search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
import of 0.2-rm+zomb-pre4
[vpnc.git] / isakmp.h
blob4468676d9bbcede7ae0c600ee08049ccae596438
1 /* ISAKMP constants.
2 Copyright (C) 2002 Geoffrey Keating
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19 /* Flag bits for header. */
20 #define ISAKMP_FLAG_E 0x1
21 #define ISAKMP_FLAG_C 0x2
22 #define ISAKMP_FLAG_A 0x4
23
24 /* Payload types */
25 enum isakmp_payload_enum {
26 ISAKMP_PAYLOAD_NONE = 0,
27 ISAKMP_PAYLOAD_SA,
28 ISAKMP_PAYLOAD_P,
29 ISAKMP_PAYLOAD_T,
30 ISAKMP_PAYLOAD_KE,
31 ISAKMP_PAYLOAD_ID,
32 ISAKMP_PAYLOAD_CERT,
33 ISAKMP_PAYLOAD_CR,
34 ISAKMP_PAYLOAD_HASH,
35 ISAKMP_PAYLOAD_SIG,
36 ISAKMP_PAYLOAD_NONCE,
37 ISAKMP_PAYLOAD_N,
38 ISAKMP_PAYLOAD_D,
39 ISAKMP_PAYLOAD_VID,
40 ISAKMP_PAYLOAD_MODECFG_ATTR,
41 LAST_ISAKMP_PAYLOAD
42 };
43
44 /* Exchange types. */
45 enum isakmp_exchange_enum {
46 ISAKMP_EXCHANGE_NONE = 0,
47 ISAKMP_EXCHANGE_BASE,
48 ISAKMP_EXCHANGE_IDENTITY,
49 ISAKMP_EXCHANGE_AUTH_ONLY,
50 ISAKMP_EXCHANGE_AGGRESSIVE,
51 ISAKMP_EXCHANGE_INFORMATIONAL,
52 ISAKMP_EXCHANGE_MODECFG_TRANSACTION,
53 ISAKMP_EXCHANGE_IKE_QUICK = 32,
54 ISAKMP_EXCHANGE_IKE_NEW_GROUP
55 };
56
57 /* DOI types. */
58 #define ISAKMP_DOI_GENERIC 0
59 #define ISAKMP_DOI_IPSEC 1
60
61 /* Notify message types. */
62 enum isakmp_notify_enum {
63 ISAKMP_N_INVALID_PAYLOAD_TYPE = 1,
64 ISAKMP_N_DOI_NOT_SUPPORTED,
65 ISAKMP_N_SITUATION_NOT_SUPPORTED,
66 ISAKMP_N_INVALID_COOKIE,
67 ISAKMP_N_INVALID_MAJOR_VERSION,
68 ISAKMP_N_INVALID_MINOR_VERSION,
69 ISAKMP_N_INVALID_EXCHANGE_TYPE,
70 ISAKMP_N_INVALID_FLAGS,
71 ISAKMP_N_INVALID_MESSAGE_ID,
72 ISAKMP_N_INVALID_PROTOCOL_ID,
73 ISAKMP_N_INVALID_SPI,
74 ISAKMP_N_INVALID_TRANSFORM_ID,
75 ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED,
76 ISAKMP_N_NO_PROPOSAL_CHOSEN,
77 ISAKMP_N_BAD_PROPOSAL_SYNTAX,
78 ISAKMP_N_PAYLOAD_MALFORMED,
79 ISAKMP_N_INVALID_KEY_INFORMATION,
80 ISAKMP_N_INVALID_ID_INFORMATION,
81 ISAKMP_N_INVALID_CERT_ENCODING,
82 ISAKMP_N_INVALID_CERTIFICATE,
83 ISAKMP_N_CERT_TYPE_UNSUPPORTED,
84 ISAKMP_N_INVALID_CERT_AUTHORITY,
85 ISAKMP_N_INVALID_HASH_INFORMATION,
86 ISAKMP_N_AUTHENTICATION_FAILED,
87 ISAKMP_N_INVALID_SIGNATURE,
88 ISAKMP_N_ADDRESS_NOTIFICATION,
89 ISAKMP_N_NOTIFY_SA_LIFETIME,
90 ISAKMP_N_CERTIFICATE_UNAVAILABLE,
91 ISAKMP_N_UNSUPPORTED_EXCHANGE_TYPE,
92 ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS,
