Annotation of embedaddon/ipsec-tools/src/racoon/ipsec_doi.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: ipsec_doi.h,v 1.12 2009/03/12 10:57:26 tteras Exp $ */
! 2:
! 3: /* Id: ipsec_doi.h,v 1.15 2006/08/11 16:06:30 vanhu Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _IPSEC_DOI_H
! 35: #define _IPSEC_DOI_H
! 36:
! 37: #include "isakmp.h"
! 38:
! 39: /* refered to RFC2407 */
! 40:
! 41: #define IPSEC_DOI 1
! 42:
! 43: /* 4.2 IPSEC Situation Definition */
! 44: #define IPSECDOI_SIT_IDENTITY_ONLY 0x00000001
! 45: #define IPSECDOI_SIT_SECRECY 0x00000002
! 46: #define IPSECDOI_SIT_INTEGRITY 0x00000004
! 47:
! 48: /* 4.4.1 IPSEC Security Protocol Identifiers */
! 49: /* 4.4.2 IPSEC ISAKMP Transform Values */
! 50: #define IPSECDOI_PROTO_ISAKMP 1
! 51: #define IPSECDOI_KEY_IKE 1
! 52:
! 53: /* 4.4.1 IPSEC Security Protocol Identifiers */
! 54: #define IPSECDOI_PROTO_IPSEC_AH 2
! 55: /* 4.4.3 IPSEC AH Transform Values */
! 56: #define IPSECDOI_AH_MD5 2
! 57: #define IPSECDOI_AH_SHA 3
! 58: #define IPSECDOI_AH_DES 4
! 59: #define IPSECDOI_AH_SHA256 5
! 60: #define IPSECDOI_AH_SHA384 6
! 61: #define IPSECDOI_AH_SHA512 7
! 62:
! 63: /* 4.4.1 IPSEC Security Protocol Identifiers */
! 64: #define IPSECDOI_PROTO_IPSEC_ESP 3
! 65: /* 4.4.4 IPSEC ESP Transform Identifiers */
! 66: #define IPSECDOI_ESP_DES_IV64 1
! 67: #define IPSECDOI_ESP_DES 2
! 68: #define IPSECDOI_ESP_3DES 3
! 69: #define IPSECDOI_ESP_RC5 4
! 70: #define IPSECDOI_ESP_IDEA 5
! 71: #define IPSECDOI_ESP_CAST 6
! 72: #define IPSECDOI_ESP_BLOWFISH 7
! 73: #define IPSECDOI_ESP_3IDEA 8
! 74: #define IPSECDOI_ESP_DES_IV32 9
! 75: #define IPSECDOI_ESP_RC4 10
! 76: #define IPSECDOI_ESP_NULL 11
! 77: #define IPSECDOI_ESP_AES 12
! 78: #define IPSECDOI_ESP_CAMELLIA 22
! 79: #if 1
! 80: /* draft-ietf-ipsec-ciph-aes-cbc-00.txt */
! 81: #define IPSECDOI_ESP_TWOFISH 253
! 82: #else
! 83: /* SSH uses these value for now */
! 84: #define IPSECDOI_ESP_TWOFISH 250
! 85: #endif
! 86:
! 87: /* 4.4.1 IPSEC Security Protocol Identifiers */
! 88: #define IPSECDOI_PROTO_IPCOMP 4
! 89: /* 4.4.5 IPSEC IPCOMP Transform Identifiers */
! 90: #define IPSECDOI_IPCOMP_OUI 1
! 91: #define IPSECDOI_IPCOMP_DEFLATE 2
! 92: #define IPSECDOI_IPCOMP_LZS 3
! 93:
! 94: /* 4.5 IPSEC Security Association Attributes */
! 95: /* NOTE: default value is not included in a packet. */
! 96: #define IPSECDOI_ATTR_SA_LD_TYPE 1 /* B */
! 97: #define IPSECDOI_ATTR_SA_LD_TYPE_DEFAULT 1
! 98: #define IPSECDOI_ATTR_SA_LD_TYPE_SEC 1
! 99: #define IPSECDOI_ATTR_SA_LD_TYPE_KB 2
! 100: #define IPSECDOI_ATTR_SA_LD_TYPE_MAX 3
! 101: #define IPSECDOI_ATTR_SA_LD 2 /* V */
! 102: #define IPSECDOI_ATTR_SA_LD_SEC_DEFAULT 28800 /* 8 hours */
! 103: #define IPSECDOI_ATTR_SA_LD_KB_MAX (~(1 << ((sizeof(int) << 3) - 1)))
! 104: #define IPSECDOI_ATTR_GRP_DESC 3 /* B */
! 105: #define IPSECDOI_ATTR_ENC_MODE 4 /* B */
! 106: /* default value: host dependent */
! 107: #define IPSECDOI_ATTR_ENC_MODE_ANY 0 /* NOTE:internal use */
! 108: #define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1
! 109: #define IPSECDOI_ATTR_ENC_MODE_TRNS 2
! 110:
! 111: /* NAT-T draft-ietf-ipsec-nat-t-ike-05 and later */
! 112: #define IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_RFC 3
! 113: #define IPSECDOI_ATTR_ENC_MODE_UDPTRNS_RFC 4
! 114:
! 115: /* NAT-T up to draft-ietf-ipsec-nat-t-ike-04 */
! 116: #define IPSECDOI_ATTR_ENC_MODE_UDPTUNNEL_DRAFT 61443
