aboutsummaryrefslogtreecommitdiffstats
path: root/src/pluto/constants.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto/constants.h')
-rw-r--r--src/pluto/constants.h258
1 files changed, 88 insertions, 170 deletions
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 60b14f8e1..25764a84d 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -1,4 +1,3 @@
-
/* manifest constants
* Copyright (C) 1997 Angelos D. Keromytis.
* Copyright (C) 1998-2002 D. Hugh Redelmeier.
@@ -18,6 +17,7 @@
#define _CONSTANTS_H
#include <utils.h>
+#include <utils/identification.h>
#include <crypto/hashers/hasher.h>
extern const char compile_time_interop_options[];
@@ -109,168 +109,6 @@ extern const char sparse_end[];
#define FULL_INET_ADDRESS_SIZE 6
-/* Group parameters from draft-ietf-ike-01.txt section 6 */
-
-#define MODP_GENERATOR "2"
-
-#define MODP768_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \
- "E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF"
-
-#define MODP1024_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \
- "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " \
- "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 " \
- "FFFFFFFF FFFFFFFF"
-
-#define MODP1536_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \
- "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " \
- "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D " \
- "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F " \
- "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D " \
- "670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF "
-
-/* draft-ietf-ipsec-ike-modp-groups-03.txt */
-#define MODP2048_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
- "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
- "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
- "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
- "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
- "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
- "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
- "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
- "15728E5A 8AACAA68 FFFFFFFF FFFFFFFF"
-
-#define MODP3072_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
- "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
- "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
- "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
- "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
- "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
- "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
- "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
- "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \
- "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \
- "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \
- "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
- "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \
- "43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF"
-
-#define MODP4096_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
- "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
- "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
- "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
- "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
- "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
- "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
- "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
- "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \
- "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \
- "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \
- "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
- "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \
- "43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7" \
- "88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA" \
- "2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6" \
- "287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED" \
- "1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9" \
- "93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199" \
- "FFFFFFFF FFFFFFFF"
-
-/* copy&pasted from rfc3526: */
-#define MODP6144_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08" \
- "8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B" \
- "302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9" \
- "A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6" \
- "49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8" \
- "FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
- "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C" \
- "180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718" \
- "3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D" \
- "04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D" \
- "B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226" \
- "1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
- "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC" \
- "E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26" \
- "99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB" \
- "04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2" \
- "233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127" \
- "D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492" \
- "36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406" \
- "AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918" \
- "DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151" \
- "2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03" \
- "F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F" \
