SNMP-USM-DH-OBJECTS-MIB DEFINITIONS ::= BEGIN

IMPORTS

    MODULE-IDENTITY, OBJECT-TYPE,

    -- OBJECT-IDENTITY,

    experimental, Integer32

        FROM SNMPv2-SMI

    TEXTUAL-CONVENTION

        FROM SNMPv2-TC

    MODULE-COMPLIANCE, OBJECT-GROUP

        FROM SNMPv2-CONF

    usmUserEntry

        FROM SNMP-USER-BASED-SM-MIB

    SnmpAdminString

        FROM SNMP-FRAMEWORK-MIB;

snmpUsmDHObjectsMIB MODULE-IDENTITY

    LAST-UPDATED "200003060000Z"  -- 6 March 2000, Midnight

    ORGANIZATION "Excite@Home"

    CONTACT-INFO "Author: Mike StJohns

                  Postal: Excite@Home

                          450 Broadway

                          Redwood City, CA 94063

                  Email:  stjohns@corp.home.net

                  Phone:  +1-650-556-5368"

    DESCRIPTION

        "The management information definitions for providing forward

    secrecy for key changes for the usmUserTable, and for providing a

    method for 'kickstarting' access to the agent via a Diffie-Helman

    key agreement."

    REVISION     "200003060000Z"

    DESCRIPTION

       "Initial version published as RFC 2786."

    ::= { experimental 101 }  -- IANA DHKEY-CHANGE 101

-- Administrative assignments

usmDHKeyObjects OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 1 }

usmDHKeyConformance OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 2 }

-- Textual conventions

DHKeyChange ::=         TEXTUAL-CONVENTION

    STATUS              current

    DESCRIPTION

        "Upon initialization, or upon creation of a row containing an

    object of this type, and after any successful SET of this value, a

    GET of this value returns 'y' where y = g^xa MOD p, and where g is

    the base from usmDHParameters, p is the prime from

    usmDHParameters, and xa is a new random integer selected by the

    agent in the interval 2^(l-1) <= xa < 2^l < p-1.  'l' is the

    optional privateValueLength from usmDHParameters in bits.  If 'l'

    is omitted, then xa (and xr below) is selected in the interval 0

    <= xa < p-1.  y is expressed as an OCTET STRING 'PV' of length 'k'

    which satisfies

              k

        y =  SUM   2^(8(k-i)) PV'i

             i=1

        where PV1,...,PVk are the octets of PV from first to last, and

        where PV1 <> 0.

    A successful SET consists of the value 'y' expressed as an OCTET

    STRING as above concatenated with the value 'z'(expressed as an

    OCTET STRING in the same manner as y) where z = g^xr MOD p, where

    g, p and l are as above, and where xr is a new random integer

    selected by the manager in the interval 2^(l-1) <= xr < 2^l <

    p-1. A SET to an object of this type will fail with the error

    wrongValue if the current 'y' does not match the 'y' portion of

    the value of the varbind for the object. (E.g. GET yout, SET

    concat(yin, z), yout <> yin).

    Note that the private values xa and xr are never transmitted from

    manager to device or vice versa, only the values y and z.

    Obviously, these values must be retained until a successful SET on

    the associated object.

    The shared secret 'sk' is calculated at the agent as sk = z^xa MOD

    p, and at the manager as sk = y^xr MOD p.

    Each object definition of this type MUST describe how to map from

    the shared secret 'sk' to the operational key value used by the

    protocols and operations related to the object.  In general, if n

    bits of key are required, the author suggests using the n

    right-most bits of the shared secret as the operational key value."

    REFERENCE

        "-- Diffie-Hellman Key-Agreement Standard, PKCS #3;

            RSA Laboratories, November 1993"

    SYNTAX              OCTET STRING

-- Diffie Hellman public values

usmDHPublicObjects      OBJECT IDENTIFIER ::= { usmDHKeyObjects 1 }

usmDHParameters OBJECT-TYPE

    SYNTAX  OCTET STRING

    MAX-ACCESS read-write

    STATUS  current

    DESCRIPTION

        "The public Diffie-Hellman parameters for doing a Diffie-Hellman

    key agreement for this device.  This is encoded as an ASN.1

    DHParameter per PKCS #3, section 9.  E.g.

