diff options
Diffstat (limited to 'plugins/CryptoPP/PGPw/sdk8/include/pgpIKE.h')
| -rw-r--r-- | plugins/CryptoPP/PGPw/sdk8/include/pgpIKE.h | 784 |
1 files changed, 0 insertions, 784 deletions
diff --git a/plugins/CryptoPP/PGPw/sdk8/include/pgpIKE.h b/plugins/CryptoPP/PGPw/sdk8/include/pgpIKE.h deleted file mode 100644 index 23a28c8bc2..0000000000 --- a/plugins/CryptoPP/PGPw/sdk8/include/pgpIKE.h +++ /dev/null @@ -1,784 +0,0 @@ -/*____________________________________________________________________________ - Copyright (C) 2002 PGP Corporation - All rights reserved. - - $Id: pgpIKE.h,v 1.39 2003/09/24 03:09:32 ajivsov Exp $ -____________________________________________________________________________*/ -#ifndef Included_PGPike_h /* [ */ -#define Included_PGPike_h - -#include "pgpPubTypes.h" - -PGP_BEGIN_C_DECLARATIONS - -#if PGP_WIN32 -# pragma pack(push, 8) -#endif - -#ifdef _MSC_VER -#pragma warning (disable:4200) -#endif - -typedef struct PGPikeContext * PGPikeContextRef; - -#define kInvalidPGPikeContextRef ((PGPikeContextRef) NULL) -#define PGPikeContextRefIsValid( ref ) ( (ref) != kInvalidPGPikeContextRef ) - -#define kPGPike_CommonPort 500 -#define kPGPike_AuthMaximumKeySize (512/8) -#define kPGPike_ESPMaximumKeySize 32 /* 256 bits */ -#define kPGPike_MaxExplicitIVSize 16 -#define kPGPike_MaxTransforms 3 -#define kPGPike_DefaultKBLife 1048576 /* 1GB */ -#define kPGPike_DefaultSecLife 86400 /* 1 Day */ -#define kPGPike_UserDataSize 96 -#define kPGPike_XAuthStringLen 128 -#define kPGPike_XAuthMessageLen 256 - -typedef PGPByte PGPipsecSPI[4]; - -enum PGPikeDOI_ -{ - kPGPike_DOI_IKE = 0, - kPGPike_DOI_IPSEC = 1, - - PGP_ENUM_FORCE( PGPikeDOI_ ) -}; -PGPENUM_TYPEDEF( PGPikeDOI_, PGPikeDOI ); - -enum PGPikeAlert_ -{ - kPGPike_AL_None = 0, - - /* Error Types */ - kPGPike_AL_InvalidPayload = 1, - kPGPike_AL_DOIUnsupported = 2, - kPGPike_AL_SituationUnsupported = 3, - kPGPike_AL_InvalidCookie = 4, - kPGPike_AL_InvalidMajorVersion = 5, - kPGPike_AL_InvalidMinorVersion = 6, - kPGPike_AL_InvalidExchange = 7, - kPGPike_AL_InvalidFlags = 8, - kPGPike_AL_InvalidMessageID = 9, - kPGPike_AL_InvalidProtocolID = 10, - kPGPike_AL_InvalidSPI = 11, - kPGPike_AL_InvalidTransform = 12, - kPGPike_AL_InvalidAttribute = 13, - kPGPike_AL_NoProposalChoice = 14, - kPGPike_AL_BadProposal = 15, - kPGPike_AL_PayloadMalformed = 16, - kPGPike_AL_InvalidKey = 17, - kPGPike_AL_InvalidID = 18, - kPGPike_AL_InvalidCertEncoding = 19, - kPGPike_AL_InvalidCert = 20, - kPGPike_AL_UnsupportedCert = 21, - kPGPike_AL_InvalidCertAuthority = 22, - kPGPike_AL_InvalidHash = 23, - kPGPike_AL_AuthenticationFailed = 24, - kPGPike_AL_InvalidSignature = 25, - kPGPike_AL_AddressNotification = 26, - kPGPike_AL_NotifySALifetime = 27, - kPGPike_AL_CertUnavailable = 28, - kPGPike_AL_UnsupportedExchange = 29, - kPGPike_AL_UnequalPayloadLengths = 30, - - kPGPike_AL_NATTranslationFailure = 16300, - kPGPike_AL_LastErrorType = 16301, - - /* Status Types */ - kPGPike_AL_Connected = 16384, - kPGPike_AL_ResponderLifetime = 24576, /* IPSEC DOI */ - kPGPike_AL_ReplayStatus = 24577, /* IPSEC DOI */ - kPGPike_AL_InitialContact = 24578, /* IPSEC DOI */ - - PGP_ENUM_FORCE( PGPikeAlert_ ) -}; -PGPENUM_TYPEDEF( PGPikeAlert_, PGPikeAlert ); - -enum PGPikeInternalAlert_ -{ - kPGPike_IA_None = 0, - - kPGPike_IA_ResponseTimeout = 1, - kPGPike_IA_NoProposals = 2, - kPGPike_IA_NewPhase1SA = 3, - kPGPike_IA_NewPhase2SA = 4, - kPGPike_IA_DeadPhase1SA = 5, - kPGPike_IA_DeadPhase2SA = 6, - kPGPike_IA_TooManyExchanges = 7, - kPGPike_IA_XAuthSuccess = 8, - kPGPike_IA_XAuthFailed = 9, - - PGP_ENUM_FORCE( PGPikeInternalAlert_ ) -}; -PGPENUM_TYPEDEF( PGPikeInternalAlert_, PGPikeInternalAlert ); - -enum PGPikePref_ -{ - kPGPike_PF_None = 0, - - kPGPike_PF_Expiration = 1, - kPGPike_PF_AllowedAlgorithms = 2, - kPGPike_PF_IKEProposals = 3, - kPGPike_PF_IPSECProposals = 4, - - PGP_ENUM_FORCE( PGPikePref_ ) -}; -PGPENUM_TYPEDEF( PGPikePref_, PGPikePref ); - -enum PGPipsecEncapsulation_ -{ - kPGPike_PM_None = 0, - - kPGPike_PM_Tunnel = 1, - kPGPike_PM_Transport = 2, - kPGPike_PM_UDPencapsulatedTunnel = 61443, - kPGPike_PM_UDPencapsulatedTransport = 61444, - - PGP_ENUM_FORCE( PGPipsecEncapsulation_ ) -}; -PGPENUM_TYPEDEF( PGPipsecEncapsulation_, PGPipsecEncapsulation ); - -enum PGPikeLifeType_ -{ - kPGPike_LT_None = 0, - - kPGPike_LT_Seconds = 1, - kPGPike_LT_Kilobytes = 2, - - PGP_ENUM_FORCE( PGPikeLifeType_ ) -}; -PGPENUM_TYPEDEF( PGPikeLifeType_, PGPikeLifeType ); - -enum PGPipsecIdentity_ -{ - kPGPike_ID_None = 0, - - kPGPike_ID_IPV4_Addr, - kPGPike_ID_FQDN, - kPGPike_ID_UserFQDN, - kPGPike_ID_IPV4_Addr_Subnet, - kPGPike_ID_IPV6_Addr, - kPGPike_ID_IPV6_Addr_Subnet, - kPGPike_ID_IPV4_Addr_Range, - kPGPike_ID_IPV6_Addr_Range, - kPGPike_ID_DER_ASN1_DN, - kPGPike_ID_DER_ASN1_GN, - kPGPike_ID_Key_ID, /* used for PGP fingerprint */ - - PGP_ENUM_FORCE( PGPipsecIdentity_ ) -}; -PGPENUM_TYPEDEF( PGPipsecIdentity_, PGPipsecIdentity ); - -/* If it doesn't say supported, it isn't. */ -enum PGPipsecAHTransformID_ -{ - kPGPike_AH_None = 0, - - kPGPike_AH_MD5 = 2, /* supported */ - kPGPike_AH_SHA = 3, /* supported */ - kPGPike_AH_DES = 4, - kPGPike_AH_SHA2_256 = 5, /* supported */ - kPGPike_AH_SHA2_384 = 6, /* supported */ - kPGPike_AH_SHA2_512 = 7, /* supported */ - - PGP_ENUM_FORCE( PGPipsecAHTransformID_ ) -}; -PGPENUM_TYPEDEF( PGPipsecAHTransformID_, PGPipsecAHTransformID ); - -enum PGPipsecAuthAttribute_ -{ - kPGPike_AA_None = 0, - - kPGPike_AA_HMAC_MD5 = 1, /* supported */ - kPGPike_AA_HMAC_SHA = 2, /* supported */ - kPGPike_AA_DES_MAC = 3, - kPGPike_AA_KPDK = 4, - kPGPike_AA_HMAC_SHA2_256 = 5, /* supported */ - kPGPike_AA_HMAC_SHA2_384 = 6, /* supported */ - kPGPike_AA_HMAC_SHA2_512 = 7, /* supported */ - - PGP_ENUM_FORCE( PGPipsecAuthAttribute_ ) -}; -PGPENUM_TYPEDEF( PGPipsecAuthAttribute_, PGPipsecAuthAttribute ); - -enum PGPipsecESPTransformID_ -{ - kPGPike_ET_DES_IV64 = 1, /* supported */ - kPGPike_ET_DES = 2, /* supported */ - kPGPike_ET_3DES = 3, /* supported */ - kPGPike_ET_RC5 = 4, - kPGPike_ET_IDEA = 5, - kPGPike_ET_CAST = 6, /* supported */ - kPGPike_ET_Blowfish = 7, - kPGPike_ET_3IDEA = 8, - kPGPike_ET_DES_IV32 = 9, - kPGPike_ET_RC4 = 10, - kPGPike_ET_NULL = 11, /* supported */ - kPGPike_ET_AES = 12, - - PGP_ENUM_FORCE( PGPipsecESPTransformID_ ) -}; -PGPENUM_TYPEDEF( PGPipsecESPTransformID_, PGPipsecESPTransformID ); - -/* IPCOMP is not supported by this version of PGPike */ -enum PGPipsecIPCOMPTransformID_ -{ - kPGPike_IC_None = 0, - - kPGPike_IC_OUI = 1, - kPGPike_IC_Deflate = 2, /* supported */ - kPGPike_IC_LZS = 3, /* supported */ - kPGPike_IC_V42bis = 4, - - PGP_ENUM_FORCE( PGPipsecIPCOMPTransformID_ ) -}; -PGPENUM_TYPEDEF( PGPipsecIPCOMPTransformID_, PGPipsecIPCOMPTransformID ); - -enum PGPipsecProtocol_ -{ - kPGPike_PR_None = 0, - kPGPike_PR_IKE = 1, - kPGPike_PR_AH = 2, - kPGPike_PR_ESP = 3, - kPGPike_PR_IPCOMP = 4, - - PGP_ENUM_FORCE( PGPipsecProtocol_ ) -}; -PGPENUM_TYPEDEF( PGPipsecProtocol_, PGPipsecProtocol ); - -enum PGPikeGroupID_ -{ - kPGPike_GR_None = 0, /* supported */ - - kPGPike_GR_MODPOne = 1, /* supported */ - kPGPike_GR_MODPTwo = 2, /* supported */ - kPGPike_GR_MODPFive = 5, /* supported */ - - kPGPike_GR_ECSix = 6, /* supported */ - kPGPike_GR_ECSeven = 7, /* supported */ - - kPGPike_GR_ECEight = 8, /* supported */ - kPGPike_GR_ECNine = 9, /* supported */ - - kPGPike_GR_MODP2048 = 42048,/* unassigned */ - kPGPike_GR_MODP3072 = 43072,/* unassigned */ - kPGPike_GR_MODP4096 = 44096,/* unassigned */ - kPGPike_GR_MODP6144 = 46144,/* unassigned */ - kPGPike_GR_MODP8192 = 48192,/* unassigned */ - - PGP_ENUM_FORCE( PGPikeGroupID_ ) -}; -PGPENUM_TYPEDEF( PGPikeGroupID_, PGPikeGroupID ); - -enum PGPikeCipher_ -{ - kPGPike_SC_None = 0, - - kPGPike_SC_DES_CBC = 1, /* supported */ - kPGPike_SC_IDEA_CBC = 2, - kPGPike_SC_Blowfish_CBC = 3, - kPGPike_SC_RC5_R16_B64_CBC = 4, - kPGPike_SC_3DES_CBC = 5, /* supported */ - kPGPike_SC_CAST_CBC = 6, /* supported */ - kPGPike_SC_AES_CBC = 7, - - PGP_ENUM_FORCE( PGPikeCipher_ ) -}; -PGPENUM_TYPEDEF( PGPikeCipher_, PGPikeCipher ); - -enum PGPikeHash_ -{ - kPGPike_HA_None = 0, - - kPGPike_HA_MD5 = 1, /* supported */ - kPGPike_HA_SHA1 = 2, /* supported */ - kPGPike_HA_Tiger = 3, - kPGPike_HA_SHA2_256 = 4, - kPGPike_HA_SHA2_384 = 5, - kPGPike_HA_SHA2_512 = 6, - - PGP_ENUM_FORCE( PGPikeHash_ ) -}; -PGPENUM_TYPEDEF( PGPikeHash_, PGPikeHash ); - -enum PGPikeAuthMethod_ -{ - kPGPike_AM_None = 0, - - kPGPike_AM_PreSharedKey = 1, /* supported */ - kPGPike_AM_DSS_Sig = 2, /* supported */ - kPGPike_AM_RSA_Sig = 3, /* supported */ - kPGPike_AM_RSA_Encrypt = 4, - kPGPike_AM_RSA_Encrypt_R = 5, - - kPGPike_AM_HAuth_InitRSA = 64221, - kPGPike_AM_HAuth_RespRSA = 64222, - kPGPike_AM_HAuth_InitDSS = 64223, - kPGPike_AM_HAuth_RespDSS = 64224, - - kPGPike_AM_XAuth_InitPreShared = 65001, - kPGPike_AM_XAuth_RespPreShared = 65002, - kPGPike_AM_XAuth_InitDSS = 65003, - kPGPike_AM_XAuth_RespDSS = 65004, - kPGPike_AM_XAuth_InitRSA = 65005, - kPGPike_AM_XAuth_RespRSA = 65006, - kPGPike_AM_XAuth_InitRSAEncryption = 65007, - kPGPike_AM_XAuth_RespRSAEncryption = 65008, - kPGPike_AM_XAuth_InitRSAREncryption = 65009, - kPGPike_AM_XAuth_RespRSAREncryption = 65010, - - PGP_ENUM_FORCE( PGPikeAuthMethod_ ) -}; -PGPENUM_TYPEDEF( PGPikeAuthMethod_, PGPikeAuthMethod ); - -enum PGPikeAuthStyle_ -{ - kPGPike_AS_Normal = 0, - - kPGPike_AS_XAuth = 1, - kPGPike_AS_HybridAuth = 2, - - PGP_ENUM_FORCE( PGPikeAuthStyle_ ) -}; -PGPENUM_TYPEDEF( PGPikeAuthStyle_, PGPikeAuthStyle ); - -enum PGPikeXAuthType_ -{ - kPGPike_XT_Generic = 0, - - kPGPike_XT_RADIUS_CHAP = 1, - kPGPike_XT_OTP = 2, - kPGPike_XT_SKEY = 3, - - PGP_ENUM_FORCE( PGPikeXAuthType_ ) -}; -PGPENUM_TYPEDEF( PGPikeXAuthType_, PGPikeXAuthType ); - -enum PGPikeEncapsulateMode_ -{ - kPGPike_EM_Auto = 0, - - kPGPike_EM_Always = 1, - kPGPike_EM_Never = 2, - - PGP_ENUM_FORCE( PGPikeEncapsulateMode_ ) -}; -PGPENUM_TYPEDEF( PGPikeEncapsulateMode_, PGPikeEncapsulateMode ); - -typedef struct PGPipsecESPTransform -{ - PGPipsecESPTransformID cipher; - PGPUInt32 keyLength; - /* cipher key bit size, must be 0 for all except AES */ - PGPipsecAuthAttribute authAttr; - PGPipsecEncapsulation mode; -} PGPipsecESPTransform; - -typedef struct PGPipsecAHTransform -{ - PGPipsecAHTransformID authAlg; - PGPipsecAuthAttribute authAttr; - PGPipsecEncapsulation mode; -} PGPipsecAHTransform; - -typedef struct PGPipsecIPCOMPTransform -{ - PGPipsecIPCOMPTransformID compAlg; -} PGPipsecIPCOMPTransform; - -typedef struct PGPikeTransform -{ - PGPikeAuthMethod authMethod; - PGPikeHash hash; - PGPikeCipher cipher; - PGPUInt32 keyLength; /* cipher key bit size, must be 0 for all except AES */ - PGPikeGroupID groupID; -} PGPikeTransform; - -typedef struct PGPipsecTransform -{ - PGPBoolean