Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 2274

User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

Pages: 76
Obsoletes:  2264
Obsoleted by:  2574
Part 2 of 3 – Pages 21 to 50
First   Prev   Next

ToP   noToC   RFC2274 - Page 21   prevText
3.  Elements of Procedure

   This section describes the security related procedures followed by an
   SNMP engine when processing SNMP messages according to the User-based
   Security Model.
ToP   noToC   RFC2274 - Page 22
3.1.  Generating an Outgoing SNMP Message

   This section describes the procedure followed by an SNMP engine
   whenever it generates a message containing a management operation
   (like a request, a response, a notification, or a report) on behalf
   of a user, with a particular securityLevel.

   1)  a) If any securityStateReference is passed (Response message),
          then information concerning the user is extracted from the
          cachedSecurityData.  The securityEngineID and the
          securityLevel are extracted from the cachedSecurityData.  The
          cachedSecurityData can now be discarded.

          Otherwise,

       b) based on the securityName, information concerning the
          user at the destination snmpEngineID, specified by the
          securityEngineID, is extracted from the Local Configuration
          Datastore (LCD, usmUserTable). If information about the user
          is absent from the LCD, then an error indication
          (unknownSecurityName) is returned to the calling module.

   2)  If the securityLevel specifies that the message is to be
       protected from disclosure, but the user does not support both an
       authentication and a privacy protocol then the message cannot be
       sent.  An error indication (unsupportedSecurityLevel) is returned
       to the calling module.

   3)  If the securityLevel specifies that the message is to be
       authenticated, but the user does not support an authentication
       protocol, then the message cannot be sent. An error indication
       (unsupportedSecurityLevel) is returned to the calling module.

   4)  a) If the securityLevel specifies that the message is to be
          protected from disclosure, then the octet sequence
          representing the serialized scopedPDU is encrypted according
          to the user's privacy protocol. To do so a call is made to the
          privacy module that implements the user's privacy protocol
          according to the abstract primitive:

          statusInformation =       -- success or failure
            encryptData(
            IN    encryptKey        -- user's localized privKey
            IN    dataToEncrypt     -- serialized scopedPDU
            OUT   encryptedData     -- serialized encryptedPDU
            OUT   privParameters    -- serialized privacy parameters
                  )
ToP   noToC   RFC2274 - Page 23
          statusInformation
            indicates if the encryption process was successful or not.
          encryptKey
            the user's localized private privKey is the secret key that
            can be used by the encryption algorithm.
          dataToEncrypt
            the serialized scopedPDU is the data that to be encrypted.
          encryptedData
            the encryptedPDU represents the encrypted scopedPDU,
            encoded as an OCTET STRING.
          privParameters
            the privacy parameters, encoded as an OCTET STRING.

          If the privacy module returns failure, then the message cannot
          be sent and an error indication (encryptionError) is returned
          to the calling module.

          If the privacy module returns success, then the returned
          privParameters are put into the msgPrivacyParameters field of
          the securityParameters and the encryptedPDU serves as the
          payload of the message being prepared.

          Otherwise,

       b) If the securityLevel specifies that the message is not to be
          protected from disclosure, then the NULL string is encoded as
          an OCTET STRING and put into the msgPrivacyParameters field of
          the securityParameters and the plaintext scopedPDU serves as
          the payload of the message being prepared.

   5)  The snmpEngineID is encoded as an OCTET STRING into the
       msgAuthoritativeEngineID field of the securityParameters.  Note
       that an empty (zero length) snmpEngineID is OK for a Request
       message, because that will cause the remote (authoritative) SNMP
       engine to return a Report PDU with the proper snmpEngineID
       included in the msgAuthoritativeEngineID in the
       securityParameters of that returned Report PDU.

   6)  a) If the securityLevel specifies that the message is to be
          authenticated, then the current values of snmpEngineBoots and
          snmpEngineTime corresponding to the snmpEngineID from the LCD
          are used.

          Otherwise,

       b) If this is a Response message, then the current value of
          snmpEngineBoots and snmpEngineTime corresponding to the local
          snmpEngineID from the LCD are used.
ToP   noToC   RFC2274 - Page 24
          Otherwise,

       c) If this is a Request message, then a zero value is used
          for both snmpEngineBoots and snmpEngineTime. This zero value
          gets used if snmpEngineID is empty.

       The values are encoded as INTEGER respectively into the
       msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime fields
       of the securityParameters.

   7)  The userName is encoded as an OCTET STRING into the msgUserName
       field of the securityParameters.

   8)  a) If the securityLevel specifies that the message is to be
          authenticated, the message is authenticated according to the
          user's authentication protocol. To do so a call is made to the
          authentication module that implements the user's
          authentication protocol according to the abstract service
          primitive:

          statusInformation =
            authenticateOutgoingMsg(
            IN  authKey               -- the user's localized authKey
            IN  wholeMsg              -- unauthenticated message
            OUT authenticatedWholeMsg -- authenticated complete message
                )

          statusInformation
            indicates if authentication was successful or not.
          authKey
            the user's localized private authKey is the secret key that
            can be used by the authentication algorithm.
          wholeMsg
            the complete serialized message to be authenticated.
          authenticatedWholeMsg
            the same as the input given to the authenticateOutgoingMsg
            service, but with msgAuthenticationParameters properly
            filled in.

          If the authentication module returns failure, then the message
          cannot be sent and an error indication (authenticationFailure)
          is returned to the calling module.

          If the authentication module returns success, then the
          msgAuthenticationParameters field is put into the
          securityParameters and the authenticatedWholeMsg represents
          the serialization of the authenticated message being prepared.
ToP   noToC   RFC2274 - Page 25
          Otherwise,

       b) If the securityLevel specifies that the message is not to
          be authenticated then the NULL string is encoded as an OCTET
          STRING into the msgAuthenticationParameters field of the
          securityParameters.  The wholeMsg is now serialized and then
          represents the unauthenticated message being prepared.

   9)  The completed message with its length is returned to the
       calling module with the statusInformation set to success.

