-- extracted from draft-kzm-imss-fc-fcsp-mib-00.txt -- at Wed Jun 13 06:08:27 2007 T11-FC-SP-TC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-IDENTITY, mib-2, Unsigned32 FROM SNMPv2-SMI -- [RFC2578] TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579] t11FcTcMIB MODULE-IDENTITY LAST-UPDATED "200702190000Z" ORGANIZATION "T11" CONTACT-INFO " Claudio DeSanti Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA EMail: cds@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Email: kzm@cisco.com" DESCRIPTION "This MIB module defines Textual Conventions for use in the multiple MIB modules which together define the instrumentation for an implementation of the Fibre Channel Security Protocols (FC-SP) specification. This MIB module also defines Object Identities (for use as possible values of MIB objects with syntax AutonomousType), including OIDs for the Cryptographic Algorithms defined in FC-SP. Copyright (C) The IETF Trust (2007). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- RFC Editor: replace yyyy with actual RFC number & remove this note REVISION "200702190000Z" DESCRIPTION "Initial version of this MIB module, published as RFCyyyy." -- RFC-Editor, replace yyyy with actual RFC number & remove this note ::= { mib-2 nnn } -- to be assigned by IANA -- RFC Editor: replace nnn with IANA-assigned number & remove this note t11FcSpIdentities OBJECT IDENTIFIER ::= { t11FcTcMIB 1 } t11FcSpAlgorithms OBJECT IDENTIFIER ::= { t11FcSpIdentities 1 } -- -- Textual Conventions -- T11FcSpPolicyHashFormat ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Identifies a cryptographic hash function used to create a hash value which summarizes an FC-SP Policy Object. Each definition of an object with this TC as its syntax must be accompanied by a corresponding definition of an object with T11FcSpPolicyHashValue as its syntax, and containing the hash value. The first two cryptographic hash functions are: Hash Type Hash Tag Hash Length (Bytes) SHA-1 '00000001'h 20 SHA-256 '00000002'h 32 " REFERENCE "- INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 7.1.3.1. - FIPS PUB 180-2." SYNTAX OCTET STRING (SIZE (4)) T11FcSpPolicyHashValue ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents the value of the cryptographic hash function of an FC-SP Policy Object. Each definition of an object with this TC as its syntax must be accompanied by a corresponding definition of an object with T11FcSpPolicyHashFormat as its syntax. The corresponding object identifies the cryptographic hash function used to create the hash value." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 7.1.3.1." SYNTAX OCTET STRING (SIZE (0..64)) T11FcSpAuthRejectReasonCode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A reason code contained in an AUTH_Reject message, or in an SW_RJT (rejecting an AUTH_ILS), or in an LS_RJT (rejecting an AUTH-ELS)." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 17, 48, 52." SYNTAX INTEGER { authFailure(1), logicalError(2), logicalBusy(3), authILSNotSupported(4), authELSNotSupported(5), notLoggedIn(6) } T11FcSpAuthRejReasonCodeExp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A reason code explanation contained in an AUTH_Reject message, or in an SW_RJT (rejecting an AUTH_ILS), or in an LS_RJT (rejecting an AUTH-ELS)." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Tables 18, 48, 52." SYNTAX INTEGER { authMechanismNotUsable(1), dhGroupNotUsable(2), hashFunctionNotUsable(3), authTransactionAlreadyStarted(4), authenticationFailed(5), incorrectPayload(6), incorrectAuthProtocolMessage(7), restartAuthProtocol(8), authConcatNotSupported(9), unsupportedProtocolVersion(10), logicalBusy(11), authILSNotSupported(12), authELSNotSupported(13), notLoggedIn(14) } T11FcSpHashFunctions ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A set of zero, one or more hash functions defined for use in FC-SP." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 14." SYNTAX BITS { md5(0), sha1(1) } T11FcSpSignFunctions ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A set of zero, one or more signature functions defined for signing certificates for use with FCAP in FC-SP." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, tables 38 & 39." SYNTAX BITS { rsaSha1(0) } T11FcSpDhGroups ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A set of zero, one or more DH Groups defined for use in FC-SP." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 15." SYNTAX BITS { null(0), group1024(1), group1280(2), group1536(3), group2048(4), group3072(5), group4096(6), group6144(7), group8192(8) } T11FcSpPolicyObjectType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A value which identifies the type of an FC-SP Policy Object." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 102." SYNTAX INTEGER { summary(1), switchMemberList(2), nodeMemberList(3), switchConnectivity(4), ipMgmtList(5), attribute(6) } T11FcSpPolicyNameType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The format and usage of a companion object having T11FcSpPolicyName as its syntax. Six of the values indicate the same format, i.e., they differ only in semantics. That common format is a Fibre Channel 'Name_Identifier', i.e., the same syntax as 'FcNameIdOrZero (SIZE(8))'. These six are three pairs of one restricted and one unrestricted. Each usage of this syntax must specify whether restricted names are allowed, and if so, how the usage of restricted names differ from unrestricted names. The six are: 'nodeName' - a Node_Name, which is the Name_Identifier associated with a Fibre Channel Node. 