T11-FC-SP-TC-MIB  DEFINITIONS ::= BEGIN
 
IMPORTS
    MODULE-IDENTITY, OBJECT-IDENTITY, mib-2,
    Unsigned32          FROM SNMPv2-SMI                  -- [RFC2578]
    TEXTUAL-CONVENTION  FROM SNMPv2-TC;                  -- [RFC2579]
 
t11FcTcMIB  MODULE-IDENTITY
    LAST-UPDATED  "200808200000Z"
    ORGANIZATION  "This MIB module was developed through the
                  coordinated effort of two organizations:
                  T11 began the development and the IETF (in
                  the IMSS Working Group) finished it."
    CONTACT-INFO
            "     Claudio DeSanti
                  Cisco Systems, Inc.
                  170 West Tasman Drive
                  San Jose, CA 95134 USA
                  EMail: [email protected]
 
                  Keith McCloghrie
                  Cisco Systems, Inc.
                  170 West Tasman Drive
                  San Jose, CA 95134 USA
                  Email: [email protected]"
    DESCRIPTION
           "This MIB module defines Textual Conventions for use in
           the multiple MIB modules, which together define the
           instrumentation for an implementation of the Fibre Channel
           Security Protocols (FC-SP) specification.
 
           This MIB module also defines Object Identities (for use as
           possible values of MIB objects with syntax AutonomousType),
           including OIDs for the Cryptographic Algorithms defined
           in FC-SP.
 
           Copyright (C) The IETF Trust (2008).  This version
           of this MIB module is part of RFC 5324;  see the RFC
           itself for full legal notices."
    REVISION  "200808200000Z"
    DESCRIPTION
           "Initial version of this MIB module, published as RFC 5324."
    ::= { mib-2 175 }
 
 
t11FcSpIdentities OBJECT IDENTIFIER ::= { t11FcTcMIB 1 }
t11FcSpAlgorithms OBJECT IDENTIFIER ::= { t11FcSpIdentities 1 }
 
--
-- Textual Conventions
--
 
T11FcSpPolicyHashFormat ::=  TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "Identifies a cryptographic hash function used to create
           a hash value that summarizes an FC-SP Policy Object.
 
           Each definition of an object with this TC as its syntax
           must be accompanied by a corresponding definition of an
           object with T11FcSpPolicyHashValue as its syntax, and
           containing the hash value.
 
           The first two cryptographic hash functions are:
 
                Hash Type    Hash Tag     Hash Length (Bytes)
                  SHA-1     '00000001'h        20
                 SHA-256    '00000002'h        32
           "
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 7.1.3.1 and table 106.
            - FIPS PUB 180-2."
    SYNTAX        OCTET STRING (SIZE (4))
 
T11FcSpPolicyHashValue ::=  TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "Represents the value of the cryptographic hash function
           of an FC-SP Policy Object.
 
           Each definition of an object with this TC as its syntax
           must be accompanied by a corresponding definition of an
           object with T11FcSpPolicyHashFormat as its syntax.
           The corresponding object identifies the cryptographic
           hash function used to create the hash value."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 7.1.3.1 and table 106."
    SYNTAX        OCTET STRING (SIZE (0..64))
 
 
T11FcSpHashCalculationStatus ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
           "When some kind of 'database' is defined in a set of
           read-write MIB objects, it is common that multiple changes
           in the data need to be made at the same time.  So, if hash
           values are maintained for that data, those hash values are
           only correct if and when they are re-calculated after every
           change.  In such circumstances, the use of an object with
           this syntax allows the re-calculation of the hash values to
           be deferred until all changes have been made, and therefore
           the calculation need only be done once after all changes,
           rather than repeatedly/after each individual change.
 
           The definition of an object defined using this TC is
           required to specify which one or more instances of which
           MIB objects contain the hash values operated upon (or
           whose status is given) by the value of this TC.
 
           When read, the value of an object with this syntax is
           either:
 
             correct -- the identified MIB object instance(s)
                        contain the correct hash values; or
             stale   -- the identified MIB object instance(s)
                        contain stale (possibly incorrect) values.
 
