snmp_agent_usm.h

Go to the documentation of this file.

 
#ifndef _SNMP_AGENT_USM_H
#define _SNMP_AGENT_USM_H
 
//Dependencies
#include "core/net.h"
#include "snmp/snmp_agent.h"
#include "mibs/mib_common.h"
#include "core/crypto.h"
 
//Time window for replay protection
#ifndef SNMP_TIME_WINDOW
   #define SNMP_TIME_WINDOW 150
#elif (SNMP_TIME_WINDOW < 1)
   #error SNMP_TIME_WINDOW parameter is not valid
#endif
 
//MD5 authentication support
#ifndef SNMP_MD5_SUPPORT
   #define SNMP_MD5_SUPPORT ENABLED
#elif (SNMP_MD5_SUPPORT != ENABLED && SNMP_MD5_SUPPORT != DISABLED)
   #error SNMP_MD5_SUPPORT parameter is not valid
#endif
 
//SHA-1 authentication support
#ifndef SNMP_SHA1_SUPPORT
   #define SNMP_SHA1_SUPPORT ENABLED
#elif (SNMP_SHA1_SUPPORT != ENABLED && SNMP_SHA1_SUPPORT != DISABLED)
   #error SNMP_SHA1_SUPPORT parameter is not valid
#endif
 
//SHA-224 authentication support
#ifndef SNMP_SHA224_SUPPORT
   #define SNMP_SHA224_SUPPORT DISABLED
#elif (SNMP_SHA224_SUPPORT != ENABLED && SNMP_SHA224_SUPPORT != DISABLED)
   #error SNMP_SHA224_SUPPORT parameter is not valid
#endif
 
//SHA-256 authentication support
#ifndef SNMP_SHA256_SUPPORT
   #define SNMP_SHA256_SUPPORT DISABLED
#elif (SNMP_SHA256_SUPPORT != ENABLED && SNMP_SHA256_SUPPORT != DISABLED)
   #error SNMP_SHA256_SUPPORT parameter is not valid
#endif
 
//SHA-384 authentication support
#ifndef SNMP_SHA384_SUPPORT
   #define SNMP_SHA384_SUPPORT DISABLED
#elif (SNMP_SHA384_SUPPORT != ENABLED && SNMP_SHA384_SUPPORT != DISABLED)
   #error SNMP_SHA384_SUPPORT parameter is not valid
#endif
 
//SHA-512 authentication support
#ifndef SNMP_SHA512_SUPPORT
   #define SNMP_SHA512_SUPPORT DISABLED
#elif (SNMP_SHA512_SUPPORT != ENABLED && SNMP_SHA512_SUPPORT != DISABLED)
   #error SNMP_SHA512_SUPPORT parameter is not valid
#endif
 
//DES encryption support
#ifndef SNMP_DES_SUPPORT
   #define SNMP_DES_SUPPORT ENABLED
#elif (SNMP_DES_SUPPORT != ENABLED && SNMP_DES_SUPPORT != DISABLED)
   #error SNMP_DES_SUPPORT parameter is not valid
#endif
 
//AES encryption support
#ifndef SNMP_AES_SUPPORT
   #define SNMP_AES_SUPPORT ENABLED
#elif (SNMP_AES_SUPPORT != ENABLED && SNMP_AES_SUPPORT != DISABLED)
   #error SNMP_AES_SUPPORT parameter is not valid
#endif
 
//Support for MD5 authentication?
#if (SNMP_MD5_SUPPORT == ENABLED)
   #include "hash/md5.h"
#endif
 
//Support for SHA-1 authentication?
#if (SNMP_SHA1_SUPPORT == ENABLED)
   #include "hash/sha1.h"
#endif
 
//Support for SHA-224 authentication?
#if (SNMP_SHA224_SUPPORT == ENABLED)
   #include "hash/sha224.h"
#endif
 
//Support for SHA-256 authentication?
#if (SNMP_SHA256_SUPPORT == ENABLED)
   #include "hash/sha256.h"
#endif
 
//Support for SHA-384 authentication?
#if (SNMP_SHA384_SUPPORT == ENABLED)
   #include "hash/sha384.h"
#endif
 