! 117: #define IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT 61444
! 118:
! 119: #define IPSECDOI_ATTR_AUTH 5 /* B */
! 120: /* 0 means not to use authentication. */
! 121: #define IPSECDOI_ATTR_AUTH_HMAC_MD5 1
! 122: #define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2
! 123: #define IPSECDOI_ATTR_AUTH_DES_MAC 3
! 124: #define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/
! 125: #define IPSECDOI_ATTR_AUTH_HMAC_SHA2_256 5
! 126: #define IPSECDOI_ATTR_AUTH_HMAC_SHA2_384 6
! 127: #define IPSECDOI_ATTR_AUTH_HMAC_SHA2_512 7
! 128: #define IPSECDOI_ATTR_AUTH_NONE 254 /* NOTE:internal use */
! 129: /*
! 130: * When negotiating ESP without authentication, the Auth
! 131: * Algorithm attribute MUST NOT be included in the proposal.
! 132: * When negotiating ESP without confidentiality, the Auth
! 133: * Algorithm attribute MUST be included in the proposal and
! 134: * the ESP transform ID must be ESP_NULL.
! 135: */
! 136: #define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */
! 137: #define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */
! 138: #define IPSECDOI_ATTR_COMP_DICT_SIZE 8 /* B */
! 139: #define IPSECDOI_ATTR_COMP_PRIVALG 9 /* V */
! 140:
! 141: #ifdef HAVE_SECCTX
! 142: #define IPSECDOI_ATTR_SECCTX 10 /* V */
! 143: #endif
! 144:
! 145: /* 4.6.1 Security Association Payload */
! 146: struct ipsecdoi_pl_sa {
! 147: struct isakmp_gen h;
! 148: struct ipsecdoi_sa_b {
! 149: u_int32_t doi; /* Domain of Interpretation */
! 150: u_int32_t sit; /* Situation */
! 151: } b;
! 152: /* followed by Leveled Domain Identifier and so on. */
! 153: } __attribute__((__packed__));
! 154:
! 155: struct ipsecdoi_secrecy_h {
! 156: u_int16_t len;
! 157: u_int16_t reserved;
! 158: /* followed by the value */
! 159: } __attribute__((__packed__));
! 160:
! 161: /* 4.6.2 Identification Payload Content */
! 162: struct ipsecdoi_pl_id {
! 163: struct isakmp_gen h;
! 164: struct ipsecdoi_id_b {
! 165: u_int8_t type; /* ID Type */
! 166: u_int8_t proto_id; /* Protocol ID */
! 167: u_int16_t port; /* Port */
! 168: } b;
! 169: /* followed by Identification Data */
! 170: } __attribute__((__packed__));
! 171:
! 172: #define IPSECDOI_ID_IPV4_ADDR 1
! 173: #define IPSECDOI_ID_FQDN 2
! 174: #define IPSECDOI_ID_USER_FQDN 3
! 175: #define IPSECDOI_ID_IPV4_ADDR_SUBNET 4
! 176: #define IPSECDOI_ID_IPV6_ADDR 5
! 177: #define IPSECDOI_ID_IPV6_ADDR_SUBNET 6
! 178: #define IPSECDOI_ID_IPV4_ADDR_RANGE 7
! 179: #define IPSECDOI_ID_IPV6_ADDR_RANGE 8
! 180: #define IPSECDOI_ID_DER_ASN1_DN 9
! 181: #define IPSECDOI_ID_DER_ASN1_GN 10
! 182: #define IPSECDOI_ID_KEY_ID 11
! 183:
! 184: /* compressing doi type, it's internal use. */
! 185: #define IDTYPE_UNDEFINED 0
! 186: #define IDTYPE_FQDN 1
! 187: #define IDTYPE_USERFQDN 2
! 188: #define IDTYPE_KEYID 3
! 189: #define IDTYPE_ADDRESS 4
! 190: #define IDTYPE_ASN1DN 5
! 191: #define IDTYPE_SUBNET 6
! 192:
! 193: /* qualifiers for KEYID (and maybe others) */
! 194: #define IDQUAL_UNSPEC 0
! 195: #define IDQUAL_FILE 1
! 196: #define IDQUAL_TAG 2
! 197:
! 198: /* The use for checking proposal payload. This is not exchange type. */
! 199: #define IPSECDOI_TYPE_PH1 0
! 200: #define IPSECDOI_TYPE_PH2 1
! 201:
! 202: /*
! 203: * Prefix that will make ipsecdoi_sockaddr2id() generate address type
! 204: * identities without knowning the exact length of address.