3.2.  Processing an Incoming SNMP Message

   This section describes the procedure followed by an SNMP engine
   whenever it receives a message containing a management operation on
   behalf of a user, with a particular securityLevel.

   To simplify the elements of procedure, the release of state
   information is not always explicitly specified. As a general rule, if
   state information is available when a message gets discarded, the
   state information should also be released.  Also, when an error
   indication with an OID and value for an incremented counter is
   returned, then the available information (like
   securityStateReference) must be passed back to the caller so it can
   generate a Report PDU.

   1)  If the received securityParameters is not the serialization
       (according to the conventions of [RFC1906]) of an OCTET STRING
       formatted according to the UsmSecurityParameters defined in
       section 2.4, then the snmpInASNParseErrs counter [RFC1907] is
       incremented, and an error indication (parseError) is returned to
       the calling module.  Note that we return without the OID and
       value of the incremented counter, because in this case there is
       not enough information to generate a Report PDU.

   2)  The values of the security parameter fields are extracted from
       the securityParameters. The securityEngineID to be returned to
       the caller is the value of the msgAuthoritativeEngineID field.
       The cachedSecurityData is prepared and a securityStateReference
       is prepared to reference this data. Values to be cached are:

           msgUserName
           securityEngineID
           securityLevel

   3)  If the value of the msgAuthoritativeEngineID field in the
       securityParameters is unknown then:
ToP   noToC   RFC2274 - Page 26
       a) a non-authoritative SNMP engine that performs discovery may
          optionally create a new entry in its Local Configuration
          Datastore (LCD) and continue processing;

          or

       b) the usmStatsUnknownEngineIDs counter is incremented, and
          an error indication (unknownEngineID) together with the
          OID and value of the incremented counter is returned to
          the calling module.

   4)  Information about the value of the msgUserName and
       msgAuthoritativeEngineID fields is extracted from the Local
       Configuration Datastore (LCD, usmUserTable).  If no information
       is available for the user, then the usmStatsUnknownUserNames
       counter is incremented and an error indication
       (unknownSecurityName) together with the OID and value of the
       incremented counter is returned to the calling module.

   5)  If the information about the user indicates that it does not
       support the securityLevel requested by the caller, then the
       usmStatsUnsupportedSecLevels counter is incremented and an
       error indication (unsupportedSecurityLevel) together with the
       OID and value of the incremented counter is returned to the
       calling module.

   6)  If the securityLevel specifies that the message is to be
       authenticated, then the message is authenticated according to
       the user's authentication protocol. To do so a call is made
       to the authentication module that implements the user's
       authentication protocol according to the abstract service
       primitive:

       statusInformation =          -- success or failure
         authenticateIncomingMsg(
         IN   authKey               -- the user's localized authKey
         IN   authParameters        -- as received on the wire
         IN   wholeMsg              -- as received on the wire
         OUT  authenticatedWholeMsg -- checked for authentication
                 )

       statusInformation
         indicates if authentication was successful or not.
       authKey
         the user's localized private authKey is the secret key that
         can be used by the authentication algorithm.
       wholeMsg
         the complete serialized message to be authenticated.
ToP   noToC   RFC2274 - Page 27
       authenticatedWholeMsg
         the same as the input given to the authenticateIncomingMsg
         service, but after authentication has been checked.

       If the authentication module returns failure, then the message
              cannot be trusted, so the usmStatsWrongDigests counter is
       incremented and an error indication (authenticationFailure)
       together with the OID and value of the incremented counter is
       returned to the calling module.

       If the authentication module returns success, then the message
       is authentic and can be trusted so processing continues.

   7)  If the securityLevel indicates an authenticated message, then
       the local values of snmpEngineBoots and snmpEngineTime
       corresponding to the value of the msgAuthoritativeEngineID
       field are extracted from the Local Configuration Datastore.

       a) If the extracted value of msgAuthoritativeEngineID is the
          same as the value of snmpEngineID of the processing SNMP
          engine (meaning this is the authoritative SNMP engine),
          then if any of the following conditions is true, then the
          message is considered to be outside of the Time Window:

           - the local value of snmpEngineBoots is 2147483647;

           - the value of the msgAuthoritativeEngineBoots field differs
             from the local value of snmpEngineBoots; or,

           - the value of the msgAuthoritativeEngineTime field differs
             from the local notion of snmpEngineTime by more than
             +/- 150 seconds.

          If the message is considered to be outside of the Time Window
          then the usmStatsNotInTimeWindows counter is incremented and
          an error indication (notInTimeWindow) together with the OID
          and value of the incremented counter is returned to the
          calling module.

       b) If the extracted value of msgAuthoritativeEngineID is not the
          same as the value snmpEngineID of the processing SNMP engine
          (meaning this is not the authoritative SNMP engine), then:

          1) if at least one of the following conditions is true:

             - the extracted value of the msgAuthoritativeEngineBoots
               field is greater than the local notion of the value of
               snmpEngineBoots; or,
ToP   noToC   RFC2274 - Page 28
             - the extracted value of the msgAuthoritativeEngineBoots
               field is equal to the local notion of the value of
               snmpEngineBoots, the extracted value of
               msgAuthoritativeEngineTime field is greater than the
               value of latestReceivedEngineTime,

             then the LCD entry corresponding to the extracted value
             of the msgAuthoritativeEngineID field is updated, by
             setting:

                - the local notion of the value of snmpEngineBoots to
                  the value of the msgAuthoritativeEngineBoots field,
                - the local notion of the value of snmpEngineTime to
                  the value of the msgAuthoritativeEngineTime field,
                  and
                - the latestReceivedEngineTime to the value of the
                  value of the msgAuthoritativeEngineTime field.

          2) if any of the following conditions is true, then the
             message is considered to be outside of the Time Window:

             - the local notion of the value of snmpEngineBoots is
               2147483647;

             - the value of the msgAuthoritativeEngineBoots field is
               less than the local notion of the value of
               snmpEngineBoots; or,

             - the value of the msgAuthoritativeEngineBoots field is
               equal to the local notion of the value of
               snmpEngineBoots and the value of the
               msgAuthoritativeEngineTime field is more than 150
               seconds less than the local notion of of the value of
               snmpEngineTime.

