|
1 /* |
|
2 * Copyright (c) 1999-2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: key management daemon ISAKMP constants |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // |
|
20 // ISAKMP constants defines in RFC 2409 (IKE) and 2407(IPSEC DOI) |
|
21 // |
|
22 |
|
23 #ifndef ISAKMPCT_H |
|
24 #define ISAKMPCT_H |
|
25 |
|
26 // |
|
27 // All Headers with values in network byte order |
|
28 // |
|
29 |
|
30 #define DEFAULT_IPSEC_SA_LIFETIME 28000 //RFC 2407 (DOI) |
|
31 #define MIN_ISAKMP_PAYLOAD_SIZE 4 |
|
32 |
|
33 //Version of the implementation 1.0 |
|
34 #define MAJOR 1 |
|
35 #define MINOR 0 |
|
36 |
|
37 // |
|
38 // ISAKMP HEADER |
|
39 // |
|
40 //Flags |
|
41 #define ISAKMP_HDR_EFLAG 0x1 // Encryption Bit |
|
42 #define ISAKMP_HDR_CFLAG 0x2 // Commit Bit |
|
43 #define ISAKMP_HDR_AFLAG 0x4 // Authentication Only Bit |
|
44 |
|
45 //Payload types |
|
46 #define ISAKMP_PAYLOAD_NONE 0 // (Terminator) |
|
47 #define ISAKMP_PAYLOAD_SA 1 // Security Association |
|
48 #define ISAKMP_PAYLOAD_P 2 // Proposal |
|
49 #define ISAKMP_PAYLOAD_T 3 // Transform |
|
50 #define ISAKMP_PAYLOAD_KE 4 // Key Exchange |
|
51 #define ISAKMP_PAYLOAD_ID 5 // Identification |
|
52 #define ISAKMP_PAYLOAD_CERT 6 // Certificate |
|
53 #define ISAKMP_PAYLOAD_CR 7 // Certificate Request |
|
54 #define ISAKMP_PAYLOAD_HASH 8 // Hash |
|
55 #define ISAKMP_PAYLOAD_SIG 9 // Signature |
|
56 #define ISAKMP_PAYLOAD_NONCE 10 // Nonce |
|
57 #define ISAKMP_PAYLOAD_NOTIF 11 // Notification |
|
58 #define ISAKMP_PAYLOAD_D 12 // Delete |
|
59 #define ISAKMP_PAYLOAD_VID 13 // Vendor ID |
|
60 #define ISAKMP_PAYLOAD_PRIVATE 128 // Private use (up to 255) |
|
61 |
|
62 #define ISAKMP_EXCHANGE_NONE 0 // None |
|
63 #define ISAKMP_EXCHANGE_BASE 1 // Base |
|
64 #define ISAKMP_EXCHANGE_ID 2 // Identity Protection (Main mode in IKE) |
|
65 #define ISAKMP_EXCHANGE_AUTH 3 // Authentication Only |
|
66 #define ISAKMP_EXCHANGE_AGGR 4 // Agressive |
|
67 #define ISAKMP_EXCHANGE_INFO 5 // Informational |
|
68 //#define ISAKMP_EXCHANGE_DOI 32 // DOI Specific (32..255) |
|
69 //Additional Exchanges Defined |
|
70 #define IKE_QUICK_MODE 32 //Quick Mode |
|
71 #define IKE_NEW_GROUP_MODE 33 //New Group Mode |
|
72 |
|
73 |
|
74 //Protocol number for IPSEC DOI (=1) //ProtocolId in Proposal Payload |
|
75 #define PROTO_ISAKMP 1 |
|
76 #define PROTO_IPSEC_AH 2 |
|
77 #define PROTO_IPSEC_ESP 3 |
|
78 #define PROTO_IPCOMP 4 |
|
79 |
|
80 //Transform ID's (RFC 2407) |
|
81 //for ISAKMP |
|
82 #define KEY_IKE 1 //Oakley |
|
83 //for IPSEC_AH |
|
84 #define AH_MD5 2 //MUST |
|
85 #define AH_SHA 3 //MUST |
|
86 #define AH_DES 4 |
|
87 //for IPSEC_ESP |
|
88 #define ESP_DES_IV64 1 |
|
89 #define ESP_DES 2 //MUST |
|
90 #define ESP_3DES 3 //Strongly encouraged |
|
91 #define ESP_RC5 4 |
|
92 #define ESP_IDEA 5 |
|
93 #define ESP_CAST 6 |
|
94 #define ESP_BLOWFISH 7 |
|
95 #define ESP_3IDEA 8 |
|
96 #define ESP_DES_IV32 9 |
|
97 #define ESP_RC4 10 |