'restrictedNodeName' - a Restricted Node_Name. 'portName' - the Name_Identifier associated with a Fibre Channel Port. 'restrictedPortName' - a Restricted Port_Name. 'wildcard' - a Wildcard value which is used to identify 'all others' (typically, all other members of a Policy Object, not all other Policy Objects). 'restrictedWildcard' - a Restricted Wildcard value. Other possible values are: 'alphaNumericName' - the value begins with an ASCII letter (upper or lower case) followed by (0 ... 63) characters from the set: lower case letters, upper case letters, digits, and the four symbols: dollar-sign ($), dash (-), caret (^), and underscore (_). 'ipv6AddressRange' - two IPv6 addresses in network byte order, the numerically smallest first and the numerically largest second; total length is 32 bytes. 'ipv4AddressRange' - two IPv4 addresses in network byte order, the numerically smallest first and the numerically largest second; total length is 8 bytes." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 103." SYNTAX INTEGER { nodeName(1), restrictedNodeName(2), portName(3), restrictedPortName(4), wildcard(5), restrictedWildcard(6), alphaNumericName(7), ipv6AddressRange(8), ipv4AddressRange(9) } T11FcSpPolicyName ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A syntax used, when defining Policy Objects, for the name of something. An object which uses this syntax always identifies a a companion object with syntax T11FcSpPolicyNameType such that the companion object specifies the format and usage of the object with this syntax. When the companion object has the value 'wildcard' or 'restrictedWildcard', the value of the T11FcSpPolicyName object is: '0000000000000000'h." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 103." SYNTAX OCTET STRING (SIZE (1..64)) T11FcSpAlphaNumName ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A syntax used when defining Policy Objects for the name of something, where the name is always in the format specified by: T11FcSpPolicyNameType = 'alphaNumericName' " REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Table 103." SYNTAX OCTET STRING (SIZE (1..64)) T11FcSpAlphaNumNameOrNull ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An extension of the T11FcSpAlphaNumName TC which one additional possible value: the zero-length string to indicate the absence of a name." SYNTAX OCTET STRING (SIZE (0..64)) T11FcSaDirection ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The direction of frame transmission on a Security Association. Note that Security Associations are unidirectional but they always exist as part of an SA pair of the same type in opposite directions." SYNTAX INTEGER { ingress(1), egress(2) } T11FcSpiIndex ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An SPI (Security Parameter Index) value is carried in the SPI field of a frame protected by the ESP_Header. An SPI is also carried in the SAID field of a Common Transport Information Unit (CT_IU) protected by CT_Authentication. An SPI value identifies the Security Association on which the frame is being transmitted." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, section 4.7.2 and 4.7.3." SYNTAX Unsigned32 -- the default range: (0..4294967295) T11FcSpPrecedence ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The precedence of a Traffic Selector. If a frame matches with two or more Traffic Selectors, then the match which takes precedence is the one with the Traffic Selector having the numerically smallest precedence value. Note that precedence values are not necessarily contiguous." SYNTAX Unsigned32 -- the default range: (0..4294967295) T11FcRoutingControl ::= TEXTUAL-CONVENTION DISPLAY-HINT "1x" STATUS current DESCRIPTION "A value stored in the R_CTL (Routing Control) 8-bit field of an FC-2 frame containing routing and information bits to categorize the frame function. For FC-2 frames, an R_CTL value typically distinguishes between control versus data frames, and/or solicited versus unsolicited frames, and in combination with the TYPE field (see T11FcSpType) identifies a particular link layer service/protocol using FC-2. For CT_Authentication, the information field in the R_CTL field contains '02'h for Request CT_IUs, and '03'h for Response CT_IUs. The comparison of two values having this syntax is done by treating each string as an 8-bit numeric value." REFERENCE " - Fibre Channel - Framing and Signaling-2 (FC-FS-2), INCITS xxx/200x, Project T11/1619-D Rev 1.01, 8 August 2006, section 9.3. - Fibre Channel - Generic Services-5 (FC-GS-5), ANSI INCITS 427-2006, sections 4.5.2.4.2, 4.5.2.4.3 and table 12." SYNTAX OCTET STRING (SIZE(1)) T11FcSpType ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x" STATUS current DESCRIPTION "A value, or combination of