             If the message is considered to be outside of the Time
             Window then an error indication (notInTimeWindow) is
             returned to the calling module;

             Note that this means that a too old (possibly replayed)
             message has been detected and is deemed unauthentic.

             Note that this procedure allows for the value of
             msgAuthoritativeEngineBoots in the message to be greater
             than the local notion of the value of snmpEngineBoots to
             allow for received messages to be accepted as authentic
ToP   noToC   RFC2274 - Page 29
             when received from an authoritative SNMP engine that has
             re-booted since the receiving SNMP engine last
             (re-)synchronized.

             Note that this procedure does not allow for automatic
             time synchronization if the non-authoritative SNMP engine
             has a real out-of-sync situation whereby the authoritative
             SNMP engine is more than 150 seconds behind the
             non-authoritative SNMP engine.

   8)  a) If the securityLevel indicates that the message was protected
          from disclosure, then the OCTET STRING representing the
          encryptedPDU is decrypted according to the user's privacy
          protocol to obtain an unencrypted serialized scopedPDU value.
          To do so a call is made to the privacy module that implements
          the user's privacy protocol according to the abstract
          primitive:

          statusInformation =       -- success or failure
            decryptData(
            IN    decryptKey        -- the user's localized privKey
            IN    privParameters    -- as received on the wire
            IN    encryptedData     -- encryptedPDU as received
            OUT   decryptedData     -- serialized decrypted scopedPDU
                  )

          statusInformation
            indicates if the decryption process was successful or not.
          decryptKey
            the user's localized private privKey is the secret key that
            can be used by the decryption algorithm.
          privParameters
            the msgPrivacyParameters, encoded as an OCTET STRING.
          encryptedData
            the encryptedPDU represents the encrypted scopedPDU, encoded
            as an OCTET STRING.
          decryptedData
            the serialized scopedPDU if decryption is successful.

          If the privacy module returns failure, then the message can
          not be processed, so the usmStatsDecryptionErrors counter is
          incremented and an error indication (decryptionError) together
          with the OID and value of the incremented counter is returned
          to the calling module.

          If the privacy module returns success, then the decrypted
          scopedPDU is the message payload to be returned to the calling
          module.
ToP   noToC   RFC2274 - Page 30
          Otherwise,

       b) The scopedPDU component is assumed to be in plain text
          and is the message payload to be returned to the calling
          module.

   9)  The maxSizeResponseScopedPDU is calculated.  This is the
       maximum size allowed for a scopedPDU for a possible Response
       message.  Provision is made for a message header that allows the
       same securityLevel as the received Request.

   10) The securityName for the user is retrieved from the
       usmUserTable.

   11) The security data is cached as cachedSecurityData, so that a
       possible response to this message can and will use the same
       authentication and privacy secrets, the same securityLevel and
       the same value for msgAuthoritativeEngineID.  Information to be
       saved/cached is as follows:

          msgUserName,
          usmUserAuthProtocol, usmUserAuthKey
          usmUserPrivProtocol, usmUserPrivKey
          securityEngineID, securityLevel

   12) The statusInformation is set to success and a return is made to
       the calling module passing back the OUT parameters as specified
       in the processIncomingMsg primitive.

4.  Discovery

   The User-based Security Model requires that a discovery process
   obtains sufficient information about other SNMP engines in order to
   communicate with them.  Discovery requires an non-authoritative SNMP
   engine to learn the authoritative SNMP engine's snmpEngineID value
   before communication may proceed.  This may be accomplished by
   generating a Request message with a securityLevel of noAuthNoPriv, a
   msgUserName of "initial", a msgAuthoritativeEngineID value of zero
   length, and the varBindList left empty.  The response to this message
   will be a Report message containing the snmpEngineID of the
   authoritative SNMP engine as the value of the
   msgAuthoritativeEngineID field within the msgSecurityParameters
   field.  It contains a Report PDU with the usmStatsUnknownEngineIDs
   counter in the varBindList.

   If authenticated communication is required, then the discovery
   process should also establish time synchronization with the
   authoritative SNMP engine.  This may be accomplished by sending an
ToP   noToC   RFC2274 - Page 31
   authenticated Request message with the value of
   msgAuthoritativeEngineID set to the newly learned snmpEngineID and
   with the values of msgAuthoritativeEngineBoots and
   msgAuthoritativeEngineTime set to zero.  The response to this
   authenticated message will be a Report message containing the up to
   date values of the authoritative SNMP engine's snmpEngineBoots and
   snmpEngineTime as the value of the msgAuthoritativeEngineBoots and
   msgAuthoritativeEngineTime fields respectively.  It also contains the
   usmStatsNotInTimeWindows counter in the varBindList of the Report
   PDU.  The time synchronization then happens automatically as part of
   the procedures in section 3.2 step 7b. See also section 2.3.

5.  Definitions

SNMP-USER-BASED-SM-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,
    OBJECT-IDENTITY,
    snmpModules, Counter32                FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, TestAndIncr,
    RowStatus, RowPointer,
    StorageType, AutonomousType           FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
    SnmpAdminString, SnmpEngineID,
    snmpAuthProtocols, snmpPrivProtocols  FROM SNMP-FRAMEWORK-MIB;

snmpUsmMIB MODULE-IDENTITY
    LAST-UPDATED "9711200000Z"            -- 20 Nov 1997, midnight
    ORGANIZATION "SNMPv3 Working Group"
    CONTACT-INFO "WG-email:   snmpv3@tis.com
                  Subscribe:  majordomo@tis.com
                              In msg body:  subscribe snmpv3

                  Chair:      Russ Mundy
                              Trusted Information Systems
                  postal:     3060 Washington Rd
                              Glenwood MD 21738
                              USA
                  email:      mundy@tis.com
                  phone:      +1-301-854-6889

                  Co-editor   Uri Blumenthal
                              IBM T. J. Watson Research
                  postal:     30 Saw Mill River Pkwy,
                              Hawthorne, NY 10532
                              USA
                  email:      uri@watson.ibm.com
ToP   noToC   RFC2274 - Page 32
                  phone:      +1-914-784-7964