//Support for SHA-512 authentication?
#if (SNMP_SHA512_SUPPORT == ENABLED)
   #include "hash/sha512.h"
#endif
 
//Support for DES encryption?
#if (SNMP_DES_SUPPORT == ENABLED)
   #include "cipher/des.h"
   #include "cipher_modes/cbc.h"
#endif
 
//Support for AES encryption ?
#if (SNMP_AES_SUPPORT == ENABLED)
   #include "cipher/aes.h"
   #include "cipher_modes/cfb.h"
#endif
 
//Maximum size for authentication and privacy keys
#if (SNMP_SHA512_SUPPORT == ENABLED)
   #define SNMP_MAX_KEY_SIZE 64
#elif (SNMP_SHA384_SUPPORT == ENABLED)
   #define SNMP_MAX_KEY_SIZE 48
#elif (SNMP_SHA256_SUPPORT == ENABLED)
   #define SNMP_MAX_KEY_SIZE 32
#elif (SNMP_SHA224_SUPPORT == ENABLED)
   #define SNMP_MAX_KEY_SIZE 28
#elif (SNMP_SHA1_SUPPORT == ENABLED)
   #define SNMP_MAX_KEY_SIZE 20
#else
   #define SNMP_MAX_KEY_SIZE 16
#endif
 
//Maximum size for truncated MACs
#if (SNMP_SHA512_SUPPORT == ENABLED)
   #define SNMP_MAX_TRUNCATED_MAC_SIZE 48
#elif (SNMP_SHA384_SUPPORT == ENABLED)
   #define SNMP_MAX_TRUNCATED_MAC_SIZE 32
#elif (SNMP_SHA256_SUPPORT == ENABLED)
   #define SNMP_MAX_TRUNCATED_MAC_SIZE 24
#elif (SNMP_SHA224_SUPPORT == ENABLED)
   #define SNMP_MAX_TRUNCATED_MAC_SIZE 16
#elif (SNMP_SHA1_SUPPORT == ENABLED)
   #define SNMP_MAX_TRUNCATED_MAC_SIZE 12
#else
   #define SNMP_MAX_TRUNCATED_MAC_SIZE 12
#endif
 
//SNMP message encryption overhead
#if (SNMP_DES_SUPPORT == ENABLED)
   #define SNMP_MSG_ENCRYPTION_OVERHEAD 8
#else
   #define SNMP_MSG_ENCRYPTION_OVERHEAD 0
#endif
 
//C++ guard
#ifdef __cplusplus
extern "C" {
#endif
 
 
typedef enum
{
   SNMP_MSG_FLAG_AUTH       = 1,
   SNMP_MSG_FLAG_PRIV       = 2,
   SNMP_MSG_FLAG_REPORTABLE = 4
} SnmpMessageFlags;
 
 
typedef enum
{
   SNMP_SECURITY_MODEL_ANY = 0, 
   SNMP_SECURITY_MODEL_V1  = 1, 
   SNMP_SECURITY_MODEL_V2C = 2, 
   SNMP_SECURITY_MODEL_USM = 3, 
   SNMP_SECURITY_MODEL_TSM = 4  
} SnmpSecurityModel;
 
 
typedef enum
{
   SNMP_SECURITY_LEVEL_NO_AUTH_NO_PRIV = 1,
   SNMP_SECURITY_LEVEL_AUTH_NO_PRIV    = 2,
   SNMP_SECURITY_LEVEL_AUTH_PRIV       = 3
} SnmpSecurityLevel;
 
 
typedef enum
{
   SNMP_ACCESS_NONE       = 0,
   SNMP_ACCESS_READ_ONLY  = 1,
   SNMP_ACCESS_WRITE_ONLY = 2,
   SNMP_ACCESS_READ_WRITE = 3
} SnmpAccess;
 
