ipsec_doi.h revision 56893
156893Sfenner/* 256893Sfenner * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 356893Sfenner * All rights reserved. 456893Sfenner * 556893Sfenner * Redistribution and use in source and binary forms, with or without 656893Sfenner * modification, are permitted provided that the following conditions 756893Sfenner * are met: 856893Sfenner * 1. Redistributions of source code must retain the above copyright 956893Sfenner * notice, this list of conditions and the following disclaimer. 1056893Sfenner * 2. Redistributions in binary form must reproduce the above copyright 1156893Sfenner * notice, this list of conditions and the following disclaimer in the 1256893Sfenner * documentation and/or other materials provided with the distribution. 1356893Sfenner * 3. Neither the name of the project nor the names of its contributors 1456893Sfenner * may be used to endorse or promote products derived from this software 1556893Sfenner * without specific prior written permission. 1656893Sfenner * 1756893Sfenner * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 1856893Sfenner * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1956893Sfenner * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2056893Sfenner * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2156893Sfenner * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2256893Sfenner * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2356893Sfenner * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2456893Sfenner * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2556893Sfenner * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2656893Sfenner * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2756893Sfenner * SUCH DAMAGE. 2856893Sfenner */ 2956893Sfenner/* YIPS @(#)$Id: ipsec_doi.h,v 1.1 1999/10/30 05:11:09 itojun Exp $ */ 3056893Sfenner 3156893Sfenner/* refer to RFC 2407 */ 3256893Sfenner 3356893Sfenner#if !defined(_IPSEC_DOI_H_) 3456893Sfenner#define _IPSEC_DOI_H_ 3556893Sfenner 3656893Sfenner#define IPSEC_DOI 1 3756893Sfenner 3856893Sfenner/* 4.2 IPSEC Situation Definition */ 3956893Sfenner#define IPSECDOI_SIT_IDENTITY_ONLY 0x00000001 4056893Sfenner#define IPSECDOI_SIT_SECRECY 0x00000002 4156893Sfenner#define IPSECDOI_SIT_INTEGRITY 0x00000004 4256893Sfenner 4356893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 4456893Sfenner /* 4.4.2 IPSEC ISAKMP Transform Values */ 4556893Sfenner#define IPSECDOI_PROTO_ISAKMP 1 4656893Sfenner#define IPSECDOI_KEY_IKE 1 4756893Sfenner 4856893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 4956893Sfenner#define IPSECDOI_PROTO_IPSEC_AH 2 5056893Sfenner /* 4.4.3 IPSEC AH Transform Values */ 5156893Sfenner#define IPSECDOI_AH_MD5 2 5256893Sfenner#define IPSECDOI_AH_SHA 3 5356893Sfenner#define IPSECDOI_AH_DES 4 5456893Sfenner 5556893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 5656893Sfenner#define IPSECDOI_PROTO_IPSEC_ESP 3 5756893Sfenner /* 4.4.4 IPSEC ESP Transform Identifiers */ 5856893Sfenner#define IPSECDOI_ESP_DES_IV64 1 5956893Sfenner#define IPSECDOI_ESP_DES 2 6056893Sfenner#define IPSECDOI_ESP_3DES 3 6156893Sfenner#define IPSECDOI_ESP_RC5 4 6256893Sfenner#define IPSECDOI_ESP_IDEA 5 6356893Sfenner#define IPSECDOI_ESP_CAST 6 6456893Sfenner#define IPSECDOI_ESP_BLOWFISH 7 6556893Sfenner#define IPSECDOI_ESP_3IDEA 8 6656893Sfenner#define IPSECDOI_ESP_DES_IV32 9 6756893Sfenner#define IPSECDOI_ESP_RC4 10 6856893Sfenner#define IPSECDOI_ESP_NULL 11 6956893Sfenner 7056893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 7156893Sfenner#define IPSECDOI_PROTO_IPCOMP 4 7256893Sfenner /* 4.4.5 IPSEC IPCOMP Transform Identifiers */ 7356893Sfenner#define IPSECDOI_IPCOMP_OUI 1 7456893Sfenner#define IPSECDOI_IPCOMP_DEFLATE 2 7556893Sfenner#define IPSECDOI_IPCOMP_LZS 3 7656893Sfenner#define IPSECDOI_IPCOMP_V42BIS 4 7756893Sfenner 7856893Sfenner/* 4.5 IPSEC Security Association Attributes */ 7956893Sfenner#define IPSECDOI_ATTR_SA_LTYPE 1 /* B */ 8056893Sfenner#define