diff options
Diffstat (limited to 'src/pluto/constants.h')
-rw-r--r-- | src/pluto/constants.h | 258 |
1 files changed, 119 insertions, 139 deletions
diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 5fe936e08..8c574ebc5 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -16,6 +16,8 @@ #ifndef _CONSTANTS_H #define _CONSTANTS_H +#include <freeswan.h> + #include <utils.h> #include <utils/identification.h> #include <crypto/hashers/hasher.h> @@ -135,19 +137,23 @@ extern const char sparse_end[]; * and in http://www.iana.org/assignments/isakmp-registry */ enum ipsec_authentication_algo { - AH_NONE = 0, - AH_MD5 = 2, - AH_SHA = 3, - AH_DES = 4, - AH_SHA2_256 = 5, - AH_SHA2_384 = 6, - AH_SHA2_512 = 7, - AH_RIPEMD = 8, - AH_AES_XCBC_MAC = 9, - AH_RSA = 10 + AH_NONE = 0, + AH_MD5 = 2, + AH_SHA = 3, + AH_DES = 4, + AH_SHA2_256 = 5, + AH_SHA2_384 = 6, + AH_SHA2_512 = 7, + AH_RIPEMD = 8, + AH_AES_XCBC_MAC = 9, + AH_RSA = 10, + AH_AES_128_GMAC = 11, + AH_AES_192_GMAC = 12, + AH_AES_256_GMAC = 13, + AH_SHA2_256_96 = 252 }; -extern enum_names ah_transformid_names; +extern enum_names ah_transform_names; /* IPsec ESP transform values * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 @@ -155,45 +161,45 @@ extern enum_names ah_transformid_names; */ enum ipsec_cipher_algo { - ESP_NONE = 0, - ESP_DES_IV64 = 1, - ESP_DES = 2, - ESP_3DES = 3, - ESP_RC5 = 4, - ESP_IDEA = 5, - ESP_CAST = 6, - ESP_BLOWFISH = 7, - ESP_3IDEA = 8, - ESP_DES_IV32 = 9, - ESP_RC4 = 10, - ESP_NULL = 11, - ESP_AES = 12, - ESP_AES_CTR = 13, - ESP_AES_CCM_8 = 14, - ESP_AES_CCM_12 = 15, - ESP_AES_CCM_16 = 16, - ESP_UNASSIGNED_17 = 17, - ESP_AES_GCM_8 = 18, - ESP_AES_GCM_12 = 19, - ESP_AES_GCM_16 = 20, - ESP_SEED_CBC = 21, - ESP_CAMELLIA = 22, - ESP_SERPENT = 252, - ESP_TWOFISH = 253 + ESP_NONE = 0, + ESP_DES_IV64 = 1, + ESP_DES = 2, + ESP_3DES = 3, + ESP_RC5 = 4, + ESP_IDEA = 5, + ESP_CAST = 6, + ESP_BLOWFISH = 7, + ESP_3IDEA = 8, + ESP_DES_IV32 = 9, + ESP_RC4 = 10, + ESP_NULL = 11, + ESP_AES = 12, + ESP_AES_CTR = 13, + ESP_AES_CCM_8 = 14, + ESP_AES_CCM_12 = 15, + ESP_AES_CCM_16 = 16, + ESP_UNASSIGNED_17 = 17, + ESP_AES_GCM_8 = 18, + ESP_AES_GCM_12 = 19, + ESP_AES_GCM_16 = 20, + ESP_SEED_CBC = 21, + ESP_CAMELLIA = 22, + ESP_SERPENT = 252, + ESP_TWOFISH = 253 }; -extern enum_names esp_transformid_names; +extern enum_names esp_transform_names; /* IPCOMP transform values * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 */ enum ipsec_comp_algo { - IPSCOMP_NONE = 0, - IPCOMP_OUI = 1, - IPCOMP_DEFLATE = 2, - IPCOMP_LZS = 3, - IPCOMP_LZJH = 4 + IPSCOMP_NONE = 0, + IPCOMP_OUI = 1, + IPCOMP_DEFLATE = 2, + IPCOMP_LZS = 3, + IPCOMP_LZJH = 4 }; extern enum_names ipcomp_transformid_names; @@ -202,18 +208,18 @@ extern enum_names ipcomp_transformid_names; * RFC 2408 ISAKMP, chapter 3.9 */ enum ipsec_cert_type { - CERT_NONE= 0, - CERT_PKCS7_WRAPPED_X509= 1, - CERT_PGP= 2, - CERT_DNS_SIGNED_KEY= 3, - CERT_X509_SIGNATURE= 4, - CERT_X509_KEY_EXCHANGE= 5, - CERT_KERBEROS_TOKENS= 