           Writing a value of 'calculate' is a request to re-calculate
           and update the values of the corresponding instances of the
           identified MIB objects.  Writing a value of 'correct' or
           'stale' to this object is an error (e.g., 'wrongValue')."
    SYNTAX       INTEGER {
                     calculate(1),
                     correct(2),
                     stale(3)
                 }
 
T11FcSpAuthRejectReasonCode ::=  TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A reason code contained in an AUTH_Reject message, or
           in an SW_RJT (rejecting an AUTH_ILS), or in an LS_RJT
           (rejecting an AUTH-ELS)."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 17, 48, 52."
    SYNTAX        INTEGER {
 
                      authFailure(1),
                      logicalError(2),
                      logicalBusy(3),
                      authILSNotSupported(4),
                      authELSNotSupported(5),
                      notLoggedIn(6)
                  }
 
T11FcSpAuthRejReasonCodeExp ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A reason code explanation contained in an AUTH_Reject
           message, or in an SW_RJT (rejecting an AUTH_ILS), or in
           an LS_RJT (rejecting an AUTH-ELS)."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Tables 18, 48, 52."
    SYNTAX        INTEGER {
                      authMechanismNotUsable(1),
                      dhGroupNotUsable(2),
                      hashFunctionNotUsable(3),
                      authTransactionAlreadyStarted(4),
                      authenticationFailed(5),
                      incorrectPayload(6),
                      incorrectAuthProtocolMessage(7),
                      restartAuthProtocol(8),
                      authConcatNotSupported(9),
                      unsupportedProtocolVersion(10),
                      logicalBusy(11),
                      authILSNotSupported(12),
                      authELSNotSupported(13),
                      notLoggedIn(14)
                  }
 
T11FcSpHashFunctions ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A set of zero, one, or more hash functions defined for
           use in FC-SP."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 14."
    SYNTAX        BITS {
                      md5(0),
                      sha1(1)
                  }
 
T11FcSpSignFunctions ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A set of zero, one, or more signature functions defined
           for signing certificates for use with FCAP in FC-SP."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, tables 38 & 39."
    SYNTAX        BITS {
                      rsaSha1(0)
                  }
 
T11FcSpDhGroups ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A set of zero, one, or more DH Groups defined for use
           in FC-SP."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 15."
    SYNTAX        BITS {
                      null(0),
                      group1024(1),
                      group1280(2),
                      group1536(3),
                      group2048(4),
                      group3072(5),
                      group4096(6),
                      group6144(7),
                      group8192(8)
                  }
 
T11FcSpPolicyObjectType ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A value that identifies the type of an FC-SP Policy
           Object."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 102."
    SYNTAX   INTEGER {
                 summary(1),
                 switchMemberList(2),
                 nodeMemberList(3),
                 switchConnectivity(4),
 
                 ipMgmtList(5),
                 attribute(6)
             }
 
T11FcSpPolicyNameType ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "The format and usage of a companion object having
           T11FcSpPolicyName as its syntax.
 
           Six of the values indicate the same format, i.e., they
           differ only in semantics.  That common format is a Fibre
           Channel 'Name_Identifier', i.e., the same syntax as
           'FcNameIdOrZero (SIZE(8))'.
 
           These six are three pairs of one restricted and one
           unrestricted.  Each usage of this syntax must specify
           what the meaning of 'restricted' is for that usage and
           how the characteristics and behavior of restricted
           names differ from unrestricted names.
 
           The six are:
 
             'nodeName'           - a Node_Name, which is the
                                    Name_Identifier associated
                                    with a Fibre Channel Node.
 
             'restrictedNodeName' - a Restricted Node_Name.
 
             'portName'           - the Name_Identifier associated
                                    with a Fibre Channel Port.
 
             'restrictedPortName' - a Restricted Port_Name.
 
             'wildcard'           - a Wildcard value that is used to
                                    identify 'all others' (typically,
                                    all other members of a Policy
                                    Object, not all other Policy
                                    Objects).
 
             'restrictedWildcard' - a Restricted Wildcard value.
 
           Other possible values are:
 
             'alphaNumericName'   - the value begins with an ASCII
           letter (upper or lower case) followed by (0 ... 63)
           characters from the set:  lower case letters, upper case
           letters, digits, and the four symbols: dollar-sign ($),
 
           dash (-), caret (^), and underscore (_).
 
             'ipv6AddressRange'   - two IPv6 addresses in network
           byte order, the numerically smallest first and the
           numerically largest second; total length is 32 bytes.
 
             'ipv4AddressRange'   - two IPv4 addresses in network
           byte order, the numerically smallest first and the
           numerically largest second; total length is 8 bytes."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 103."
    SYNTAX   INTEGER {
                 nodeName(1),
                 restrictedNodeName(2),
                 portName(3),
                 restrictedPortName(4),
                 wildcard(5),
                 restrictedWildcard(6),
                 alphaNumericName(7),
                 ipv6AddressRange(8),
                 ipv4AddressRange(9)
             }
 
T11FcSpPolicyName ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A syntax used, when defining Policy Objects, for the
           name of something.
 
           An object that uses this syntax always identifies a
           companion object with syntax T11FcSpPolicyNameType
           such that the companion object specifies the format
           and usage of the object with this syntax.
 