! 205: */
! 206: #define IPSECDOI_PREFIX_HOST 0xff
! 207:
! 208: struct isakmpsa;
! 209: struct ipsecdoi_pl_sa;
! 210: struct saprop;
! 211: struct saproto;
! 212: struct satrns;
! 213: struct prop_pair;
! 214:
! 215: extern int ipsecdoi_checkph1proposal __P((vchar_t *, struct ph1handle *));
! 216: extern int ipsecdoi_selectph2proposal __P((struct ph2handle *));
! 217: extern int ipsecdoi_checkph2proposal __P((struct ph2handle *));
! 218:
! 219: extern struct prop_pair **get_proppair __P((vchar_t *, int));
! 220: extern vchar_t *get_sabyproppair __P((u_int32_t, u_int32_t, struct prop_pair *));
! 221: extern int ipsecdoi_updatespi __P((struct ph2handle *iph2));
! 222: extern vchar_t *get_sabysaprop __P((struct saprop *, vchar_t *));
! 223: extern int ipsecdoi_chkcmpids( const vchar_t *, const vchar_t *, int );
! 224: extern int ipsecdoi_checkid1 __P((struct ph1handle *));
! 225: extern int ipsecdoi_setid1 __P((struct ph1handle *));
! 226: extern int set_identifier __P((vchar_t **, int, vchar_t *));
! 227: extern int set_identifier_qual __P((vchar_t **, int, vchar_t *, int));
! 228: extern int ipsecdoi_setid2 __P((struct ph2handle *));
! 229: extern vchar_t *ipsecdoi_sockaddr2id __P((struct sockaddr *, u_int, u_int));
! 230: extern int ipsecdoi_id2sockaddr __P((vchar_t *, struct sockaddr *,
! 231: u_int8_t *, u_int16_t *));
! 232: extern char *ipsecdoi_id2str __P((const vchar_t *));
! 233: extern vchar_t *ipsecdoi_sockrange2id __P(( struct sockaddr *,
! 234: struct sockaddr *, u_int));
! 235:
! 236: extern vchar_t *ipsecdoi_setph1proposal __P((struct remoteconf *,
! 237: struct isakmpsa *));
! 238: extern int ipsecdoi_setph2proposal __P((struct ph2handle *));
! 239: extern int ipsecdoi_transportmode __P((struct saprop *));
! 240: extern int ipsecdoi_get_defaultlifetime __P((void));
! 241: extern int ipsecdoi_checkalgtypes __P((int, int, int, int));
! 242: extern int ipproto2doi __P((int));
! 243: extern int doi2ipproto __P((int));
! 244:
! 245: extern int ipsecdoi_t2satrns __P((struct isakmp_pl_t *,
! 246: struct saprop *, struct saproto *, struct satrns *));
! 247: extern int ipsecdoi_authalg2trnsid __P((int));
! 248: extern int idtype2doi __P((int));
! 249: extern int doi2idtype __P((int));
! 250:
! 251: extern int ipsecdoi_parse_responder_lifetime __P((struct isakmp_pl_n *notify,
! 252: u_int32_t *lifetime_sec, u_int32_t *liftime_kb));
! 253:
! 254:
! 255: #endif /* _IPSEC_DOI_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>