1
SNMP-USM-DH-OBJECTS-MIB DEFINITIONS ::= BEGIN
4
MODULE-IDENTITY, OBJECT-TYPE,
6
experimental, Integer32
10
MODULE-COMPLIANCE, OBJECT-GROUP
13
FROM SNMP-USER-BASED-SM-MIB
15
FROM SNMP-FRAMEWORK-MIB;
17
snmpUsmDHObjectsMIB MODULE-IDENTITY
18
LAST-UPDATED "200003060000Z" -- 6 March 2000, Midnight
19
ORGANIZATION "Excite@Home"
20
CONTACT-INFO "Author: Mike StJohns
23
Redwood City, CA 94063
24
Email: stjohns@corp.home.net
25
Phone: +1-650-556-5368"
28
"The management information definitions for providing forward
29
secrecy for key changes for the usmUserTable, and for providing a
30
method for 'kickstarting' access to the agent via a Diffie-Helman
33
REVISION "200003060000Z"
35
"Initial version published as RFC 2786."
38
::= { experimental 101 } -- IANA DHKEY-CHANGE 101
41
usmDHKeyObjects OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 1 }
42
usmDHKeyConformance OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 2 }
45
DHKeyChange ::= TEXTUAL-CONVENTION
48
"Upon initialization, or upon creation of a row containing an
49
object of this type, and after any successful SET of this value, a
50
GET of this value returns 'y' where y = g^xa MOD p, and where g is
51
the base from usmDHParameters, p is the prime from
52
usmDHParameters, and xa is a new random integer selected by the
53
agent in the interval 2^(l-1) <= xa < 2^l < p-1. 'l' is the
54
optional privateValueLength from usmDHParameters in bits. If 'l'
55
is omitted, then xa (and xr below) is selected in the interval 0
56
<= xa < p-1. y is expressed as an OCTET STRING 'PV' of length 'k'
60
y = SUM 2^(8(k-i)) PV'i
63
where PV1,...,PVk are the octets of PV from first to last, and
66
A successful SET consists of the value 'y' expressed as an OCTET
67
STRING as above concatenated with the value 'z'(expressed as an
68
OCTET STRING in the same manner as y) where z = g^xr MOD p, where
69
g, p and l are as above, and where xr is a new random integer
70
selected by the manager in the interval 2^(l-1) <= xr < 2^l <
71
p-1. A SET to an object of this type will fail with the error
72
wrongValue if the current 'y' does not match the 'y' portion of
73
the value of the varbind for the object. (E.g. GET yout, SET
74
concat(yin, z), yout <> yin).
76
Note that the private values xa and xr are never transmitted from
77
manager to device or vice versa, only the values y and z.
78
Obviously, these values must be retained until a successful SET on
79
the associated object.
81
The shared secret 'sk' is calculated at the agent as sk = z^xa MOD
82
p, and at the manager as sk = y^xr MOD p.
84
Each object definition of this type MUST describe how to map from
85
the shared secret 'sk' to the operational key value used by the
86
protocols and operations related to the object. In general, if n
87
bits of key are required, the author suggests using the n
88
right-most bits of the shared secret as the operational key value."
90
"-- Diffie-Hellman Key-Agreement Standard, PKCS #3;
91
RSA Laboratories, November 1993"
95
usmDHPublicObjects OBJECT IDENTIFIER ::= { usmDHKeyObjects 1 }
97
usmDHParameters OBJECT-TYPE
102
"The public Diffie-Hellman parameters for doing a Diffie-Hellman
103
key agreement for this device. This is encoded as an ASN.1
104
DHParameter per PKCS #3, section 9. E.g.
106
DHParameter ::= SEQUENCE {
109
privateValueLength INTEGER OPTIONAL }
112
Implementors are encouraged to use either the values from
113
Oakley Group 1 or the values of from Oakley Group 2 as specified
114
in RFC-2409, The Internet Key Exchange, Section 6.1, 6.2 as the
115
default for this object. Other values may be used, but the
116
security properties of those values MUST be well understood and
117
MUST meet the requirements of PKCS #3 for the selection of
118
Diffie-Hellman primes.
120
In addition, any time usmDHParameters changes, all values of
121
type DHKeyChange will change and new random numbers MUST be
122
generated by the agent for each DHKeyChange object."
124
"-- Diffie-Hellman Key-Agreement Standard, PKCS #3,
125
RSA Laboratories, November 1993
126
-- The Internet Key Exchange, RFC 2409, November 1998,
128
::= { usmDHPublicObjects 1 }
130
usmDHUserKeyTable OBJECT-TYPE
131
SYNTAX SEQUENCE OF UsmDHUserKeyEntry
132
MAX-ACCESS not-accessible
135
"This table augments and extends the usmUserTable and provides
136
4 objects which exactly mirror the objects in that table with the
137
textual convention of 'KeyChange'. This extension allows key
138
changes to be done in a manner where the knowledge of the current
139
secret plus knowledge of the key change data exchanges (e.g. via
140
wiretapping) will not reveal the new key."
