-- ***********************************************************************
-- IEEE8021-DEVID-MIB
--   
-- Definitions of managed objects supporting IEEE 802.1AR Secure Device ID.
--   
--   
-- ************************************************************************

IEEE8021-DEVID-MIB 
DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    Unsigned32,
    Counter32
        FROM SNMPv2-SMI
    TruthValue,
    TEXTUAL-CONVENTION
        FROM SNMPv2-TC
    SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF
    PhysicalIndex, entPhysicalIndex
        FROM ENTITY-MIB;

ieee8021DevIDMIB MODULE-IDENTITY
    LAST-UPDATED    "200906250000Z"
    ORGANIZATION    "IEEE 802.1 Working Group"
    CONTACT-INFO
            "http:/grouper.ieee.org/groups/8021/index.html"
    DESCRIPTION
        "This is the management module of the Secure Device Identifier
        (DevID) for managing IEEE 802.1AR. As specified in the current
        IEEE 802.1AR draft document.
        This is the management module of the Secure Device Identifier
        (DevID) for managing IEEE 802.1AR. A DevID is cryptographically
        bound to a device, and supports authentication of the device's
        identity. Locally significant identities can be securely
        associated with an initial manufacturer-provisioned DevID and
        used in provisioning and authentication protocols to allow a
        network administrator to establish the trustworthiness of a 
        device and select appropriate policies for transmission and 
        reception of data and control protocols to and from the device. 
        A device indicates any entity in an IEEE 802 LAN that seeks to 
        obtain services from the network.
        The use of a Secure Device Identifier (DevID) in a DevID module
        allows network entities to associate a DevID credential with
        devices that participate or wish to participate in authenticated
        access to one or more networks.
        A device with DevID capability incorporates a globally unique
        manufacturer provided Initial SecureDevice Identifier (IDevID),
        stored in a way that ensures it will remain unmodified in the
        absence of both unrestricted access to the device and
        extraordinary efforts by an attacker.
        The device may support the creation of Locally Signification
        Device Identifiers (LDevIDs) by network administrator. Each
        LDevID is bound to the device in a way that makes it impossible
        for it to be forged or transferred to a device with a different
        IDevID without knowledge of the private key used to effect the
        crytographic binding. LDevID can incorporate, and fully protect,
        additional information specified by the network administrator to
        support local authorization conventions. LDevIDs may also be 
        used to entirely replace IDevIDs in such a way as to assure the 
        privacy of the user of a LDevID and the equipment in which it is
        installed.
        Every device has exactly one (IDevID) and zero or more LDevIDs.
        The number of LDevIDs depends upon the capabilities of the DevID
        module and on the administrative policy of the network(s) in 
        which the device is used"
    REVISION        "200906250000Z"
    DESCRIPTION
        "Published as part of IEEE standard 802.1AR"

     ::= { iso (1) iso-identified-organization (3) ieee (111) standards-association-numbered-series-standards (2) lan-man-stds (802) ieee802dot1(1) ieee802dot1mibs(1) 17 }

devIDMIBNotifications  OBJECT IDENTIFIER   ::= { ieee8021DevIDMIB 0 }

devIDMIBObjects  OBJECT IDENTIFIER         ::= { ieee8021DevIDMIB 1 }

devIDMIBConformance  OBJECT IDENTIFIER     ::= { ieee8021DevIDMIB 2 }

--
-- Textual Convention
--
DevIDErrorStatus ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention is used to define the error state
        of a devID operation.