                  Co-editor:  Bert Wijnen
                              IBM T. J. Watson Research
                  postal:     Schagen 33
                              3461 GL Linschoten
                              Netherlands
                  email:      wijnen@vnet.ibm.com
                  phone:      +31-348-432-794
                 "

    DESCRIPTION  "The management information definitions for the
                  SNMP User-based Security Model.
                 "
    ::= { snmpModules 15 }

-- Administrative assignments ****************************************

usmMIBObjects     OBJECT IDENTIFIER ::= { snmpUsmMIB 1 }
usmMIBConformance OBJECT IDENTIFIER ::= { snmpUsmMIB 2 }

-- Identification of Authentication and Privacy Protocols ************

usmNoAuthProtocol OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION  "No Authentication Protocol."
    ::= { snmpAuthProtocols 1 }

usmHMACMD5AuthProtocol OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION  "The HMAC-MD5-96 Digest Authentication Protocol."
    REFERENCE    "- H. Krawczyk, M. Bellare, R. Canetti HMAC:
                    Keyed-Hashing for Message Authentication,
                    RFC2104, Feb 1997.
                  - Rivest, R., Message Digest Algorithm MD5, RFC1321.
                 "
    ::= { snmpAuthProtocols 2 }

usmHMACSHAAuthProtocol OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION  "The HMAC-SHA-96 Digest Authentication Protocol."
    REFERENCE    "- H. Krawczyk, M. Bellare, R. Canetti, HMAC:
                    Keyed-Hashing for Message Authentication,
                    RFC2104, Feb 1997.
                  - Secure Hash Algorithm. NIST FIPS 180-1.
                 "
    ::= { snmpAuthProtocols 3 }
ToP   noToC   RFC2274 - Page 33
usmNoPrivProtocol OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION  "No Privacy Protocol."
    ::= { snmpPrivProtocols 1 }

usmDESPrivProtocol OBJECT-IDENTITY
    STATUS        current
    DESCRIPTION  "The CBC-DES Symmetric Encryption Protocol."
    REFERENCE    "- Data Encryption Standard, National Institute of
                    Standards and Technology.  Federal Information
                    Processing Standard (FIPS) Publication 46-1.
                    Supersedes FIPS Publication 46,
                    (January, 1977; reaffirmed January, 1988).

                  - Data Encryption Algorithm, American National
                    Standards Institute.  ANSI X3.92-1981,
                    (December, 1980).

                  - DES Modes of Operation, National Institute of
                    Standards and Technology.  Federal Information
                    Processing Standard (FIPS) Publication 81,
                    (December, 1980).

                  - Data Encryption Algorithm - Modes of Operation,
                    American National Standards Institute.
                    ANSI X3.106-1983, (May 1983).
                 "
    ::= { snmpPrivProtocols 2 }


-- Textual Conventions ***********************************************


KeyChange ::=     TEXTUAL-CONVENTION
   STATUS         current
   DESCRIPTION
         "Every definition of an object with this syntax must identify
          a protocol P, a secret key K, and a hash algorithm H
          that produces output of L octets.

          The object's value is a manager-generated, partially-random
          value which, when modified, causes the value of the secret
          key K, to be modified via a one-way function.

          The value of an instance of this object is the concatenation
          of two components: first a 'random' component and then a
          'delta' component.
ToP   noToC   RFC2274 - Page 34
          The lengths of the random and delta components
          are given by the corresponding value of the protocol P;
          if P requires K to be a fixed length, the length of both the
          random and delta components is that fixed length; if P
          allows the length of K to be variable up to a particular
          maximum length, the length of the random component is that
          maximum length and the length of the delta component is any
          length less than or equal to that maximum length.
          For example, usmHMACMD5AuthProtocol requires K to be a fixed
          length of 16 octets and L - of 16 octets.
          usmHMACSHAAuthProtocol requires K to be a fixed length of
          20 octets and L - of 20 octets. Other protocols may define
          other sizes, as deemed appropriate.

          When a requestor wants to change the old key K to a new
          key keyNew on a remote entity, the 'random' component is
          obtained from either a true random generator, or from a
          pseudorandom generator, and the 'delta' component is
          computed as follows:

           - a temporary variable is initialized to the existing value
             of K;
           - if the length of the keyNew is greater than L octets,
             then:
              - the random component is appended to the value of the
                temporary variable, and the result is input to the
                the hash algorithm H to produce a digest value, and
                the temporary variable is set to this digest value;
              - the value of the temporary variable is XOR-ed with
                the first (next) L-octets (16 octets in case of MD5)
                of the keyNew to produce the first (next) L-octets
                (16 octets in case of MD5) of the 'delta' component.
              - the above two steps are repeated until the unused
                portion of the delta component is L octets or less,
           - the random component is appended to the value of the
             temporary variable, and the result is input to the
             hash algorithm H to produce a digest value;
           - this digest value, truncated if necessary to be the same
             length as the unused portion of the keyNew, is XOR-ed
             with the unused portion of the keyNew to produce the
             (final portion of the) 'delta' component.

           For example, using MD5 as the hash algorithm H:

              iterations = (lenOfDelta - 1)/16; /* integer division */
              temp = keyOld;
              for (i = 0; i < iterations; i++) {
                  temp = MD5 (temp || random);
ToP   noToC   RFC2274 - Page 35
                  delta[i*16 .. (i*16)+15] =
                         temp XOR keyNew[i*16 .. (i*16)+15];
              }
              temp = MD5 (temp || random);
              delta[i*16 .. lenOfDelta-1] =
                     temp XOR keyNew[i*16 .. lenOfDelta-1];

          The 'random' and 'delta' components are then concatenated as
          described above, and the resulting octet string is sent to
          the receipient as the new value of an instance of this
          object.

