a minimum to:
- usmUserAuthKeyChange, usmUserOwnAuthKeyChange
and usmUserPublic for a user who employs
authentication, and
- usmUserPrivKeyChange, usmUserOwnPrivKeyChange
and usmUserPublic for a user who employs
privacy.
Note that any user who employs authentication or
privacy must allow its secret(s) to be updated and
thus cannot be 'readOnly'.
"
DEFVAL { nonVolatile }
::= { usmUserEntry 12 }
usmUserStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "The status of this conceptual row.
Until instances of all corresponding columns are
appropriately configured, the value of the
corresponding instance of the usmUserStatus column
is 'notReady'.
In particular, a newly created row cannot be made
active until the corresponding usmUserCloneFrom,
usmUserAuthKeyChange, usmUserOwnAuthKeyChange,
usmUserPrivKeyChange and usmUserOwnPrivKeyChange
have all been set.
The RowStatus TC [RFC1903] requires that this
DESCRIPTION clause states under which circumstances
other objects in this row can be modified:
The value of this object has no effect on whether
other objects in this conceptual row can be modified.
"
::= { usmUserEntry 13 }
-- Conformance Information *******************************************
usmMIBCompliances OBJECT IDENTIFIER ::= { usmMIBConformance 1 }
usmMIBGroups OBJECT IDENTIFIER ::= { usmMIBConformance 2 }
-- Compliance statements
usmMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION "The compliance statement for SNMP engines which
implement the SNMP-USER-BASED-SM-MIB.
"
MODULE -- this module
MANDATORY-GROUPS { usmMIBBasicGroup }
OBJECT usmUserAuthProtocol
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT usmUserPrivProtocol
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
::= { usmMIBCompliances 1 }
-- Units of compliance
usmMIBBasicGroup OBJECT-GROUP
OBJECTS {
usmStatsUnsupportedSecLevels,
usmStatsNotInTimeWindows,
usmStatsUnknownUserNames,
usmStatsUnknownEngineIDs,
usmStatsWrongDigests,
usmStatsDecryptionErrors,
usmUserSpinLock,
usmUserSecurityName,
usmUserCloneFrom,
usmUserAuthProtocol,
usmUserAuthKeyChange,
usmUserOwnAuthKeyChange,
usmUserPrivProtocol,
usmUserPrivKeyChange,
usmUserOwnPrivKeyChange,
usmUserPublic,
usmUserStorageType,
usmUserStatus
}
STATUS current
DESCRIPTION "A collection of objects providing for configuration
of an SNMP engine which implements the SNMP
User-based Security Model.
"
::= { usmMIBGroups 1 }
END
6. HMAC-MD5-96 Authentication Protocol
This section describes the HMAC-MD5-96 authentication protocol. This
authentication protocol is the first defined for the User-based
Security Model. It uses MD5 hash-function which is described in
[MD5], in HMAC mode described in [RFC2104], truncating the output to
96 bits.
This protocol is identified by usmHMACMD5AuthProtocol.
Over time, other authentication protocols may be defined either as a
replacement of this protocol or in addition to this protocol.
6.1. Mechanisms
- In support of data integrity, a message digest algorithm is
required. A digest is calculated over an appropriate portion of an
SNMP message and included as part of the message sent to the
recipient.
- In support of data origin authentication and data integrity,
a secret value is prepended to SNMP message prior to computing the
digest; the calculated digest is partially inserted into the SNMP
message prior to transmission, and the prepended value is not
transmitted. The secret value is shared by all SNMP engines
authorized to originate messages on behalf of the appropriate user.
6.1.1. Digest Authentication Mechanism
The Digest Authentication Mechanism defined in this memo provides
for:
- verification of the integrity of a received message, i.e., the
message received is the message sent.
The integrity of the message is protected by computing a digest
over an appropriate portion of the message. The digest is computed
by the originator of the message, transmitted with the message, and
verified by the recipient of the message.
- verification of the user on whose behalf the message was generated.
A secret value known only to SNMP engines authorized to generate
messages on behalf of a user is used in HMAC mode (see [RFC2104]).
It also recommends the hash-function output used as Message
Authentication Code, to be truncated.
This protocol uses the MD5 [MD5] message digest algorithm. A 128-bit
MD5 digest is calculated in a special (HMAC) way over the designated
portion of an SNMP message and the first 96 bits of this digest is
included as part of the message sent to the recipient. The size of
the digest carried in a message is 12 octets. The size of the private
authentication key (the secret) is 16 octets. For the details see
section 6.3.
6.2. Elements of the Digest Authentication Protocol
This section contains definitions required to realize the
authentication module defined in this section of this memo.
6.2.1. Users
Authentication using this authentication protocol makes use of a
defined set of userNames. For any user on whose behalf a message must
be authenticated at a particular SNMP engine, that SNMP engine must
have knowledge of that user. An SNMP engine that wishes to
communicate with another SNMP engine must also have knowledge of a
user known to that engine, including knowledge of the applicable
attributes of that user.
A user and its attributes are defined as follows:
<userName>
A string representing the name of the user.
<authKey>
A user's secret key to be used when calculating a digest.
It MUST be 16 octets long for MD5.
6.2.2. msgAuthoritativeEngineID
The msgAuthoritativeEngineID value contained in an authenticated
message specifies the authoritative SNMP engine for that particular
message (see the definition of SnmpEngineID in the SNMP Architecture
document [RFC2261]).
The user's (private) authentication key is normally different at each
authoritative SNMP engine and so the snmpEngineID is used to select
the proper key for the authentication process.
