1 /* 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 /* YIPS @(#)$Id: ipsec_doi.h,v 1.7 2002/12/11 07:13:53 guy Exp $ */ 30 31 /* refer to RFC 2407 */ 32 33 #if !defined(_IPSEC_DOI_H_) 34 #define _IPSEC_DOI_H_ 35 36 #define IPSEC_DOI 1 37 38 /* 4.2 IPSEC Situation Definition */ 39 #define IPSECDOI_SIT_IDENTITY_ONLY 0x00000001 40 #define IPSECDOI_SIT_SECRECY 0x00000002 41 #define IPSECDOI_SIT_INTEGRITY 0x00000004 42 43 /* 4.4.1 IPSEC Security Protocol Identifiers */ 44 /* 4.4.2 IPSEC ISAKMP Transform Values */ 45 #define IPSECDOI_PROTO_ISAKMP 1 46 #define IPSECDOI_KEY_IKE 1 47 48 /* 4.4.1 IPSEC Security Protocol Identifiers */ 49 #define IPSECDOI_PROTO_IPSEC_AH 2 50 /* 4.4.3 IPSEC AH Transform Values */ 51 #define IPSECDOI_AH_MD5 2 52 #define IPSECDOI_AH_SHA 3 53 #define IPSECDOI_AH_DES 4 54 #define IPSECDOI_AH_SHA2_256 5 55 #define IPSECDOI_AH_SHA2_384 6 56 #define IPSECDOI_AH_SHA2_512 7 57 58 /* 4.4.1 IPSEC Security Protocol Identifiers */ 59 #define IPSECDOI_PROTO_IPSEC_ESP 3 60 /* 4.4.4 IPSEC ESP Transform Identifiers */ 61 #define IPSECDOI_ESP_DES_IV64 1 62 #define IPSECDOI_ESP_DES 2 63 #define IPSECDOI_ESP_3DES 3 64 #define IPSECDOI_ESP_RC5 4 65 #define IPSECDOI_ESP_IDEA 5 66 #define IPSECDOI_ESP_CAST 6 67 #define IPSECDOI_ESP_BLOWFISH 7 68 #define IPSECDOI_ESP_3IDEA 8 69 #define IPSECDOI_ESP_DES_IV32 9 70 #define IPSECDOI_ESP_RC4 10 71 #define IPSECDOI_ESP_NULL 11 72 #define IPSECDOI_ESP_RIJNDAEL 12 73 #define IPSECDOI_ESP_AES 12 74 75 /* 4.4.1 IPSEC Security Protocol Identifiers */ 76 #define IPSECDOI_PROTO_IPCOMP 4 77 /* 4.4.5 IPSEC IPCOMP Transform Identifiers */ 78 #define IPSECDOI_IPCOMP_OUI 1 79 #define IPSECDOI_IPCOMP_DEFLATE 2 80 #define IPSECDOI_IPCOMP_LZS 3 81 82 /* 4.5 IPSEC Security Association Attributes */ 83 #define IPSECDOI_ATTR_SA_LTYPE 1 /* B */ 84 #define IPSECDOI_ATTR_SA_LTYPE_DEFAULT 1 85 #define IPSECDOI_ATTR_SA_LTYPE_SEC 1 86 #define IPSECDOI_ATTR_SA_LTYPE_KB 2 87 #define IPSECDOI_ATTR_SA_LDUR 2 /* V */ 88 #define IPSECDOI_ATTR_SA_LDUR_DEFAULT 28800 /* 8 hours */ 89 #define IPSECDOI_ATTR_GRP_DESC 3 /* B */ 90 #define IPSECDOI_ATTR_ENC_MODE 4 /* B */ 91 /* default value: host dependent */ 92 #define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1 93 #define IPSECDOI_ATTR_ENC_MODE_TRNS 2 94 #define IPSECDOI_ATTR_AUTH 5 /* B */ 95 /* 0 means not to use authentication. */ 96 #define IPSECDOI_ATTR_AUTH_HMAC_MD5 1 97 #define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2 98 #define IPSECDOI_ATTR_AUTH_DES_MAC 3 99 #define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/ 100 /* 101 * When negotiating ESP without authentication, the Auth 102 * Algorithm attribute MUST NOT be included in the proposal. 103 * When negotiating ESP without confidentiality, the Auth 104 * Algorithm attribute MUST be included in the proposal and 105 * the ESP transform ID must be ESP_NULL. 106 */ 107 #define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */ 108 #define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */ 109 #define IPSECDOI_ATTR_COMP_DICT_SIZE 8 /* B */ 110 #define IPSECDOI_ATTR_COMP_PRIVALG 9 /* V */ 111 112 /* 4.6.1 Security Association Payload */ 113 struct ipsecdoi_sa { 114 struct isakmp_gen h; 115 u_int32_t doi; /* Domain of Interpretation */ 116 u_int32_t sit; /* Situation */ 117 }; 118 119 struct ipsecdoi_secrecy_h { 120 u_int16_t len; 121 u_int16_t reserved; 122 }; 123 124 /* 4.6.2.1 Identification Type Values */ 125 struct ipsecdoi_id { 126 struct isakmp_gen h; 127 u_int8_t type; /* ID Type */ 128 u_int8_t proto_id; /* Protocol ID */ 129 u_int16_t port; /* Port */ 130 /* Identification Data */ 131 }; 132 133 #define IPSECDOI_ID_IPV4_ADDR 1 134 #define IPSECDOI_ID_FQDN 2 135 #define IPSECDOI_ID_USER_FQDN 3 136 #define IPSECDOI_ID_IPV4_ADDR_SUBNET 4 137 #define IPSECDOI_ID_IPV6_ADDR 5 138 #define IPSECDOI_ID_IPV6_ADDR_SUBNET 6 139 #define IPSECDOI_ID_IPV4_ADDR_RANGE 7 140 #define IPSECDOI_ID_IPV6_ADDR_RANGE 8 141 #define IPSECDOI_ID_DER_ASN1_DN 9 142 #define IPSECDOI_ID_DER_ASN1_GN 10 143 #define IPSECDOI_ID_KEY_ID 11 144 145 /* 4.6.3 IPSEC DOI Notify Message Types */ 146 /* Notify Messages - Status Types */ 147 #define IPSECDOI_NTYPE_RESPONDER_LIFETIME 24576 148 #define IPSECDOI_NTYPE_REPLAY_STATUS 24577 149 #define IPSECDOI_NTYPE_INITIAL_CONTACT 24578 150 151 #endif /* !defined(_IPSEC_DOI_H_) */ 152