278 lines
9.6 KiB
Plaintext
278 lines
9.6 KiB
Plaintext
-- ----------------------------------------------------------------------------
|
|
--
|
|
-- SIAE MICROELETTRONICA s.p.a.
|
|
--
|
|
-- Via Michelangelo Buonarroti, 21
|
|
-- 20093 - Cologno Monzese
|
|
-- Milano
|
|
-- ITALY
|
|
--
|
|
-- ----------------------------------------------------------------------------
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
SIAE-RADIO-ENCRYPTION-MIB
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
siaeMib
|
|
FROM SIAE-TREE-MIB
|
|
AlarmStatus, AlarmSeverityCode
|
|
FROM SIAE-ALARM-MIB;
|
|
|
|
radioEncrypt MODULE-IDENTITY
|
|
LAST-UPDATED "201507200000Z"
|
|
ORGANIZATION "SIAE MICROELETTRONICA spa"
|
|
CONTACT-INFO
|
|
"SIAE MICROELETTONICA s.p.a.
|
|
Via Michelangelo Buonarroti, 21
|
|
20093 - Cologno Monzese
|
|
Milano - ITALY
|
|
Phone : +39-02-27325-1
|
|
E-mail: tbd@siaemic.com
|
|
"
|
|
DESCRIPTION
|
|
"SIAE's radio encryption MIB.
|
|
"
|
|
REVISION "201507200000Z"
|
|
DESCRIPTION
|
|
"Initial version 01.00.00
|
|
"
|
|
::= { siaeMib 96 }
|
|
|
|
--------------------------------------------------------------------------------
|
|
-- RADIO ECRYPTION GROUP
|
|
--------------------------------------------------------------------------------
|
|
--
|
|
-- This group is used to manage SIAE's proprietary radio encryption MIB.
|
|
-- Below the denomination 'radio encryption' will be abbreviated as ENCRYPT
|
|
--
|
|
--------------------------------------------------------------------------------
|
|
|
|
------ Beginning --------------------------------------------------------------
|
|
|
|
rdEncryptMibVersion OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Numerical version of this module.
|
|
The string version of this MIB have the following format:
|
|
XX.YY.ZZ
|
|
so, for example, the value 1 should be interpreted as 00.00.01
|
|
and the value 10001 should be interpreted as 01.00.01."
|
|
DEFVAL { 1 }
|
|
::= {radioEncrypt 1}
|
|
|
|
------ Begin of rdEncryptTable
|
|
--
|
|
rdEncryptTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EncryptEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table with SIAE's ENCRYPT entries."
|
|
::= {radioEncrypt 2}
|
|
|
|
rdEncryptTableEntry OBJECT-TYPE
|
|
SYNTAX EncryptEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"SIAE's ENCRYPT entry. An ENCRYPT instance have the same index of
|
|
the relative radio link index. A row in this table is created by
|
|
the SNMP agent for each instance of radio link."
|
|
INDEX {rdEncryptIfIndex}
|
|
::= {rdEncryptTable 1}
|
|
|
|
EncryptEntry ::=
|
|
SEQUENCE {
|
|
rdEncryptIfIndex InterfaceIndex,
|
|
rdEncryptRowStatus RowStatus,
|
|
rdEncryptAdminStatus INTEGER,
|
|
rdEncryptAlgo INTEGER,
|
|
rdEncryptAlgoMode INTEGER,
|
|
rdEncryptKeyMode INTEGER,
|
|
rdEncryptKey OCTET STRING,
|
|
rdEncryptKeyLifeTime Integer32,
|
|
rdEncryptMismatchAlarm AlarmStatus
|
|
}
|
|
|
|
rdEncryptIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique value, greater than zero, for each ENCRYPT interface.
|
|
This object is identical to the ifIndex of the standard MIB-2
|
|
ifTable.
|
|
SNMP agent accepts the value of this objects only if the
|
|
capability ifextCapabilityEncrypt is shown in ifextCapabilities
|
|
for the same ifIndex.
|
|
"
|
|
::= {rdEncryptTableEntry 1}
|
|
|
|
rdEncryptRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row of rdEncryptTable. A manager must set
|
|
this object in order to create an instance of ENCRYPT.