93 ISAKMP_N_CONNECTED = 16384,
94 ISAKMP_N_IPSEC_RESPONDER_LIFETIME = 24576,
95 ISAKMP_N_IPSEC_REPLAY_STATUS,
96 ISAKMP_N_IPSEC_INITIAL_CONTACT
97 };
98
99 /* IKE attribute types. */
100 enum {
101 IKE_ATTRIB_ENC = 1,
102 IKE_ATTRIB_HASH,
103 IKE_ATTRIB_AUTH_METHOD,
104 IKE_ATTRIB_GROUP_DESC,
105 IKE_ATTRIB_GROUP_TYPE,
106 IKE_ATTRIB_GROUP_PRIME,
107 IKE_ATTRIB_GROUP_GEN_1,
108 IKE_ATTRIB_GROUP_GEN_2,
109 IKE_ATTRIB_GROUP_CURVE_A,
110 IKE_ATTRIB_GROUP_CURVE_B,
111 IKE_ATTRIB_LIFE_TYPE,
112 IKE_ATTRIB_LIFE_DURATION,
113 IKE_ATTRIB_PRF,
114 IKE_ATTRIB_KEY_LENGTH,
115 IKE_ATTRIB_FIELD_SIZE,
116 IKE_ATTRIB_GROUP_ORDER,
117 IKE_ATTRIB_BLOCK_SIZE
118 };
119
120 /* IKE encryption algorithm IDs. */
121 enum {
122 IKE_ENC_DES_CBC = 1,
123 IKE_ENC_IDEA_CBC,
124 IKE_ENC_BLOWFISH_CBC,
125 IKE_ENC_RC5_R16_B16_CBC,
126 IKE_ENC_3DES_CBC,
127 IKE_ENC_CAST_CBC,
128 IKE_ENC_AES_CBC
129 };
130
131 /* IKE hash algorithm IDs. */
132 enum {
133 IKE_HASH_MD5 = 1,
134 IKE_HASH_SHA,
135 IKE_HASH_TIGER,
136 IKE_HASH_SHA2_256,
137 IKE_HASH_SHA2_384,
138 IKE_HASH_SHA2_512
139 };
140
141 /* IKE authentication method IDs. */
142 enum {
143 IKE_AUTH_PRESHARED = 1,
144 IKE_AUTH_DSS,
145 IKE_AUTH_RSA_SIG,
146 IKE_AUTH_RSA_ENC,
147 IKE_AUTH_RSA_ENC_2,
148 IKE_AUTH_EL_GAMAL_ENC,
149 IKE_AUTH_EL_GAMAL_ENC_REV,
150 IKE_AUTH_ECDSA_SIG
151 };
152
153 /* IKE group IDs. */
154 enum {
155 IKE_GROUP_MODP_768 = 1,
156 IKE_GROUP_MODP_1024,
157 IKE_GROUP_EC2N_155,
158 IKE_GROUP_EC2N_185,
159 IKE_GROUP_MODP_1536,
160 IKE_GROUP_EC2N_163sect,
161 IKE_GROUP_EC2N_163K,
162 IKE_GROUP_EC2N_283sect,
163 IKE_GROUP_EC2N_283K,
164 IKE_GROUP_EC2N_409sect,
165 IKE_GROUP_EC2N_409K,
166 IKE_GROUP_EC2N_571sect,
167 IKE_GROUP_EC2N_571K,
168 };
169
170 /* IKE group type IDs. */
171 enum {
172 IKE_GROUP_TYPE_MODP = 1,
173 IKE_GROUP_TYPE_ECP,
174 IKE_GROUP_TYPE_EC2N
175 };
176
177 /* IKE life type IDs. */
178 enum {
179 IKE_LIFE_TYPE_SECONDS = 1,
180 IKE_LIFE_TYPE_K
181 };
182
183 /* IPSEC situation masks. */
184 #define ISAKMP_IPSEC_SIT_IDENTITY_ONLY 0x01
185 #define ISAKMP_IPSEC_SIT_SECRECY 0x02
186 #define ISAKMP_IPSEC_SIT_INTEGRITY 0x04
187
188 /* IPSEC Identification types. */
189 enum {
190 ISAKMP_IPSEC_ID_RESERVED = 0,
191 ISAKMP_IPSEC_ID_IPV4_ADDR,
192 ISAKMP_IPSEC_ID_FQDN,
193 ISAKMP_IPSEC_ID_USER_FQDN,
194 ISAKMP_IPSEC_ID_IPV4_ADDR_SUBNET,
195 ISAKMP_IPSEC_ID_IPV6_ADDR,
