156893Sfenner/* 256893Sfenner * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 356893Sfenner * All rights reserved. 4127668Sbms * 556893Sfenner * Redistribution and use in source and binary forms, with or without 656893Sfenner * modification, are permitted provided that the following conditions 756893Sfenner * are met: 856893Sfenner * 1. Redistributions of source code must retain the above copyright 956893Sfenner * notice, this list of conditions and the following disclaimer. 1056893Sfenner * 2. Redistributions in binary form must reproduce the above copyright 1156893Sfenner * notice, this list of conditions and the following disclaimer in the 1256893Sfenner * documentation and/or other materials provided with the distribution. 1356893Sfenner * 3. Neither the name of the project nor the names of its contributors 1456893Sfenner * may be used to endorse or promote products derived from this software 1556893Sfenner * without specific prior written permission. 16127668Sbms * 1756893Sfenner * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 1856893Sfenner * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1956893Sfenner * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2056893Sfenner * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2156893Sfenner * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2256893Sfenner * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2356893Sfenner * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2456893Sfenner * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2556893Sfenner * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2656893Sfenner * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2756893Sfenner * SUCH DAMAGE. 2856893Sfenner */ 29190207Srpaulo/* YIPS @(#)$Id: ipsec_doi.h,v 1.7 2002-12-11 07:13:53 guy Exp $ */ 3056893Sfenner 3156893Sfenner/* refer to RFC 2407 */ 3256893Sfenner 3356893Sfenner#if !defined(_IPSEC_DOI_H_) 3456893Sfenner#define _IPSEC_DOI_H_ 3556893Sfenner 3656893Sfenner#define IPSEC_DOI 1 3756893Sfenner 3856893Sfenner/* 4.2 IPSEC Situation Definition */ 3956893Sfenner#define IPSECDOI_SIT_IDENTITY_ONLY 0x00000001 4056893Sfenner#define IPSECDOI_SIT_SECRECY 0x00000002 4156893Sfenner#define IPSECDOI_SIT_INTEGRITY 0x00000004 4256893Sfenner 4356893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 4456893Sfenner /* 4.4.2 IPSEC ISAKMP Transform Values */ 4556893Sfenner#define IPSECDOI_PROTO_ISAKMP 1 4656893Sfenner#define IPSECDOI_KEY_IKE 1 4756893Sfenner 4856893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 4956893Sfenner#define IPSECDOI_PROTO_IPSEC_AH 2 5056893Sfenner /* 4.4.3 IPSEC AH Transform Values */ 5156893Sfenner#define IPSECDOI_AH_MD5 2 5256893Sfenner#define IPSECDOI_AH_SHA 3 5356893Sfenner#define IPSECDOI_AH_DES 4 5475115Sfenner#define IPSECDOI_AH_SHA2_256 5 5575115Sfenner#define IPSECDOI_AH_SHA2_384 6 5675115Sfenner#define IPSECDOI_AH_SHA2_512 7 5756893Sfenner 5856893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 5956893Sfenner#define IPSECDOI_PROTO_IPSEC_ESP 3 6056893Sfenner /* 4.4.4 IPSEC ESP Transform Identifiers */ 6156893Sfenner#define IPSECDOI_ESP_DES_IV64 1 6256893Sfenner#define IPSECDOI_ESP_DES 2 6356893Sfenner#define IPSECDOI_ESP_3DES 3 6456893Sfenner#define IPSECDOI_ESP_RC5 4 6556893Sfenner#define IPSECDOI_ESP_IDEA 5 6656893Sfenner#define IPSECDOI_ESP_CAST 6 6756893Sfenner#define IPSECDOI_ESP_BLOWFISH 7 6856893Sfenner#define IPSECDOI_ESP_3IDEA 8 6956893Sfenner#define IPSECDOI_ESP_DES_IV32 9 7056893Sfenner#define IPSECDOI_ESP_RC4 10 7156893Sfenner#define IPSECDOI_ESP_NULL 11 7275115Sfenner#define IPSECDOI_ESP_RIJNDAEL 12 7375115Sfenner#define IPSECDOI_ESP_AES 12 7456893Sfenner 7556893Sfenner/* 4.4.1 IPSEC Security