IPSECDOI_ATTR_SA_LTYPE_DEFAULT 1 8156893Sfenner#define IPSECDOI_ATTR_SA_LTYPE_SEC 1 8256893Sfenner#define IPSECDOI_ATTR_SA_LTYPE_KB 2 8356893Sfenner#define IPSECDOI_ATTR_SA_LDUR 2 /* V */ 8456893Sfenner#define IPSECDOI_ATTR_SA_LDUR_DEFAULT 28800 /* 8 hours */ 8556893Sfenner#define IPSECDOI_ATTR_GRP_DESC 3 /* B */ 8656893Sfenner#define IPSECDOI_ATTR_ENC_MODE 4 /* B */ 8756893Sfenner /* default value: host dependent */ 8856893Sfenner#define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1 8956893Sfenner#define IPSECDOI_ATTR_ENC_MODE_TRNS 2 9056893Sfenner#define IPSECDOI_ATTR_AUTH 5 /* B */ 9156893Sfenner#define IPSECDOI_ATTR_AUTH_HMAC_MD5 1 9256893Sfenner#define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2 9356893Sfenner#define IPSECDOI_ATTR_AUTH_DES_MAC 3 9456893Sfenner#define IPSECDOI_ATTR_AUTH_KPDK 4 9556893Sfenner /* 9656893Sfenner When negotiating ESP without authentication, the Auth 9756893Sfenner Algorithm attribute MUST NOT be included in the proposal. 9856893Sfenner When negotiating ESP without confidentiality, the Auth 9956893Sfenner Algorithm attribute MUST be included in the proposal and 10056893Sfenner the ESP transform ID must be ESP_NULL. 10156893Sfenner */ 10256893Sfenner#define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */ 10356893Sfenner#define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */ 10456893Sfenner#define IPSECDOI_ATTR_COMP_DICT_SIZE 8 /* B */ 10556893Sfenner#define IPSECDOI_ATTR_COMP_PRIVALG 9 /* V */ 10656893Sfenner 10756893Sfenner/* 4.6.1 Security Association Payload */ 10856893Sfennerstruct ipsecdoi_sa { 10956893Sfenner struct isakmp_gen h; 11056893Sfenner u_int32_t doi; /* Domain of Interpretation */ 11156893Sfenner u_int32_t sit; /* Situation */ 11256893Sfenner}; 11356893Sfenner 11456893Sfennerstruct ipsecdoi_secrecy_h { 11556893Sfenner u_int16_t len; 11656893Sfenner u_int16_t reserved; 11756893Sfenner}; 11856893Sfenner 11956893Sfenner/* 4.6.2.1 Identification Type Values */ 12056893Sfennerstruct ipsecdoi_id { 12156893Sfenner struct isakmp_gen h; 12256893Sfenner u_int8_t type; /* ID Type */ 12356893Sfenner u_int8_t proto_id; /* Protocol ID */ 12456893Sfenner u_int16_t port; /* Port */ 12556893Sfenner /* Identification Data */ 12656893Sfenner}; 12756893Sfenner 12856893Sfenner#define IPSECDOI_ID_IPV4_ADDR 1 12956893Sfenner#define IPSECDOI_ID_FQDN 2 13056893Sfenner#define IPSECDOI_ID_USER_FQDN 3 13156893Sfenner#define IPSECDOI_ID_IPV4_ADDR_SUBNET 4 13256893Sfenner#define IPSECDOI_ID_IPV6_ADDR 5 13356893Sfenner#define IPSECDOI_ID_IPV6_ADDR_SUBNET 6 13456893Sfenner#define IPSECDOI_ID_IPV4_ADDR_RANGE 7 13556893Sfenner#define IPSECDOI_ID_IPV6_ADDR_RANGE 8 13656893Sfenner#define IPSECDOI_ID_DER_ASN1_DN 9 13756893Sfenner#define IPSECDOI_ID_DER_ASN1_GN 10 13856893Sfenner#define IPSECDOI_ID_KEY_ID 11 13956893Sfenner 14056893Sfenner/* 4.6.3 IPSEC DOI Notify Message Types */ 14156893Sfenner/* Notify Messages - Status Types */ 14256893Sfenner#define IPSECDOI_NTYPE_RESPONDER_LIFETIME 24576 14356893Sfenner#define IPSECDOI_NTYPE_REPLAY_STATUS 24577 14456893Sfenner#define IPSECDOI_NTYPE_INITIAL_CONTACT 24578 14556893Sfenner 14656893Sfenner#if 0 14756893Sfenner/* ipsec sa structure */ 14856893Sfennerstruct ipsec_sa { 14956893Sfenner u_int8_t proto_id; /* Protocol id */ 15056893Sfenner vchar_t *spi; /* spi to receive, network byte order */ 15156893Sfenner vchar_t *spi_p; /* spi to send, network byte order */ 15256893Sfenner vchar_t *keymat; /* KEYMAT */ 15356893Sfenner u_int8_t t_id; /* transform id */ 15456893Sfenner u_int8_t enc_t; /* type of cipher */ 15556893Sfenner u_int8_t mode_t; /* tunnel or transport */ 15656893Sfenner u_int8_t hash_t; /* type of hash */ 15756893Sfenner u_int8_t life_t; /* type of duration of lifetime */ 15856893Sfenner u_int32_t ldur; /* life duration */ 15956893Sfenner u_int8_t dhgrp; /* DH; group */ 16056893Sfenner struct ipsec_sa *next; 16156893Sfenner}; 16256893Sfenner#endif 16356893Sfenner 16456893Sfenner#endif /* !defined(_IPSEC_DOI_H_) */ 165