1 /* $OpenBSD: types.h,v 1.40 2020/09/23 14:25:55 tobhe Exp $ */ 2 3 /* 4 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> 5 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef IKED_TYPES_H 21 #define IKED_TYPES_H 22 23 #ifndef IKED_USER 24 #define IKED_USER "_iked" 25 #endif 26 27 #ifndef IKED_CONFIG 28 #define IKED_CONFIG "/etc/iked.conf" 29 #endif 30 31 #define IKED_SOCKET "/var/run/iked.sock" 32 33 #ifndef IKED_CA 34 #define IKED_CA "/etc/iked/" 35 #endif 36 37 #define IKED_CA_DIR "ca/" 38 #define IKED_CRL_DIR "crls/" 39 #define IKED_CERT_DIR "certs/" 40 #define IKED_PUBKEY_DIR "pubkeys/" 41 #define IKED_PRIVKEY IKED_CA "private/local.key" 42 #define IKED_PUBKEY "local.pub" 43 44 #define IKED_OCSP_RESPCERT "ocsp/responder.crt" 45 46 #define IKED_OPT_VERBOSE 0x00000001 47 #define IKED_OPT_NOACTION 0x00000002 48 #define IKED_OPT_PASSIVE 0x00000004 49 50 #define IKED_IKE_PORT 500 51 #define IKED_NATT_PORT 4500 52 53 #define IKED_NONCE_MIN 16 /* XXX 128 bits */ 54 #define IKED_NONCE_SIZE 32 /* XXX 256 bits */ 55 56 #define IKED_COOKIE_MIN 1 /* min 1 bytes */ 57 #define IKED_COOKIE_MAX 64 /* max 64 bytes */ 58 59 #define IKED_COOKIE2_MIN 8 /* min 8 bytes */ 60 #define IKED_COOKIE2_MAX 64 /* max 64 bytes */ 61 62 #define IKED_ID_SIZE 1024 /* XXX should be dynamic */ 63 #define IKED_PSK_SIZE 1024 /* XXX should be dynamic */ 64 #define IKED_MSGBUF_MAX 8192 65 #define IKED_CFG_MAX 16 /* maximum CP attributes */ 66 #define IKED_TAG_SIZE 64 67 #define IKED_CYCLE_BUFFERS 8 /* # of static buffers for mapping */ 68 #define IKED_PASSWORD_SIZE 256 /* limited by most EAP types */ 69 70 #define IKED_LIFETIME_BYTES 536870912 /* 512 Mb */ 71 #define IKED_LIFETIME_SECONDS 10800 /* 3 hours */ 72 73 #define IKED_E 0x1000 /* Decrypted flag */ 74 75 struct iked_constmap { 76 unsigned int cm_type; 77 const char *cm_name; 78 const char *cm_descr; 79 }; 80 81 struct iked_transform { 82 uint8_t xform_type; 83 uint16_t xform_id; 84 uint16_t xform_length; 85 uint16_t xform_keylength; 86 unsigned int xform_score; 87 struct iked_constmap *xform_map; 88 }; 89 90 enum imsg_type { 91 IMSG_NONE, 92 IMSG_CTL_OK, 93 IMSG_CTL_FAIL, 94 IMSG_CTL_VERBOSE, 95 IMSG_CTL_NOTIFY, 96 IMSG_CTL_RELOAD, 97 IMSG_CTL_RESET, 98 IMSG_CTL_COUPLE, 99 IMSG_CTL_DECOUPLE, 100 IMSG_CTL_ACTIVE, 101 IMSG_CTL_PASSIVE, 102 IMSG_CTL_RESET_ID, 103 IMSG_CTL_SHOW_SA, 104 IMSG_CTL_STATIC, 105 IMSG_COMPILE, 106 IMSG_UDP_SOCKET, 107 IMSG_PFKEY_SOCKET, 108 IMSG_IKE_MESSAGE, 109 IMSG_CFG_POLICY, 110 IMSG_CFG_FLOW, 111 IMSG_CFG_USER, 112 IMSG_CERTREQ, 113 IMSG_CERT, 114 IMSG_CERTVALID, 115 IMSG_CERTINVALID, 116 IMSG_CERT_PARTIAL_CHAIN, 117 IMSG_OCSP_FD, 118 IMSG_OCSP_CFG, 119 IMSG_AUTH, 120 IMSG_PRIVKEY, 121 IMSG_PUBKEY 122 }; 123 124 enum privsep_procid { 125 PROC_PARENT = 0, 126 PROC_CONTROL, 127 PROC_CERT, 128 PROC_IKEV2, 129 PROC_MAX 130 }; 131 132 enum flushmode { 133 RESET_RELOAD = 0, 134 RESET_ALL, 135 RESET_CA, 136 RESET_POLICY, 137 RESET_SA, 138 RESET_USER 139 }; 140 141 #ifndef nitems 142 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 143 #endif 144 145 #endif /* IKED_TYPES_H */ 146