        The value none(1) which means no error, indicating a successful 
        operation. The value internalError(2) is used to display an system error."
    SYNTAX          INTEGER  {
                        none(1),
                        internalError(2)
                    }

DevIDAlgorithmIdentifier::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
        "This textual convention is used to define the algorithm type for the public key."
    SYNTAX          INTEGER  {
                        rsaEncryption(1),
                        idecPublicKey(2)
                    }
                    
--                    
-- Management Objects for DevID
--
devIDGlobalMIBObjects  OBJECT IDENTIFIER  ::= { devIDMIBObjects 1 }

devIDMgmtMIBObjects    OBJECT IDENTIFIER  ::= { devIDMIBObjects 2 }

devIDStatsMIBObjects  OBJECT IDENTIFIER   ::= { devIDMIBObjects 3 }


--
-- DevID global objects
--   

  
--
-- DevID Mgmt Objects
--
devIDPublicKeyCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of DevID
        public keys installed in the DevID module."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2" 
    ::= { devIDMgmtMIBObjects 1 }
    
--
-- DevID public key Table
--
devIDPublicKeyTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF DevIDPublicKeyEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table containing the public key, the keys
        keyIndex, a value indicating if the key is 
        enabled. This allows the administrator to 
        determine the DevID keys installed in the 
        DevID module. The maximum number of entries 
        in this table is limited by the value of 
        devIDPublicKeyCount."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2"
    ::= { devIDMgmtMIBObjects 2 }

devIDPublicKeyEntry OBJECT-TYPE
    SYNTAX          DevIDPublicKeyEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing DevID public key,
        the keys keyIndex, a value indicating 
        if the key is enabled"
    INDEX           { entPhysicalIndex } 
    ::= { devIDPublicKeyTable 1 }

DevIDPublicKeyEntry ::= SEQUENCE {
        devIDPublicKeyIndex				Unsigned32,
        devIDPublicKeyEnabled			TruthValue,
        devIDPublicKeyAlgorithm			DevIDAlgorithmIdentifier,
        devIDPublicKeyPubkeySHA1Hash    SnmpAdminString,
        devIDPublicKeyErrStatus			DevIDErrorStatus
}

devIDPublicKeyIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (0..4294967295 )
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "All keys are indexed internally with this
        object. The value of this object is within 
        0..devIDPublicKeyCount. 
        This is the keyIndex and operations on 
        keys will use the keyIndex to address a 
        specific key. The IDevID key shall only be 
        at index 0.
        Any error in retrieving a key will be displayed
        in the devIDPublicKeyErrStatus object."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2" 
    ::= { devIDPublicKeyEntry 1 }

devIDPublicKeyEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The enable/disable state of this public key. This setting
		persists across restarts."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2" 
    ::= { devIDPublicKeyEntry 2 }

devIDPublicKeyAlgorithm OBJECT-TYPE
    SYNTAX          DevIDAlgorithmIdentifier                        
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The DevID PublicKey Algorithm field shall indicate
        the public key algorithm identifier. This object
        identifies the public key algorithm as either 
		rsaEncryption or idecPublicKey"
    REFERENCE
        "IEEE 802.1AR 6.4, 6.3.2 and 7.2.9" 
    ::= { devIDPublicKeyEntry 3 }

devIDPublicKeyPubkeySHA1Hash OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The SHA1 Hash of this DevID public key."
    REFERENCE
        "IEEE 802.1AR 6.4, 6.3.2 and 7.2.9" 
    ::= { devIDPublicKeyEntry 4 }

devIDPublicKeyErrStatus OBJECT-TYPE
    SYNTAX          DevIDErrorStatus
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The displays the status of an operation on
        the public key. The default value is none 
        which means no error, indicating a successful 
        operation."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2"
    DEFVAL          { none } 
    ::= { devIDPublicKeyEntry 5 }
 

devIDCredentialCount OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of DevID
        credentials installed in the DevID module."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2" 
    ::= { devIDMgmtMIBObjects 3 }

--
-- DevID Management Table
--
devIDCredentialTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF DevIDCredentialEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table of current DevID credentials, where
        for each certificate the following are indicated:
        sha1 hash of the certificate, section7 defined 
        fields of cert serial number, issuer, subject,
        HardwareModuleName, and pubkey."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.3"
    ::= { devIDMgmtMIBObjects 4 }

devIDCredentialEntry OBJECT-TYPE
    SYNTAX          DevIDCredentialEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing DevID Credential information"
    INDEX           { devIDCredentialIndex } 
    ::= { devIDCredentialTable 1 }