|
98 #define ESP_NULL 11 //MUST |
|
99 //for IPCOMP |
|
100 #define IPCOMP_OUI 1 |
|
101 #define IPCOMP_DEFLATE 2 |
|
102 #define IPCOMP_LZS 3 |
|
103 |
|
104 //SA ATTRIBUTES Identifiers Phase I (RFC 2409) |
|
105 #define OAKLEY_ATTR_TYPE_ENCR_ALG 1 |
|
106 #define OAKLEY_ATTR_TYPE_HASH_ALG 2 |
|
107 #define OAKLEY_ATTR_TYPE_AUTH_METH 3 |
|
108 #define OAKLEY_ATTR_TYPE_GROUP_DESC 4 |
|
109 #define OAKLEY_ATTR_TYPE_GROUP_TYPE 5 |
|
110 #define OAKLEY_ATTR_TYPE_GROUP_PRIME 6 |
|
111 #define OAKLEY_ATTR_TYPE_GROUP_GEN1 7 |
|
112 #define OAKLEY_ATTR_TYPE_GROUP_GEN2 8 |
|
113 #define OAKLEY_ATTR_TYPE_GROUP_CRVA 9 //Group curve A |
|
114 #define OAKLEY_ATTR_TYPE_GROUP_CRVB 10 //Group curve B |
|
115 #define OAKLEY_ATTR_TYPE_LIFE_TYPE 11 |
|
116 #define OAKLEY_ATTR_TYPE_LIFE_DUR 12 |
|
117 #define OAKLEY_ATTR_TYPE_PRF 13 |
|
118 #define OAKLEY_ATTR_TYPE_KEY_LEN 14 |
|
119 #define OAKLEY_ATTR_TYPE_FIELD_SIZE 15 |
|
120 #define OAKLEY_ATTR_TYPE_GROUP_ORDER 16 |
|
121 |
|
122 //Values for each of the attributes |
|
123 //encription algorithms |
|
124 #define DES_CBC 1 |
|
125 #define IDEA_CBC 2 |
|
126 #define BLOWFISH_CBC 3 |
|
127 #define RC5_R16_B64_CBC 4 |
|
128 #define DES3_CBC 5 |
|
129 #define CAST_CBC 6 |
|
130 #define AES_CBC 7 //From <draft-ietf-ipsec-ciph-aes-cbc-04.txt> |
|
131 |
|
132 #define ESP_DES_CBC 2 |
|
133 #define ESP_3DES_CBC 3 |
|
134 #define ESP_NULL 11 |
|
135 #define ESP_AES_CBC 12 |
|
136 |
|
137 //hash algorithms |
|
138 #define HASH_MD5 1 |
|
139 #define HASH_SHA1 2 |
|
140 #define HASH_TIGER 3 |
|
141 //authentication methods |
|
142 #define PRE_SHARED 1 //pre-shared key |
|
143 #define DSS_SIG 2 //DSS signatures |
|
144 #define RSA_SIG 3 //RSA signatures |
|
145 #define RSA_ENCR 4 //Encryption with RSA |
|
146 #define RSA_REV_ENCR 5 //Revised encryption with RSA |
|
147 |
|
148 //group descriptions |
|
149 #define MODP_768 1 //default 768-bit MODP group (section 6.1) |
|
150 #define MODP_1024 2 //alternate 1024-bit MODP group (section 6.2) |
|
151 #define EC2N_155 3 //EC2N group on GP[2^155] (section 6.3) 3 |
|
152 #define EC2N_185 4 //EC2N group on GP[2^185] (section 6.4) 4 |
|
153 #define MODP_1536 5 //alternate 1536-bit MODP group (draft-ietf-ipsec-ike-modp-groups-04.txt) |
|
154 #define MODP_2048 14 //IETF RFC 3526 |
|
155 #define OAKLEY_DEFAULT_GROUP MODP_768 //default group. Not sure if needed. |
|
156 //Group Types |
|
157 #define MODP 1 //(modular exponentiation group) |
|
158 #define ECP 2 //(elliptic curve group over GF[P]) |
|
159 #define EC2N 3 //(elliptic curve group over GF[2^N]) |
|
160 //Life Type |
|
161 #define SECONDS 1 |
|
162 #define KBYTES 2 |
|
163 |
|
164 //PRF |
|
165 #define OAKLEY_PRF_3DES_CBC_MAC 1 //Only one implemented by now |
|
166 |
|
167 //Current DOI's in use |
|
168 #define IPSEC_DOI 1 |
|
169 |
|
170 //SA ATTRIBUTES Identifiers Phase II (RFC 2407) iDOI |
|
171 #define DOI_ATTR_TYPE_LIFE_TYPE 1 |
|
172 #define DOI_ATTR_TYPE_LIFE_DUR 2 |