        DHParameter ::= SEQUENCE {

           prime   INTEGER,   -- p

           base    INTEGER,   -- g

           privateValueLength  INTEGER OPTIONAL }

    Implementors are encouraged to use either the values from

    Oakley Group 1  or the values of from Oakley Group 2 as specified

    in RFC-2409, The Internet Key Exchange, Section 6.1, 6.2 as the

    default for this object.  Other values may be used, but the

    security properties of those values MUST be well understood and

    MUST meet the requirements of PKCS #3 for the selection of

    Diffie-Hellman primes.

        In addition, any time usmDHParameters changes, all values of

    type DHKeyChange will change and new random numbers MUST be

    generated by the agent for each DHKeyChange object."

    REFERENCE

        "-- Diffie-Hellman Key-Agreement Standard, PKCS #3,

            RSA Laboratories, November 1993

         -- The Internet Key Exchange, RFC 2409, November 1998,

            Sec 6.1, 6.2"

    ::= { usmDHPublicObjects 1 }

usmDHUserKeyTable OBJECT-TYPE

    SYNTAX  SEQUENCE OF UsmDHUserKeyEntry

    MAX-ACCESS not-accessible

    STATUS  current

    DESCRIPTION

        "This table augments and extends the usmUserTable and provides

    4 objects which exactly mirror the objects in that table with the

    textual convention of 'KeyChange'.  This extension allows key

    changes to be done in a manner where the knowledge of the current

    secret plus knowledge of the key change data exchanges (e.g. via

    wiretapping)  will not reveal the new key."

    ::= { usmDHPublicObjects 2 }

usmDHUserKeyEntry OBJECT-TYPE

    SYNTAX  UsmDHUserKeyEntry

    MAX-ACCESS not-accessible

    STATUS  current

    DESCRIPTION

        "A row of DHKeyChange objects which augment or replace the

    functionality of the KeyChange objects in the base table row."

    AUGMENTS { usmUserEntry }

    ::= {usmDHUserKeyTable 1 }

UsmDHUserKeyEntry ::= SEQUENCE {

        usmDHUserAuthKeyChange          DHKeyChange,

    usmDHUserOwnAuthKeyChange   DHKeyChange,

        usmDHUserPrivKeyChange          DHKeyChange,

        usmDHUserOwnPrivKeyChange       DHKeyChange

        }

usmDHUserAuthKeyChange OBJECT-TYPE

    SYNTAX  DHKeyChange

    MAX-ACCESS read-create

    STATUS  current

    DESCRIPTION

        "The object used to change any given user's Authentication Key

    using a Diffie-Hellman key exchange.

    The right-most n bits of the shared secret 'sk', where 'n' is the

    number of bits required for the protocol defined by

    usmUserAuthProtocol, are installed as the operational

    authentication key for this row after a successful SET."

    ::= { usmDHUserKeyEntry 1 }

usmDHUserOwnAuthKeyChange OBJECT-TYPE

    SYNTAX  DHKeyChange

    MAX-ACCESS read-create

    STATUS  current

    DESCRIPTION

        "The object used to change the agents own Authentication Key

    using a Diffie-Hellman key exchange.

    The right-most n bits of the shared secret 'sk', where 'n' is the

    number of bits required for the protocol defined by

    usmUserAuthProtocol, are installed as the operational

    authentication key for this row after a successful SET."

    ::= { usmDHUserKeyEntry 2 }

usmDHUserPrivKeyChange OBJECT-TYPE

    SYNTAX  DHKeyChange

    MAX-ACCESS read-create

    STATUS  current

    DESCRIPTION

        "The object used to change any given user's Privacy Key using

    a Diffie-Hellman key exchange.

    The right-most n bits of the shared secret 'sk', where 'n' is the

    number of bits required for the protocol defined by

    usmUserPrivProtocol, are installed as the operational privacy key

    for this row after a successful SET."

    ::= { usmDHUserKeyEntry 3 }

usmDHUserOwnPrivKeyChange OBJECT-TYPE

    SYNTAX  DHKeyChange

    MAX-ACCESS read-create

    STATUS  current

    DESCRIPTION

        "The object used to change the agent's own Privacy Key using a

    Diffie-Hellman key exchange.

