/* * snmpusm.h * * Header file for USM support. * * Portions of this file are copyrighted by: * Copyright (c) 2016 VMware, Inc. All rights reserved. * Use is subject to license terms specified in the COPYING file * distributed with the Net-SNMP package. */ #ifndef SNMPUSM_H #define SNMPUSM_H #include #ifdef __cplusplus extern "C" { #endif #define WILDCARDSTRING "*" /* * General. */ #define USM_MAX_ID_LENGTH 1024 /* In bytes. */ #define USM_MAX_SALT_LENGTH 128 /* In BITS. */ #define USM_DES_SALT_LENGTH 64 /* In BITS. */ #define USM_AES_SALT_LENGTH 128 /* In BITS. */ #define USM_MAX_KEYEDHASH_LENGTH 128 /* In BITS. */ #define USM_TIME_WINDOW 150 #define USM_MD5_AND_SHA_AUTH_LEN 12 /* bytes */ #define USM_HMAC128SHA224_AUTH_LEN 16 /* OPTIONAL */ #define USM_HMAC192SHA256_AUTH_LEN 24 /* MUST */ #define USM_HMAC256SHA384_AUTH_LEN 32 /* OPTIONAL */ #define USM_HMAC384SHA512_AUTH_LEN 48 /* SHOULD */ #define USM_MAX_AUTHSIZE USM_HMAC384SHA512_AUTH_LEN #define USM_SEC_MODEL_NUMBER SNMP_SEC_MODEL_USM /* * Structures. */ struct usmStateReference { char *usr_name; size_t usr_name_length; u_char *usr_engine_id; size_t usr_engine_id_length; oid *usr_auth_protocol; size_t usr_auth_protocol_length; u_char *usr_auth_key; size_t usr_auth_key_length; oid *usr_priv_protocol; size_t usr_priv_protocol_length; u_char *usr_priv_key; size_t usr_priv_key_length; u_int usr_sec_level; }; /* * struct usmUser: a structure to represent a given user in a list */ /* * Note: Any changes made to this structure need to be reflected in * the following functions: */ struct usmUser; struct usmUser { u_int flags; u_char *engineID; size_t engineIDLen; char *name; char *secName; oid *cloneFrom; size_t cloneFromLen; oid *authProtocol; size_t authProtocolLen; u_char *authKey; size_t authKeyLen; u_char *authKeyKu; size_t authKeyKuLen; oid *privProtocol; size_t privProtocolLen; u_char *privKeyKu; size_t privKeyKuLen; u_char *privKey; size_t privKeyLen; u_char *userPublicString; size_t userPublicStringLen; int userStatus; int userStorageType; /* these are actually DH * pointers but only if openssl is avail. */ void *usmDHUserAuthKeyChange; void *usmDHUserPrivKeyChange; struct usmUser *next; struct usmUser *prev; }; #define USMUSER_FLAG_KEEP_MASTER_KEY 0x01 /* * Prototypes. */ struct usmStateReference *usm_malloc_usmStateReference(void); void usm_free_usmStateReference(void *old); int usm_set_usmStateReference_name(struct usmStateReference *ref, char *name, size_t name_len); int usm_set_usmStateReference_engine_id(struct usmStateReference *ref, u_char * engine_id, size_t engine_id_len); int usm_set_usmStateReference_auth_protocol(struct usmStateReference *ref, oid * auth_protocol, size_t auth_protocol_len); int usm_set_usmStateReference_auth_key(struct usmStateReference *ref, u_char * auth_key, size_t auth_key_len); int usm_set_usmStateReference_priv_protocol(struct usmStateReference *ref, oid * priv_protocol, size_t priv_protocol_len); int usm_set_usmStateReference_priv_key(struct usmStateReference *ref, u_char * priv_key, size_t priv_key_len); int usm_set_usmStateReference_sec_level(struct usmStateReference *ref, int sec_level); int usm_clone_usmStateReference(struct usmStateReference *from, struct usmStateReference **to); #ifdef NETSNMP_ENABLE_TESTING_CODE void emergency_print(u_char * field, u_int length); #endif int asn_predict_int_length(int type, long number, size_t len); int asn_predict_length(int type, u_char * ptr, size_t u_char_len); int usm_set_salt(u_char * iv, size_t * iv_length, u_char * priv_salt, size_t priv_salt_length, u_char * msgSalt); NETSNMP_IMPORT int usm_extend_user_kul(struct usmUser *user, u_int privKeyBufSize); int usm_parse_security_parameters(u_char * secParams, size_t remaining, u_char * secEngineID, size_t * secEngineIDLen, u_int * boots_uint, u_int * time_uint, char *secName, size_t * secNameLen, u_char * signature, size_t * signature_length, u_char * salt, size_t * salt_length, u_char ** data_ptr); int usm_check_and_update_timeliness(u_char * secEngineID, size_t secEngineIDLen, u_int boots_uint, u_int time_uint, int *error); SecmodSessionCallback usm_open_session; SecmodOutMsg usm_secmod_generate_out_msg; SecmodOutMsg usm_secmod_generate_out_msg; SecmodInMsg usm_secmod_process_in_msg; int usm_generate_out_msg(int, u_char *, size_t, int, int, u_char *, size_t, char *, size_t, int, u_char *, size_t, void *, u_char *, size_t *, u_char **, size_t *); int usm_rgenerate_out_msg(int, u_char *, size_t, int, int, u_char *, size_t, char *, size_t, int, u_char *, size_t, void *, u_char **, size_t *, size_t *); int usm_process_in_msg(int, size_t, u_char *, int, int, u_char *, size_t, u_char *, size_t *, char *, size_t *, u_char **, size_t *, size_t *, void **, netsnmp_session *, u_char); int usm_check_secLevel(int level, struct usmUser *user); NETSNMP_IMPORT struct usmUser *usm_get_userList(void); NETSNMP_IMPORT struct usmUser *usm_get_user(u_char * engineID, size_t engineIDLen, char *name); struct usmUser *usm_get_user_from_list(u_char * engineID, size_t engineIDLen, char *name, struct usmUser *userList, int use_default); NETSNMP_IMPORT struct usmUser *usm_add_user(struct usmUser *user); struct usmUser *usm_add_user_to_list(struct usmUser *user, struct usmUser *userList); NETSNMP_IMPORT struct usmUser *usm_free_user(struct usmUser *user); NETSNMP_IMPORT struct usmUser *usm_create_user(void); NETSNMP_IMPORT struct usmUser *usm_create_initial_user(const char *name, const oid * authProtocol, size_t authProtocolLen, const oid * privProtocol, size_t privProtocolLen); NETSNMP_IMPORT struct usmUser *usm_cloneFrom_user(struct usmUser *from, struct usmUser *to); NETSNMP_IMPORT struct usmUser *usm_remove_user(struct usmUser *user); struct usmUser *usm_remove_user_from_list(struct usmUser *user, struct usmUser **userList); char *get_objid(char *line, oid ** optr, size_t * len); NETSNMP_IMPORT void usm_save_users(const char *token, const char *type); void usm_save_users_from_list(struct usmUser *user, const char *token, const char *type); void usm_save_user(struct usmUser *user, const char *token, const char *type); NETSNMP_IMPORT SNMPCallback usm_store_users; struct usmUser *usm_read_user(const char *line); NETSNMP_IMPORT void usm_parse_config_usmUser(const char *token, char *line); void usm_set_password(const char *token, char *line); NETSNMP_IMPORT void usm_set_user_password(struct usmUser *user, const char *token, char *line); void init_usm(void); NETSNMP_IMPORT void init_usm_conf(const char *app); int init_usm_post_config(int majorid, int minorid, void *serverarg, void *clientarg); int deinit_usm_post_config(int majorid, int minorid, void *serverarg, void *clientarg); NETSNMP_IMPORT void clear_user_list(void); NETSNMP_IMPORT void shutdown_usm(void); NETSNMP_IMPORT int usm_lookup_auth_type(const char *str); NETSNMP_IMPORT const char *usm_lookup_auth_str(int value); NETSNMP_IMPORT oid *usm_get_auth_oid(int auth_type, size_t *oid_len); NETSNMP_IMPORT int usm_lookup_priv_type(const char *str); NETSNMP_IMPORT const char *usm_lookup_priv_str(int value); NETSNMP_IMPORT oid *usm_get_priv_oid(int priv_type, size_t *oid_len); #define USM_CREATE_USER_AUTH_DFLT -1 #define USM_CREATE_USER_AUTH_NONE NETSNMP_USMAUTH_NONE #define USM_CREATE_USER_AUTH_MD5 NETSNMP_USMAUTH_HMACMD5 #define USM_CREATE_USER_AUTH_SHA1 NETSNMP_USMAUTH_HMACSHA1 #define USM_CREATE_USER_AUTH_SHA USM_CREATE_USER_AUTH_SHA1 #define USM_CREATE_USER_AUTH_SHA512 NETSNMP_USMAUTH_HMAC384SHA512 #define USM_CREATE_USER_AUTH_SHA384 NETSNMP_USMAUTH_HMAC256SHA384 #define USM_CREATE_USER_AUTH_SHA256 NETSNMP_USMAUTH_HMAC192SHA256 #define USM_CREATE_USER_AUTH_SHA224 NETSNMP_USMAUTH_HMAC128SHA224 /** flags for variants fo priv algorithsm */ #define USM_DES_FLAG_3 0x000100 #define USM_AES_FLAG_192 0x000100 #define USM_AES_FLAG_256 0x000200 #define USM_AES_REEDER_FLAG 0x030000 #define USM_AES_FLAG_CISCO 0x100000 #define USM_PRIV_MASK_ALG 0x0000ff #define USM_PRIV_MASK_VARIANT 0x00ff00 #define USM_CREATE_USER_PRIV_DFLT -1 #define USM_CREATE_USER_PRIV_NONE 0 #define USM_CREATE_USER_PRIV_DES 0x01 #define USM_CREATE_USER_PRIV_3DES \ (USM_CREATE_USER_PRIV_DES | USM_DES_FLAG_3) #define USM_CREATE_USER_PRIV_AES 0x02 #define USM_CREATE_USER_PRIV_AES192 \ (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_192) #define USM_CREATE_USER_PRIV_AES256 \ (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_256) #define USM_CREATE_USER_PRIV_AES192_CISCO \ (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_192 | USM_AES_FLAG_CISCO \ | USM_AES_REEDER_FLAG) #define USM_CREATE_USER_PRIV_AES256_CISCO \ (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_256 | USM_AES_FLAG_CISCO \ | USM_AES_REEDER_FLAG) struct usmUser *usm_create_usmUser(const char *userName, const char *engineID, u_int flags, int authType, const char *authPass, int privType, const char *privPass, const char **errorMsg); NETSNMP_IMPORT int usm_remove_usmUser(struct usmUser *user); NETSNMP_IMPORT int usm_remove_usmUser_from_list(struct usmUser *user, struct usmUser **ppuserList); NETSNMP_IMPORT struct usmUser *usm_create_usmUser_from_string(char *line, const char **errorMsg); NETSNMP_IMPORT int usm_create_user_from_session(netsnmp_session * session); SecmodPostDiscovery usm_create_user_from_session_hook; NETSNMP_IMPORT void usm_parse_create_usmUser(const char *token, char *line); NETSNMP_IMPORT const oid *get_default_authtype(size_t *); NETSNMP_IMPORT const oid *get_default_privtype(size_t *); void snmpv3_authtype_conf(const char *word, char *cptr); void snmpv3_privtype_conf(const char *word, char *cptr); #ifdef __cplusplus } #endif #endif /* SNMPUSM_H */