          At the receiver side, when an instance of this object is set
          to a new value, then a new value of K is computed as follows:

           - a temporary variable is initialized to the existing value
             of K;
           - if the length of the delta component is greater than L
             octets, then:
              - the random component is appended to the value of the
                temporary variable, and the result is input to the
                the hash algorithm H to produce a digest value, and
                the temporary variable is set to this digest value;
              - the value of the temporary variable is XOR-ed with
                the first (next) L-octets (16 octets in case of MD5)
                of the delta component to produce the first (next)
                L-octets (16 octets in case of MD5) of the new value
                of K.
              - the above two steps are repeated until the unused
                portion of the delta component is L octets or less,
           - the random component is appended to the value of the
             temporary variable, and the result is input to the
             hash algorithm H to produce a digest value;
           - this digest value, truncated if necessary to be the same
             length as the unused portion of the delta component, is
             XOR-ed with the unused portion of the delta component to
             produce the (final portion of the) new value of K.

           For example, using MD5 as the hash algorithm H:

              iterations = (lenOfDelta - 1)/16; /* integer division */
              temp = keyOld;
              for (i = 0; i < iterations; i++) {
                  temp = MD5 (temp || random);
                  keyNew[i*16 .. (i*16)+15] =
                         temp XOR delta[i*16 .. (i*16)+15];
              }
              temp = MD5 (temp || random);
ToP   noToC   RFC2274 - Page 36
              keyNew[i*16 .. lenOfDelta-1] =
                     temp XOR delta[i*16 .. lenOfDelta-1];

          The value of an object with this syntax, whenever it is
          retrieved by the management protocol, is always the zero
          length string.
         "
    SYNTAX       OCTET STRING


-- Statistics for the User-based Security Model **********************


usmStats         OBJECT IDENTIFIER ::= { usmMIBObjects 1 }


usmStatsUnsupportedSecLevels OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The total number of packets received by the SNMP
                 engine which were dropped because they requested a
                 securityLevel that was unknown to the SNMP engine
                 or otherwise unavailable.
                "
    ::= { usmStats 1 }

usmStatsNotInTimeWindows OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The total number of packets received by the SNMP
                 engine which were dropped because they appeared
                 outside of the authoritative SNMP engine's window.
                "
    ::= { usmStats 2 }

usmStatsUnknownUserNames OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The total number of packets received by the SNMP
                 engine which were dropped because they referenced a
                 user that was not known to the SNMP engine.
                "
    ::= { usmStats 3 }

usmStatsUnknownEngineIDs OBJECT-TYPE
ToP   noToC   RFC2274 - Page 37
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The total number of packets received by the SNMP
                 engine which were dropped because they referenced an
                 snmpEngineID that was not known to the SNMP engine.
                "
    ::= { usmStats 4 }

usmStatsWrongDigests OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The total number of packets received by the SNMP
                 engine which were dropped because they didn't
                 contain the expected digest value.
                "
    ::= { usmStats 5 }

usmStatsDecryptionErrors OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "The total number of packets received by the SNMP
                 engine which were dropped because they could not be
                 decrypted.
                "
    ::= { usmStats 6 }

-- The usmUser Group ************************************************

usmUser          OBJECT IDENTIFIER ::= { usmMIBObjects 2 }

usmUserSpinLock  OBJECT-TYPE
    SYNTAX       TestAndIncr
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION "An advisory lock used to allow several cooperating
                 Command Generator Applications to coordinate their
                 use of facilities to alter secrets in the
                 usmUserTable.
                "
    ::= { usmUser 1 }

-- The table of valid users for the User-based Security Model ********

usmUserTable     OBJECT-TYPE
    SYNTAX       SEQUENCE OF UsmUserEntry
ToP   noToC   RFC2274 - Page 38
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "The table of users configured in the SNMP engine's
                 Local Configuration Datastore (LCD)."
    ::= { usmUser 2 }

usmUserEntry     OBJECT-TYPE
    SYNTAX       UsmUserEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "A user configured in the SNMP engine's Local
                 Configuration Datastore (LCD) for the User-based
                 Security Model.
                "
    INDEX       { usmUserEngineID,
                  usmUserName
                }
    ::= { usmUserTable 1 }

UsmUserEntry ::= SEQUENCE
    {
        usmUserEngineID         SnmpEngineID,
        usmUserName             SnmpAdminString,
        usmUserSecurityName     SnmpAdminString,
        usmUserCloneFrom        RowPointer,
        usmUserAuthProtocol     AutonomousType,
        usmUserAuthKeyChange    KeyChange,
        usmUserOwnAuthKeyChange KeyChange,
        usmUserPrivProtocol     AutonomousType,
        usmUserPrivKeyChange    KeyChange,
        usmUserOwnPrivKeyChange KeyChange,
        usmUserPublic           OCTET STRING,
        usmUserStorageType      StorageType,
        usmUserStatus           RowStatus
    }

usmUserEngineID  OBJECT-TYPE
    SYNTAX       SnmpEngineID
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "An SNMP engine's administratively-unique identifier.

                 In a simple agent, this value is always that agent's
                 own snmpEngineID value.

                 The value can also take the value of the snmpEngineID
                 of a remote SNMP engine with which this user can
                 communicate.
ToP   noToC   RFC2274 - Page 39
                "
    ::= { usmUserEntry 1 }

usmUserName      OBJECT-TYPE
    SYNTAX       SnmpAdminString (SIZE(1..32))
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "A human readable string representing the name of
                 the user.

                 This is the (User-based Security) Model dependent
                 security ID.
                "
    ::= { usmUserEntry 2 }

usmUserSecurityName OBJECT-TYPE
    SYNTAX       SnmpAdminString
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION "A human readable string representing the user in
                 Security Model independent format.

                 The default transformation of the User-based Security
                 Model dependent security ID to the securityName and
                 vice versa is the identity function so that the
                 securityName is the same as the userName.
                "
    ::= { usmUserEntry 3 }

usmUserCloneFrom OBJECT-TYPE
    SYNTAX       RowPointer
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "A pointer to another conceptual row in this
                 usmUserTable.  The user in this other conceptual
                 row is called the clone-from user.

                 When a new user is created (i.e., a new conceptual
                 row is instantiated in this table), the privacy and
                 authentication parameters of the new user are cloned
                 from its clone-from user.