           When the companion object has the value 'wildcard' or
           'restrictedWildcard', the value of the T11FcSpPolicyName
           object is:  '0000000000000000'h."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 103."
    SYNTAX   OCTET STRING (SIZE (1..64))
 
T11FcSpAlphaNumName ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
 
           "A syntax used when defining Policy Objects for the
           name of something, where the name is always in the format
           specified by:
 
               T11FcSpPolicyNameType = 'alphaNumericName'
           "
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 103."
    SYNTAX   OCTET STRING (SIZE (1..64))
 
T11FcSpAlphaNumNameOrAbsent ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "An extension of the T11FcSpAlphaNumName TC with
           one additional possible value: the zero-length string
           to indicate the absence of a name."
    SYNTAX   OCTET STRING (SIZE (0..64))
 
T11FcSaDirection ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "The direction of frame transmission on a Security
           Association.  Note that Security Associations are
           unidirectional, but they always exist as part of an
           SA pair of the same type in opposite directions."
    SYNTAX   INTEGER { ingress(1), egress(2) }
 
T11FcSpiIndex ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "An SPI (Security Parameter Index) value is carried in the
           SPI field of a frame protected by the ESP_Header.  An SPI
           is also carried in the SAID field of a Common Transport
           Information Unit (CT_IU) protected by CT_Authentication.
           An SPI value identifies the Security Association on which
           the frame is being transmitted."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 4.7.2 and 4.7.3."
    SYNTAX   Unsigned32 (0..4294967295) -- the default range!!
 
T11FcSpPrecedence ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "d"
    STATUS       current
    DESCRIPTION
 
           "The precedence of a Traffic Selector.  If a frame
           matches with two or more Traffic Selectors, then the match
           that takes precedence is the one with the Traffic Selector
           having the numerically smallest precedence value.  Note that
           precedence values are not necessarily contiguous."
    SYNTAX   Unsigned32 (0..4294967295)  -- the default range!!
 
T11FcRoutingControl ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "1x"
    STATUS        current
    DESCRIPTION
           "A value stored in the R_CTL (Routing Control) 8-bit field
           of an FC-2 frame containing routing and information bits to
           categorize the frame function.
 
           For FC-2 frames, an R_CTL value typically distinguishes
           between control versus data frames and/or solicited versus
           unsolicited frames, and in combination with the TYPE field
           (see T11FcSpType), identifies a particular link-layer
           service/protocol using FC-2.
 
           For CT_Authentication, the information field in the R_CTL
           field contains '02'h for Request CT_IUs and '03'h for
           Response CT_IUs.
 
           The comparison of two values having this syntax is done
           by treating each string as an 8-bit numeric value."
    REFERENCE
           "- Fibre Channel - Framing and Signaling-2 (FC-FS-2),
              ANSI INCITS 424-2007, Project T11/1619-D,
              February 2007, section 9.3.
            - Fibre Channel - Generic Services-5 (FC-GS-5),
              ANSI INCITS 427-2006, sections 4.5.2.4.2, 4.5.2.4.3
              and table 12."
    SYNTAX   OCTET STRING (SIZE(1))
 
T11FcSpType ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "2x"
    STATUS        current
    DESCRIPTION
           "A value, or combination of values, contained in a frame
           header used in identifying the link layer service/protocol
           of a frame.  The value is always two octets:
 
             - for FC-2 frames, the first octet is zero and the second
               octet contains the Data structure type (TYPE) value
               defined by FC-FS-2.  The TYPE value is used in
               combination with T11FcRoutingControl to identify a link
 
               layer service/protocol.
 
             - for Common Transport Information Units (CT_IUs), the
               first octet contains a GS_Type value and the second
               octet contains a GS_Subtype value, defined by FC-GS-5.
 
           The comparison of two values having this syntax is done
           by treating each string as the numeric value obtained by
           numerically combining the individual octet's value as
           follows:
 
               (256 * 1st-octet) + 2nd-octet
           "
    REFERENCE
           "- Fibre Channel - Framing and Signaling-2 (FC-FS-2),
              ANSI INCITS 424-2007, Project T11/1619-D,
              February 2007, section 9.6.
            - Fibre Channel - Generic Services-5 (FC-GS-5),
              ANSI INCITS 427-2006, sections 4.3.2.4 and 4.3.2.5."
    SYNTAX   OCTET STRING (SIZE(2))
 
