-- Copyright (C) 2011-2012 Aricent Group . All Rights Reserved --************************************************************************* --$Id: fsfips.mib,v 1.6 2012/09/07 09:52:05 siva Exp $ -- --Description : This file contains MIB definitions for FIPS feature. -- --*************************************************************************/ -- This document explains the proprietary MIB implemented for FIPS -- PUB 140-2 Features -- The standard defines the security requirements that must be satisfied by -- a cryptographic module used in a security system protecting unclassified -- formation within IT systems. There are four levels of security: from -- Level 1 (lowest) to Level 4 (highest). These levels are intended to cover -- the wide range of potential applications and environments in which -- cryptographic modules may be deployed. The security requirements cover -- areas related to the secure design and implementation of a cryptographic -- module. These areas include basic design and documentation, module -- interfaces, authorised roles and services, physical security, software -- security, operating system security, key management, cryptographic -- algorithms, electromagnetic interference/electromagnetic compatibility -- (EMI/EMC), and self-testing. -- ARICENT-FIPS-MIB DEFINITIONS ::= BEGIN -- ************************************************************************ -- IMPORTS -- ************************************************************************ IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, enterprises FROM SNMPv2-SMI TruthValue FROM SNMPv2-TC; -- ************************************************************************ -- START OF THE MODULE -- ************************************************************************ fsFips MODULE-IDENTITY LAST-UPDATED "201209050000Z" ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE" CONTACT-INFO "support@aricent.com" DESCRIPTION "The Proprietary MIB for FIPS module" REVISION "201209050000Z" DESCRIPTION "Initial Creation" ::= { enterprises aricent-communication-holding-ltd(29601) iss(2) 63} -- ----------------------------------------------------------------- -- -- groups in the MIB -- ----------------------------------------------------------------- -- fsFipsConfigurations OBJECT IDENTIFIER ::= { fsFips 1 } -- ---------------------------------------------------------------- -- -- Operational Mode Configuration Group fsFipsOperMode OBJECT-TYPE SYNTAX INTEGER { fips(1), nonfips(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object tells whether the current operational mode is FIPS mode or NON-FIPS mode" DEFVAL { nonfips } ::= { fsFipsConfigurations 1 } fsFipsTestAlgo OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to trigger FIPS Known Answer Test for the below mentioned algorithms. The bit positions to run specific algorithm are as shown below : Bit 0 - SHA-1 Bit 1 - SHA-2 Bit 2 - HMAC-SHA Bit 3 - AES Bit 4 - DES Bit 5 - RAND Bit 6 - RSA Bit 7 - DSA" DEFVAL { 0 } ::= { fsFipsConfigurations 2 } fsfipsZeroizeCryptoKeys OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this value to true will delete all cryptographic keys present in ipsecv4, ipsecv6, ike, radius, ssh and ssl modules." DEFVAL { false } ::= { fsFipsConfigurations 3 } fsFipsTraceLevel OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to store the trace options that are enabled by the user. The bit positions to enable specific traces are as shown below : Bit 0 - init-shut Bit 1 - mgmt Bit 2 - data Bit 3 - ctrl Bit 4 - pkt-dump Bit 5 - resource Bit 6 - all-fail Bit 7 - buf A value of zero(0) indicates traces are disabled and a value with all bits set to one indicates all traces are enabled. By default traces are disabled." DEFVAL { '00000000'H } ::= { fsFipsConfigurations 4 } fsFipsTestExecutionResult OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to store the results of last run FIPS Known Answer Test. The bit positions specifies the result of the execution of the corresponding algorithm. If the bit is set the corresponding algorithm test is successful. Otherwise test is not executed or failed. Bit 0 - SHA-1 Bit 1 - SHA-2 Bit 2 - HMAC-SHA Bit 3 - AES Bit 4 - DES Bit 5 - RAND Bit 6 - RSA Bit 7 - DSA" DEFVAL { 0 } ::= { fsFipsConfigurations 5 } fsFipsFailedAlgorithm OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to store the failed algorithm in the last run FIPS Known Answer Test. If the bit is set the corresponding algorithm test failed in the last execution. The bit positions to the corresponding algorithm are as shown below : Bit 0 - SHA-1 Bit 1 - SHA-2 Bit 2 - HMAC-SHA Bit 3 - AES Bit 4 - DES Bit 5 - RAND Bit 6 - RSA Bit 7 - DSA" DEFVAL { 0 } ::= { fsFipsConfigurations 6 } fsFipsBypassCapability OBJECT-TYPE SYNTAX INTEGER { bypassCapability(1), noBypassCapability(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable/disable the crypto bypass capability. The default value for this object is 'no bypass-capability' (2)." DEFVAL { noBypassCapability } ::= { fsFipsConfigurations 7 } END