                 The first time an instance of this object is set by
                 a management operation (either at or after its
                 instantiation), the cloning process is invoked.
                 Subsequent writes are successful but invoke no
                 action to be taken by the receiver.
                 The cloning process fails with an 'inconsistentName'
ToP   noToC   RFC2274 - Page 40
                 error if the conceptual row representing the
                 clone-from user is not in an active state when the
                 cloning process is invoked.

                 Cloning also causes the initial values of the secret
                 authentication key and the secret encryption key of
                 the new user to be set to the same value as the
                 corresponding secret of the clone-from user.

                 When this object is read, the ZeroDotZero OID
                 is returned.
                "
    ::= { usmUserEntry 4 }

usmUserAuthProtocol OBJECT-TYPE
    SYNTAX       AutonomousType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "An indication of whether messages sent on behalf of
                 this user to/from the SNMP engine identified by
                 usmUserEngineID, can be authenticated, and if so,
                 the type of authentication protocol which is used.

                 An instance of this object is created concurrently
                 with the creation of any other object instance for
                 the same user (i.e., as part of the processing of
                 the set operation which creates the first object
                 instance in the same conceptual row).  Once created,
                 the value of an instance of this object can not be
                 changed.

                 If a set operation tries to set a value for an unknown
                 or unsupported protocol, then a wrongValue error must
                 be returned.
                "
    DEFVAL      { usmHMACMD5AuthProtocol }
    ::= { usmUserEntry 5 }

usmUserAuthKeyChange OBJECT-TYPE
    SYNTAX       KeyChange   -- typically (SIZE (0..32))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "An object, which when modified, causes the secret
                 authentication key used for messages sent on behalf
                 of this user to/from the SNMP engine identified by
                 usmUserEngineID, to be modified via a one-way
                 function.
ToP   noToC   RFC2274 - Page 41
                 The associated protocol is the usmUserAuthProtocol.
                 The associated secret key is the user's secret
                 authentication key (authKey). The associated hash
                 algorithm is the algorithm used by the user's
                 usmUserAuthProtocol.

                 When creating a new user, it is an 'inconsistentName'
                 error for a Set operation to refer to this object
                 unless it is previously or concurrently initialized
                 through a set operation on the corresponding value
                 of usmUserCloneFrom.
                "
    DEFVAL      { ''H }    -- the empty string
    ::= { usmUserEntry 6 }

usmUserOwnAuthKeyChange OBJECT-TYPE
    SYNTAX       KeyChange  -- typically (SIZE (0..32))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "Behaves exactly as usmUserAuthKeyChange, with one
                 notable difference: in order for the Set operation
                 to succeed, the usmUserName of the operation
                 requester must match the usmUserName that
                 indexes the row which is targeted by this
                 operation.

                 The idea here is that access to this column can be
                 public, since it will only allow a user to change
                 his own secret authentication key (authKey).
                "
    DEFVAL      { ''H }    -- the empty string
    ::= { usmUserEntry 7 }

usmUserPrivProtocol OBJECT-TYPE
    SYNTAX       AutonomousType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "An indication of whether messages sent on behalf of
                 this user to/from the SNMP engine identified by
                 usmUserEngineID, can be protected from disclosure,
                 and if so, the type of privacy protocol which is used.

                 An instance of this object is created concurrently
                 with the creation of any other object instance for
                 the same user (i.e., as part of the processing of
                 the set operation which creates the first object
                 instance in the same conceptual row).  Once created,
                 the value of an instance of this object can not be
ToP   noToC   RFC2274 - Page 42
                 changed.

                 If a set operation tries to set a value for an unknown
                 or unsupported protocol, then a wrongValue error must
                 be returned.
                "
    DEFVAL      { usmNoPrivProtocol }
    ::= { usmUserEntry 8 }

usmUserPrivKeyChange OBJECT-TYPE
    SYNTAX       KeyChange  -- typically (SIZE (0..32))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "An object, which when modified, causes the secret
                 encryption key used for messages sent on behalf
                 of this user to/from the SNMP engine identified by
                 usmUserEngineID, to be modified via a one-way
                 function.

                 The associated protocol is the usmUserPrivProtocol.
                 The associated secret key is the user's secret
                 privacy key (privKey). The associated hash
                 algorithm is the algorithm used by the user's
                 usmUserAuthProtocol.

                 When creating a new user, it is an 'inconsistentName'
                 error for a set operation to refer to this object
                 unless it is previously or concurrently initialized
                 through a set operation on the corresponding value
                 of usmUserCloneFrom.
                "
    DEFVAL      { ''H }    -- the empty string
    ::= { usmUserEntry 9 }

usmUserOwnPrivKeyChange OBJECT-TYPE
    SYNTAX       KeyChange  -- typically (SIZE (0..32))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "Behaves exactly as usmUserPrivKeyChange, with one
                 notable difference: in order for the Set operation
                 to succeed, the usmUserName of the operation
                 requester must match the usmUserName that indexes
                 the row which is targeted by this operation.

                 The idea here is that access to this column can be
                 public, since it will only allow a user to change
                 his own secret privacy key (privKey).
                "
ToP   noToC   RFC2274 - Page 43
    DEFVAL      { ''H }    -- the empty string
    ::= { usmUserEntry 10 }

usmUserPublic    OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE(0..32))
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "A publicly-readable value which is written as part
                 of the procedure for changing a user's secret
                 authentication and/or privacy key, and later read to
                 determine whether the change of the secret was
                 effected.
                "
    DEFVAL      { ''H }  -- the empty string
    ::= { usmUserEntry 11 }

usmUserStorageType OBJECT-TYPE
    SYNTAX       StorageType
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "The storage type for this conceptual row.

                 Conceptual rows having the value 'permanent'
                 must allow write-access at a minimum to:

                 - usmUserAuthKeyChange, usmUserOwnAuthKeyChange
                   and usmUserPublic for a user who employs
                   authentication, and
                 - usmUserPrivKeyChange, usmUserOwnPrivKeyChange
                   and usmUserPublic for a user who employs
                   privacy.