196 ISAKMP_IPSEC_ID_IPV6_ADDR_SUBNET,
197 ISAKMP_IPSEC_ID_IPV4_ADDR_RANGE,
198 ISAKMP_IPSEC_ID_IPV6_ADDR_RANGE,
199 ISAKMP_IPSEC_ID_DER_ASN1_DN,
200 ISAKMP_IPSEC_ID_DER_ASN1_GN,
201 ISAKMP_IPSEC_ID_KEY_ID
202 };
203
204 /* IPSEC protocol IDs. */
205 enum {
206 ISAKMP_IPSEC_PROTO_RESERVED = 0,
207 ISAKMP_IPSEC_PROTO_ISAKMP,
208 ISAKMP_IPSEC_PROTO_IPSEC_AH,
209 ISAKMP_IPSEC_PROTO_IPSEC_ESP,
210 ISAKMP_IPSEC_PROTO_IPCOMP
211 };
212
213 /* IPSEC transform IDs. */
214 enum {
215 ISAKMP_IPSEC_KEY_RESERVED = 0,
216 ISAKMP_IPSEC_KEY_IKE
217 };
218
219 /* IPSEC AH IDs. */
220 enum {
221 ISAKMP_IPSEC_AH_RESERVED = 0,
222 ISAKMP_IPSEC_AH_MD5 = 2,
223 ISAKMP_IPSEC_AH_SHA,
224 ISAKMP_IPSEC_AH_DES,
225 ISAKMP_IPSEC_AH_SHA2_256,
226 ISAKMP_IPSEC_AH_SHA2_384,
227 ISAKMP_IPSEC_AH_SHA2_512,
228 ISAKMP_IPSEC_AH_RIPEMD
229 };
230
231 /* IPSEC ESP IDs. */
232 enum {
233 ISAKMP_IPSEC_ESP_RESERVED = 0,
234 ISAKMP_IPSEC_ESP_DES_IV64,
235 ISAKMP_IPSEC_ESP_DES,
236 ISAKMP_IPSEC_ESP_3DES,
237 ISAKMP_IPSEC_ESP_RC5,
238 ISAKMP_IPSEC_ESP_IDEA,
239 ISAKMP_IPSEC_ESP_CAST,
240 ISAKMP_IPSEC_ESP_BLOWFISH,
241 ISAKMP_IPSEC_ESP_3IDEA,
242 ISAKMP_IPSEC_ESP_DES_IV32,
243 ISAKMP_IPSEC_ESP_RC4,
244 ISAKMP_IPSEC_ESP_NULL,
245 ISAKMP_IPSEC_ESP_AES,
246 ISAKMP_IPSEC_ESP_AES_128_CTR,
247 ISAKMP_IPSEC_ESP_AES_MARS = 249,
248 ISAKMP_IPSEC_ESP_AES_RC6,
249 ISAKMP_IPSEC_ESP_AES_RIJNDAEL,
250 ISAKMP_IPSEC_ESP_AES_SERPENT,
251 ISAKMP_IPSEC_ESP_AES_TWOFISH,
252 };
253
254 /* IPSEC attribute types. */
255 enum {
256 ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE = 1,
257 ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION,
258 ISAKMP_IPSEC_ATTRIB_GROUP_DESC,
259 ISAKMP_IPSEC_ATTRIB_ENCAP_MODE,
260 ISAKMP_IPSEC_ATTRIB_AUTH_ALG,
261 ISAKMP_IPSEC_ATTRIB_KEY_LENGTH,
262 ISAKMP_IPSEC_ATTRIB_KEY_ROUNDS,
263 ISAKMP_IPSEC_ATTRIB_COMP_DICT_SIZE,
264 ISAKMP_IPSEC_ATTRIB_COMP_PRIVATE_ALG,
265 ISAKMP_IPSEC_ATTRIB_ECN_TUNNEL
266 };
267
268 /* IPSEC compression IDs. */
269 enum {
270 ISAKMP_IPSEC_IPCOMP_RESERVED = 0,
271 ISAKMP_IPSEC_IPCOMP_OUI,
272 ISAKMP_IPSEC_IPCOMP_DEFLATE,
273 ISAKMP_IPSEC_IPCOMP_LZS,
274 ISAKMP_IPSEC_IPCOMP_V42BIS
275 };
276
277 /* IPSEC lifetime attribute values. */
278 enum {
279 IPSEC_LIFE_SECONDS = 1,
280 IPSEC_LIFE_K
281 };
282
283 /* IPSEC encapsulation attribute numbers. */
284 enum {
285 IPSEC_ENCAP_TUNNEL = 1,
286 IPSEC_ENCAP_TRANSPORT
287 };
288
289 /* IPSEC authentication attribute numbers. */