useESP; - PGPipsecESPTransform esp; - - PGPBoolean useAH; - PGPipsecAHTransform ah; - - PGPBoolean useIPCOMP; - PGPipsecIPCOMPTransform ipcomp; - - PGPikeGroupID groupID; -} PGPipsecTransform; - -typedef struct PGPipsecDOIParams -{ - PGPipsecSPI inSPI; - PGPipsecSPI outSPI; - PGPipsecProtocol protocol; - - union - { - struct - { - PGPipsecAHTransform t; - PGPByte inAuthKey[kPGPike_AuthMaximumKeySize]; - PGPByte outAuthKey[kPGPike_AuthMaximumKeySize]; - } ah; - - struct - { - PGPipsecESPTransform t; - PGPByte inESPKey[kPGPike_ESPMaximumKeySize]; - PGPByte outESPKey[kPGPike_ESPMaximumKeySize]; - PGPByte inAuthKey[kPGPike_AuthMaximumKeySize]; - PGPByte outAuthKey[kPGPike_AuthMaximumKeySize]; - PGPByte explicitIV[kPGPike_MaxExplicitIVSize]; - } esp; - - struct - { - PGPipsecIPCOMPTransform t; - } ipcomp; - } u; -} PGPipsecDOIParams; - -typedef struct PGPipsecSA -{ - struct PGPipsecSA * nextSA; /* INTERNAL USE ONLY */ - struct PGPipsecSA * prevSA; /* INTERNAL USE ONLY */ - PGPUInt32 ipAddress; /* PreNATted(Original) IP Address */ - PGPBoolean destIsRange; /* dest is IP range */ - PGPUInt32 ipAddrStart; /* IP address */ - PGPUInt32 ipMaskEnd; /* mask or end range IP address */ - PGPByte ipProtocol; /* 0 if all protocols */ - PGPUInt16 ipPort; /* 0 if all ports */ - - PGPBoolean bNATTraversal; /* NAT Encapsulation is enabled if true */ - PGPBoolean bIsLocalIPNAT; /* if non-zero, our local IP is natted */ - PGPBoolean bIsRemoteIPNAT; /* if non-zero, remote IP is NATed */ - PGPUInt32 natIPAddress; /* NATed Dest IP Address, 0 if not NATed */ - PGPUInt16 nboNATPort; /* NATed Dest Port value */ - - PGPUInt32 assignedIP; /* if non-zero, use as tunnel IP */ - PGPUInt32 assignedDNS; /* if non-zero, use as tunnel DNS */ - PGPUInt32 assignedWINS; /* if non-zero, use as tunnel WINS */ - - PGPBoolean initiator; /* was this SA initiated locally */ - PGPBoolean activeIn; /* use for inbound data */ - PGPBoolean activeOut; /* use for outbound data */ - PGPUInt32 kbLifeTime; /* max KB to be sent on this SA */ - PGPUInt32 secLifeTime; /* max seconds this SA will live */ - /* 0 means no limit for either */ - PGPTime birthTime; - - PGPUInt16 numTransforms; - PGPipsecDOIParams transform[kPGPike_MaxTransforms]; - - PGPTime termSchedule; /* SA will be terminated, private */ - PGPByte userData[kPGPike_UserDataSize];/* for your use */ -} PGPipsecSA; - -/* When sent a kPGPike_MT_SARequest, pgpIKE will expect that - all fields below will be filled in. The approved member is - irrelevant in that case. - - When you are called with kPGPike_MT_PolicyCheck, pgpIKE will - set everything to 0 except the IP address. You are expected - to fill in the other fields with