|
173 #define DOI_ATTR_TYPE_GROUP_DESC 3 |
|
174 #define DOI_ATTR_TYPE_ENC_MODE 4 |
|
175 #define DOI_ATTR_TYPE_AUTH_ALG 5 |
|
176 #define DOI_ATTR_TYPE_KEY_LEN 6 |
|
177 #define DOI_ATTR_TYPE_KEY_ROUNDS 7 |
|
178 #define DOI_ATTR_TYPE_COMP_DIC_SIZE 8 |
|
179 #define DOI_ATTR_TYPE_COMP_PRIV_ALG 9 |
|
180 //Values for each of the attributes of PHASE_II |
|
181 |
|
182 //Life type as Phase I |
|
183 //Encapsulation Mode |
|
184 #define DOI_TUNNEL 1 |
|
185 #define DOI_TRANSPORT 2 |
|
186 //Authentication Algorithm values |
|
187 #define DOI_HMAC_MD5 1 |
|
188 #define DOI_HMAC_SHA 2 |
|
189 #define DOI_DES_MAC 3 |
|
190 #define DOI_KPDK 4 |
|
191 |
|
192 #define IPSEC_SIT_IDENTITY_ONLY 0x1 //As defined in RFC 2407 DOI for ISAKMP |
|
193 #define IPSEC_SIT_SECRECY 0x2 |
|
194 #define IPSEC_SIT_INTEGRITY 0x4 |
|
195 |
|
196 //ID Types for IPSEC DOI |
|
197 #define ID_IPV4_ADDR 1 |
|
198 #define ID_FQDN 2 |
|
199 #define ID_USER_FQDN 3 |
|
200 #define ID_IPV4_ADDR_SUBNET 4 |
|
201 #define ID_IPV6_ADDR 5 |
|
202 #define ID_IPV6_ADDR_SUBNET 6 |
|
203 #define ID_IPV4_ADDR_RANGE 7 |
|
204 #define ID_IPV6_ADDR_RANGE 8 |
|
205 #define ID_DER_ASN1_DN 9 |
|
206 #define ID_DER_ASN1_GN 10 |
|
207 #define ID_KEY_ID 11 |
|
208 |
|
209 //Certificate Types |
|
210 #define NONE 0 |
|
211 #define PKCS 1 //PKCS #7 wrapped X.509 certificate |
|
212 #define PGP 2 //PGP Certificate |
|
213 #define DNS 3 //DNS Signed Key |
|
214 #define X509_CERT_SIG 4 //X.509 Certificate - Signature |
|
215 #define X509_CERT_KE 5 //X.509 Certificate - Key Exchange |
|
216 #define KERBEROS 6 //Kerberos Tokens |
|
217 #define CRL 7 //Certificate Revocation List (CRL) |
|
218 #define ARL 8 //Authority Revocation List (ARL)8 |
|
219 #define SPKI 9 //SPKI Certificate |
|
220 #define X509_CERT_ATTR 10 //X.509 Certificate - Attribute |
|
221 |
|
222 //NOTIFY MESSAGES - ERROR TYPES |
|
223 #define INVALID_PAYLOAD_TYPE 1 |
|
224 #define DOI_NOT_SUPPORTED 2 |
|
225 #define SITUATION_NOT_SUPPORTED 3 |
|
226 #define INVALID_COOKIE 4 |
|
227 #define INVALID_MAJOR_VERSION 5 |
|
228 #define INVALID_MINOR_VERSION 6 |
|
229 #define INVALID_EXCHANGE_TYPE 7 |
|
230 #define INVALID_FLAGS 8 |
|
231 #define INVALID_MESSAGE_ID 9 |
|
232 #define INVALID_PROTOCOL_ID 10 |
|
233 #define INVALID_SPI 11 |
|
234 #define INVALID_TRANSFORM_ID 12 |
|
235 #define ATTRIBUTES_NOT_SUPPORTED 13 |
|
236 #define NO_PROPOSAL_CHOSEN 14 |
|
237 #define BAD_PROPOSAL_SYNTAX 15 |
|
238 #define PAYLOAD_MALFORMED 16 |
|
239 #define INVALID_KEY_INFORMATION 17 |
|
240 #define INVALID_ID_INFORMATION 18 |
|
241 #define INVALID_CERT_ENCODING 19 |
|
242 #define INVALID_CERTIFICATE 20 |
|
243 #define CERT_TYPE_UNSUPPORTED 21 |
|
244 #define INVALID_CERT_AUTHORITY 22 |
|
245 #define INVALID_HASH_INFORMATION 23 |
|
246 #define AUTHENTICATION_FAILED 24 |
|
247 #define INVALID_SIGNATURE 25 |
|
248 #define ADDRESS_NOTIFICATION 26 |
|
249 #define NOTIFY_SA_LIFETIME 27 |
|
250 #define CERTIFICATE_UNAVAILABLE 28 |