Protocol Identifiers */ 7656893Sfenner#define IPSECDOI_PROTO_IPCOMP 4 7756893Sfenner /* 4.4.5 IPSEC IPCOMP Transform Identifiers */ 7856893Sfenner#define IPSECDOI_IPCOMP_OUI 1 7956893Sfenner#define IPSECDOI_IPCOMP_DEFLATE 2 8056893Sfenner#define IPSECDOI_IPCOMP_LZS 3 8156893Sfenner 8256893Sfenner/* 4.5 IPSEC Security Association Attributes */ 8356893Sfenner#define IPSECDOI_ATTR_SA_LTYPE 1 /* B */ 8456893Sfenner#define IPSECDOI_ATTR_SA_LTYPE_DEFAULT 1 8556893Sfenner#define IPSECDOI_ATTR_SA_LTYPE_SEC 1 8656893Sfenner#define IPSECDOI_ATTR_SA_LTYPE_KB 2 8756893Sfenner#define IPSECDOI_ATTR_SA_LDUR 2 /* V */ 8856893Sfenner#define IPSECDOI_ATTR_SA_LDUR_DEFAULT 28800 /* 8 hours */ 8956893Sfenner#define IPSECDOI_ATTR_GRP_DESC 3 /* B */ 9056893Sfenner#define IPSECDOI_ATTR_ENC_MODE 4 /* B */ 9156893Sfenner /* default value: host dependent */ 9256893Sfenner#define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1 9356893Sfenner#define IPSECDOI_ATTR_ENC_MODE_TRNS 2 9456893Sfenner#define IPSECDOI_ATTR_AUTH 5 /* B */ 9575115Sfenner /* 0 means not to use authentication. */ 9656893Sfenner#define IPSECDOI_ATTR_AUTH_HMAC_MD5 1 9756893Sfenner#define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2 9856893Sfenner#define IPSECDOI_ATTR_AUTH_DES_MAC 3 9975115Sfenner#define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/ 10056893Sfenner /* 10175115Sfenner * When negotiating ESP without authentication, the Auth 10275115Sfenner * Algorithm attribute MUST NOT be included in the proposal. 10375115Sfenner * When negotiating ESP without confidentiality, the Auth 10475115Sfenner * Algorithm attribute MUST be included in the proposal and 10575115Sfenner * the ESP transform ID must be ESP_NULL. 10656893Sfenner */ 10756893Sfenner#define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */ 10856893Sfenner#define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */ 10956893Sfenner#define IPSECDOI_ATTR_COMP_DICT_SIZE 8 /* B */ 11056893Sfenner#define IPSECDOI_ATTR_COMP_PRIVALG 9 /* V */ 11156893Sfenner 11256893Sfenner/* 4.6.1 Security Association Payload */ 11356893Sfennerstruct ipsecdoi_sa { 11456893Sfenner struct isakmp_gen h; 11556893Sfenner u_int32_t doi; /* Domain of Interpretation */ 11656893Sfenner u_int32_t sit; /* Situation */ 11756893Sfenner}; 11856893Sfenner 11956893Sfennerstruct ipsecdoi_secrecy_h { 12056893Sfenner u_int16_t len; 12156893Sfenner u_int16_t reserved; 12256893Sfenner}; 12356893Sfenner 12456893Sfenner/* 4.6.2.1 Identification Type Values */ 12556893Sfennerstruct ipsecdoi_id { 12656893Sfenner struct isakmp_gen h; 12756893Sfenner u_int8_t type; /* ID Type */ 12856893Sfenner u_int8_t proto_id; /* Protocol ID */ 12956893Sfenner u_int16_t port; /* Port */ 13056893Sfenner /* Identification Data */ 13156893Sfenner}; 13256893Sfenner 13356893Sfenner#define IPSECDOI_ID_IPV4_ADDR 1 13456893Sfenner#define IPSECDOI_ID_FQDN 2 13556893Sfenner#define IPSECDOI_ID_USER_FQDN 3 13656893Sfenner#define IPSECDOI_ID_IPV4_ADDR_SUBNET 4 13756893Sfenner#define IPSECDOI_ID_IPV6_ADDR 5 13856893Sfenner#define IPSECDOI_ID_IPV6_ADDR_SUBNET 6 13956893Sfenner#define IPSECDOI_ID_IPV4_ADDR_RANGE 7 14056893Sfenner#define IPSECDOI_ID_IPV6_ADDR_RANGE 8 14156893Sfenner#define IPSECDOI_ID_DER_ASN1_DN 9 14256893Sfenner#define IPSECDOI_ID_DER_ASN1_GN 10 14356893Sfenner#define IPSECDOI_ID_KEY_ID 11 14456893Sfenner 14556893Sfenner/* 4.6.3 IPSEC DOI Notify Message Types */ 14656893Sfenner/* Notify Messages - Status Types */ 14756893Sfenner#define IPSECDOI_NTYPE_RESPONDER_LIFETIME 24576 14856893Sfenner#define IPSECDOI_NTYPE_REPLAY_STATUS 24577 14956893Sfenner#define IPSECDOI_NTYPE_INITIAL_CONTACT 24578 15056893Sfenner 15156893Sfenner#endif /* !defined(_IPSEC_DOI_H_) */ 152