xref: /openbsd/sbin/isakmpd/ipsec_num.cst (revision 09467b48) 
1#	$OpenBSD: ipsec_num.cst,v 1.20 2017/10/27 08:29:32 mpi Exp $
2#	$EOM: ipsec_num.cst,v 1.5 2000/10/13 17:56:52 angelos Exp $
3
4#
5# Copyright (c) 1998 Niklas Hallqvist.  All rights reserved.
6# Copyright (c) 2003 H�kan Olsson.  All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright
14#    notice, this list of conditions and the following disclaimer in the
15#    documentation and/or other materials provided with the distribution.
16#
17# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27#
28
29#
30# This code was written under funding by Ericsson Radio Systems.
31#
32
33# XXX Please fill in references to the drafts, chapter & verse for each
34# constant group below.
35
36# IPSEC DOI Identifier.
37IPSEC_DOI
38  IPSEC 1
39.
40
41# IPSEC SA attributes
42IPSEC_ATTR
43  SA_LIFE_TYPE				1
44  SA_LIFE_DURATION			2
45  GROUP_DESCRIPTION			3
46  ENCAPSULATION_MODE			4
47  AUTHENTICATION_ALGORITHM		5
48  KEY_LENGTH				6
49  KEY_ROUNDS				7
50  COMPRESS_DICTIONARY_SIZE		8
51  COMPRESS_PRIVATE_ALGORITHM		9
52  ECN_TUNNEL				10
53.
54
55# IPSEC SA duration.
56IPSEC_DURATION
57  SECONDS				1
58  KILOBYTES				2
59.
60
61# IPSEC encapsulation mode.
62IPSEC_ENCAP
63  TUNNEL				1
64  TRANSPORT				2
65  UDP_ENCAP_TUNNEL			3
66  UDP_ENCAP_TRANSPORT			4
67  UDP_ENCAP_TUNNEL_DRAFT		61443	# draft-ietf-ipsec-nat-t-ike
68  UDP_ENCAP_TRANSPORT_DRAFT		61444	# draft-ietf-ipsec-nat-t-ike
69.
70
71# IPSEC authentication algorithm.
72IPSEC_AUTH
73  HMAC_MD5				1
74  HMAC_SHA				2
75  DES_MAC				3
76  KPDK					4
77  HMAC_SHA2_256                         5
78  HMAC_SHA2_384                         6
79  HMAC_SHA2_512                         7
80  HMAC_RIPEMD                           8
81.
82
83# IPSEC ID types.
84IPSEC_ID
85  IPV4_ADDR				1
86  FQDN					2
87  USER_FQDN				3
88  IPV4_ADDR_SUBNET			4
89  IPV6_ADDR				5
90  IPV6_ADDR_SUBNET			6
91  IPV4_RANGE				7
92  IPV6_RANGE				8
93  DER_ASN1_DN				9
94  DER_ASN1_GN				10
95  KEY_ID				11
96.
97
98# IKE SA attributes
99IKE_ATTR
100  ENCRYPTION_ALGORITHM			1	ike_encrypt_cst
101  HASH_ALGORITHM			2	ike_hash_cst
102  AUTHENTICATION_METHOD			3	ike_auth_cst
103  GROUP_DESCRIPTION			4	ike_group_desc_cst
104  GROUP_TYPE				5	ike_group_cst
105  GROUP_PRIME				6
106  GROUP_GENERATOR_1			7
107  GROUP_GENERATOR_2			8
108  GROUP_CURVE_A				9
109  GROUP_CURVE_B				10
110  LIFE_TYPE				11	ike_duration_cst
111  LIFE_DURATION				12
112  PRF					13	ike_prf_cst
113  KEY_LENGTH				14
114  FIELD_SIZE				15
115  GROUP_ORDER				16
116  BLOCK_SIZE				17
117.
118
119# XXX Fill in reserved ranges for the attributes below.
120
121# IKE encryption algorithm.
