1 /* $OpenBSD: types.h,v 1.18 2014/02/17 15:07:23 markus Exp $ */ 2 3 /* 4 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef _IKED_TYPES_H 20 #define _IKED_TYPES_H 21 22 #ifndef IKED_USER 23 #define IKED_USER "_iked" 24 #endif 25 26 #ifndef IKED_CONFIG 27 #define IKED_CONFIG "/etc/iked.conf" 28 #endif 29 #define IKED_SOCKET "/var/run/iked.sock" 30 31 #ifndef IKED_CA 32 #define IKED_CA "/etc/iked/" 33 #endif 34 #define IKED_CA_DIR "ca/" 35 #define IKED_CRL_DIR "crls/" 36 #define IKED_CERT_DIR "certs/" 37 #define IKED_PUBKEY_DIR "pubkeys/" 38 #define IKED_PRIVKEY IKED_CA "private/local.key" 39 #define IKED_PUBKEY "local.pub" 40 41 #define IKED_OCSP_RESPCERT "ocsp/responder.crt" 42 #define IKED_OCSP_ISSUER "ocsp/issuer.crt" 43 44 #define IKED_OPT_VERBOSE 0x00000001 45 #define IKED_OPT_NOACTION 0x00000002 46 #define IKED_OPT_NONATT 0x00000004 47 #define IKED_OPT_NATT 0x00000008 48 #define IKED_OPT_PASSIVE 0x00000010 49 #define IKED_OPT_NOIPV6BLOCKING 0x00000020 50 51 #define IKED_IKE_PORT 500 52 #define IKED_NATT_PORT 4500 53 54 #define IKED_NONCE_MIN 16 /* XXX 128 bits */ 55 #define IKED_NONCE_SIZE 32 /* XXX 256 bits */ 56 57 #define IKED_ID_SIZE 1024 /* XXX should be dynanic */ 58 #define IKED_PSK_SIZE 1024 /* XXX should be dynamic */ 59 #define IKED_MSGBUF_MAX 8192 60 #define IKED_CFG_MAX 16 /* maximum CP attributes */ 61 #define IKED_TAG_SIZE 64 62 #define IKED_CYCLE_BUFFERS 8 /* # of static buffers for mapping */ 63 #define IKED_PASSWORD_SIZE 256 /* limited by most EAP types */ 64 65 #define IKED_LIFETIME_BYTES 536870912 /* 512 Mb */ 66 #define IKED_LIFETIME_SECONDS 10800 /* 3 hours */ 67 68 #define IKED_E 0x1000 /* Decrypted flag */ 69 70 struct iked_constmap { 71 u_int cm_type; 72 const char *cm_name; 73 const char *cm_descr; 74 }; 75 76 struct iked_transform { 77 u_int8_t xform_type; 78 u_int16_t xform_id; 79 u_int16_t xform_length; 80 u_int16_t xform_keylength; 81 u_int xform_score; 82 struct iked_constmap *xform_map; 83 }; 84 85 enum imsg_type { 86 IMSG_NONE, 87 IMSG_CTL_OK, 88 IMSG_CTL_FAIL, 89 IMSG_CTL_VERBOSE, 90 IMSG_CTL_NOTIFY, 91 IMSG_CTL_RELOAD, 92 IMSG_CTL_RESET, 93 IMSG_CTL_COUPLE, 94 IMSG_CTL_DECOUPLE, 95 IMSG_CTL_ACTIVE, 96 IMSG_CTL_PASSIVE, 97 IMSG_COMPILE, 98 IMSG_UDP_SOCKET, 99 IMSG_PFKEY_SOCKET, 100 IMSG_IKE_MESSAGE, 101 IMSG_CFG_POLICY, 102 IMSG_CFG_USER, 103 IMSG_CERTREQ, 104 IMSG_CERT, 105 IMSG_CERTVALID, 106 IMSG_CERTINVALID, 107 IMSG_OCSP_FD, 108 IMSG_OCSP_URL, 109 IMSG_AUTH 110 }; 111 112 enum privsep_procid { 113 PROC_PARENT = 0, 114 PROC_IKEV1, 115 PROC_IKEV2, 116 PROC_CERT, 117 PROC_MAX 118 }; 119 120 /* Attach the control socket to the following process */ 121 #define PROC_CONTROL PROC_CERT 122 123 enum blockmodes { 124 BM_NORMAL, 125 BM_NONBLOCK 126 }; 127 128 enum flushmode { 129 RESET_RELOAD = 0, 130 RESET_ALL, 131 RESET_CA, 132 RESET_POLICY, 133 RESET_SA, 134 RESET_USER 135 }; 136 137 #ifndef nitems 138 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 139 #endif 140 141 #endif /* _IKED_TYPES_H */ 142