- "BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA" \
- "CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B" \
- "B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632" \
- "387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E" \
- "6DCC4024 FFFFFFFF FFFFFFFF"
-
-/* copy&pasted from rfc3526: */
-#define MODP8192_MODULUS \
- "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \
- "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \
- "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \
- "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \
- "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \
- "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \
- "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \
- "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \
- "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \
- "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \
- "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \
- "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \
- "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \
- "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \
- "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \
- "43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7" \
- "88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA" \
- "2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6" \
- "287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED" \
- "1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9" \
- "93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492" \
- "36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD" \
- "F8FF9406 AD9E530E E5DB382F 413001AE B06A53ED 9027D831" \
- "179727B0 865A8918 DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B" \
- "DB7F1447 E6CC254B 33205151 2BD7AF42 6FB8F401 378CD2BF" \
- "5983CA01 C64B92EC F032EA15 D1721D03 F482D7CE 6E74FEF6" \
- "D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F BEC7E8F3" \
- "23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA" \
- "CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328" \
- "06A1D58B B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C" \
- "DA56C9EC 2EF29632 387FE8D7 6E3C0468 043E8F66 3F4860EE" \
- "12BF2D5B 0B7474D6 E694F91E 6DBE1159 74A3926F 12FEE5E4" \
- "38777CB6 A932DF8C D8BEC4D0 73B931BA 3BC832B6 8D9DD300" \
- "741FA7BF 8AFC47ED 2576F693 6BA42466 3AAB639C 5AE4F568" \
- "3423B474 2BF1C978 238F16CB E39D652D E3FDB8BE FC848AD9" \
- "22222E04 A4037C07 13EB57A8 1A23F0C7 3473FC64 6CEA306B" \
- "4BCBC886 2F8385DD FA9D4B7F A2C087E8 79683303 ED5BDD3A" \
- "062B3CF5 B3A278A6 6D2A13F8 3F44F82D DF310EE0 74AB6A36" \
- "4597E899 A0255DC1 64F31CC5 0846851D F9AB4819 5DED7EA1" \
- "B1D510BD 7EE74D73 FAF36BC3 1ECFA268 359046F4 EB879F92" \
- "4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \
- "9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \
- "60C980DD 98EDD3DF FFFFFFFF FFFFFFFF"
-#define LOCALSECRETSIZE (512 / BITS_PER_BYTE)
-
/* limits on nonce sizes. See RFC2409 "The internet key exchange (IKE)" 5 */
#define MINIMUM_NONCE_SIZE 8 /* bytes */
#define DEFAULT_NONCE_SIZE 16 /* bytes */
@@ -292,6 +130,92 @@ extern const char sparse_end[];
#define IKE_UDP_PORT 500
+/* IPsec AH transform values
+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3
+ * and in http://www.iana.org/assignments/isakmp-registry
+ */
+enum ipsec_authentication_algo {
+ AH_NONE = 0,
+ AH_MD5 = 2,
+ AH_SHA = 3,
+ AH_DES = 4,
+ AH_SHA2_256 = 5,
+ AH_SHA2_384 = 6,
+ AH_SHA2_512 = 7,
+ AH_RIPEMD = 8,
+ AH_AES_XCBC_MAC = 9,
+ AH_RSA = 10
+};
+
+extern enum_names ah_transformid_names;
+
+/* IPsec ESP transform values
+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4
+ * and from http://www.iana.org/assignments/isakmp-registry
+ */
+
+enum ipsec_cipher_algo {
+ ESP_NONE = 0,
+ ESP_DES_IV64 = 1,
+ ESP_DES = 2,
+ ESP_3DES = 3,
+ ESP_RC5 = 4,
+ ESP_IDEA = 5,
+ ESP_CAST = 6,
+ ESP_BLOWFISH = 7,
+ ESP_3IDEA = 8,
+ ESP_DES_IV32 = 9,
+ ESP_RC4 = 10,
+ ESP_NULL = 11,
+ ESP_AES = 12,
+ ESP_AES_CTR = 13,
+ ESP_AES_CCM_8 = 14,
+ ESP_AES_CCM_12 = 15,
+ ESP_AES_CCM_16 = 16,
+ ESP_UNASSIGNED_17 = 17,
+ ESP_AES_GCM_8 = 18,
+ ESP_AES_GCM_12 = 19,
+ ESP_AES_GCM_16 = 20,
+ ESP_SEED_CBC = 21,
+ ESP_CAMELLIA = 22,
+ ESP_SERPENT = 252,
+ ESP_TWOFISH = 253
+};
+
+extern enum_names esp_transformid_names;
+
+/* IPCOMP transform values
+ * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5
+ */
+
+enum ipsec_comp_algo {
+ IPSCOMP_NONE = 0,
+ IPCOMP_OUI = 1,
+ IPCOMP_DEFLATE = 2,
+ IPCOMP_LZS = 3,
+ IPCOMP_LZJH = 4
+};
+
+extern enum_names ipcomp_transformid_names;
+
+/* Certificate type values
+ * RFC 2408 ISAKMP, chapter 3.9
+ */
+enum ipsec_cert_type {
+ CERT_NONE= 0,
+ CERT_PKCS7_WRAPPED_X509= 1,
+ CERT_PGP= 2,
+ CERT_DNS_SIGNED_KEY= 3,
+ CERT_X509_SIGNATURE= 4,
+ CERT_X509_KEY_EXCHANGE= 5,
+ CERT_KERBEROS_TOKENS= 6,
+ CERT_CRL= 7,
+ CERT_ARL= 8,
+ CERT_SPKI= 9,
+ CERT_X509_ATTRIBUTE= 10,
+ CERT_RAW_RSA_KEY= 11
+};
+
/* RFC 2560 OCSP - certificate status */
typedef enum {
@@ -759,15 +683,9 @@ extern enum_names protocol_names;
: (p)==PROTO_IPCOMP ? enum_show(&ipcomp_transformid_names, (t)) \
: "??")
-/* many transform values are moved to freeswan/ipsec_policy.h */
-
-extern enum_names isakmp_transformid_names;
-
#define KEY_IKE 1
-extern enum_names ah_transformid_names;
-extern enum_names esp_transformid_names;
-extern enum_names ipcomp_transformid_names;
+extern enum_names isakmp_transformid_names;
/* the following are from RFC 2393/draft-shacham-ippcp-rfc2393bis-05.txt 3.3 */
typedef u_int16_t cpi_t;
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-11 17:42:32 +0000