141
::= { usmDHPublicObjects 2 }
143
usmDHUserKeyEntry OBJECT-TYPE
144
SYNTAX UsmDHUserKeyEntry
145
MAX-ACCESS not-accessible
148
"A row of DHKeyChange objects which augment or replace the
149
functionality of the KeyChange objects in the base table row."
150
AUGMENTS { usmUserEntry }
151
::= {usmDHUserKeyTable 1 }
153
UsmDHUserKeyEntry ::= SEQUENCE {
154
usmDHUserAuthKeyChange DHKeyChange,
155
usmDHUserOwnAuthKeyChange DHKeyChange,
156
usmDHUserPrivKeyChange DHKeyChange,
157
usmDHUserOwnPrivKeyChange DHKeyChange
160
usmDHUserAuthKeyChange OBJECT-TYPE
162
MAX-ACCESS read-create
165
"The object used to change any given user's Authentication Key
166
using a Diffie-Hellman key exchange.
168
The right-most n bits of the shared secret 'sk', where 'n' is the
169
number of bits required for the protocol defined by
170
usmUserAuthProtocol, are installed as the operational
171
authentication key for this row after a successful SET."
172
::= { usmDHUserKeyEntry 1 }
174
usmDHUserOwnAuthKeyChange OBJECT-TYPE
176
MAX-ACCESS read-create
179
"The object used to change the agents own Authentication Key
180
using a Diffie-Hellman key exchange.
182
The right-most n bits of the shared secret 'sk', where 'n' is the
183
number of bits required for the protocol defined by
184
usmUserAuthProtocol, are installed as the operational
185
authentication key for this row after a successful SET."
186
::= { usmDHUserKeyEntry 2 }
188
usmDHUserPrivKeyChange OBJECT-TYPE
190
MAX-ACCESS read-create
193
"The object used to change any given user's Privacy Key using
194
a Diffie-Hellman key exchange.
196
The right-most n bits of the shared secret 'sk', where 'n' is the
197
number of bits required for the protocol defined by
198
usmUserPrivProtocol, are installed as the operational privacy key
199
for this row after a successful SET."
200
::= { usmDHUserKeyEntry 3 }
202
usmDHUserOwnPrivKeyChange OBJECT-TYPE
204
MAX-ACCESS read-create
207
"The object used to change the agent's own Privacy Key using a
208
Diffie-Hellman key exchange.
210
The right-most n bits of the shared secret 'sk', where 'n' is the
211
number of bits required for the protocol defined by
212
usmUserPrivProtocol, are installed as the operational privacy key
213
for this row after a successful SET."
214
::= { usmDHUserKeyEntry 4 }
216
usmDHKickstartGroup OBJECT IDENTIFIER ::= { usmDHKeyObjects 2 }
218
usmDHKickstartTable OBJECT-TYPE
219
SYNTAX SEQUENCE OF UsmDHKickstartEntry
220
MAX-ACCESS not-accessible
223
"A table of mappings between zero or more Diffie-Helman key
224
agreement values and entries in the usmUserTable. Entries in this
225
table are created by providing the associated device with a
226
Diffie-Helman public value and a usmUserName/usmUserSecurityName
227
pair during initialization. How these values are provided is
228
outside the scope of this MIB, but could be provided manually, or
229
through a configuration file. Valid public value/name pairs
230
result in the creation of a row in this table as well as the
231
creation of an associated row (with keys derived as indicated) in
232
the usmUserTable. The actual access the related usmSecurityName
233
has is dependent on the entries in the VACM tables. In general,
234
an implementor will specify one or more standard security names
235
and will provide entries in the VACM tables granting various
236
levels of access to those names. The actual content of the VACM
237
table is beyond the scope of this MIB.
239
Note: This table is expected to be readable without authentication
240
using the usmUserSecurityName 'dhKickstart'. See the conformance
241
statements for details."
242
::= { usmDHKickstartGroup 1 }
244
usmDHKickstartEntry OBJECT-TYPE
245
SYNTAX UsmDHKickstartEntry
246
MAX-ACCESS not-accessible
250
"An entry in the usmDHKickstartTable. The agent SHOULD either
251
delete this entry or mark it as inactive upon a successful SET of
252
any of the KeyChange-typed objects in the usmUserEntry or upon a
253
successful SET of any of the DHKeyChange-typed objects in the
254
usmDhKeyChangeEntry where the related usmSecurityName (e.g. row of
255
usmUserTable or row of ushDhKeyChangeTable) equals this entry's
256
usmDhKickstartSecurityName. In otherwords, once you've changed
257
one or more of the keys for a row in usmUserTable with a
258
particular security name, the row in this table with that same
259
security name is no longer useful or meaningful."