                 Note that any user who employs authentication or
                 privacy must allow its secret(s) to be updated and
                 thus cannot be 'readOnly'.
                "
    DEFVAL      { nonVolatile }
    ::= { usmUserEntry 12 }

usmUserStatus    OBJECT-TYPE
    SYNTAX       RowStatus
    MAX-ACCESS   read-create
    STATUS       current
    DESCRIPTION "The status of this conceptual row.

                 Until instances of all corresponding columns are
                 appropriately configured, the value of the
                 corresponding instance of the usmUserStatus column
ToP   noToC   RFC2274 - Page 44
                 is 'notReady'.

                 In particular, a newly created row cannot be made
                 active until the corresponding usmUserCloneFrom,
                 usmUserAuthKeyChange, usmUserOwnAuthKeyChange,
                 usmUserPrivKeyChange and usmUserOwnPrivKeyChange
                 have all been set.

                 The  RowStatus TC [RFC1903] requires that this
                 DESCRIPTION clause states under which circumstances
                 other objects in this row can be modified:

                 The value of this object has no effect on whether
                 other objects in this conceptual row can be modified.
                "
    ::= { usmUserEntry 13 }

-- Conformance Information *******************************************

usmMIBCompliances OBJECT IDENTIFIER ::= { usmMIBConformance 1 }
usmMIBGroups      OBJECT IDENTIFIER ::= { usmMIBConformance 2 }

-- Compliance statements

usmMIBCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION "The compliance statement for SNMP engines which
                 implement the SNMP-USER-BASED-SM-MIB.
                "

    MODULE       -- this module
        MANDATORY-GROUPS { usmMIBBasicGroup }

        OBJECT           usmUserAuthProtocol
        MIN-ACCESS       read-only
        DESCRIPTION     "Write access is not required."

        OBJECT           usmUserPrivProtocol
        MIN-ACCESS       read-only
        DESCRIPTION     "Write access is not required."

    ::= { usmMIBCompliances 1 }

-- Units of compliance
usmMIBBasicGroup OBJECT-GROUP
    OBJECTS     {
                  usmStatsUnsupportedSecLevels,
                  usmStatsNotInTimeWindows,
ToP   noToC   RFC2274 - Page 45
                  usmStatsUnknownUserNames,
                  usmStatsUnknownEngineIDs,
                  usmStatsWrongDigests,
                  usmStatsDecryptionErrors,
                  usmUserSpinLock,
                  usmUserSecurityName,
                  usmUserCloneFrom,
                  usmUserAuthProtocol,
                  usmUserAuthKeyChange,
                  usmUserOwnAuthKeyChange,
                  usmUserPrivProtocol,
                  usmUserPrivKeyChange,
                  usmUserOwnPrivKeyChange,
                  usmUserPublic,
                  usmUserStorageType,
                  usmUserStatus
                }
    STATUS       current
    DESCRIPTION "A collection of objects providing for configuration
                 of an SNMP engine which implements the SNMP
                 User-based Security Model.
                "
    ::= { usmMIBGroups 1 }

END

6.  HMAC-MD5-96 Authentication Protocol

   This section describes the HMAC-MD5-96 authentication protocol.  This
   authentication protocol is the first defined for the User-based
   Security Model. It uses MD5 hash-function which is described in
   [MD5], in HMAC mode described in [RFC2104], truncating the output to
   96 bits.

   This protocol is identified by usmHMACMD5AuthProtocol.

   Over time, other authentication protocols may be defined either as a
   replacement of this protocol or in addition to this protocol.

6.1.  Mechanisms

   - In support of data integrity, a message digest algorithm is
     required.  A digest is calculated over an appropriate portion of an
     SNMP message and included as part of the message sent to the
     recipient.
ToP   noToC   RFC2274 - Page 46
   - In support of data origin authentication and data integrity,
     a secret value is prepended to SNMP message prior to computing the
     digest; the calculated digest is partially inserted into the SNMP
     message prior to transmission, and the prepended value is not
     transmitted.  The secret value is shared by all SNMP engines
     authorized to originate messages on behalf of the appropriate user.

6.1.1.  Digest Authentication Mechanism

   The Digest Authentication Mechanism defined in this memo provides
   for:

   - verification of the integrity of a received message, i.e., the
     message received is the message sent.

     The integrity of the message is protected by computing a digest
     over an appropriate portion of the message.  The digest is computed
     by the originator of the message, transmitted with the message, and
     verified by the recipient of the message.

   - verification of the user on whose behalf the message was generated.

     A secret value known only to SNMP engines authorized to generate
     messages on behalf of a user is used in HMAC mode (see [RFC2104]).
     It also recommends the hash-function output used as Message
     Authentication Code, to be truncated.

   This protocol uses the MD5 [MD5] message digest algorithm.  A 128-bit
   MD5 digest is calculated in a special (HMAC) way over the designated
   portion of an SNMP message and the first 96 bits of this digest is
   included as part of the message sent to the recipient. The size of
   the digest carried in a message is 12 octets. The size of the private
   authentication key (the secret) is 16 octets. For the details see
   section 6.3.

6.2.  Elements of the Digest Authentication Protocol

   This section contains definitions required to realize the
   authentication module defined in this section of this memo.

6.2.1.  Users

   Authentication using this authentication protocol makes use of a
   defined set of userNames. For any user on whose behalf a message must
   be authenticated at a particular SNMP engine, that SNMP engine must
   have knowledge of that user. An SNMP engine that wishes to
ToP   noToC   RFC2274 - Page 47
   communicate with another SNMP engine must also have knowledge of a
   user known to that engine, including knowledge of the applicable
   attributes of that user.

   A user and its attributes are defined as follows:

   <userName>
     A string representing the name of the user.
   <authKey>
     A user's secret key to be used when calculating a digest.
     It MUST be 16 octets long for MD5.

6.2.2.  msgAuthoritativeEngineID

   The msgAuthoritativeEngineID value contained in an authenticated
   message specifies the authoritative SNMP engine for that particular
   message (see the definition of SnmpEngineID in the SNMP Architecture
   document [RFC2271]).

   The user's (private) authentication key is normally different at each
   authoritative SNMP engine and so the snmpEngineID is used to select
   the proper key for the authentication process.