    The right-most n bits of the shared secret 'sk', where 'n' is the

    number of bits required for the protocol defined by

    usmUserPrivProtocol, are installed as the operational privacy key

    for this row after a successful SET."

    ::= { usmDHUserKeyEntry 4 }

usmDHKickstartGroup OBJECT IDENTIFIER ::= { usmDHKeyObjects 2 }

usmDHKickstartTable OBJECT-TYPE

    SYNTAX      SEQUENCE OF UsmDHKickstartEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "A table of mappings between zero or more Diffie-Helman key

    agreement values and entries in the usmUserTable.  Entries in this

    table are created by providing the associated device with a

    Diffie-Helman public value and a usmUserName/usmUserSecurityName

    pair during initialization. How these values are provided is

    outside the scope of this MIB, but could be provided manually, or

    through a configuration file.  Valid public value/name pairs

    result in the creation of a row in this table as well as the

    creation of an associated row (with keys derived as indicated) in

    the usmUserTable.  The actual access the related usmSecurityName

    has is dependent on the entries in the VACM tables.  In general,

    an implementor will specify one or more standard security names

    and will provide entries in the VACM tables granting various

    levels of access to those names.  The actual content of the VACM

    table is beyond the scope of this MIB.

    Note: This table is expected to be readable without authentication

    using the usmUserSecurityName 'dhKickstart'.  See the conformance

    statements for details."

    ::= { usmDHKickstartGroup 1 }

usmDHKickstartEntry OBJECT-TYPE

    SYNTAX      UsmDHKickstartEntry

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "An entry in the usmDHKickstartTable.  The agent SHOULD either

    delete this entry or mark it as inactive upon a successful SET of

    any of the KeyChange-typed objects in the usmUserEntry or upon a

    successful SET of any of the DHKeyChange-typed objects in the

    usmDhKeyChangeEntry where the related usmSecurityName (e.g. row of

    usmUserTable or row of ushDhKeyChangeTable) equals this entry's

    usmDhKickstartSecurityName.  In otherwords, once you've changed

    one or more of the keys for a row in usmUserTable with a

    particular security name, the row in this table with that same

    security name is no longer useful or meaningful."

    INDEX   { usmDHKickstartIndex }

    ::= {usmDHKickstartTable 1 }

UsmDHKickstartEntry ::= SEQUENCE  {

        usmDHKickstartIndex     Integer32,

        usmDHKickstartMyPublic  OCTET STRING,

        usmDHKickstartMgrPublic OCTET STRING,

        usmDHKickstartSecurityName      SnmpAdminString

        }

usmDHKickstartIndex OBJECT-TYPE

    SYNTAX      Integer32  (1..2147483647)

    MAX-ACCESS  not-accessible

    STATUS      current

    DESCRIPTION

        "Index value for this row."

    ::= { usmDHKickstartEntry 1 }

usmDHKickstartMyPublic OBJECT-TYPE

    SYNTAX      OCTET STRING

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "The agent's Diffie-Hellman public value for this row.  At

    initialization, the agent generates a random number and derives

    its public value from that number.  This public value is published

    here.  This public value 'y' equals g^r MOD p where g is the from

    the set of Diffie-Hellman parameters, p is the prime from those

    parameters, and r is a random integer selected by the agent in the

    interval 2^(l-1) <= r < p-1 < 2^l.  If l is unspecified, then r is

    a random integer selected in the interval 0 <= r < p-1

    The public value is expressed as an OCTET STRING 'PV' of length

    'k' which satisfies

              k

        y =  SUM   2^(8(k-i)) PV'i

             i = 1

        where PV1,...,PVk are the octets of PV from first to last, and

        where PV1 != 0.

    The following DH parameters (Oakley group #2, RFC 2409, sec 6.1,

    6.2) are used for this object:

    g = 2

    p = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1

        29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD

        EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245

        E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED

        EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381

        FFFFFFFF FFFFFFFF

    l=1024

    "

    REFERENCE

        "-- Diffie-Hellman Key-Agreement Standard, PKCS#3v1.4;

            RSA Laboratories, November 1993

         -- The Internet Key Exchange, RFC2409;

            Harkins, D., Carrel, D.; November 1998"

    ::= { usmDHKickstartEntry 2 }

usmDHKickstartMgrPublic OBJECT-TYPE

    SYNTAX      OCTET STRING

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "The manager's Diffie-Hellman public value for this row.  Note

    that this value is not set via the SNMP agent, but may be set via

    some out of band method, such as the device's configuration file.