261
INDEX { usmDHKickstartIndex }
262
::= {usmDHKickstartTable 1 }
264
UsmDHKickstartEntry ::= SEQUENCE {
265
usmDHKickstartIndex Integer32,
266
usmDHKickstartMyPublic OCTET STRING,
267
usmDHKickstartMgrPublic OCTET STRING,
268
usmDHKickstartSecurityName SnmpAdminString
271
usmDHKickstartIndex OBJECT-TYPE
272
SYNTAX Integer32 (1..2147483647)
273
MAX-ACCESS not-accessible
276
"Index value for this row."
277
::= { usmDHKickstartEntry 1 }
279
usmDHKickstartMyPublic OBJECT-TYPE
284
"The agent's Diffie-Hellman public value for this row. At
285
initialization, the agent generates a random number and derives
286
its public value from that number. This public value is published
287
here. This public value 'y' equals g^r MOD p where g is the from
288
the set of Diffie-Hellman parameters, p is the prime from those
289
parameters, and r is a random integer selected by the agent in the
290
interval 2^(l-1) <= r < p-1 < 2^l. If l is unspecified, then r is
291
a random integer selected in the interval 0 <= r < p-1
293
The public value is expressed as an OCTET STRING 'PV' of length
297
y = SUM 2^(8(k-i)) PV'i
300
where PV1,...,PVk are the octets of PV from first to last, and
304
The following DH parameters (Oakley group #2, RFC 2409, sec 6.1,
305
6.2) are used for this object:
308
p = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
309
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
310
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
311
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
312
EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
317
"-- Diffie-Hellman Key-Agreement Standard, PKCS#3v1.4;
318
RSA Laboratories, November 1993
319
-- The Internet Key Exchange, RFC2409;
320
Harkins, D., Carrel, D.; November 1998"
321
::= { usmDHKickstartEntry 2 }
323
usmDHKickstartMgrPublic OBJECT-TYPE
329
"The manager's Diffie-Hellman public value for this row. Note
330
that this value is not set via the SNMP agent, but may be set via
331
some out of band method, such as the device's configuration file.
332
The manager calculates this value in the same manner and using the
333
same parameter set as the agent does. E.g. it selects a random
334
number 'r', calculates y = g^r mod p and provides 'y' as the
335
public number expressed as an OCTET STRING. See
336
usmDHKickstartMyPublic for details.
338
When this object is set with a valid value during initialization,
339
a row is created in the usmUserTable with the following values:
341
usmUserEngineID localEngineID
342
usmUserName [value of usmDHKickstartSecurityName]
343
usmUserSecurityName [value of usmDHKickstartSecurityName]
344
usmUserCloneFrom ZeroDotZero
345
usmUserAuthProtocol usmHMACMD5AuthProtocol
346
usmUserAuthKeyChange -- derived from set value
347
usmUserOwnAuthKeyChange -- derived from set value
348
usmUserPrivProtocol usmDESPrivProtocol
349
usmUserPrivKeyChange -- derived from set value
350
usmUserOwnPrivKeyChange -- derived from set value
352
usmUserStorageType permanent
355
A shared secret 'sk' is calculated at the agent as sk =
356
mgrPublic^r mod p where r is the agents random number and p is the
357
DH prime from the common parameters. The underlying privacy key
358
for this row is derived from sk by applying the key derivation
359
function PBKDF2 defined in PKCS#5v2.0 with a salt of 0xd1310ba6,
360
and iterationCount of 500, a keyLength of 16 (for
361
usmDESPrivProtocol), and a prf (pseudo random function) of
362
'id-hmacWithSHA1'. The underlying authentication key for this row
363
is derived from sk by applying the key derivation function PBKDF2
364
with a salt of 0x98dfb5ac , an interation count of 500, a
365
keyLength of 16 (for usmHMAC5AuthProtocol), and a prf of
366
'id-hmacWithSHA1'. Note: The salts are the first two words in the
367
ks0 [key schedule 0] of the BLOWFISH cipher from 'Applied
368
Cryptography' by Bruce Schnier - they could be any relatively
369
random string of bits.
371
The manager can use its knowledge of its own random number and the
372
agent's public value to kickstart its access to the agent in a
373
secure manner. Note that the security of this approach is
374
directly related to the strength of the authorization security of
375
the out of band provisioning of the managers public value
376
(e.g. the configuration file), but is not dependent at all on the
377
strength of the confidentiality of the out of band provisioning
380
"-- Password-Based Cryptography Standard, PKCS#5v2.0;
381
RSA Laboratories, March 1999
382
-- Applied Cryptography, 2nd Ed.; B. Schneier,
383
Counterpane Systems; John Wiley & Sons, 1996"
384
::= { usmDHKickstartEntry 3 }
386
usmDHKickstartSecurityName OBJECT-TYPE
387
SYNTAX SnmpAdminString
391
"The usmUserName and usmUserSecurityName in the usmUserTable
392
associated with this row. This is provided in the same manner and
393
at the same time as the usmDHKickstartMgrPublic value -
394
e.g. possibly manually, or via the device's configuration file."