local policy. The PolicyCheck - is used for remote-initiated SA negotiation. Since you cannot - predict which remote network might be trying to communicate - with us, you should leave the destIsRange/ipAddrStart/ipMaskEnd - and ipPort/ipProtocol fields set to 0 for this message. You - will be called to check those later with the ClientIDCheck. -*/ -typedef struct PGPikeMTSASetup -{ - PGPBoolean approved; /* > */ - - PGPUInt32 ipAddress; /* destination */ - PGPUInt32 localIPAddress; /* source */ - PGPByte ipProtocol; - PGPUInt16 ipPort; - PGPByte * sharedKey; /* null if none, data will be copied */ - PGPSize sharedKeySize; /* w/o NULL-terminate */ - PGPBoolean aggressive; /* set for aggressive mode */ - PGPBoolean lightweight; /* only for SARequest, set to - TRUE for only 1 retry */ - /* set the fields below to use tunnel mode */ - PGPBoolean destIsRange; - PGPUInt32 ipAddrStart; - PGPUInt32 ipMaskEnd; - - PGPBoolean virtualIP; /* whether to use mode-cfg */ - PGPikeAuthStyle authStyle; /* whether to use xauth/hybrid */ - PGPikeEncapsulateMode encapsulateMode; /* Force NAT Traversal mode */ - - PGPipsecIdentity idType; /* only useful in shared key mode */ - PGPByte * idData; /* data will be copied */ - PGPSize idDataSize; /* this is the Phase 1 ID */ -} PGPikeMTSASetup; - -/* - When you are called with a kPGPike_MT_ClientIDCheck, all fields - will be set appropriately. If the destIsRange/ipAddrStart/ipMaskEnd - triad is permitted to be represented by the IP address, set - the approved field to true. This message is only sent in the case - where the remote side is the initiator and you have already been - called with a kPGPike_MT_PolicyCheck message. -*/ -typedef struct PGPikeMTClientIDCheck -{ - PGPBoolean approved; /* > */ - - PGPUInt32 ipAddress; - PGPByte ipProtocol; - PGPUInt16 ipPort; - - PGPBoolean destIsRange; - PGPUInt32 ipAddrStart; - PGPUInt32 ipMaskEnd; -} PGPikeMTClientIDCheck; - -typedef struct PGPikeMTSAEstablished -{ - PGPipsecSA * sa; - PGPBoolean remoteValid; - PGPByte * remoteAuthKey; /* binary exported key data */ - PGPSize remoteAuthKeySize; -} PGPikeMTSAEstablished; - -typedef struct PGPikeMTSAFailed -{ - PGPUInt32 ipAddress; /* destination */ - PGPByte ipProtocol; - PGPUInt16 ipPort; - - PGPBoolean destIsRange; - PGPUInt32 ipAddrStart; - PGPUInt32 ipMaskEnd; - -} PGPikeMTSAFailed; - -typedef struct PGPikeMTCert -{ - PGPUInt32 ipAddress; /* < */ - PGPKeyDBRef baseKeyDB; /* > */ - PGPKeyDBObjRef authObj; /* > PGP key or X.509 cert */ - - PGPBoolean isPassKey; /* > */ - void * pass; /* > null-term if passphrase, Unicode, copied */ - PGPSize passLength; /* > in PGPChar8s */ -} PGPikeMTCert; - -typedef struct PGPikeMTRemoteCert -{ - PGPBoolean approved; /* > */ - PGPBoolean valid; /* > */ - PGPUInt32 ipAddress; /* < */ - PGPKeyDBObjRef remoteObj; /* < PGPkey or X.509 cert */ - PGPKeyDBRef remoteKeyDB; /* < any other keys/certs are part of - this cert's chain */ -} PGPikeMTRemoteCert; - -typedef struct PGPikeMTPacket -{ - PGPUInt32 ipAddress; /* source or destination */ - PGPUInt16 port; /* usually UDP 500, but might not be */ - PGPSize packetSize; - PGPByte * packet; /* msg *sender* must free this */ -} PGPikeMTPacket; - -typedef struct PGPikeMTIdentity -{ - PGPBoolean active; /* TRUE = set it, FALSE= dead */ - PGPUInt32 ipAddress; /* Gateway IP */ - PGPUInt32 assignedIP; - PGPUInt32 assignedDNS; - PGPUInt32 assignedWINS; -} PGPikeMTIdentity; - -typedef struct PGPikeMTAlert -{ - PGPikeAlert alert; - PGPUInt32 ipAddress; - PGPikeInternalAlert value; /* used if alert is kPGPike_AL_None */ - PGPBoolean remoteGenerated; -} PGPikeMTAlert; - -typedef PGPUInt32 PGPikeAESKeyLengthMask; - -#define kPGPike_AESKeyLength128 1 -#define kPGPike_AESKeyLength192 2 -#define kPGPike_AESKeyLength256 4 -#define kPGPike_AESKeyLengthAll 7 - -typedef struct PGPikeAllowedAlgorithms -{ - PGPBoolean cast5; - PGPBoolean tripleDES; - PGPBoolean singleDES; - PGPikeAESKeyLengthMask aes; - PGPBoolean espNULL; - - PGPBoolean sha1; - PGPBoolean md5; - PGPBoolean sha2_256; - PGPBoolean sha2_384; - PGPBoolean sha2_512; - PGPBoolean noAuth; - - PGPBoolean lzs; - PGPBoolean deflate; - - PGPBoolean modpOne768; - PGPBoolean modpTwo1024; - PGPBoolean modpFive1536; - - PGPBoolean ec2n163; - PGPBoolean ec2n283; - - PGPBoolean modp2048; - PGPBoolean modp3072; - PGPBoolean modp4096; - PGPBoolean modp6144; - PGPBoolean modp8192; - -} PGPikeAllowedAlgorithms; - -typedef struct PGPikeMTPref -{ - PGPikePref pref; - - union - { - struct - { - PGPUInt32 kbLifeTimeIKE; - PGPUInt32 secLifeTimeIKE; - PGPUInt32 kbLifeTimeIPSEC; - PGPUInt32 secLifeTimeIPSEC; - } expiration; /* kPGPike_PF_Expiration */ - - struct - { - PGPUInt32 numTransforms; - PGPikeTransform * t; - } ikeProposals; /* kPGPike_PF_IKEProposals */ - - - struct - { - PGPUInt32 numTransforms; - PGPipsecTransform * t; - } ipsecProposals; /* kPGPike_PF_IPSECProposals */ - - PGPikeAllowedAlgorithms allowedAlgorithms; - /*kPGPike_PF_AllowedAlgorithms*/ - } u; -} PGPikeMTPref; - -/* This message will be sent to check extended authentication. The buffer - will be freed after your callback is called, so if you need it, - copy the data elsewhere. You must retrieve the information and then - send an AuthCheck message back to IKE with the contents filled in, - and all contents preserved other than what you filled in. The message - you send back is your