6, - CERT_CRL= 7, - CERT_ARL= 8, - CERT_SPKI= 9, - CERT_X509_ATTRIBUTE= 10, - CERT_RAW_RSA_KEY= 11 + CERT_NONE= 0, + CERT_PKCS7_WRAPPED_X509= 1, + CERT_PGP= 2, + CERT_DNS_SIGNED_KEY= 3, + CERT_X509_SIGNATURE= 4, + CERT_X509_KEY_EXCHANGE= 5, + CERT_KERBEROS_TOKENS= 6, + CERT_CRL= 7, + CERT_ARL= 8, + CERT_SPKI= 9, + CERT_X509_ATTRIBUTE= 10, + CERT_RAW_RSA_KEY= 11 }; /* RFC 2560 OCSP - certificate status */ @@ -225,21 +231,6 @@ typedef enum { CERT_UNDEFINED = 3 } cert_status_t; -/* RFC 2459 CRL reason codes */ - -extern enum_name_t *crl_reason_names; - -typedef enum { - REASON_UNSPECIFIED = 0, - REASON_KEY_COMPROMISE = 1, - REASON_CA_COMPROMISE = 2, - REASON_AFFILIATION_CHANGED = 3, - REASON_SUPERSEDED = 4, - REASON_CESSATION_OF_OPERATON = 5, - REASON_CERTIFICATE_HOLD = 6, - REASON_REMOVE_FROM_CRL = 8 -} crl_reason_t; - /* RFC 3706 Dead Peer Detection */ extern enum_name_t *dpd_action_names; @@ -549,24 +540,6 @@ extern const char *const payload_name[]; extern enum_names attr_msg_type_names; -/* Mode Config attribute values */ -#define INTERNAL_IP4_ADDRESS 1 -#define INTERNAL_IP4_NETMASK 2 -#define INTERNAL_IP4_DNS 3 -#define INTERNAL_IP4_NBNS 4 -#define INTERNAL_ADDRESS_EXPIRY 5 -#define INTERNAL_IP4_DHCP 6 -#define APPLICATION_VERSION 7 -#define INTERNAL_IP6_ADDRESS 8 -#define INTERNAL_IP6_NETMASK 9 -#define INTERNAL_IP6_DNS 10 -#define INTERNAL_IP6_NBNS 11 -#define INTERNAL_IP6_DHCP 12 -#define INTERNAL_IP4_SUBNET 13 -#define SUPPORTED_ATTRIBUTES 14 -#define INTERNAL_IP6_SUBNET 15 - - extern enum_names modecfg_attr_names; /* XAUTH attribute values */ @@ -704,10 +677,10 @@ extern enum_name_t *cert_policy_names; typedef enum certpolicy { CERT_ALWAYS_SEND = 0, - CERT_SEND_IF_ASKED = 1, + CERT_SEND_IF_ASKED = 1, CERT_NEVER_SEND = 2, - CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */ + CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */ CERT_NO_SEND = 4 /* synonym for CERT_NEVER_SEND */ } certpolicy_t; @@ -883,18 +856,22 @@ extern enum_names enc_mode_names; extern enum_names auth_alg_names, extended_auth_alg_names; -#define AUTH_ALGORITHM_NONE 0 /* our private designation */ -#define AUTH_ALGORITHM_HMAC_MD5 1 -#define AUTH_ALGORITHM_HMAC_SHA1 2 -#define AUTH_ALGORITHM_DES_MAC 3 -#define AUTH_ALGORITHM_KPDK 4 -#define AUTH_ALGORITHM_HMAC_SHA2_256 5 -#define AUTH_ALGORITHM_HMAC_SHA2_384 6 -#define AUTH_ALGORITHM_HMAC_SHA2_512 7 -#define AUTH_ALGORITHM_HMAC_RIPEMD 8 -#define AUTH_ALGORITHM_AES_XCBC_MAC 9 -#define AUTH_ALGORITHM_SIG_RSA 10 -#define AUTH_ALGORITHM_NULL 251 +#define AUTH_ALGORITHM_NONE 0 /* our private designation */ +#define AUTH_ALGORITHM_HMAC_MD5 1 +#define AUTH_ALGORITHM_HMAC_SHA1 2 +#define AUTH_ALGORITHM_DES_MAC 3 +#define AUTH_ALGORITHM_KPDK 4 +#define AUTH_ALGORITHM_HMAC_SHA2_256 5 +#define AUTH_ALGORITHM_HMAC_SHA2_384 6 +#define AUTH_ALGORITHM_HMAC_SHA2_512 7 +#define AUTH_ALGORITHM_HMAC_RIPEMD 8 +#define AUTH_ALGORITHM_AES_XCBC_MAC 9 +#define AUTH_ALGORITHM_SIG_RSA 10 +#define