395
::= { usmDHKickstartEntry 4 }
398
usmDHKeyMIBCompliances OBJECT IDENTIFIER ::= { usmDHKeyConformance 1 }
399
usmDHKeyMIBGroups OBJECT IDENTIFIER ::= { usmDHKeyConformance 2 }
402
usmDHKeyMIBCompliance MODULE-COMPLIANCE
405
"The compliance statement for this module."
407
GROUP usmDHKeyMIBBasicGroup
409
"This group MAY be implemented by any agent which
410
implements the usmUserTable and which wishes to provide the
411
ability to change user and agent authentication and privacy
412
keys via Diffie-Hellman key exchanges."
414
GROUP usmDHKeyParamGroup
416
"This group MUST be implemented by any agent which
417
implements a MIB containing the DHKeyChange Textual
418
Convention defined in this module."
420
GROUP usmDHKeyKickstartGroup
422
"This group MAY be implemented by any agent which
423
implements the usmUserTable and which wishes the ability to
424
populate the USM table based on out-of-band provided DH
426
Any agent implementing this group is expected to provide
427
preinstalled entries in the vacm tables as follows:
429
In the usmUserTable: This entry allows access to the
430
system and dhKickstart groups
432
usmUserEngineID localEngineID
433
usmUserName 'dhKickstart'
434
usmUserSecurityName 'dhKickstart'
435
usmUserCloneFrom ZeroDotZero
436
usmUserAuthProtocol none
437
usmUserAuthKeyChange ''
438
usmUserOwnAuthKeyChange ''
439
usmUserPrivProtocol none
440
usmUserPrivKeyChange ''
441
usmUserOwnPrivKeyChange ''
443
usmUserStorageType permanent
446
In the vacmSecurityToGroupTable: This maps the initial
447
user into the accessible objects.
449
vacmSecurityModel 3 (USM)
450
vacmSecurityName 'dhKickstart'
451
vacmGroupName 'dhKickstart'
452
vacmSecurityToGroupStorageType permanent
453
vacmSecurityToGroupStatus active
455
In the vacmAccessTable: Group name to view name translation.
457
vacmGroupName 'dhKickstart'
458
vacmAccessContextPrefix ''
459
vacmAccessSecurityModel 3 (USM)
460
vacmAccessSecurityLevel noAuthNoPriv
461
vacmAccessContextMatch exact
462
vacmAccessReadViewName 'dhKickRestricted'
463
vacmAccessWriteViewName ''
464
vacmAccessNotifyViewName 'dhKickRestricted'
465
vacmAccessStorageType permanent
466
vacmAccessStatus active
468
In the vacmViewTreeFamilyTable: Two entries to allow the
469
initial entry to access the system and kickstart groups.
471
vacmViewTreeFamilyViewName 'dhKickRestricted'
472
vacmViewTreeFamilySubtree 1.3.6.1.2.1.1 (system)
473
vacmViewTreeFamilyMask ''
474
vacmViewTreeFamilyType 1
475
vacmViewTreeFamilyStorageType permanent
476
vacmViewTreeFamilyStatus active
478
vacmViewTreeFamilyViewName 'dhKickRestricted'
479
vacmViewTreeFamilySubtree (usmDHKickstartTable OID)
480
vacmViewTreeFamilyMask ''
481
vacmViewTreeFamilyType 1
482
vacmViewTreeFamilyStorageType permanent
483
vacmViewTreeFamilyStatus active
486
OBJECT usmDHParameters
489
"It is compliant to implement this object as read-only for
492
::= { usmDHKeyMIBCompliances 1 }
495
usmDHKeyMIBBasicGroup OBJECT-GROUP
497
usmDHUserAuthKeyChange,
498
usmDHUserOwnAuthKeyChange,
499
usmDHUserPrivKeyChange,
500
usmDHUserOwnPrivKeyChange
505
::= { usmDHKeyMIBGroups 1 }
507
usmDHKeyParamGroup OBJECT-GROUP
513
"The mandatory object for all MIBs which use the DHKeyChange
515
::= { usmDHKeyMIBGroups 2 }
517
usmDHKeyKickstartGroup OBJECT-GROUP
519
usmDHKickstartMyPublic,
520
usmDHKickstartMgrPublic,
521
usmDHKickstartSecurityName
525
"The objects used for kickstarting one or more SNMPv3 USM
526
associations via a configuration file or other out of band,
527
non-confidential access."
528
::= { usmDHKeyMIBGroups 3 }