6.2.3.  SNMP Messages Using this Authentication Protocol

   Messages using this authentication protocol carry a
   msgAuthenticationParameters field as part of the
   msgSecurityParameters.  For this protocol, the
   msgAuthenticationParameters field is the serialized OCTET STRING
   representing the first 12 octets of the HMAC-MD5-96 output done over
   the wholeMsg.

   The digest is calculated over the wholeMsg so if a message is
   authenticated, that also means that all the fields in the message are
   intact and have not been tampered with.

6.2.4.  Services provided by the HMAC-MD5-96 Authentication Module

   This section describes the inputs and outputs that the HMAC-MD5-96
   Authentication module expects and produces when the User-based
   Security module calls the HMAC-MD5-96 Authentication module for
   services.

6.2.4.1.  Services for Generating an Outgoing SNMP Message

   The HMAC-MD5-96 authentication protocol assumes that the selection of
   the authKey is done by the caller and that the caller passes the
   secret key to be used.
ToP   noToC   RFC2274 - Page 48
   Upon completion the authentication module returns statusInformation
   and, if the message digest was correctly calculated, the wholeMsg
   with the digest inserted at the proper place. The abstract service
   primitive is:

   statusInformation =              -- success or failure
     authenticateOutgoingMsg(
     IN   authKey                   -- secret key for authentication
     IN   wholeMsg                  -- unauthenticated complete message
     OUT  authenticatedWholeMsg     -- complete authenticated message
          )

   The abstract data elements are:

     statusInformation
       An indication of whether the authentication process was
       successful.  If not it is an indication of the problem.
     authKey
       The secret key to be used by the authentication algorithm.
       The length of this key MUST be 16 octets.
     wholeMsg
       The message to be authenticated.
     authenticatedWholeMsg
       The authenticated message (including inserted digest) on output.

   Note, that authParameters field is filled by the authentication
   module and this field should be already present in the wholeMsg
   before the Message Authentication Code (MAC) is generated.

6.2.4.2.  Services for Processing an Incoming SNMP Message

   The HMAC-MD5-96 authentication protocol assumes that the selection of
   the authKey is done by the caller and that the caller passes the
   secret key to be used.

   Upon completion the authentication module returns statusInformation
   and, if the message digest was correctly calculated, the wholeMsg as
   it was processed. The abstract service primitive is:

   statusInformation =              -- success or failure
     authenticateIncomingMsg(
     IN   authKey                   -- secret key for authentication
     IN   authParameters            -- as received on the wire
     IN   wholeMsg                  -- as received on the wire
     OUT  authenticatedWholeMsg     -- complete authenticated message
       )

   The abstract data elements are:
ToP   noToC   RFC2274 - Page 49
     statusInformation
       An indication of whether the authentication process was
       successful.  If not it is an indication of the problem.
     authKey
       The secret key to be used by the authentication algorithm.
       The length of this key MUST be 16 octets.
     authParameters
       The authParameters from the incoming message.
     wholeMsg
       The message to be authenticated on input and the authenticated
       message on output.
     authenticatedWholeMsg
       The whole message after the authentication check is complete.

6.3.  Elements of Procedure

   This section describes the procedures for the HMAC-MD5-96
   authentication protocol.

6.3.1.  Processing an Outgoing Message

   This section describes the procedure followed by an SNMP engine
   whenever it must authenticate an outgoing message using the
   usmHMACMD5AuthProtocol.

   1) The msgAuthenticationParameters field is set to the
      serialization, according to the rules in [RFC1906], of an OCTET
      STRING containing 12 zero octets.

   2) From the secret authKey, two keys K1 and K2 are derived:

         a) extend the authKey to 64 octets by appending 48 zero
            octets; save it as extendedAuthKey
         b) obtain IPAD by replicating the octet 0x36 64 times;
         c) obtain K1 by XORing extendedAuthKey with IPAD;
         d) obtain OPAD by replicating the octet 0x5C 64 times;
         e) obtain K2 by XORing extendedAuthKey with OPAD.

   4) Prepend K1 to the wholeMsg and calculate MD5 digest over it
      according to [MD5].

   5) Prepend K2 to the result of the step 4 and calculate MD5 digest
      over it according to [MD5]. Take the first 12 octets of the final
      digest - this is Message Authentication Code (MAC).

   6) Replace the msgAuthenticationParameters field with MAC obtained
      in the step 5.
ToP   noToC   RFC2274 - Page 50
   7) The authenticatedWholeMsg is then returned to the caller
      together with statusInformation indicating success.

6.3.2.  Processing an Incoming Message

   This section describes the procedure followed by an SNMP engine
   whenever it must authenticate an incoming message using the
   usmHMACMD5AuthProtocol.

   1)  If the digest received in the msgAuthenticationParameters field
       is not 12 octets long, then an failure and an errorIndication
       (authenticationError) is returned to the calling module.

   2)  The MAC received in the msgAuthenticationParameters field
       is saved.

   3)  The digest in the msgAuthenticationParameters field is replaced
       by the 12 zero octets.

   4)  From the secret authKey, two keys K1 and K2 are derived:

         a) extend the authKey to 64 octets by appending 48 zero
            octets; save it as extendedAuthKey
         b) obtain IPAD by replicating the octet 0x36 64 times;
         c) obtain K1 by XORing extendedAuthKey with IPAD;
         d) obtain OPAD by replicating the octet 0x5C 64 times;
         e) obtain K2 by XORing extendedAuthKey with OPAD.

   5)  The MAC is calculated over the wholeMsg:

         a) prepend K1 to the wholeMsg and calculate the MD5 digest
            over it;
         b) prepend K2 to the result of step 5.a and calculate the
            MD5 digest over it;
         c) first 12 octets of the result of step 5.b is the MAC.

       The msgAuthenticationParameters field is replaced with the MAC
       value that was saved in step 2.

   6)  Then the newly calculated MAC is compared with the MAC
       saved in step 2. If they do not match, then an failure and an
       errorIndication (authenticationFailure) is returned to the
       calling module.

   7)  The authenticatedWholeMsg and statusInformation indicating
       success are then returned to the caller.


(next page on part 3)

Next Section