memory, IKE will not free it. */ -typedef struct PGPikeMTAuthCheck -{ - PGPBoolean success; /* set to true unless user aborts */ - PGPUInt32 gatewayIP; - PGPikeXAuthType xauthType; - PGPUInt16 transactionID; /* private */ - PGPBoolean includeType; /* private */ - - PGPBoolean useUserName; - PGPBoolean usePassword; - PGPBoolean usePasscode; - PGPBoolean useMessage; - PGPBoolean useChallenge; - PGPBoolean useDomain; - - PGPChar8 userName[kPGPike_XAuthStringLen]; - PGPChar8 password[kPGPike_XAuthStringLen]; - PGPChar8 passcode[kPGPike_XAuthStringLen]; - PGPChar8 message[kPGPike_XAuthMessageLen]; - PGPChar8 challenge[kPGPike_XAuthStringLen]; - PGPChar8 domain[kPGPike_XAuthStringLen]; - PGPSize challengeSize; -} PGPikeMTAuthCheck; - -enum PGPikeMessageType_ -{ - /* - Message types followed by ">" may be sent to PGPike - Message typed followed by "<" may be sent by PGPike - */ - kPGPike_MT_Idle = 0, /* > call this often */ - kPGPike_MT_SARequest, /* > PGPikeMTSASetup */ - kPGPike_MT_SARequestFailed, /* < PGPikeMTSAFailed */ - kPGPike_MT_SAEstablished, /* < PGPikeMTSAEstablished */ - kPGPike_MT_SARekey, /* > PGPipsecSA */ - kPGPike_MT_SADied, /* >< PGPipsecSA */ - kPGPike_MT_SAUpdate, /* < PGPipsecSA */ - kPGPike_MT_SAKillAll, /* > none */ - - kPGPike_MT_PolicyCheck, /* < PGPikeMTSASetup */ - kPGPike_MT_ClientIDCheck, /* < PGPikeMTClientIDCheck */ - kPGPike_MT_AuthCheck, /* >< PGPikeMTAuthCheck */ - kPGPike_MT_LocalPGPCert, /* < PGPikeMTCert */ - kPGPike_MT_LocalX509Cert, /* < PGPikeMTCert */ - kPGPike_MT_RemoteCert, /* < PGPikeMTRemoteCert */ - kPGPike_MT_Identity, /* < PGPikeMTIdentity */ - - kPGPike_MT_Packet, /* >< PGPikeMTPacket */ - kPGPike_MT_Alert, /* < PGPikeMTAlert */ - - kPGPike_MT_Pref, /* > PGPikeMTPref */ - - kPGPike_MT_DebugLog, /* < PGPChar8 * */ - - PGP_ENUM_FORCE( PGPikeMessageType_ ) -}; -PGPENUM_TYPEDEF( PGPikeMessageType_, PGPikeMessageType ); - -typedef PGPError (* PGPikeMessageProcPtr)( - PGPikeContextRef ike, - void * inUserData, - PGPikeMessageType msg, - void * data ); - -PGPError PGPNewIKEContext( - PGPContextRef context, - PGPikeMessageProcPtr ikeMessageProc, - void * inUserData, - PGPikeContextRef * outRef ); - -PGPError PGPFreeIKEContext( - PGPikeContextRef ref ); - -/* Any error from PGPikeProcessMessage is fatal. Non-fatal - errors are sent through the kPGPike_MT_Alert message. */ - -PGPError PGPikeProcessMessage( - PGPikeContextRef ref, - PGPikeMessageType msg, - void * data ); - - -#if PGP_WIN32 -# pragma pack(pop) -#endif - -PGP_END_C_DECLARATIONS - -#endif /* ] Included_PGPike_h */ - - -/*__Editor_settings____ - - Local Variables: - tab-width: 4 - End: - vi: ts=4 sw=4 - vim: si -_____________________*/ |