    The manager calculates this value in the same manner and using the

    same parameter set as the agent does.  E.g. it selects a random

    number 'r', calculates y = g^r mod p and provides 'y' as the

    public number expressed as an OCTET STRING.  See

    usmDHKickstartMyPublic for details.

    When this object is set with a valid value during initialization,

    a row is created in the usmUserTable with the following values:

    usmUserEngineID             localEngineID

    usmUserName                 [value of usmDHKickstartSecurityName]

    usmUserSecurityName         [value of usmDHKickstartSecurityName]

    usmUserCloneFrom            ZeroDotZero

    usmUserAuthProtocol         usmHMACMD5AuthProtocol

    usmUserAuthKeyChange        -- derived from set value

    usmUserOwnAuthKeyChange     -- derived from set value

    usmUserPrivProtocol         usmDESPrivProtocol

    usmUserPrivKeyChange        -- derived from set value

    usmUserOwnPrivKeyChange     -- derived from set value

    usmUserPublic               ''

    usmUserStorageType          permanent

    usmUserStatus               active

    A shared secret 'sk' is calculated at the agent as sk =

    mgrPublic^r mod p where r is the agents random number and p is the

    DH prime from the common parameters.  The underlying privacy key

    for this row is derived from sk by applying the key derivation

    function PBKDF2 defined in PKCS#5v2.0 with a salt of 0xd1310ba6,

    and iterationCount of 500, a keyLength of 16 (for

    usmDESPrivProtocol), and a prf (pseudo random function) of

    'id-hmacWithSHA1'.  The underlying authentication key for this row

    is derived from sk by applying the key derivation function PBKDF2

    with a salt of 0x98dfb5ac , an interation count of 500, a

    keyLength of 16 (for usmHMAC5AuthProtocol), and a prf of

    'id-hmacWithSHA1'.  Note: The salts are the first two words in the

    ks0 [key schedule 0] of the BLOWFISH cipher from 'Applied

    Cryptography' by Bruce Schnier - they could be any relatively

    random string of bits.

    The manager can use its knowledge of its own random number and the

    agent's public value to kickstart its access to the agent in a

    secure manner.  Note that the security of this approach is

    directly related to the strength of the authorization security of

    the out of band provisioning of the managers public value

    (e.g. the configuration file), but is not dependent at all on the

    strength of the confidentiality of the out of band provisioning

    data."

    REFERENCE

        "-- Password-Based Cryptography Standard, PKCS#5v2.0;

            RSA Laboratories, March 1999

         -- Applied Cryptography, 2nd Ed.; B. Schneier,

            Counterpane Systems; John Wiley & Sons, 1996"

    ::= { usmDHKickstartEntry 3 }

usmDHKickstartSecurityName OBJECT-TYPE

    SYNTAX      SnmpAdminString

    MAX-ACCESS  read-only

    STATUS      current

    DESCRIPTION

        "The usmUserName and usmUserSecurityName in the usmUserTable

    associated with this row.  This is provided in the same manner and

    at the same time as the usmDHKickstartMgrPublic value -

    e.g. possibly manually, or via the device's configuration file."

    ::= { usmDHKickstartEntry 4 }

-- Conformance Information

usmDHKeyMIBCompliances  OBJECT IDENTIFIER ::= { usmDHKeyConformance 1 }

usmDHKeyMIBGroups       OBJECT IDENTIFIER ::= { usmDHKeyConformance 2 }

-- Compliance statements

usmDHKeyMIBCompliance   MODULE-COMPLIANCE

    STATUS      current

    DESCRIPTION

        "The compliance statement for this module."

    MODULE

        GROUP usmDHKeyMIBBasicGroup

        DESCRIPTION

        "This group MAY be implemented by any agent which

        implements the usmUserTable and which wishes to provide the

        ability to change user and agent authentication and privacy

        keys via Diffie-Hellman key exchanges."