T11FcSpTransforms ::= TEXTUAL-CONVENTION
    STATUS        current
    DESCRIPTION
           "A list of the standardized transforms that are defined
           by FC-SP for use with ESP_Header, CT_Authentication, and/or
           IKEv2 Support."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP), February 2007,
              Appendix A.3.1, tables A.23, A.24, A.25, A.26."
    SYNTAX       BITS {
                     encrNull(0),
                     encrAesCbc(1),
                     encrAesCtr(2),
                     encrAesGcm(3),
                     encr3Des(4),
                     prfHmacMd5(5),
                     prfHmacSha1(6),
                     prfAesCbc(7),
                     authHmacMd5L96(8),
                     authHmacSha1L96(9),
                     authHmacMd5L128(10),
                     authHmacSha1L160(11),
                     encrNullAuthAesGmac(12),
                     dhGroups1024bit(13),
                     dhGroups2048bit(14)
                 }
 
T11FcSpSecurityProtocolId ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
           "A Security Protocol identifier to identify
           the protocol by which traffic is to be protected,
           e.g., ESP_Header or CT_Authentication."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, section 6.3.2.2 and table 67."
    SYNTAX       INTEGER { espHeader(1), ctAuth(2) }
 
T11FcSpLifetimeLeft ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
           "This TC is used for one object of an associated pair
           of objects.  The object with this syntax specifies a
           remaining lifetime of something, e.g., of an SA, where
           the lifetime is given in the units specified by the other
           object of the pair which has T11FcSpLifetimeLeftUnits
           as its syntax."
    SYNTAX       Unsigned32
 
T11FcSpLifetimeLeftUnits ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
           "An object, defined using T11FcSpLifetimeLeft TC as
           its syntax, is required to be one of an associated
           pair of objects such that the other object of the pair
           is defined with this T11FcSpLifetimeLeftUnits TC as
           its syntax and with its value specifying the
           units of the remaining lifetime given by the
           value of the T11FcSpLifetimeLeft object."
    SYNTAX       INTEGER {
                     seconds(1),      -- seconds
                     kiloBytes(2),    -- 10^^3 bytes
                     megaBytes(3),    -- 10^^6 bytes
                     gigaBytes(4),    -- 10^^9 bytes
                     teraBytes(5),    -- 10^^12 bytes
                     petaBytes(6),    -- 10^^15 bytes
                     exaBytes(7),     -- 10^^18 bytes
                     zettaBytes(8),   -- 10^^21 bytes
                     yottaBytes(9)    -- 10^^24 bytes
                 }
 
--
-- Object Identities to identify the Cryptographic Algorithms
-- listed in FC-SP.
 
--
 
t11FcSpEncryptAlgorithms
     OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 1 }
 
t11FcSpEncrNull OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The ENCR_NULL algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 70."
    ::= { t11FcSpEncryptAlgorithms 1 }
 
t11FcSpEncrAesCbc OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The ENCR_AES_CBC algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 70."
    ::= { t11FcSpEncryptAlgorithms 2 }
 
t11FcSpEncrAesCtr OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The ENCR_AES_CTR algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 70."
    ::= { t11FcSpEncryptAlgorithms 3 }
 
t11FcSpEncrAesGcm OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The ENCR_AES_GCM algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 70."
    ::= { t11FcSpEncryptAlgorithms 4 }
 
t11FcSpEncr3Des OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The ENCR_3DES algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 70."
 
    ::= { t11FcSpEncryptAlgorithms 5 }
 
t11FcSpAuthAlgorithms
     OBJECT IDENTIFIER ::= { t11FcSpAlgorithms 2 }
 
t11FcSpAuthNull OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The AUTH_NONE algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 72."
    ::= { t11FcSpAuthAlgorithms 1 }
 
t11FcSpAuthHmacMd5L96 OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The AUTH_HMAC_MD5_96 algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 72."
    ::= { t11FcSpAuthAlgorithms 2 }
 
t11FcSpAuthHmacSha1L96 OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The AUTH_HMAC_SHA1_96 algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 72."
    ::= { t11FcSpAuthAlgorithms 3 }
 
t11FcSpAuthHmacMd5L128 OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The AUTH_HMAC_MD5_128 algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 72."
    ::= { t11FcSpAuthAlgorithms 4 }
 
t11FcSpAuthHmacSha1L160 OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The AUTH_HMAC_SHA1_160 algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 72."
 
    ::= { t11FcSpAuthAlgorithms 5 }
 
t11FcSpEncrNullAuthAesGmac OBJECT-IDENTITY
    STATUS     current
    DESCRIPTION "The ENCR_NULL_AUTH_AES_GMAC algorithm."
    REFERENCE
           "- ANSI INCITS 426-2007, T11/Project 1570-D,
              Fibre Channel - Security Protocols (FC-SP),
              February 2007, Table 70."
    ::= { t11FcSpEncryptAlgorithms 6 }
 
END