 
typedef enum
{
   SNMP_AUTH_PROTOCOL_NONE   = 0, 
   SNMP_AUTH_PROTOCOL_MD5    = 1, 
   SNMP_AUTH_PROTOCOL_SHA1   = 2, 
   SNMP_AUTH_PROTOCOL_SHA224 = 3, 
   SNMP_AUTH_PROTOCOL_SHA256 = 4, 
   SNMP_AUTH_PROTOCOL_SHA384 = 5, 
   SNMP_AUTH_PROTOCOL_SHA512 = 6  
} SnmpAuthProtocol;
 
 
typedef enum
{
   SNMP_PRIV_PROTOCOL_NONE = 0, 
   SNMP_PRIV_PROTOCOL_DES  = 1, 
   SNMP_PRIV_PROTOCOL_AES  = 2  
} SnmpPrivProtocol;
 
 
typedef enum
{
   SNMP_KEY_FORMAT_NONE = 0,     
   SNMP_KEY_FORMAT_TEXT = 1,     
   SNMP_KEY_FORMAT_RAW  = 2,     
   SNMP_KEY_FORMAT_LOCALIZED = 3 
} SnmpKeyFormat;
 
 
typedef struct
{
   uint8_t b[SNMP_MAX_KEY_SIZE];
} SnmpKey;
 
 
typedef struct
{
   MibRowStatus status;                             
   char_t name[SNMP_MAX_USER_NAME_LEN + 1];         
   SnmpAccess mode;                                 
#if (SNMP_V3_SUPPORT == ENABLED)
   SnmpAuthProtocol authProtocol;                   
   SnmpKey rawAuthKey;                              
   SnmpKey localizedAuthKey;                        
   SnmpPrivProtocol privProtocol;                   
   SnmpKey rawPrivKey;                              
   SnmpKey localizedPrivKey;                        
   uint8_t publicValue[SNMP_MAX_PUBLIC_VALUE_SIZE]; 
   size_t publicValueLen;                           
#endif
} SnmpUserEntry;
 
 
//USM related constants
extern const uint8_t usmStatsUnsupportedSecLevelsObject[10];
extern const uint8_t usmStatsNotInTimeWindowsObject[10];
extern const uint8_t usmStatsUnknownUserNamesObject[10];
extern const uint8_t usmStatsUnknownEngineIdsObject[10];
extern const uint8_t usmStatsWrongDigestsObject[10];
extern const uint8_t usmStatsDecryptionErrorsObject[10];
 
//USM related functions
SnmpUserEntry *snmpCreateUserEntry(SnmpAgentContext *context);
 
SnmpUserEntry *snmpFindUserEntry(SnmpAgentContext *context,
   const char_t *name, size_t length);
 
error_t snmpGenerateKey(SnmpAuthProtocol authProtocol, const char_t *password,
   SnmpKey *key);
 
error_t snmpLocalizeKey(SnmpAuthProtocol authProtocol, const uint8_t *engineId,
   size_t engineIdLen, SnmpKey *key, SnmpKey *localizedKey);
 
void snmpChangeKey(const HashAlgo *hashAlgo, const uint8_t *random,
   const uint8_t *delta, SnmpKey *key);
 
void snmpCloneSecurityParameters(SnmpUserEntry *user,
   const SnmpUserEntry *cloneFromUser);
 
error_t snmpCheckSecurityParameters(const SnmpUserEntry *user,
   SnmpMessage *message, const uint8_t *engineId, size_t engineIdLen);
 
void snmpRefreshEngineTime(SnmpAgentContext *context);
error_t snmpCheckEngineTime(SnmpAgentContext *context, SnmpMessage *message);
 
error_t snmpAuthOutgoingMessage(const SnmpUserEntry *user, SnmpMessage *message);
error_t snmpAuthIncomingMessage(const SnmpUserEntry *user, SnmpMessage *message);
 
error_t snmpEncryptData(const SnmpUserEntry *user, SnmpMessage *message,
   uint64_t *salt);
 
error_t snmpDecryptData(const SnmpUserEntry *user, SnmpMessage *message);
 
const HashAlgo *snmpGetHashAlgo(SnmpAuthProtocol authProtocol);
size_t snmpGetMacLength(SnmpAuthProtocol authProtocol);
 
 
//C++ guard
#ifdef __cplusplus
}
#endif
 
#endif