290 enum {
291 IPSEC_AUTH_HMAC_MD5 = 1,
292 IPSEC_AUTH_HMAC_SHA,
293 IPSEC_AUTH_DES_MAC,
294 IPSEC_AUTH_KPDK
295 };
296
297
298 /* Other numbers. */
299 #define ISAKMP_COOKIE_LENGTH 8
300 #define ISAKMP_VERSION 0x10
301 #define ISAKMP_EXCHANGE_TYPE_O 18
302 #define ISAKMP_MESSAGE_ID_O 20
303 #define ISAKMP_PAYLOAD_O 28
304
305 /* Support for draft-ietf-ipsec-isakmp-xauth-06.txt (yuk). */
306 #define XAUTH_VENDOR_ID { 0x09, 0x00, 0x26, 0x89, 0xDF, 0xD6, 0xB7, 0x12 }
307
308 enum {
309 XAUTH_AUTH_XAUTHInitPreShared = 65001,
310 XAUTH_AUTH_XAUTHRespPreShared,
311 XAUTH_AUTH_XAUTHInitDSS,
312 XAUTH_AUTH_XAUTHRespDSS,
313 XAUTH_AUTH_XAUTHInitRSA,
314 XAUTH_AUTH_XAUTHRespRSA,
315 XAUTH_AUTH_XAUTHInitRSAEncryption,
316 XAUTH_AUTH_XAUTHRespRSAEncryption,
317 XAUTH_AUTH_XAUTHInitRSARevisedEncryption,
318 XAUTH_AUTH_XAUTHRespRSARevisedEncryption
319 };
320
321 enum {
322 ISAKMP_XAUTH_ATTRIB_TYPE = 16520,
323 ISAKMP_XAUTH_ATTRIB_USER_NAME,
324 ISAKMP_XAUTH_ATTRIB_USER_PASSWORD,
325 ISAKMP_XAUTH_ATTRIB_PASSCODE,
326 ISAKMP_XAUTH_ATTRIB_MESSAGE,
327 ISAKMP_XAUTH_ATTRIB_CHALLENGE,
328 ISAKMP_XAUTH_ATTRIB_DOMAIN,
329 ISAKMP_XAUTH_ATTRIB_STATUS,
330 ISAKMP_XAUTH_ATTRIB_NEXT_PIN,
331 ISAKMP_XAUTH_ATTRIB_ANSWER
332 };
333
334 /* Support for draft-ietf-ipsec-isakmp-mode-cfg-05.txt (yuk). */
335
336 enum {
337 ISAKMP_MODECFG_CFG_REQUEST = 1,
338 ISAKMP_MODECFG_CFG_REPLY,
339 ISAKMP_MODECFG_CFG_SET,
340 ISAKMP_MODECFG_CFG_ACK
341 };
342
343 enum {
344 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS = 1,
345 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK,
346 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS,
347 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS,
348 ISAKMP_MODECFG_ATTRIB_INTERNAL_ADDRESS_EXPIRY,
349 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DHCP,
350 ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION,
351 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_ADDRESS,
352 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_NETMASK,
353 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_DNS,
354 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_NBNS,
355 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_DHCP,
356 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET,
357 ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES
358 };
client for cisco vpn concentrator