usm_v3.h

hp snmp++ (support ipv6)

/*_############################################################################
  _## 
  _##  usm_v3.h  
  _##
  _##  SNMP++v3.2.20
  _##  -----------------------------------------------
  _##  Copyright (c) 2001-2006 Jochen Katz, Frank Fock
  _##
  _##  This software is based on SNMP++2.6 from Hewlett Packard:
  _##  
  _##    Copyright (c) 1996
  _##    Hewlett-Packard Company
  _##  
  _##  ATTENTION: USE OF THIS SOFTWARE IS SUBJECT TO THE FOLLOWING TERMS.
  _##  Permission to use, copy, modify, distribute and/or sell this software 
  _##  and/or its documentation is hereby granted without fee. User agrees 
  _##  to display the above copyright notice and this license notice in all 
  _##  copies of the software and any documentation of the software. User 
  _##  agrees to assume all liability for the use of the software; 
  _##  Hewlett-Packard and Jochen Katz make no representations about the 
  _##  suitability of this software for any purpose. It is provided 
  _##  "AS-IS" without warranty of any kind, either express or implied. User 
  _##  hereby grants a royalty-free license to any and all derivatives based
  _##  upon this software code base. 
  _##  
  _##  Stuttgart, Germany, Sun Jan 15 23:12:08 CET 2006 
  _##  
  _##########################################################################*/
// $Id: usm_v3.h,v 1.10 2005/12/08 22:23:01 katz Exp $

#ifndef _USM_V3
#define _USM_V3

#include "snmp_pp/config_snmp_pp.h"

#ifdef _SNMPv3

#include "snmp_pp/smi.h"
#include "snmp_pp/octet.h"
#include "snmp_pp/address.h"

#ifdef SNMP_PP_NAMESPACE
namespace Snmp_pp {
#endif

#define MAXUINT32 4294967295u

// the maximum allowed length of the username
#define MAXLEN_USMUSERNAME 32
#define MAXLEN_USMSECURITYNAME MAXLEN_USMUSERNAME

#define SNMPv3_AUTHFLAG       0x01
#define SNMPv3_PRIVFLAG       0x02
#define SNMPv3_REPORTABLEFLAG 0x04

#define NOKEY      0
#define AUTHKEY    1
#define PRIVKEY    2
#define OWNAUTHKEY 3
#define OWNPRIVKEY 4

/** @name SecurityLevels
 *
 * When sending a SNMPv3 message, one of these security levels can be
 * set on the Pdu object.
 */
//@{
#define SNMP_SECURITY_LEVEL_NOAUTH_NOPRIV  1 ///< noAuthNoPriv
#define SNMP_SECURITY_LEVEL_AUTH_NOPRIV    2 ///< authNoPriv
#define SNMP_SECURITY_LEVEL_AUTH_PRIV      3 ///< authPriv
//@}

/** @name AuthProtocols
 *
 * Each user of the USM must use one authentication protocol (which
 * may be none.
 */
//@{
#define SNMP_AUTHPROTOCOL_NONE    1 ///< None
#define SNMP_AUTHPROTOCOL_HMACMD5 2 ///< HMAC-MD5
#define SNMP_AUTHPROTOCOL_HMACSHA 3 ///< HMAC-SHA
//@}

/** @name PrivProtocols
 *
 * Each user of the USM must use one privacy protocol (which may be
 * none.
 */
//@{
#define SNMP_PRIVPROTOCOL_NONE     1 ///< None
#define SNMP_PRIVPROTOCOL_DES      2 ///< DES
#define SNMP_PRIVPROTOCOL_AES128   4 ///< AES128 (RFC 3826)

#define SNMP_PRIVPROTOCOL_IDEA     9 ///< IDEA (non standard)
#define SNMP_PRIVPROTOCOL_AES192  20 ///< AES192 (non standard)
#define SNMP_PRIVPROTOCOL_AES256  21 ///< AES256 (non standard)
#define SNMP_PRIVPROTOCOL_3DESEDE  3 ///< 3DES (expired draft standard)
//@}

/** @name USM-ErrorCodes
 *
 * Each method of the class USM may return one of the following
 * error codes.
 */
//@{
#define SNMPv3_USM_OK                          1400
#define SNMPv3_USM_ERROR                       1401
#define SNMPv3_USM_ERROR_CONFIGFILE            1402
#define SNMPv3_USM_UNSUPPORTED_SECURITY_LEVEL  1403
#define SNMPv3_USM_UNKNOWN_SECURITY_NAME       1404
#define SNMPv3_USM_ENCRYPTION_ERROR            1405
#define SNMPv3_USM_DECRYPTION_ERROR            1406
#define SNMPv3_USM_AUTHENTICATION_ERROR        1407
#define SNMPv3_USM_AUTHENTICATION_FAILURE      1408
#define SNMPv3_USM_PARSE_ERROR                 1409
#define SNMPv3_USM_UNKNOWN_ENGINEID            1410
#define SNMPv3_USM_NOT_IN_TIME_WINDOW          1411
#define SNMPv3_USM_UNSUPPORTED_AUTHPROTOCOL    1412
#define SNMPv3_USM_UNSUPPORTED_PRIVPROTOCOL    1413
#define SNMPv3_USM_ADDRESS_ERROR               1414
#define SNMPv3_USM_FILECREATE_ERROR            1415
#define SNMPv3_USM_FILEOPEN_ERROR              1416
#define SNMPv3_USM_FILERENAME_ERROR            1417
#define SNMPv3_USM_FILEDELETE_ERROR            1418
#define SNMPv3_USM_FILEWRITE_ERROR             1419
#define SNMPv3_USM_FILEREAD_ERROR              1420
//@}