6.2.3. SNMP Messages Using this Authentication Protocol
Messages using this authentication protocol carry a
msgAuthenticationParameters field as part of the
msgSecurityParameters. For this protocol, the
msgAuthenticationParameters field is the serialized OCTET STRING
representing the first 12 octets of the HMAC-MD5-96 output done over
the wholeMsg.
The digest is calculated over the wholeMsg so if a message is
authenticated, that also means that all the fields in the message are
intact and have not been tampered with.
6.2.4. Services provided by the HMAC-MD5-96 Authentication Module
This section describes the inputs and outputs that the HMAC-MD5-96
Authentication module expects and produces when the User-based
Security module calls the HMAC-MD5-96 Authentication module for
services.
6.2.4.1. Services for Generating an Outgoing SNMP Message
The HMAC-MD5-96 authentication protocol assumes that the selection of
the authKey is done by the caller and that the caller passes the
secret key to be used.
Upon completion the authentication module returns statusInformation
and, if the message digest was correctly calculated, the wholeMsg
with the digest inserted at the proper place. The abstract service
primitive is:
statusInformation = -- success or failure
authenticateOutgoingMsg(
IN authKey -- secret key for authentication
IN wholeMsg -- unauthenticated complete message
OUT authenticatedWholeMsg -- complete authenticated message
)
The abstract data elements are:
statusInformation
An indication of whether the authentication process was
successful. If not it is an indication of the problem.
authKey
The secret key to be used by the authentication algorithm.
The length of this key MUST be 16 octets.
wholeMsg
The message to be authenticated.
authenticatedWholeMsg
The authenticated message (including inserted digest) on output.
Note, that authParameters field is filled by the authentication
module and this field should be already present in the wholeMsg
before the Message Authentication Code (MAC) is generated.
6.2.4.2. Services for Processing an Incoming SNMP Message
The HMAC-MD5-96 authentication protocol assumes that the selection of
the authKey is done by the caller and that the caller passes the
secret key to be used.
Upon completion the authentication module returns statusInformation
and, if the message digest was correctly calculated, the wholeMsg as
it was processed. The abstract service primitive is:
statusInformation = -- success or failure
authenticateIncomingMsg(
IN authKey -- secret key for authentication
IN authParameters -- as received on the wire
IN wholeMsg -- as received on the wire
OUT authenticatedWholeMsg -- complete authenticated message
)
The abstract data elements are:
statusInformation
An indication of whether the authentication process was
successful. If not it is an indication of the problem.
authKey
The secret key to be used by the authentication algorithm.
The length of this key MUST be 16 octets.
authParameters
The authParameters from the incoming message.
wholeMsg
The message to be authenticated on input and the authenticated
message on output.
authenticatedWholeMsg
The whole message after the authentication check is complete.
6.3. Elements of Procedure
This section describes the procedures for the HMAC-MD5-96
authentication protocol.
6.3.1. Processing an Outgoing Message
This section describes the procedure followed by an SNMP engine
whenever it must authenticate an outgoing message using the
usmHMACMD5AuthProtocol.
1) The msgAuthenticationParameters field is set to the
serialization, according to the rules in [RFC1906], of an OCTET
STRING containing 12 zero octets.
2) From the secret authKey, two keys K1 and K2 are derived:
a) extend the authKey to 64 octets by appending 48 zero
octets; save it as extendedAuthKey
b) obtain IPAD by replicating the octet 0x36 64 times;
c) obtain K1 by XORing extendedAuthKey with IPAD;
d) obtain OPAD by replicating the octet 0x5C 64 times;
e) obtain K2 by XORing extendedAuthKey with OPAD.
4) Prepend K1 to the wholeMsg and calculate MD5 digest over it
according to [MD5].
5) Prepend K2 to the result of the step 4 and calculate MD5 digest
over it according to [MD5]. Take the first 12 octets of the final
digest - this is Message Authentication Code (MAC).
6) Replace the msgAuthenticationParameters field with MAC obtained
in the step 5.
7) The authenticatedWholeMsg is then returned to the caller
together with statusInformation indicating success.
6.3.2. Processing an Incoming Message
This section describes the procedure followed by an SNMP engine
whenever it must authenticate an incoming message using the
usmHMACMD5AuthProtocol.
1) If the digest received in the msgAuthenticationParameters field
is not 12 octets long, then an failure and an errorIndication
(authenticationError) is returned to the calling module.
2) The MAC received in the msgAuthenticationParameters field
is saved.
3) The digest in the msgAuthenticationParameters field is replaced
by the 12 zero octets.
4) From the secret authKey, two keys K1 and K2 are derived:
a) extend the authKey to 64 octets by appending 48 zero
octets; save it as extendedAuthKey
b) obtain IPAD by replicating the octet 0x36 64 times;
c) obtain K1 by XORing extendedAuthKey with IPAD;
d) obtain OPAD by replicating the octet 0x5C 64 times;
e) obtain K2 by XORing extendedAuthKey with OPAD.
5) The MAC is calculated over the wholeMsg:
a) prepend K1 to the wholeMsg and calculate the MD5 digest
over it;
b) prepend K2 to the result of step 5.a and calculate the
MD5 digest over it;
c) first 12 octets of the result of step 5.b is the MAC.
The msgAuthenticationParameters field is replaced with the MAC
value that was saved in step 2.
6) Then the newly calculated MAC is compared with the MAC
saved in step 2. If they do not match, then an failure and an
errorIndication (authenticationFailure) is returned to the
calling module.
7) The authenticatedWholeMsg and statusInformation indicating
success are then returned to the caller.
(next page on part 3)