AUTH_ALGORITHM_AES_128_GMAC 11 +#define AUTH_ALGORITHM_AES_192_GMAC 12 +#define AUTH_ALGORITHM_AES_256_GMAC 13 +#define AUTH_ALGORITHM_NULL 251 +#define AUTH_ALGORITHM_HMAC_SHA2_256_96 252 /* Oakley Lifetime Type attribute * draft-ietf-ipsec-ike-01.txt appendix A @@ -1026,52 +1003,55 @@ extern enum_names notification_names; extern enum_names ipsec_notification_names; typedef enum { - NOTHING_WRONG = 0, /* unofficial! */ - - INVALID_PAYLOAD_TYPE = 1, - DOI_NOT_SUPPORTED = 2, - SITUATION_NOT_SUPPORTED = 3, - INVALID_COOKIE = 4, - INVALID_MAJOR_VERSION = 5, - INVALID_MINOR_VERSION = 6, - INVALID_EXCHANGE_TYPE = 7, - INVALID_FLAGS = 8, - INVALID_MESSAGE_ID = 9, - INVALID_PROTOCOL_ID = 10, - INVALID_SPI = 11, - INVALID_TRANSFORM_ID = 12, - ATTRIBUTES_NOT_SUPPORTED = 13, - NO_PROPOSAL_CHOSEN = 14, - BAD_PROPOSAL_SYNTAX = 15, - PAYLOAD_MALFORMED = 16, - INVALID_KEY_INFORMATION = 17, - INVALID_ID_INFORMATION = 18, - INVALID_CERT_ENCODING = 19, - INVALID_CERTIFICATE = 20, - CERT_TYPE_UNSUPPORTED = 21, - INVALID_CERT_AUTHORITY = 22, - INVALID_HASH_INFORMATION = 23, - AUTHENTICATION_FAILED = 24, - INVALID_SIGNATURE = 25, - ADDRESS_NOTIFICATION = 26, - NOTIFY_SA_LIFETIME = 27, - CERTIFICATE_UNAVAILABLE = 28, - UNSUPPORTED_EXCHANGE_TYPE = 29, - UNEQUAL_PAYLOAD_LENGTHS = 30, + ISAKMP_NOTHING_WRONG = 0, /* unofficial! */ + + ISAKMP_INVALID_PAYLOAD_TYPE = 1, + ISAKMP_DOI_NOT_SUPPORTED = 2, + ISAKMP_SITUATION_NOT_SUPPORTED = 3, + ISAKMP_INVALID_COOKIE = 4, + ISAKMP_INVALID_MAJOR_VERSION = 5, + ISAKMP_INVALID_MINOR_VERSION = 6, + ISAKMP_INVALID_EXCHANGE_TYPE = 7, + ISAKMP_INVALID_FLAGS = 8, + ISAKMP_INVALID_MESSAGE_ID = 9, + ISAKMP_INVALID_PROTOCOL_ID = 10, + ISAKMP_INVALID_SPI = 11, + ISAKMP_INVALID_TRANSFORM_ID = 12, + ISAKMP_ATTRIBUTES_NOT_SUPPORTED = 13, + ISAKMP_NO_PROPOSAL_CHOSEN = 14, + ISAKMP_BAD_PROPOSAL_SYNTAX = 15, + ISAKMP_PAYLOAD_MALFORMED = 16, + ISAKMP_INVALID_KEY_INFORMATION = 17, + ISAKMP_INVALID_ID_INFORMATION = 18, + ISAKMP_INVALID_CERT_ENCODING = 19, + ISAKMP_INVALID_CERTIFICATE = 20, + ISAKMP_CERT_TYPE_UNSUPPORTED = 21, + ISAKMP_INVALID_CERT_AUTHORITY = 22, + ISAKMP_INVALID_HASH_INFORMATION = 23, + ISAKMP_AUTHENTICATION_FAILED = 24, + ISAKMP_INVALID_SIGNATURE = 25, + ISAKMP_ADDRESS_NOTIFICATION = 26, + ISAKMP_NOTIFY_SA_LIFETIME = 27, + ISAKMP_CERTIFICATE_UNAVAILABLE = 28, + ISAKMP_UNSUPPORTED_EXCHANGE_TYPE = 29, + ISAKMP_UNEQUAL_PAYLOAD_LENGTHS = 30, /* ISAKMP status type */ - CONNECTED = 16384, + ISAKMP_CONNECTED = 16384, /* IPSEC DOI additions; status types (RFC2407 IPSEC DOI 4.6.3) * These must be sent under the protection of an ISAKMP SA. */ - IPSEC_RESPONDER_LIFETIME = 24576, - IPSEC_REPLAY_STATUS = 24577, - IPSEC_INITIAL_CONTACT = 24578, + IPSEC_RESPONDER_LIFETIME = 24576, + IPSEC_REPLAY_STATUS = 24577, + IPSEC_INITIAL_CONTACT = 24578, /* RFC 3706 DPD */ - R_U_THERE = 36136, - R_U_THERE_ACK = 36137 + R_U_THERE = 36136, + R_U_THERE_ACK = 36137, + + /* Juniper SRX private use */ + NS_NHTB_INFORM = 40001 } notification_t; |