/** @name Statistics on error codes. */
//@{
#define SNMPv3_USM_MAX_ERROR                   SNMPv3_USM_FILEREAD_ERROR
#define SNMPv3_USM_MIN_ERROR                   SNMPv3_USM_OK
#define SNMPv3_USM_ERRORCOUNT                  SNMPv3_USM_MAX_ERROR - SNMPv3_USM_MIN_ERROR
//@}

#define oidUsmStats                        "1.3.6.1.6.3.15.1.1"
#define oidUsmStatsUnsupportedSecLevels    "1.3.6.1.6.3.15.1.1.1.0"
#define oidUsmStatsNotInTimeWindows        "1.3.6.1.6.3.15.1.1.2.0"
#define oidUsmStatsUnknownUserNames        "1.3.6.1.6.3.15.1.1.3.0"
#define oidUsmStatsUnknownEngineIDs        "1.3.6.1.6.3.15.1.1.4.0"
#define oidUsmStatsWrongDigests            "1.3.6.1.6.3.15.1.1.5.0"
#define oidUsmStatsDecryptionErrors        "1.3.6.1.6.3.15.1.1.6.0"

#define oidUsmUserTable                    "1.3.6.1.6.3.15.1.2.2"
#define oidUsmUserEntry                    "1.3.6.1.6.3.15.1.2.2.1"

#define oidUsmAuthProtocolBase             "1.3.6.1.6.3.10.1.1"
#define oidUsmNoAuthProtocol               "1.3.6.1.6.3.10.1.1.1"
#define oidUsmHMACMD5AuthProtocol          "1.3.6.1.6.3.10.1.1.2"
#define oidUsmHMACSHAAuthProtocol          "1.3.6.1.6.3.10.1.1.3"

#define oidUsmPrivProtocolBase             "1.3.6.1.6.3.10.1.2"
#define oidUsmNoPrivProtocol               "1.3.6.1.6.3.10.1.2.1"
#define oidUsmDESPrivProtocol              "1.3.6.1.6.3.10.1.2.2"
#define oidUsmIDEAPrivProtocol             "1.3.6.1.6.3.10.1.2.9"
#define oidUsmAES128PrivProtocol           "1.3.6.1.6.3.10.1.2.4"
#define oidUsmAES192PrivProtocol           "1.3.6.1.6.3.10.1.2.20"
#define oidUsmAES256PrivProtocol           "1.3.6.1.6.3.10.1.2.21"
#define oidUsm3DESEDEPrivProtocol          "1.3.6.1.6.3.10.1.2.3"


#define USM_KeyUpdate            1
#define USM_PasswordUpdate       2
#define USM_PasswordKeyUpdate    3
#define USM_PasswordAllKeyUpdate 4

class SnmpTarget;
class Pdu;

struct UsmKeyUpdate;

struct UsmUserTableEntry {
  unsigned char *usmUserEngineID;     long int usmUserEngineIDLength;
  unsigned char *usmUserName;         long int usmUserNameLength;
  unsigned char *usmUserSecurityName; long int usmUserSecurityNameLength;
  long int  usmUserAuthProtocol;
  unsigned char *usmUserAuthKey;      long int usmUserAuthKeyLength;
  long int  usmUserPrivProtocol;
  unsigned char *usmUserPrivKey;      long int usmUserPrivKeyLength;
};

struct UsmUser {
  unsigned char *engineID;     long int engineIDLength;
  unsigned char *usmUserName;  long int usmUserNameLength;
  unsigned char *securityName; long int securityNameLength;
  long int  authProtocol;
  unsigned char *authKey;      long int authKeyLength;
  long int  privProtocol;
  unsigned char *privKey;      long int privKeyLength;
};

struct UsmUserNameTableEntry {
  OctetStr usmUserName;
  OctetStr usmUserSecurityName;
  long int  usmUserAuthProtocol;
  long int  usmUserPrivProtocol;
  unsigned char *authPassword;        long int authPasswordLength;
  unsigned char *privPassword;        long int privPasswordLength;
};

//-----------[ async methods callback ]-----------------------------------
typedef void (*usm_add_user_callback)(const OctetStr &engine_id,
                                      const OctetStr &usm_user_name,
                                      const OctetStr &usm_user_security_name,
                                      const int auth_protocol,
                                      const OctetStr &auth_key,
                                      const int priv_protocol,
                                      const OctetStr &priv_key);

struct SecurityStateReference;

class AuthPriv;
class USMTimeTable;
class USMUserNameTable;
class USMUserTable;
class v3MP;