        GROUP usmDHKeyParamGroup

        DESCRIPTION

            "This group MUST be implemented by any agent which

        implements a MIB containing the DHKeyChange Textual

        Convention defined in this module."

        GROUP usmDHKeyKickstartGroup

        DESCRIPTION

            "This group MAY be implemented by any agent which

        implements the usmUserTable and which wishes the ability to

        populate the USM table based on out-of-band provided DH

        ignition values.

             Any agent implementing this group is expected to provide

        preinstalled entries in the vacm tables as follows:

             In the usmUserTable: This entry allows access to the

        system and dhKickstart groups

        usmUserEngineID         localEngineID

        usmUserName             'dhKickstart'

        usmUserSecurityName     'dhKickstart'

        usmUserCloneFrom        ZeroDotZero

        usmUserAuthProtocol     none

        usmUserAuthKeyChange    ''

        usmUserOwnAuthKeyChange ''

        usmUserPrivProtocol     none

        usmUserPrivKeyChange    ''

        usmUserOwnPrivKeyChange ''

        usmUserPublic           ''

        usmUserStorageType      permanent

        usmUserStatus           active

            In the vacmSecurityToGroupTable: This maps the initial

        user into the accessible objects.

        vacmSecurityModel               3 (USM)

        vacmSecurityName                'dhKickstart'

        vacmGroupName                   'dhKickstart'

        vacmSecurityToGroupStorageType  permanent

        vacmSecurityToGroupStatus       active

            In the vacmAccessTable: Group name to view name translation.

        vacmGroupName                   'dhKickstart'

    vacmAccessContextPrefix             ''

        vacmAccessSecurityModel         3 (USM)

        vacmAccessSecurityLevel         noAuthNoPriv

        vacmAccessContextMatch          exact

        vacmAccessReadViewName          'dhKickRestricted'

        vacmAccessWriteViewName         ''

        vacmAccessNotifyViewName        'dhKickRestricted'

        vacmAccessStorageType           permanent

        vacmAccessStatus                active

            In the vacmViewTreeFamilyTable: Two entries to allow the

        initial entry to access the system and kickstart groups.

        vacmViewTreeFamilyViewName      'dhKickRestricted'

        vacmViewTreeFamilySubtree       1.3.6.1.2.1.1  (system)

        vacmViewTreeFamilyMask          ''

        vacmViewTreeFamilyType          1

        vacmViewTreeFamilyStorageType   permanent

        vacmViewTreeFamilyStatus        active

        vacmViewTreeFamilyViewName      'dhKickRestricted'

        vacmViewTreeFamilySubtree         (usmDHKickstartTable OID)

        vacmViewTreeFamilyMask          ''

        vacmViewTreeFamilyType          1

        vacmViewTreeFamilyStorageType   permanent

        vacmViewTreeFamilyStatus        active

        "

        OBJECT usmDHParameters

        MIN-ACCESS      read-only

        DESCRIPTION

            "It is compliant to implement this object as read-only for

        any device."

    ::= { usmDHKeyMIBCompliances 1 }

-- Units of Compliance

usmDHKeyMIBBasicGroup OBJECT-GROUP

    OBJECTS     {

                  usmDHUserAuthKeyChange,

                  usmDHUserOwnAuthKeyChange,

                  usmDHUserPrivKeyChange,

                  usmDHUserOwnPrivKeyChange

                }

    STATUS      current

    DESCRIPTION

        ""

    ::= { usmDHKeyMIBGroups 1 }

usmDHKeyParamGroup OBJECT-GROUP

    OBJECTS     {

                  usmDHParameters

                }

    STATUS      current

    DESCRIPTION

        "The mandatory object for all MIBs which use the DHKeyChange

    textual convention."

    ::= { usmDHKeyMIBGroups 2 }

usmDHKeyKickstartGroup OBJECT-GROUP

    OBJECTS     {

                  usmDHKickstartMyPublic,

                  usmDHKickstartMgrPublic,

                  usmDHKickstartSecurityName

                }

    STATUS      current

    DESCRIPTION

        "The objects used for kickstarting one or more SNMPv3 USM

    associations via a configuration file or other out of band,

    non-confidential access."

    ::= { usmDHKeyMIBGroups 3 }

END