1 /* 2 * snmpusm.h 3 * 4 * Header file for USM support. 5 * 6 * Portions of this file are copyrighted by: 7 * Copyright (c) 2016 VMware, Inc. All rights reserved. 8 * Use is subject to license terms specified in the COPYING file 9 * distributed with the Net-SNMP package. 10 */ 11 12 #ifndef SNMPUSM_H 13 #define SNMPUSM_H 14 15 #include <net-snmp/library/callback.h> 16 17 #ifdef __cplusplus 18 extern "C" { 19 #endif 20 21 #define WILDCARDSTRING "*" 22 23 /* 24 * General. 25 */ 26 #define USM_MAX_ID_LENGTH 1024 /* In bytes. */ 27 #define USM_MAX_SALT_LENGTH 128 /* In BITS. */ 28 #define USM_DES_SALT_LENGTH 64 /* In BITS. */ 29 #define USM_AES_SALT_LENGTH 128 /* In BITS. */ 30 #define USM_MAX_KEYEDHASH_LENGTH 128 /* In BITS. */ 31 32 #define USM_TIME_WINDOW 150 33 #define USM_MD5_AND_SHA_AUTH_LEN 12 /* bytes */ 34 #define USM_HMAC128SHA224_AUTH_LEN 16 /* OPTIONAL */ 35 #define USM_HMAC192SHA256_AUTH_LEN 24 /* MUST */ 36 #define USM_HMAC256SHA384_AUTH_LEN 32 /* OPTIONAL */ 37 #define USM_HMAC384SHA512_AUTH_LEN 48 /* SHOULD */ 38 #define USM_MAX_AUTHSIZE USM_HMAC384SHA512_AUTH_LEN 39 40 #define USM_SEC_MODEL_NUMBER SNMP_SEC_MODEL_USM 41 42 /* 43 * Structures. 44 */ 45 struct usmStateReference; 46 47 /* 48 * struct usmUser: a structure to represent a given user in a list 49 */ 50 /* 51 * Note: Any changes made to this structure need to be reflected in 52 * the following functions: 53 */ 54 55 struct usmUser; 56 struct usmUser { 57 u_int flags; 58 u_char *engineID; 59 size_t engineIDLen; 60 char *name; 61 char *secName; 62 oid *cloneFrom; 63 size_t cloneFromLen; 64 oid *authProtocol; 65 size_t authProtocolLen; 66 u_char *authKey; 67 size_t authKeyLen; 68 u_char *authKeyKu; 69 size_t authKeyKuLen; 70 oid *privProtocol; 71 size_t privProtocolLen; 72 u_char *privKeyKu; 73 size_t privKeyKuLen; 74 u_char *privKey; 75 size_t privKeyLen; 76 u_char *userPublicString; 77 size_t userPublicStringLen; 78 int userStatus; 79 int userStorageType; 80 /* these are actually DH * pointers but only if openssl is avail. */ 81 void *usmDHUserAuthKeyChange; 82 void *usmDHUserPrivKeyChange; 83 struct usmUser *next; 84 struct usmUser *prev; 85 }; 86 87 #define USMUSER_FLAG_KEEP_MASTER_KEY 0x01 88 89 90 /* 91 * Prototypes. 92 */ 93 NETSNMP_IMPORT 94 int usm_extend_user_kul(struct usmUser *user, 95 u_int privKeyBufSize); 96 NETSNMP_IMPORT 97 struct usmUser *usm_get_userList(void); 98 NETSNMP_IMPORT 99 struct usmUser *usm_get_user(const u_char *engineID, size_t engineIDLen, 100 const char *name); 101 NETSNMP_IMPORT 102 struct usmUser *usm_add_user(struct usmUser *user); 103 NETSNMP_IMPORT 104 struct usmUser *usm_free_user(struct usmUser *user); 105 NETSNMP_IMPORT 106 struct usmUser *usm_create_user(void); 107 NETSNMP_IMPORT 108 struct usmUser *usm_cloneFrom_user(struct usmUser *from, 109 struct usmUser *to); 110 NETSNMP_IMPORT 111 struct usmUser *usm_remove_user(struct usmUser *user); 112 NETSNMP_IMPORT 113 void usm_parse_config_usmUser(const char *token, 114 char *line); 115 NETSNMP_IMPORT 116 void usm_set_user_password(struct usmUser *user, 117 const char *token, char *line); 118 void init_usm(void); 119 NETSNMP_IMPORT 120 void init_usm_conf(const char *app); 121 NETSNMP_IMPORT 122 void shutdown_usm(void); 123 NETSNMP_IMPORT 124 int usm_lookup_auth_type(const char *str); 125 NETSNMP_IMPORT 126 const char *usm_lookup_auth_str(int value); 127 NETSNMP_IMPORT 128 oid *usm_get_auth_oid(int auth_type, size_t *oid_len); 129 NETSNMP_IMPORT 130 int usm_lookup_priv_type(const char *str); 131 NETSNMP_IMPORT 132 const char *usm_lookup_priv_str(int value); 133 NETSNMP_IMPORT 134 oid *usm_get_priv_oid(int priv_type, size_t *oid_len); 135 136 137 #define USM_CREATE_USER_AUTH_DFLT -1 138 #define USM_CREATE_USER_AUTH_NONE NETSNMP_USMAUTH_NONE 139 #define USM_CREATE_USER_AUTH_MD5 NETSNMP_USMAUTH_HMACMD5 140 #define USM_CREATE_USER_AUTH_SHA1 NETSNMP_USMAUTH_HMACSHA1 141 #define USM_CREATE_USER_AUTH_SHA USM_CREATE_USER_AUTH_SHA1 142 #define USM_CREATE_USER_AUTH_SHA512 NETSNMP_USMAUTH_HMAC384SHA512 143 #define USM_CREATE_USER_AUTH_SHA384 NETSNMP_USMAUTH_HMAC256SHA384 144 #define USM_CREATE_USER_AUTH_SHA256 NETSNMP_USMAUTH_HMAC192SHA256 145 #define USM_CREATE_USER_AUTH_SHA224 NETSNMP_USMAUTH_HMAC128SHA224 146 147 /** flags for variants fo priv algorithsm */ 148 #define USM_DES_FLAG_3 0x000100 149 150 #define USM_AES_FLAG_192 0x000100 151 #define USM_AES_FLAG_256 0x000200 152 153 #define USM_AES_REEDER_FLAG 0x030000 154 #define USM_AES_FLAG_CISCO 0x100000 155 156 #define USM_PRIV_MASK_ALG 0x0000ff 157 #define USM_PRIV_MASK_VARIANT 0x00ff00 158 159 #define USM_CREATE_USER_PRIV_DFLT -1 160 #define USM_CREATE_USER_PRIV_NONE 0 161 162 #define USM_CREATE_USER_PRIV_DES 0x01 163 #define USM_CREATE_USER_PRIV_3DES \ 164 (USM_CREATE_USER_PRIV_DES | USM_DES_FLAG_3) 165 166 #define USM_CREATE_USER_PRIV_AES 0x02 167 #define USM_CREATE_USER_PRIV_AES192 \ 168 (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_192) 169 #define USM_CREATE_USER_PRIV_AES256 \ 170 (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_256) 171 172 #define USM_CREATE_USER_PRIV_AES192_CISCO \ 173 (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_192 | USM_AES_FLAG_CISCO \ 174 | USM_AES_REEDER_FLAG) 175 #define USM_CREATE_USER_PRIV_AES256_CISCO \ 176 (USM_CREATE_USER_PRIV_AES | USM_AES_FLAG_256 | USM_AES_FLAG_CISCO \ 177 | USM_AES_REEDER_FLAG) 178 179 180 NETSNMP_IMPORT 181 int usm_create_user_from_session(netsnmp_session * session); 182 NETSNMP_IMPORT 183 void usm_parse_create_usmUser(const char *token, 184 char *line); 185 NETSNMP_IMPORT 186 const oid *get_default_authtype(size_t *); 187 NETSNMP_IMPORT 188 const oid *get_default_privtype(size_t *); 189 190 #ifdef __cplusplus 191 } 192 #endif 193 #endif /* SNMPUSM_H */ 194