| draft-ietf-opsawg-hmac-sha-2-usm-snmp-new-02.txt | draft-ietf-opsawg-hmac-sha-2-usm-snmp-new-03.txt | |||
|---|---|---|---|---|
| OPSAWG J. Merkle, Ed. | OPSAWG J. Merkle, Ed. | |||
| Internet-Draft Secunet Security Networks | Internet-Draft Secunet Security Networks | |||
| Obsoletes: 7630 (if approved) M. Lochter | Obsoletes: 7630 (if approved) M. Lochter | |||
| Intended status: Standards Track BSI | Intended status: Standards Track BSI | |||
| Expires: July 17, 2016 January 14, 2016 | Expires: July 29, 2016 January 26, 2016 | |||
| HMAC-SHA-2 Authentication Protocols in USM for SNMPv3 | HMAC-SHA-2 Authentication Protocols in USM for SNMPv3 | |||
| draft-ietf-opsawg-hmac-sha-2-usm-snmp-new-02 | draft-ietf-opsawg-hmac-sha-2-usm-snmp-new-03 | |||
| Abstract | Abstract | |||
| This memo specifies new HMAC-SHA-2 authentication protocols for the | This memo specifies new HMAC-SHA-2 authentication protocols for the | |||
| User-based Security Model (USM) for SNMPv3 defined in RFC 3414. | User-based Security Model (USM) for SNMPv3 defined in RFC 3414. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 32 | skipping to change at page 1, line 32 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 17, 2016. | This Internet-Draft will expire on July 29, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 39 | skipping to change at page 2, line 39 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 13 | 11.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 1. Introduction | 1. Introduction | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for use with network management protocols. In particular, it defines | for use with network management protocols. In particular, it defines | |||
| additional authentication protocols for the User-based Security Model | additional authentication protocols for the User-based Security Model | |||
| (USM) for the Simple Network Management Protocol version 3 (SNMPv3) | (USM) for the Simple Network Management Protocol version 3 (SNMPv3) | |||
| specified in RFC 3414 [RFC3414]. | specified in [RFC3414]. | |||
| In RFC 3414, two different authentication protocols, HMAC-MD5-96 and | In RFC 3414, two different authentication protocols, HMAC-MD5-96 and | |||
| HMAC-SHA-96, are defined based on the hash functions MD5 and SHA-1, | HMAC-SHA-96, are defined based on the hash functions MD5 and SHA-1, | |||
| respectively. This memo specifies new HMAC-SHA-2 authentication | respectively. This memo specifies new HMAC-SHA-2 authentication | |||
| protocols for USM using a Hashed Message Authentication Code (HMAC) | protocols for USM using a Hashed Message Authentication Code (HMAC) | |||
| based on the SHA-2 family of hash functions [SHA] and truncated to | based on the SHA-2 family of hash functions [SHA] and truncated to | |||
| 128 bits for SHA-224, to 192 bits for SHA-256, to 256 bits for | 128 bits for SHA-224, to 192 bits for SHA-256, to 256 bits for | |||
| SHA-384, and to 384 bits for SHA-512. These protocols are | SHA-384, and to 384 bits for SHA-512. These protocols are | |||
| straightforward adaptations of the authentication protocols HMAC- | straightforward adaptations of the authentication protocols HMAC- | |||
| MD5-96 and HMAC-SHA-96 to the SHA-2-based HMAC. | MD5-96 and HMAC-SHA-96 to the SHA-2-based HMAC. | |||
| This document obsoletes RFC 7630, in which the MIB MODULE-IDENTITY | This document obsoletes RFC 7630, in which the MIB MODULE-IDENTITY | |||
| value was incorrectly specified. | value was incorrectly specified. | |||
| 2. The Internet-Standard Management Framework | 2. The Internet-Standard Management Framework | |||
| For a detailed overview of the documents that describe the current | For a detailed overview of the documents that describe the current | |||
| Internet-Standard Management Framework, please refer to section 7 of | Internet-Standard Management Framework, please refer to section 7 of | |||
| RFC 3410 [RFC3410]. | [RFC3410]. | |||
| Managed objects are accessed via a virtual information store, termed | Managed objects are accessed via a virtual information store, termed | |||
| the Management Information Base or MIB. MIB objects are generally | the Management Information Base or MIB. MIB objects are generally | |||
| accessed through the Simple Network Management Protocol (SNMP). | accessed through the Simple Network Management Protocol (SNMP). | |||
| Objects in the MIB are defined using the mechanisms defined in the | Objects in the MIB are defined using the mechanisms defined in the | |||
| Structure of Management Information (SMI). This memo specifies a MIB | Structure of Management Information (SMI). This memo specifies a MIB | |||
| module that is compliant to the SMIv2, which is described in STD 58, | module that is compliant to the SMIv2, which is described in | |||
| RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 | [RFC2578], [RFC2579], and [RFC2580]. | |||
| [RFC2580]. | ||||