|
251 #define UNSUPPORTED_EXCHANGE_TYPE 29 |
|
252 #define UNEQUAL_PAYLOAD_LENGTHS 30 |
|
253 |
|
254 //RESERVED (Future Use) 31 - 8191 |
|
255 //Private Use 8192 - 16383 |
|
256 |
|
257 //NOTIFY MESSAGES - STATUS TYPES |
|
258 #define CONNECTED 16384 |
|
259 //RESERVED (Future Use) 16385 - 24575 |
|
260 //DOI-specific codes 24576 - 32767 |
|
261 #define DOI_RESPONDER_LIFETIME 24576 |
|
262 #define DOI_REPLAY_STATUS 24577 |
|
263 #define DOI_INITIAL_CONTACT 24578 |
|
264 //Private Use 32768 - 40959 |
|
265 //RESERVED (Future Use) 40960 - 65535 |
|
266 |
|
267 // |
|
268 // Notify message types for Dead Peer Detection (DPD) defined in |
|
269 // <draft-ietf-ipsec-dpd-04.txt> |
|
270 // |
|
271 #define DPD_R_U_THERE 36136 |
|
272 #define DPD_R_U_THERE_ACK 36137 |
|
273 |
|
274 // |
|
275 // IKE CRACK constants defines in <draft-harkins-ipsra-crack-00.txt> |
|
276 // |
|
277 |
|
278 //authentication method |
|
279 #define IKE_A_CRACK 128 //CRACK authentication |
|
280 |
|
281 //Challenge/Response payload (CHRE) |
|
282 #define ISAKMP_PAYLOAD_CHRE 128 //CHRE payload |
|
283 |
|
284 |
|
285 //Legacy Authentication types |
|
286 #define CRACK_PASSWORD 1 |
|
287 |
|
288 //LAM attributes (in CHRE payload) |
|
289 #define CRACK_T_USERNAME 16390 //Variable |
|
290 #define CRACK_T_SECRET 16391 //Variable |
|
291 #define CRACK_T_DOMAIN 16392 //Variable |
|
292 #define CRACK_T_PIN 16393 //Variable |
|
293 #define CRACK_T_CHALLENGE 16394 //Variable |
|
294 #define CRACK_T_MESSAGE 16395 //Variable |
|
295 #define CRACK_T_FIN 16396 //Basic |
|
296 |
|
297 //CRACK Finish attribute values |
|
298 #define CRACK_FIN_SUCCESS 1 |
|
299 #define CRACK_FIN_MORE 2 |
|
300 |
|
301 // |
|
302 // Definitions for Private Internal Address payload |
|
303 // |
|
304 |
|
305 // Internal Address payload |
|
306 #define ISAKMP_INT_NETWORK 247 //INTNET payload |
|
307 |
|
308 //Internal Address attributes |
|
309 #define PRI_INTERNAL_ADDRESS 24001 //Variable |
|
310 #define PRI_INTERNAL_DNS 24002 //Variable |
|
311 #define PRI_INTERNAL_WINS 24003 //Variable |
|
312 |
|
313 // |
|
314 // Definitions for expanded Vendor ID payload options |
|
315 // |
|
316 #define VENDOR_OPTION_HASH 1 |
|
317 #define VENDOR_OPTION_NAT_TRAVERSAL 2 |
|
318 #define VENDOR_OPTION_VERSION 3 |
|
319 |
|
320 #define NOKIA_UDP_ENCAPS_PORT 9872 |
|
321 #define UDP_KEEPALIVE_TIME 30 // Default value 30 seconds |
|
322 |
|
323 // NAT Discovery and NAT original address payloads ( |
|
324 #define IETF_NAT_DISCOVERY 130 // 15 in draft version 05 and later |
|
325 #define IETF_NAT_ORIG_ADDR 131 // 16 in draft version 05 and later |
|
326 #define IETF_RFC_NAT_DISCOVERY 20 // 15 in draft version 05 and later |
|
327 #define IETF_RFC_NAT_ORIG_ADDR 21 // 16 in draft version 05 and later |
|
328 |
|
329 // Encapsulation modes with NAT-traversal |
|
330 #define UDP_ENC_TUNNEL 61443 // 3 in draft version 03 and later |
|