/**
 * This is the class for the User Based Security Model.
 *
 * To add or delete users, the methods add_usm_user() and delete_usm_user()
 * should be used.
 *
 * USM distinguishes between userName and securityName. The following is
 * from section 2.1 of RFC3414:
 *
 * "userName: A string representing the name of the user.
 *
 *  securityName: A human-readable string representing the user in a format
 *  that is Security Model independent. There is a one-to-one relationship *
 *  between userName and securityName."
 */
class DLLOPT USM
{
  friend class v3MP;

public:

  /**
   * Create an instance of the USM.
   *
   * @param engine_boots - The new value for the snmpEngineBoots counter
   * @param engine_id    - The local snmp engine id
   * @param v3_mp        - Pointer to the parent v3MP object.
   * @param msg_id       - OUT: The initial value for the msgID
   * @param result       - OUT: construct status, should be SNMPv3_USM_OK
   */
  USM(unsigned int engine_boots, const OctetStr &engine_id, const v3MP *v3_mp,
      unsigned int *msg_id, int &result);

  /**
   * Destructor.
   */
  ~USM();

  /**
   * Enables the discovery mode of the USM, i.e. the USM accepts all messages
   * with unknown engine ids and adds these engine ids to its tables.
   */
  void set_discovery_mode() { discovery_mode = 1; };

  /**
   * Disables the discovery mode of the USM, i.e. the USM will not accept any
   * message with an unknown engine id.
   */
  void unset_discovery_mode() { discovery_mode = 0; };

  /**
   * Return TRUE if the USM discovery mode is enabled, FALSE else.
   */
  int is_discovery_enabled() const { return discovery_mode; };

  /**
   * Add a new user to the usmUserNameTable. If the User is already known
   * to the USM, the old entry is replaced.
   * The USM will compute a userName for the given securityName, which
   * will be the same as securityName (recommended).
   *
   * @param security_name - Unique securityName
   * @param auth_protocol - Possible values are:
   *                              SNMP_AUTHPROTOCOL_NONE,
   *                              SNMP_AUTHPROTOCOL_HMACMD5,
   *                              SNMP_AUTHPROTOCOL_HMACSHA
   * @param priv_protocol - Possible values are:
   *                              SNMP_PRIVPROTOCOL_NONE,
   *                              SNMP_PRIVPROTOCOL_DES,
   *                              SNMP_PRIVPROTOCOL_IDEA
   * @param auth_password - Secret password for authentication
   * @param priv_password - Secret password for privacy
   *
   * @return - SNMPv3_USM_OK or
   *           SNMP_v3_USM_ERROR (memory error, not initialized)
   */
  int add_usm_user(const OctetStr& security_name,
		   const long int  auth_protocol,
		   const long int  priv_protocol,
		   const OctetStr& auth_password,
		   const OctetStr& priv_password);

  /**
   * Add a new user to the usmUserNameTable. If the userName is already known
   * to the USM, the old entry is replaced.
   *
   * It is not recommended to add users with userName != securityName.
   *
   * @param  user_name     - Unique userName
   * @param  security_name - Unique securityName
   * @param  auth_protocol - Possible values are:
   *                              SNMP_AUTHPROTOCOL_NONE,
   *                              SNMP_AUTHPROTOCOL_HMACMD5,
   *                              SNMP_AUTHPROTOCOL_HMACSHA
   * @param  priv_protocol - Possible values are:
   *                              SNMP_PRIVPROTOCOL_NONE,
   *                              SNMP_PRIVPROTOCOL_DES,
   *                              SNMP_PRIVPROTOCOL_IDEA
   * @param  auth_password - Secret password for authentication
   * @param  priv_password - Secret password for privacy
   *
   * @return - SNMPv3_USM_OK or
   *           SNMP_v3_USM_ERROR (memory error, not initialized)
   */
  int add_usm_user(const OctetStr& user_name,
		   const OctetStr& security_name,
		   const long int  auth_protocol,
		   const long int  priv_protocol,
		   const OctetStr& auth_password,
		   const OctetStr& priv_password);


  /**
   * Add or replace a localized user in the USM table.
   *
   * This function uses build_localized_keys() to generate localized
   * keys for the given passwords. Then it calls add_localized_user()
   * to add/replace the localized entry for the user.
   *
   * The passwords are not stored, so no additonal engine id discovery
   * is possible.
   *
   * @param user_name         - The name of the user (in the USM)
   * @param security_name     - The securityName of the user, this name
   *                                is the same for all securityModels
   * @param auth_protocol     - Possible values are:
   *                                SNMP_AUTHPROTOCOL_NONE,
   *                                SNMP_AUTHPROTOCOL_HMACMD5,
   *                                SNMP_AUTHPROTOCOL_HMACSHA,...
   * @param priv_protocol     - Possible values are:
   *                                SNMP_PRIVPROTOCOL_NONE,
   *                                SNMP_PRIVPROTOCOL_DES,
   *                                SNMP_PRIVPROTOCOL_IDEA,...
   * @param  auth_password - Secret password for authentication
   * @param  priv_password - Secret password for privacy
   * @param engine_id         - The engineID, the key was localized with