| 3. Conventions | 3. Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in BCP 14, RFC 2119 | document are to be interpreted as described in BCP 14, RFC 2119 | |||
| [RFC2119]. | [RFC2119]. | |||
| 4. The HMAC-SHA-2 Authentication Protocols | 4. The HMAC-SHA-2 Authentication Protocols | |||
| This section describes the HMAC-SHA-2 authentication protocols, which | This section describes the HMAC-SHA-2 authentication protocols, which | |||
| use the SHA-2 hash functions (described in FIPS PUB 180-4 [SHA] and | use the SHA-2 hash functions (described in FIPS PUB 180-4 [SHA] and | |||
| RFC 6234 [RFC6234]) in the HMAC mode (described in RFC 2104 [RFC2104] | [RFC6234]) in the HMAC mode (described in [RFC2104] and RFC 6234), | |||
| and RFC 6234), truncating the output to 128 bits for SHA-224, 192 | truncating the output to 128 bits for SHA-224, 192 bits for SHA-256, | |||
| bits for SHA-256, 256 bits for SHA-384, and 384 bits for SHA-512. | 256 bits for SHA-384, and 384 bits for SHA-512. RFC 6234 also | |||
| RFC 6234 also provides source code for all the SHA-2 algorithms and | provides source code for all the SHA-2 algorithms and HMAC (without | |||
| HMAC (without truncation). It also includes test harness and | truncation). It also includes test harness and standard test vectors | |||
| standard test vectors for all the defined hash functions and HMAC | for all the defined hash functions and HMAC examples. | |||
| examples. | ||||
| The following protocols are defined: | The following protocols are defined: | |||
| usmHMAC128SHA224AuthProtocol: uses SHA-224 and truncates the | usmHMAC128SHA224AuthProtocol: uses SHA-224 and truncates the | |||
| output to 128 bits (16 octets); | output to 128 bits (16 octets); | |||
| usmHMAC192SHA256AuthProtocol: uses SHA-256 and truncates the | usmHMAC192SHA256AuthProtocol: uses SHA-256 and truncates the | |||
| output to 192 bits (24 octets); | output to 192 bits (24 octets); | |||
| usmHMAC256SHA384AuthProtocol: uses SHA-384 and truncates the | usmHMAC256SHA384AuthProtocol: uses SHA-384 and truncates the | |||
| skipping to change at page 5, line 38 | skipping to change at page 5, line 38 | |||
| This section describes the procedure followed by an SNMP engine | This section describes the procedure followed by an SNMP engine | |||
| whenever it must authenticate an outgoing message using one of the | whenever it must authenticate an outgoing message using one of the | |||
| authentication protocols defined above. Values of the constants M | authentication protocols defined above. Values of the constants M | |||
| and N, and the hash function H are as defined in Section 4.2 and are | and N, and the hash function H are as defined in Section 4.2 and are | |||
| selected based on which authentication protocol is configured for the | selected based on which authentication protocol is configured for the | |||
| given USM usmUser Table entry. | given USM usmUser Table entry. | |||
| 1. The msgAuthenticationParameters field is set to the serialization | 1. The msgAuthenticationParameters field is set to the serialization | |||
| of an OCTET STRING containing N zero octets; it is serialized | of an OCTET STRING containing N zero octets; it is serialized | |||
| according to the rules in RFC 3417 [RFC3417]. | according to the rules in [RFC3417]. | |||
| 2. Using the secret authKey of M octets, the HMAC is calculated over | 2. Using the secret authKey of M octets, the HMAC is calculated over | |||
| the wholeMsg according to RFC 6234 with hash function H. | the wholeMsg according to RFC 6234 with hash function H. | |||
| 3. The N first octets of the above HMAC are taken as the computed | 3. The N first octets of the above HMAC are taken as the computed | |||
| MAC value. | MAC value. | |||
| 4. The msgAuthenticationParameters field is replaced with the MAC | 4. The msgAuthenticationParameters field is replaced with the MAC | |||
| obtained in the previous step. | obtained in the previous step. | |||
| skipping to change at page 6, line 43 | skipping to change at page 6, line 43 | |||
| 7. The newly calculated MAC is compared with the MAC saved in step | 7. The newly calculated MAC is compared with the MAC saved in step | |||
| 2. If they do not match, then a failure and an errorIndication | 2. If they do not match, then a failure and an errorIndication | |||
| (authenticationFailure) are returned to the calling module. | (authenticationFailure) are returned to the calling module. | |||
| 8. The authenticatedWholeMsg and statusInformation indicating | 8. The authenticatedWholeMsg and statusInformation indicating | |||
| success are then returned to the caller. | success are then returned to the caller. | |||
| 5. Key Localization and Key Change | 5. Key Localization and Key Change | |||
| For any of the protocols defined in Section 4, key localization and | For any of the protocols defined in Section 4, key localization and | |||
| key change SHALL be performed according to RFC 3414 [RFC3414] using | key change SHALL be performed according to [RFC3414] using the same | |||