331 #define UDP_ENC_TRANSPORT 61444 // 4 in draft version 03 and later |
|
332 #define UDP_RFC_ENC_TUNNEL 3 // 3 in draft version 03 and later |
|
333 #define UDP_RFC_ENC_TRANSPORT 4 // 4 in draft version 03 and later |
|
334 |
|
335 // |
|
336 // Definitions related to Extended Authentication (XAUTH) (draft-beaulieu-ike-xauth-02.txt) |
|
337 // and to The ISAKMP Configuration Method (MODE-CFG) (draft-dukes-ike-mode-cfg-01.txt) |
|
338 // The ISAKMP Configuration Method defines an ISAKMP exchange called Transaction Exchange. |
|
339 // Both XAUTH and MODE-CFG uses that ISAKMP exchange. |
|
340 // |
|
341 #define ISAKMP_EXCHANGE_TRANSACT 6 // Transaction exchange |
|
342 |
|
343 // |
|
344 // XAUTH Notification via Authentication Method Types |
|
345 // The following values relate to the ISAKMP authentication method |
|
346 // attribute used in proposals. They optionally allow an XAUTH |
|
347 // implementation to propose use of extended authentication after the |
|
348 // initial phase 1 authentication. Values are taken from the private |
|
349 // use range defined in [IKE] and should be used among mutually |
|
350 // consenting parties. |
|
351 // |
|
352 #define XAUTHInitPreShared 65001 |
|
353 #define XAUTHRespPreShared 65002 |
|
354 #define XAUTHInitDSS 65003 |
|
355 #define XAUTHRespDSS 65004 |
|
356 #define XAUTHInitRSA 65005 |
|
357 #define XAUTHRespRSA 65006 |
|
358 #define XAUTHInitRSAEncryption 65007 |
|
359 #define XAUTHRespRSAEncryption 65008 |
|
360 #define XAUTHInitRSARevisedEncr 65009 |
|
361 #define XAUTHRespRSARevisedEncr 65010 |
|
362 #define XAUTHInitIndicator (TUint16)0x1 |
|
363 #define XAUTHMethodBase (TUint16)65000 |
|
364 #define XAUTHScaler (TUint16)0x1 |
|
365 |
|
366 // |
|
367 // Attribute Payload (draft-dukes-ike-mode-cfg-01.txt) |
|
368 // 1 2 3 |
|
369 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
|
370 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
371 // ! Next Payload ! RESERVED ! Payload Length ! |
|
372 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
373 // ! Type ! RESERVED ! Identifier ! |
|
374 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
375 // ! ! |
|
376 // ~ Attributes ~ |
|
377 // ! ! |
|
378 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|
379 // |
|
380 #define ISAKMP_PAYLOAD_ATTRIBUTES 14 // Attributes payload |
|
381 |
|
382 // |
|
383 // Configuration message types used within the Type field of an Attribute ISAKMP payload |
|
384 // (draft-dukes-ike-mode-cfg-01.txt) |
|
385 // |
|
386 #define ISAKMP_CFG_REQUEST 1 // Configure request |
|
387 #define ISAKMP_CFG_REPLY 2 // Configure reply |
|
388 #define ISAKMP_CFG_SET 3 // Configure set |
|
389 #define ISAKMP_CFG_ACK 4 // Configure ack |
|
390 |
|
391 // |
|
392 // Configuration Attribute values within an Attributes Payload |
|
393 // (draft-dukes-ike-mode-cfg-01.txt) |
|
394 // |
|
395 #define ATTR_INTERNAL_IP4_ADDR 1 // Internal IPv4 address (=Virtual IP) |
|
396 #define ATTR_INTERNAL_IP4_MASK 2 // Internal IPv4 mask |
