1 /* $OpenBSD: types.h,v 1.10 2011/05/05 12:17:10 reyk Exp $ */ 2 /* $vantronix: types.h,v 1.24 2010/05/11 12:05:56 reyk Exp $ */ 3 4 /* 5 * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef _IKED_TYPES_H 21 #define _IKED_TYPES_H 22 23 #define IKED_USER "_iked" 24 25 #ifndef IKED_CONFIG 26 #define IKED_CONFIG "/etc/iked.conf" 27 #endif 28 #define IKED_SOCKET "/var/run/iked.sock" 29 30 #ifndef IKED_CA 31 #define IKED_CA "/etc/iked/" 32 #endif 33 #define IKED_CA_DIR "ca/" 34 #define IKED_CRL_DIR "crls/" 35 #define IKED_CERT_DIR "certs/" 36 #define IKED_PUBKEY_DIR "pubkey/" 37 #define IKED_PRIVKEY IKED_CA "private/local.key" 38 #define IKED_PUBKEY "local.pub" 39 40 #define IKED_OPT_VERBOSE 0x00000001 41 #define IKED_OPT_NOACTION 0x00000002 42 #define IKED_OPT_NONATT 0x00000004 43 #define IKED_OPT_PASSIVE 0x00000008 44 45 #define IKED_IKE_PORT 500 46 #define IKED_NATT_PORT 4500 47 48 #define IKED_NONCE_MIN 16 /* XXX 128 bits */ 49 #define IKED_NONCE_SIZE 32 /* XXX 256 bits */ 50 51 #define IKED_ID_SIZE 1024 /* XXX should be dynanic */ 52 #define IKED_PSK_SIZE 1024 /* XXX should be dynamic */ 53 #define IKED_MSGBUF_MAX 8192 54 #define IKED_CFG_MAX 16 /* maximum CP attributes */ 55 #define IKED_TAG_SIZE 64 56 #define IKED_CYCLE_BUFFERS 8 /* # of static buffers for mapping */ 57 #define IKED_PASSWORD_SIZE 256 /* limited by most EAP types */ 58 59 #define IKED_LIFETIME_BYTES 536870912 /* 512 Mb */ 60 #define IKED_LIFETIME_SECONDS 10800 /* 3 hours */ 61 62 #define IKED_E 0x1000 /* Decrypted flag */ 63 64 struct iked_constmap { 65 u_int cm_type; 66 const char *cm_name; 67 const char *cm_descr; 68 }; 69 70 struct iked_transform { 71 u_int8_t xform_type; 72 u_int16_t xform_id; 73 u_int16_t xform_length; 74 u_int16_t xform_keylength; 75 u_int xform_score; 76 struct iked_constmap *xform_map; 77 }; 78 79 enum imsg_type { 80 IMSG_NONE, 81 IMSG_CTL_OK, 82 IMSG_CTL_FAIL, 83 IMSG_CTL_VERBOSE, 84 IMSG_CTL_NOTIFY, 85 IMSG_CTL_RELOAD, 86 IMSG_CTL_RESET, 87 IMSG_CTL_COUPLE, 88 IMSG_CTL_DECOUPLE, 89 IMSG_CTL_ACTIVE, 90 IMSG_CTL_PASSIVE, 91 IMSG_COMPILE, 92 IMSG_UDP_SOCKET, 93 IMSG_PFKEY_SOCKET, 94 IMSG_IKE_MESSAGE, 95 IMSG_CFG_POLICY, 96 IMSG_CFG_USER, 97 IMSG_CERTREQ, 98 IMSG_CERT, 99 IMSG_CERTVALID, 100 IMSG_CERTINVALID, 101 IMSG_AUTH 102 }; 103 104 enum privsep_procid { 105 PROC_PARENT = 0, 106 PROC_IKEV1, 107 PROC_IKEV2, 108 PROC_CERT, 109 PROC_MAX 110 }; 111 112 /* Attach the control socket to the following process */ 113 #define PROC_CONTROL PROC_CERT 114 115 enum blockmodes { 116 BM_NORMAL, 117 BM_NONBLOCK 118 }; 119 120 enum flushmode { 121 RESET_RELOAD = 0, 122 RESET_ALL, 123 RESET_CA, 124 RESET_POLICY, 125 RESET_SA, 126 RESET_USER 127 }; 128 129 #endif /* _IKED_TYPES_H */ 130