| the same SHA-2 hash function as in the HMAC-SHA-2 authentication | SHA-2 hash function as in the HMAC-SHA-2 authentication protocol. | |||
| protocol. | ||||
| 6. Structure of the MIB Module | 6. Structure of the MIB Module | |||
| The MIB module specified in this memo does not define any managed | The MIB module specified in this memo does not define any managed | |||
| objects, subtrees, notifications, or tables; rather, it only defines | objects, subtrees, notifications, or tables; rather, it only defines | |||
| object identities (for authentication protocols) under a subtree of | object identities (for authentication protocols) under a subtree of | |||
| an existing MIB. | an existing MIB. | |||
| 7. Relationship to Other MIB Modules | 7. Relationship to Other MIB Modules | |||
| skipping to change at page 7, line 19 | skipping to change at page 7, line 19 | |||
| RFC 3414 specifies the MIB module for USM for SNMPv3 (SNMP-USER- | RFC 3414 specifies the MIB module for USM for SNMPv3 (SNMP-USER- | |||
| BASED-SM-MIB), which defines authentication protocols for USM based | BASED-SM-MIB), which defines authentication protocols for USM based | |||
| on the hash functions MD5 and SHA-1, respectively. The following MIB | on the hash functions MD5 and SHA-1, respectively. The following MIB | |||
| module defines new HMAC-SHA2 authentication protocols for USM based | module defines new HMAC-SHA2 authentication protocols for USM based | |||
| on the SHA-2 hash functions [SHA]. The use of the HMAC-SHA2 | on the SHA-2 hash functions [SHA]. The use of the HMAC-SHA2 | |||
| authentication protocols requires the usage of the objects defined in | authentication protocols requires the usage of the objects defined in | |||
| the SNMP-USER-BASED-SM-MIB. | the SNMP-USER-BASED-SM-MIB. | |||
| 7.2. Relationship to SNMP-FRAMEWORK-MIB | 7.2. Relationship to SNMP-FRAMEWORK-MIB | |||
| RFC 3411 [RFC3411] specifies the SNMP-FRAMEWORK-MIB, which defines a | [RFC3411] specifies the SNMP-FRAMEWORK-MIB, which defines a subtree | |||
| subtree snmpAuthProtocols for SNMP authentication protocols. The | snmpAuthProtocols for SNMP authentication protocols. The following | |||
| following MIB module defines new authentication protocols in the | MIB module defines new authentication protocols in the | |||
| snmpAuthProtocols subtree. | snmpAuthProtocols subtree. | |||
| 7.3. MIB Modules Required for IMPORTS | 7.3. MIB Modules Required for IMPORTS | |||
| The following MIB module IMPORTS definitions from SNMPv2-SMI | The following MIB module IMPORTS definitions from SNMPv2-SMI | |||
| [RFC2578] and SNMP-FRAMEWORK-MIB [RFC3411]. | [RFC2578] and SNMP-FRAMEWORK-MIB [RFC3411]. | |||
| 8. Definitions | 8. Definitions | |||
| SNMP-USM-HMAC-SHA2-MIB DEFINITIONS ::= BEGIN | SNMP-USM-HMAC-SHA2-MIB DEFINITIONS ::= BEGIN | |||
| skipping to change at page 9, line 35 | skipping to change at page 9, line 35 | |||
| - National Institute of Standards and Technology, | - National Institute of Standards and Technology, | |||
| Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." | Secure Hash Standard (SHS), FIPS PUB 180-4, 2012." | |||
| ::= { snmpAuthProtocols 7 } | ::= { snmpAuthProtocols 7 } | |||
| END | END | |||
| 9. Security Considerations | 9. Security Considerations | |||
| 9.1. Use of the HMAC-SHA-2 Authentication Protocols in USM | 9.1. Use of the HMAC-SHA-2 Authentication Protocols in USM | |||
| The security considerations of RFC 3414 [RFC3414] also apply to the | The security considerations of [RFC3414] also apply to the HMAC-SHA-2 | |||
| HMAC-SHA-2 authentication protocols defined in this document. | authentication protocols defined in this document. | |||
| 9.2. Cryptographic Strength of the Authentication Protocols | 9.2. Cryptographic Strength of the Authentication Protocols | |||
| At the time of publication of this document, all of the HMAC-SHA-2 | At the time of publication of this document, all of the HMAC-SHA-2 | |||
| authentication protocols provide a very high level of security. The | authentication protocols provide a very high level of security. The | |||
| security of each HMAC-SHA-2 authentication protocol depends on the | security of each HMAC-SHA-2 authentication protocol depends on the | |||
| parameters used in the corresponding HMAC computation, which are the | parameters used in the corresponding HMAC computation, which are the | |||
| length of the key (if the key has maximum entropy), the size of the | length of the key (if the key has maximum entropy), the size of the | |||
| hash function's internal state, and the length of the truncated MAC. | hash function's internal state, and the length of the truncated MAC. | |||
| For the HMAC-SHA-2 authentication protocols, these values are as | For the HMAC-SHA-2 authentication protocols, these values are as | |||
| End of changes. 11 change blocks. | ||||
| 24 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||