|
397 #define ATTR_INTERNAL_IP4_DNS 3 // Internal DNS address |
|
398 #define ATTR_INTERNAL_IP4_NBNS 4 // Internal NBNS address |
|
399 #define ATTR_INTERNAL_ADDR_EXPIRY 5 // Internal Address expiry time |
|
400 #define ATTR_INTERNAL_IP4_DHCP 6 // Internal DHCP address |
|
401 #define ATTR_APPLICATION_VERSION 7 // Application version data |
|
402 #define ATTR_INTERNAL_IP6_ADDR 8 // Internal IPv6 address (=Virtual IP) |
|
403 #define ATTR_INTERNAL_IP6_MASK 9 // Internal IPv6 mask |
|
404 #define ATTR_INTERNAL_IP6_DNS 10 // Internal DNS address |
|
405 #define ATTR_INTERNAL_IP6_NBNS 11 // Internal NBNS address |
|
406 #define ATTR_INTERNAL_IP6_DHCP 12 // Internal DHCP address |
|
407 #define ATTR_INTERNAL_IP4_SUBNET 13 // Internal IPv4 subnet (=policy selector) |
|
408 #define ATTR_SUPPORTED_ATTRIBUTES 14 // Supported attributes info data |
|
409 #define ATTR_INTERNAL_IP6_SUBNET 15 // Internal IPv6 subnet (=policy selector) |
|
410 |
|
411 // |
|
412 // Extended Authentication Attribute values within an Attributes Payload |
|
413 // (draft-beaulieu-ike-xauth-02.txt) |
|
414 // |
|
415 #define ATTR_XAUTH_TYPE 16520 // Extended authentication type code |
|
416 #define ATTR_USER_NAME 16521 // User name data |
|
417 #define ATTR_PASSWORD 16522 // Password data |
|
418 #define ATTR_PASSCODE 16523 // Passcode data |
|
419 #define ATTR_MESSAGE 16524 // Message data |
|
420 #define ATTR_CHALLENGE 16525 // Challenge data |
|
421 #define ATTR_DOMAIN 16526 // Domain name data |
|
422 #define ATTR_STATUS 16527 // Status value |
|
423 #define ATTR_NEXT_PIN 16528 // Next PIN value |
|
424 #define ATTR_ANSWER 16529 // Answer data |
|
425 |
|
426 // |
|
427 // Additional Extended Authentication Attribute values within an |
|
428 // Attributes Payload. |
|
429 // (draft-ietf-ipsec-isakmp-xauth-04.txt) |
|
430 // |
|
431 #define ATTR_PIX_XAUTH_TYPE 13 // Extended authentication type code |
|
432 #define ATTR_PIX_USER_NAME 14 // User name data |
|
433 #define ATTR_PIX_PASSWORD 15 // Password data |
|
434 #define ATTR_PIX_PASSCODE 16 // Passcode data |
|
435 #define ATTR_PIX_MESSAGE 17 // Message data |
|
436 #define ATTR_PIX_CHALLENGE 18 // Challenge data |
|
437 #define ATTR_PIX_DOMAIN 19 // Domain name data |
|
438 #define ATTR_PIX_STATUS 20 // Status value |
|
439 |
|
440 // |
|
441 // Extended Authentication type values |
|
442 // (draft-beaulieu-ike-xauth-02.txt) |
|
443 // |
|
444 #define ATTR_XAUTH_GENERIC 0 // Generic authentication type code |
|
445 #define ATTR_XAUTH_RADIUS_CHAP 1 // RADIUS CHAP authentication type code |
|
446 #define ATTR_XAUTH_OTP 2 // OTP authentication type code |
|
447 #define ATTR_XAUTH_SKEY 3 // S/KEY authentication type code |
|
448 |
|
449 // |
|
450 // Extended Authentication Set status values |
|
451 // (draft-beaulieu-ike-xauth-02.txt) |
|
452 // |
|
453 #define ATTR_STATUS_OK 1 |
|
454 #define ATTR_STATUS_FAIL 0 |
|
455 |
|
456 #endif // ISAKMPCT_H |