DevIDCredentialEntry ::= SEQUENCE {
        devIDCredentialIndex                  Unsigned32,
        devIDCredentialEnabled                TruthValue,
        devIDCredentialSHA1Hash               SnmpAdminString,    
        devIDCredentialSerialNumber           SnmpAdminString,
        devIDCredentialIssuer                 SnmpAdminString,
        devIDCredentialSubject                SnmpAdminString,
        devIDCredentialSubjectAltName         SnmpAdminString,		
        devIDCredentialEntityIndex            PhysicalIndex,
        devIDCredentialPubkeyIndex            Unsigned32,
        devIDCredentialErrStatus              DevIDErrorStatus
}

devIDCredentialIndex OBJECT-TYPE
    SYNTAX          Unsigned32 (0..4294967295 )
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "All credentials are indexed internally with
        this object. The value of this object is within 
        [0..devIDCredentialCount]. 
        This is the credentialIndex and operations on 
        credentials will use the credentialIndex to address 
        a specific crdential. The IDevID credential shall 
        only be at index 0. Additional operations on credentials 
        use the credentialIndex to address a specific 
        credential."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2" 
    ::= { devIDCredentialEntry 1 }

devIDCredentialEnabled OBJECT-TYPE
    SYNTAX          TruthValue
    MAX-ACCESS      read-write
    STATUS          current
    DESCRIPTION
        "The enable/disable state of this credential. This setting
		persists across restarts."
    REFERENCE       "IEEE 802.1AR 6.3.6" 
    ::= { devIDCredentialEntry 2 }
    
devIDCredentialSHA1Hash     OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The SHA1 Hash of this DevID credential."
    REFERENCE       "IEEE 802.1AR 7.2.2" 
    ::= { devIDCredentialEntry 3 }

devIDCredentialSerialNumber OBJECT-TYPE
    SYNTAX          SnmpAdminString (SIZE  (0..20))
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The serial number of the credential."
    REFERENCE       "IEEE 802.1AR 7.2.2" 
    ::= { devIDCredentialEntry 4 }

devIDCredentialIssuer OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The issuer field of the credential."
    REFERENCE       "IEEE 802.1AR 7.2.4" 
    ::= { devIDCredentialEntry 5 }

devIDCredentialSubject OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The subject field of the credential."
    REFERENCE       "IEEE 802.1AR 7.2.8" 
    ::= { devIDCredentialEntry 6 }
    
devIDCredentialSubjectAltName OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The subjectaltname field of the credential"
    REFERENCE       "IEEE 802.1AR 7.2.8" 
    ::= { devIDCredentialEntry 7 }	
	
devIDCredentialEntityIndex    OBJECT-TYPE
    SYNTAX          PhysicalIndex
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
            "This refers to the entPhysicalIndex in
            entPhysicalTable to identify the associated
            physical entity."
     REFERENCE       "IEEE 802.1AR 6.4" 
    ::= { devIDCredentialEntry 8 }
    
devIDCredentialPubkeyIndex OBJECT-TYPE
    SYNTAX          Unsigned32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Has the appropriate devIDPublicKeyIndex
        value from devIDPublicKeyTable to identify 
        the public key information."
    REFERENCE       "IEEE 802.1AR 7.2.9" 
    ::= { devIDCredentialEntry 9 }

devIDCredentialErrStatus OBJECT-TYPE
    SYNTAX          DevIDErrorStatus
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The displays the status of an operation on
        the credential. The default value is none 
        which means no error, indicating a successful 
        operation."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.2"
    DEFVAL          { none } 
    ::= { devIDCredentialEntry 10 }
 

--
-- DevID statistics table
--
devIDStatisticsTable OBJECT-TYPE
    SYNTAX          SEQUENCE OF DevIDStatisticsEntry 
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "A table containing statistics information."
    ::= { devIDMgmtMIBObjects 5 }

devIDStatisticsEntry OBJECT-TYPE
    SYNTAX          DevIDStatisticsEntry
    MAX-ACCESS      not-accessible
    STATUS          current
    DESCRIPTION
        "An entry containing DevID statistics."
    INDEX           { entPhysicalIndex } 
    ::= { devIDStatisticsTable 1 }