values, contained in a frame header used in identifying the link layer service/protocol of a frame. The value is always two octets: - for FC-2 frames, the first octet is zero and the second octet contains the Data structure type (TYPE) value defined by FC-FS-2. The TYPE value is used in combination with T11FcRoutingControl to identify a link layer service/protocol. - for Common Transport Information Units (CT_IUs), the first octet contains a GS_Type value and the second octet contains a GS_Subtype value, defined by FC-GS-5. The comparison of two values having this syntax is done by treating each string as the numeric value obtained by numerically combining the individual octet's value as follows: (256 * 1st-octet) + 2nd-octet " REFERENCE " - Fibre Channel - Framing and Signaling-2 (FC-FS-2), INCITS xxx/200x, Project T11/1619-D Rev 1.01, 8 August 2006, section 9.6. - Fibre Channel - Generic Services-5 (FC-GS-5), ANSI INCITS 427-2006, sections 4.3.2.4 and 4.3.2.5." SYNTAX OCTET STRING (SIZE(2)) T11FcSpTransforms ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A list of the standardized transforms which are defined by FC-SP for use with ESP_Header, CT_Authentication and/or IKEv2 Support." REFERENCE "INCITS xxx/200x, T11/Project 1570-D/Rev 1.8, Fibre Channel - Security Protocols (FC-SP), 13 June 2006, Appendix A.3.1, tables A.23, A.24, A.25, A.26." SYNTAX BITS { encrNull(0), encrAesCbc(1), encrAesCtr(2), encrAesGcm(3), encr3Des(4), prfHmacMd5(5), prfHmacSha1(6), prfAesCbc(7), authHmacMd5L96(8), authHmacSha1L96(9), authHmacMd5L128(10), authHmacSha1L160(11), encrNullAuthAesGmac(12), dhGroups1024bit(13), dhGroups2048bit(14) } -- -- Object Identities to identify the Cryptographic Algorithms -- listed in FC-SP. -- t11FcSpEncryptAlgorithms OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 1 } t11FcSpEncrNull OBJECT-IDENTITY STATUS current DESCRIPTION "The ENCR_NULL algorithm." ::= { t11FcSpEncryptAlgorithms 1 } t11FcSpEncrAesCbc OBJECT-IDENTITY STATUS current DESCRIPTION "The ENCR_AES_CBC algorithm." ::= { t11FcSpEncryptAlgorithms 2 } t11FcSpEncrAesCtr OBJECT-IDENTITY STATUS current DESCRIPTION "The ENCR_AES_CTR algorithm." ::= { t11FcSpEncryptAlgorithms 3 } t11FcSpEncrAesGcm OBJECT-IDENTITY STATUS current DESCRIPTION "The ENCR_AES_GCM algorithm." ::= { t11FcSpEncryptAlgorithms 4 } t11FcSpEncr3Des OBJECT-IDENTITY STATUS current DESCRIPTION "The ENCR_3DES algorithm." ::= { t11FcSpEncryptAlgorithms 5 } t11FcSpAuthAlgorithms OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 2 } t11FcSpAuthNull OBJECT-IDENTITY STATUS current DESCRIPTION "The AUTH_NONE algorithm." ::= { t11FcSpAuthAlgorithms 1 } t11FcSpAuthHmacMd5L96 OBJECT-IDENTITY STATUS current DESCRIPTION "The AUTH_HMAC_MD5_96 algorithm." ::= { t11FcSpAuthAlgorithms 2 } t11FcSpAuthHmacSha1L96 OBJECT-IDENTITY STATUS current DESCRIPTION "The AUTH_HMAC_SHA1_96 algorithm." ::= { t11FcSpAuthAlgorithms 3 } t11FcSpAuthHmacMd5L128 OBJECT-IDENTITY STATUS current DESCRIPTION "The AUTH_HMAC_MD5_128 algorithm." ::= { t11FcSpAuthAlgorithms 4 } t11FcSpAuthHmacSha1L160 OBJECT-IDENTITY STATUS current DESCRIPTION "The AUTH_HMAC_SHA1_160 algorithm." ::= { t11FcSpAuthAlgorithms 5 } t11FcSpEncrNullAuthAesGmac OBJECT-IDENTITY STATUS current DESCRIPTION "The ENCR_NULL_AUTH_AES_GMAC algorithm." ::= { t11FcSpEncryptAlgorithms 6 } END -- -- Copyright (C) The IETF Trust (2007). This document is subject to the -- rights, licenses and restrictions contained in BCP 78, and except as -- set forth therein, the authors retain all their rights. -- -- This document and the information contained herein are provided on an -- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS -- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND -- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS -- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- -- Disclaimer of validity -- -- The IETF takes no position regarding the validity or scope of any -- Intellectual Property Rights or other rights that might be claimed to -- pertain to the implementation or use of the technology described in -- this document or the extent to which any license under such rights -- might or might not be available; nor does it represent that it has -- made any independent effort to identify any such rights. Information -- on the procedures with respect to rights in RFC documents can be -- found in BCP 78 and BCP 79. -- -- Copies of IPR disclosures made to the IETF Secretariat and any -- assurances of licenses to be made available, or the result of an -- attempt made to obtain a general license or permission for the use of -- such proprietary rights by implementers or users of this -- specification can be obtained from the IETF on-line IPR repository at -- http://www.ietf.org/ipr. -- -- The IETF invites any interested party to bring to its attention any -- copyrights, patents or patent applications, or other proprietary -- rights that may cover technology that may be required to implement -- this standard. Please address the information to the IETF at -- ietf-ipr@ietf.org. -- -- Acknowledgment -- -- Funding for the RFC Editor function is currently provided by the -- Internet Society.