|
|
"
|
|
::= {rdEncryptTableEntry 2}
|
|
|
|
rdEncryptAdminStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
disable (1),
|
|
enable (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The desired state of the ENCRYPT. This object can be set only
|
|
when the rdEncryptRowStatus of the ENCRYPT is active.
|
|
|
|
When a managed system initializes, all ENCRYPT instance start with
|
|
rdEncryptAdminStatus in the disable(2) state, it's a default
|
|
state also. As a result of either explicit management
|
|
action or per configuration information retained by the
|
|
managed system, rdEncryptAdminStatus is then changed to the
|
|
enable (1) state (or remains in the disable(2) state).
|
|
|
|
In order to use ENCRYPT, also rdEncryptSystemControl must be set to
|
|
start.
|
|
"
|
|
DEFVAL { disable }
|
|
::= {rdEncryptTableEntry 3}
|
|
|
|
rdEncryptAlgo OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
aes128 (1),
|
|
aes256 (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The encryption algorithm. The key length depends on the choosen
|
|
algorithm.
|
|
"
|
|
DEFVAL { aes256 }
|
|
::= {rdEncryptTableEntry 4}
|
|
|
|
rdEncryptAlgoMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
aesModeElectronicCodebook (1),
|
|
aesModeCipherBlockChaining (2),
|
|
aesModeCipherFeedback (3),
|
|
aesModeOutputFeedback (4),
|
|
aesModeCounter (5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"AES encryption/decryption algorithm can be implemented in
|
|
five modes. The modes may be used in conjunction with any
|
|
symmetric key block cipher algorithm that is approved by a
|
|
Federal Information Processing Standard (FIPS).
|
|
The five modes are:
|
|
- Electronic Codebook (ECB)
|
|
- Cipher Block Chaining (CBC)
|
|
- Cipher Feedback (CFB),
|
|
- Output Feedback (OFB),
|
|
- and Counter (CTR)
|
|
Agents can accept only a subset of AES modes.
|
|
"
|
|
DEFVAL { aesModeCounter }
|
|
::= {rdEncryptTableEntry 5}
|
|
|
|
rdEncryptKeyMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
manualEnteredKey (1),
|
|
automaticKeyGeneration (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object select between the Manually-entered key mode and
|
|
auto-generated key mode. Agent could not accept the value
|
|
automaticKeyGeneration if it don't support the automatic key
|
|
generation.
|
|
"
|
|
DEFVAL { manualEnteredKey }
|
|
::= {rdEncryptTableEntry 6}
|
|
|
|
rdEncryptKey OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16|32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The key used for encryption. The length of the key depends on
|
|
rdEncryptAlgo.
|
|
"
|
|
DEFVAL { '00'H }
|
|
::= {rdEncryptTableEntry 7}
|
|
|
|
rdEncryptKeyLifeTime OBJECT-TYPE
|
|
SYNTAX Integer32 (1..1096)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The life time in day of the automatically generated key.
|
|
The range goes from one day to three years (considering one
|
|
leap year).
|
|
"
|
|
DEFVAL { 7 }
|
|
::= {rdEncryptTableEntry 8}
|
|
|
|
rdEncryptMismatchAlarm OBJECT-TYPE
|
|
SYNTAX AlarmStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This alarm is raised when local and remote configuration does not
|
|
match."
|
|
::= {rdEncryptTableEntry 9}
|
|
|
|
--
|
|
------ End of rdEncryptTable
|
|
|
|
rdEncryptSystemControl OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
start(1),
|
|
shutdown(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The administrative system control status requested by management
|
|
for the ENCRYPT feature. The value 'start'(1) indicates that all
|
|
resources required by ENCRYPT should be allocated and ENCRYPT
|
|
should be supported in the device on ports which shown the
|
|
specific capability. The value shutdown(2) indicates that ENCRYPT
|
|
should be shutdown in the device on all ports and all allocated
|
|
memory must be released."
|
|
::= { radioEncrypt 3 }
|
|
|
|
rdEncryptMismatchAlarmSeverityCode OBJECT-TYPE
|
|
SYNTAX AlarmSeverityCode
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines the severity associated to the rdEncryptMismatchAlarm
|
|
and enables/disables the trap generation on status change event."
|
|
DEFVAL {majorTrapEnable}
|
|
::= { radioEncrypt 4 }
|
|
|
|
END
|
|
|
|
|
|
|
|
|