122IKE_ENCRYPT
123  DES_CBC				1
124  IDEA_CBC				2
125  BLOWFISH_CBC				3
126  RC5_R16_B64_CBC			4
127  3DES_CBC				5
128  CAST_CBC				6
129  AES_CBC                               7
130.
131
132# IKE hash algorithm.
133IKE_HASH
134  MD5					1
135  SHA					2
136  TIGER					3
137  SHA2_256                              4
138  SHA2_384                              5
139  SHA2_512                              6
140.
141
142# IKE authentication method.
143IKE_AUTH
144  PRE_SHARED				1
145  DSS					2
146  RSA_SIG				3
147  RSA_ENC				4
148  RSA_ENC_REV				5
149  EL_GAMAL_ENC				6
150  EL_GAMAL_ENC_REV			7
151  ECDSA_SIG				8
152.
153
154# IKE group description.
155IKE_GROUP_DESC
156  MODP_768				1
157  MODP_1024				2
158  EC2N_155				3
159  EC2N_185				4
160  MODP_1536				5
161  EC2N_163sect				6
162  EC2N_163K				7
163  EC2N_283sect				8
164  EC2N_283K				9
165  EC2N_409sect				10
166  EC2N_409K				11
167  EC2N_571sect				12
168  EC2N_571K				13
169  MODP_2048				14
170  MODP_3072				15
171  MODP_4096				16
172  MODP_6144				17
173  MODP_8192				18
174  ECP_256				19
175  ECP_384				20
176  ECP_521				21
177  ECP_192				25
178  ECP_224				26
179  BP_224				27
180  BP_256				28
181  BP_384				29
182  BP_512				30
183.
184
185# IKE Group type.
186IKE_GROUP
187  MODP					1
188  ECP					2
189  EC2N					3
190.
191
192# IKE SA duration.
193IKE_DURATION
194  SECONDS				1
195  KILOBYTES				2
196.
197
198# IKE Pseudo random function.  No defined so far.
199IKE_PRF
200.
201
202# IPSEC Situation bits.
203IPSEC_SIT
204  IDENTITY_ONLY				1
205  SECRECY				2
206  INTEGRITY				4
207.
208
209# IPSEC security protocol IDs.
210IPSEC_PROTO
211  IPSEC_AH				2
212  IPSEC_ESP				3
213  IPCOMP				4
214.
215
216# IPSEC ISAKMP transform IDs.
217IPSEC_TRANSFORM
218  KEY_IKE				1
219.
220
221# IPSEC AH transform IDs.
222IPSEC_AH
223  MD5					2
224  SHA					3
225  DES					4
226  SHA2_256                              5
227  SHA2_384                              6
228  SHA2_512                              7
229  RIPEMD                                8
230.
231
232# IPSEC ESP transform IDs.
233IPSEC_ESP
234  DES_IV64				1
235  DES					2
236  3DES					3
237  RC5					4
238  IDEA					5
239  CAST					6
240  BLOWFISH				7
241  3IDEA					8
242  DES_IV32				9
243  RC4					10
244  NULL					11
245  AES					12
246  AES_CTR				13
247  AES_GCM_16				20
248  AES_GMAC				23
249  AES_MARS				249
250  AES_RC6				250
251  AES_RIJNDAEL				251
252  AES_SERPENT				252
253  AES_TWOFISH				253
254.
255
256# IPSEC IPCOMP transform IDs
257IPSEC_IPCOMP
258  OUI					1
259  DEFLATE				2
260  LZS					3
261  V42BIS				4
262.
263
264# IPSEC notify message types.
265IPSEC_NOTIFY
266  RESPONDER_LIFETIME			24576
267  REPLAY_STATUS				24577
268  INITIAL_CONTACT			24578
269.
270
271# IKE exchange types.
272IKE_EXCH
273  QUICK_MODE				32
274  NEW_GROUP_MODE			33
275.
276