DevIDStatisticsEntry ::= SEQUENCE {
        devIDStatisticKeyGenerationCount         Counter32,
        devIDStatisticKeyInsertionCount          Counter32,
        devIDStatisticKeyDeletionCount           Counter32,
        devIDStatisticCSRGenerationCount         Counter32,
        devIDStatisticCredentialInsertionCount   Counter32,
        devIDStatisticCredentialDeletionCount    Counter32
}

devIDStatisticKeyGenerationCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of additional
        LDevID key material generation within the 
        DevID module. 
		Discontinuities occur at system restart and counter rollover."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.8" 
    ::= { devIDStatisticsEntry 1 }

devIDStatisticKeyInsertionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of additional
        LDevID key material generation followed by
        an insertion within the DevID module. 
		Discontinuities occur at system restart and counter rollover."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.9" 
    ::= { devIDStatisticsEntry 2 }

devIDStatisticKeyDeletionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of LDevID keypair
        deletions within the DevID module. 
		Discontinuities occur at system restart and counter rollover."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.10" 
    ::= { devIDStatisticsEntry 3 }

devIDStatisticCSRGenerationCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of
        Certificate Signing Request (CSR) 
        generation as defined in RFC2986.  
		Discontinuities occur at system restart and counter rollover."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.11" 
    ::= { devIDStatisticsEntry 4 }

devIDStatisticCredentialInsertionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of LDevID
        credentials installed into the DevID module. 
		Discontinuities occur at system restart and counter rollover."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.12" 
    ::= { devIDStatisticsEntry 5 }

devIDStatisticCredentialDeletionCount OBJECT-TYPE
    SYNTAX          Counter32
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "This gives the total number of LDevID
        credentials deletions into the DevID module. 
		Discontinuities occur at system restart and counter rollover."
    REFERENCE       "IEEE 802.1AR 6.4, and 6.3.14" 
    ::= { devIDStatisticsEntry 6 }
    
--
-- Conformance Information Definition
--
devIDMIBCompliances  OBJECT IDENTIFIER
    ::= { devIDMIBConformance 1 }

devIDMIBGroups  OBJECT IDENTIFIER
    ::= { devIDMIBConformance 2 }

devIDMIBModuleCompliance MODULE-COMPLIANCE
    STATUS          current
    DESCRIPTION
        "Module Compliance for this mib."
    MODULE          -- this module
    MANDATORY-GROUPS {
                        devIDMIBObjectGroup
                    }
    ::= { devIDMIBCompliances 1 }

devIDMIBObjectGroup OBJECT-GROUP
    OBJECTS         {
                        devIDPublicKeyCount,
                        devIDPublicKeyEnabled,
                        devIDPublicKeyAlgorithm,
                        devIDPublicKeyPubkeySHA1Hash,
                        devIDPublicKeyErrStatus,
                        devIDCredentialCount,
                        devIDCredentialEnabled,
                        devIDCredentialSHA1Hash,
                        devIDCredentialSerialNumber,
                        devIDCredentialIssuer,
                        devIDCredentialSubject,
                        devIDCredentialSubjectAltName,
                        devIDCredentialEntityIndex,
                        devIDCredentialPubkeyIndex,
                        devIDCredentialErrStatus,                        
                        devIDStatisticKeyGenerationCount,
                        devIDStatisticKeyInsertionCount,
                        devIDStatisticKeyDeletionCount,
                        devIDStatisticCSRGenerationCount,
                        devIDStatisticCredentialInsertionCount,
                        devIDStatisticCredentialDeletionCount
}
    STATUS          current
    DESCRIPTION
        "A collection of objects providing public key 
        manageability, credential manageability and stats."
    ::= { devIDMIBGroups 1 }

END
