diff options
Diffstat (limited to 'plugins/CryptoPP/src/PGPw/sdk8/include/pgpIKE.h')
| -rw-r--r-- | plugins/CryptoPP/src/PGPw/sdk8/include/pgpIKE.h | 784 |
1 files changed, 784 insertions, 0 deletions
diff --git a/plugins/CryptoPP/src/PGPw/sdk8/include/pgpIKE.h b/plugins/CryptoPP/src/PGPw/sdk8/include/pgpIKE.h new file mode 100644 index 0000000000..23a28c8bc2 --- /dev/null +++ b/plugins/CryptoPP/src/PGPw/sdk8/include/pgpIKE.h @@ -0,0 +1,784 @@ +/*____________________________________________________________________________ + Copyright (C) 2002 PGP Corporation + All rights reserved. + + $Id: pgpIKE.h,v 1.39 2003/09/24 03:09:32 ajivsov Exp $ +____________________________________________________________________________*/ +#ifndef Included_PGPike_h /* [ */ +#define Included_PGPike_h + +#include "pgpPubTypes.h" + +PGP_BEGIN_C_DECLARATIONS + +#if PGP_WIN32 +# pragma pack(push, 8) +#endif + +#ifdef _MSC_VER +#pragma warning (disable:4200) +#endif + +typedef struct PGPikeContext * PGPikeContextRef; + +#define kInvalidPGPikeContextRef ((PGPikeContextRef) NULL) +#define PGPikeContextRefIsValid( ref ) ( (ref) != kInvalidPGPikeContextRef ) + +#define kPGPike_CommonPort 500 +#define kPGPike_AuthMaximumKeySize (512/8) +#define kPGPike_ESPMaximumKeySize 32 /* 256 bits */ +#define kPGPike_MaxExplicitIVSize 16 +#define kPGPike_MaxTransforms 3 +#define kPGPike_DefaultKBLife 1048576 /* 1GB */ +#define kPGPike_DefaultSecLife 86400 /* 1 Day */ +#define kPGPike_UserDataSize 96 +#define kPGPike_XAuthStringLen 128 +#define kPGPike_XAuthMessageLen 256 + +typedef PGPByte PGPipsecSPI[4]; + +enum PGPikeDOI_ +{ + kPGPike_DOI_IKE = 0, + kPGPike_DOI_IPSEC = 1, + + PGP_ENUM_FORCE( PGPikeDOI_ ) +}; +PGPENUM_TYPEDEF( PGPikeDOI_, PGPikeDOI ); + +enum PGPikeAlert_ +{ + kPGPike_AL_None = 0, + + /* Error Types */ + kPGPike_AL_InvalidPayload = 1, + kPGPike_AL_DOIUnsupported = 2, + kPGPike_AL_SituationUnsupported = 3, + kPGPike_AL_InvalidCookie = 4, + kPGPike_AL_InvalidMajorVersion = 5, + kPGPike_AL_InvalidMinorVersion = 6, + kPGPike_AL_InvalidExchange = 7, + kPGPike_AL_InvalidFlags = 8, + kPGPike_AL_InvalidMessageID = 9, + kPGPike_AL_InvalidProtocolID = 10, + kPGPike_AL_InvalidSPI = 11, + kPGPike_AL_InvalidTransform = 12, + kPGPike_AL_InvalidAttribute = 13, + kPGPike_AL_NoProposalChoice = 14, + kPGPike_AL_BadProposal = 15, + kPGPike_AL_PayloadMalformed = 16, + kPGPike_AL_InvalidKey = 17, + kPGPike_AL_InvalidID = 18, + kPGPike_AL_InvalidCertEncoding = 19, + kPGPike_AL_InvalidCert = 20, + kPGPike_AL_UnsupportedCert = 21, + kPGPike_AL_InvalidCertAuthority = 22, + kPGPike_AL_InvalidHash = 23, + kPGPike_AL_AuthenticationFailed = 24, + kPGPike_AL_InvalidSignature = 25, + kPGPike_AL_AddressNotification = 26, + kPGPike_AL_NotifySALifetime = 27, + kPGPike_AL_CertUnavailable = 28, + kPGPike_AL_UnsupportedExchange = 29, + kPGPike_AL_UnequalPayloadLengths = 30, + + kPGPike_AL_NATTranslationFailure = 16300, + kPGPike_AL_LastErrorType = 16301, + + /* Status Types */ + kPGPike_AL_Connected = 16384, + kPGPike_AL_ResponderLifetime = 24576, /* IPSEC DOI */ + kPGPike_AL_ReplayStatus = 24577, /* IPSEC DOI */ + kPGPike_AL_InitialContact = 24578, /* IPSEC DOI */ + + PGP_ENUM_FORCE( PGPikeAlert_ ) +}; +PGPENUM_TYPEDEF( PGPikeAlert_, PGPikeAlert ); + +enum PGPikeInternalAlert_ +{ + kPGPike_IA_None = 0, + + kPGPike_IA_ResponseTimeout = 1, + kPGPike_IA_NoProposals = 2, + kPGPike_IA_NewPhase1SA = 3, + kPGPike_IA_NewPhase2SA = 4, + kPGPike_IA_DeadPhase1SA = 5, + kPGPike_IA_DeadPhase2SA = 6, + kPGPike_IA_TooManyExchanges = 7, + kPGPike_IA_XAuthSuccess = 8, + kPGPike_IA_XAuthFailed = 9, + + PGP_ENUM_FORCE( PGPikeInternalAlert_ ) +}; +PGPENUM_TYPEDEF( PGPikeInternalAlert_, PGPikeInternalAlert ); + +enum PGPikePref_ +{ + kPGPike_PF_None = 0, + + kPGPike_PF_Expiration = 1, + kPGPike_PF_AllowedAlgorithms = 2, + kPGPike_PF_IKEProposals = 3, + kPGPike_PF_IPSECProposals = 4, + + PGP_ENUM_FORCE( PGPikePref_ ) +}; +PGPENUM_TYPEDEF( PGPikePref_, PGPikePref ); + +enum PGPipsecEncapsulation_ +{ + kPGPike_PM_None = 0, + + kPGPike_PM_Tunnel = 1, + kPGPike_PM_Transport = 2, + kPGPike_PM_UDPencapsulatedTunnel = 61443, + kPGPike_PM_UDPencapsulatedTransport = 61444, + + PGP_ENUM_FORCE( PGPipsecEncapsulation_ ) +}; +PGPENUM_TYPEDEF( PGPipsecEncapsulation_, PGPipsecEncapsulation ); + +enum PGPikeLifeType_ +{ + kPGPike_LT_None = 0, + + kPGPike_LT_Seconds = 1, + kPGPike_LT_Kilobytes = 2, + + PGP_ENUM_FORCE( PGPikeLifeType_ ) +}; +PGPENUM_TYPEDEF( PGPikeLifeType_, PGPikeLifeType ); + +enum PGPipsecIdentity_ +{ + kPGPike_ID_None = 0, + + kPGPike_ID_IPV4_Addr, + kPGPike_ID_FQDN, + kPGPike_ID_UserFQDN, + kPGPike_ID_IPV4_Addr_Subnet, + kPGPike_ID_IPV6_Addr, + kPGPike_ID_IPV6_Addr_Subnet, + kPGPike_ID_IPV4_Addr_Range, + kPGPike_ID_IPV6_Addr_Range, + kPGPike_ID_DER_ASN1_DN, + kPGPike_ID_DER_ASN1_GN, + kPGPike_ID_Key_ID, /* used for PGP fingerprint */ + + PGP_ENUM_FORCE( PGPipsecIdentity_ ) +}; +PGPENUM_TYPEDEF( PGPipsecIdentity_, PGPipsecIdentity ); + +/* If it doesn't say supported, it isn't. */ +enum PGPipsecAHTransformID_ +{ + kPGPike_AH_None = 0, + + kPGPike_AH_MD5 = 2, /* supported */ + kPGPike_AH_SHA = 3, /* supported */ + kPGPike_AH_DES = 4, + kPGPike_AH_SHA2_256 = 5, /* supported */ + kPGPike_AH_SHA2_384 = 6, /* supported */ + kPGPike_AH_SHA2_512 = 7, /* supported */ + + PGP_ENUM_FORCE( PGPipsecAHTransformID_ ) +}; +PGPENUM_TYPEDEF( PGPipsecAHTransformID_, PGPipsecAHTransformID ); + +enum PGPipsecAuthAttribute_ +{ + kPGPike_AA_None = 0, + + kPGPike_AA_HMAC_MD5 = 1, /* supported */ + kPGPike_AA_HMAC_SHA = 2, /* supported */ + kPGPike_AA_DES_MAC = 3, + kPGPike_AA_KPDK = 4, + kPGPike_AA_HMAC_SHA2_256 = 5, /* supported */ + kPGPike_AA_HMAC_SHA2_384 = 6, /* supported */ + kPGPike_AA_HMAC_SHA2_512 = 7, /* supported */ + + PGP_ENUM_FORCE( PGPipsecAuthAttribute_ ) +}; +PGPENUM_TYPEDEF( PGPipsecAuthAttribute_, PGPipsecAuthAttribute ); + +enum PGPipsecESPTransformID_ +{ + kPGPike_ET_DES_IV64 = 1, /* supported */ + kPGPike_ET_DES = 2, /* supported */ + kPGPike_ET_3DES = 3, /* supported */ + kPGPike_ET_RC5 = 4, + kPGPike_ET_IDEA = 5, + kPGPike_ET_CAST = 6, /* supported */ + kPGPike_ET_Blowfish = 7, + kPGPike_ET_3IDEA = 8, + kPGPike_ET_DES_IV32 = 9, + kPGPike_ET_RC4 = 10, + kPGPike_ET_NULL = 11, /* supported */ + kPGPike_ET_AES = 12, + + PGP_ENUM_FORCE( PGPipsecESPTransformID_ ) +}; +PGPENUM_TYPEDEF( PGPipsecESPTransformID_, PGPipsecESPTransformID ); + +/* IPCOMP is not supported by this version of PGPike */ +enum PGPipsecIPCOMPTransformID_ +{ + kPGPike_IC_None = 0, + + kPGPike_IC_OUI = 1, + kPGPike_IC_Deflate = 2, /* supported */ + kPGPike_IC_LZS = 3, /* supported */ + kPGPike_IC_V42bis = 4, + + PGP_ENUM_FORCE( PGPipsecIPCOMPTransformID_ ) +}; +PGPENUM_TYPEDEF( PGPipsecIPCOMPTransformID_, PGPipsecIPCOMPTransformID ); + +enum PGPipsecProtocol_ +{ + kPGPike_PR_None = 0, + kPGPike_PR_IKE = 1, + kPGPike_PR_AH = 2, + kPGPike_PR_ESP = 3, + kPGPike_PR_IPCOMP = 4, + + PGP_ENUM_FORCE( PGPipsecProtocol_ ) +}; +PGPENUM_TYPEDEF( PGPipsecProtocol_, PGPipsecProtocol ); + +enum PGPikeGroupID_ +{ + kPGPike_GR_None = 0, /* supported */ + + kPGPike_GR_MODPOne = 1, /* supported */ + kPGPike_GR_MODPTwo = 2, /* supported */ + kPGPike_GR_MODPFive = 5, /* supported */ + + kPGPike_GR_ECSix = 6, /* supported */ + kPGPike_GR_ECSeven = 7, /* supported */ + + kPGPike_GR_ECEight = 8, /* supported */ + kPGPike_GR_ECNine = 9, /* supported */ + + kPGPike_GR_MODP2048 = 42048,/* unassigned */ + kPGPike_GR_MODP3072 = 43072,/* unassigned */ + kPGPike_GR_MODP4096 = 44096,/* unassigned */ + kPGPike_GR_MODP6144 = 46144,/* unassigned */ + kPGPike_GR_MODP8192 = 48192,/* unassigned */ + + PGP_ENUM_FORCE( PGPikeGroupID_ ) +}; +PGPENUM_TYPEDEF( PGPikeGroupID_, PGPikeGroupID ); + +enum PGPikeCipher_ +{ + kPGPike_SC_None = 0, + + kPGPike_SC_DES_CBC = 1, /* supported */ + kPGPike_SC_IDEA_CBC = 2, + kPGPike_SC_Blowfish_CBC = 3, + kPGPike_SC_RC5_R16_B64_CBC = 4, + kPGPike_SC_3DES_CBC = 5, /* supported */ + kPGPike_SC_CAST_CBC = 6, /* supported */ + kPGPike_SC_AES_CBC = 7, + + PGP_ENUM_FORCE( PGPikeCipher_ ) +}; +PGPENUM_TYPEDEF( PGPikeCipher_, PGPikeCipher ); + +enum PGPikeHash_ +{ + kPGPike_HA_None = 0, + + kPGPike_HA_MD5 = 1, /* supported */ + kPGPike_HA_SHA1 = 2, /* supported */ + kPGPike_HA_Tiger = 3, + kPGPike_HA_SHA2_256 = 4, + kPGPike_HA_SHA2_384 = 5, + kPGPike_HA_SHA2_512 = 6, + + PGP_ENUM_FORCE( PGPikeHash_ ) +}; +PGPENUM_TYPEDEF( PGPikeHash_, PGPikeHash ); + +enum PGPikeAuthMethod_ +{ + kPGPike_AM_None = 0, + + kPGPike_AM_PreSharedKey = 1, /* supported */ + kPGPike_AM_DSS_Sig = 2, /* supported */ + kPGPike_AM_RSA_Sig = 3, /* supported */ + kPGPike_AM_RSA_Encrypt = 4, + kPGPike_AM_RSA_Encrypt_R = 5, + + kPGPike_AM_HAuth_InitRSA = 64221, + kPGPike_AM_HAuth_RespRSA = 64222, + kPGPike_AM_HAuth_InitDSS = 64223, + kPGPike_AM_HAuth_RespDSS = 64224, + + kPGPike_AM_XAuth_InitPreShared = 65001, + kPGPike_AM_XAuth_RespPreShared = 65002, + kPGPike_AM_XAuth_InitDSS = 65003, + kPGPike_AM_XAuth_RespDSS = 65004, + kPGPike_AM_XAuth_InitRSA = 65005, + kPGPike_AM_XAuth_RespRSA = 65006, + kPGPike_AM_XAuth_InitRSAEncryption = 65007, + kPGPike_AM_XAuth_RespRSAEncryption = 65008, + kPGPike_AM_XAuth_InitRSAREncryption = 65009, + kPGPike_AM_XAuth_RespRSAREncryption = 65010, + + PGP_ENUM_FORCE( PGPikeAuthMethod_ ) +}; +PGPENUM_TYPEDEF( PGPikeAuthMethod_, PGPikeAuthMethod ); + +enum PGPikeAuthStyle_ +{ + kPGPike_AS_Normal = 0, + + kPGPike_AS_XAuth = 1, + kPGPike_AS_HybridAuth = 2, + + PGP_ENUM_FORCE( PGPikeAuthStyle_ ) +}; +PGPENUM_TYPEDEF( PGPikeAuthStyle_, PGPikeAuthStyle ); + +enum PGPikeXAuthType_ +{ + kPGPike_XT_Generic = 0, + + kPGPike_XT_RADIUS_CHAP = 1, + kPGPike_XT_OTP = 2, + kPGPike_XT_SKEY = 3, + + PGP_ENUM_FORCE( PGPikeXAuthType_ ) +}; +PGPENUM_TYPEDEF( PGPikeXAuthType_, PGPikeXAuthType ); + +enum PGPikeEncapsulateMode_ +{ + kPGPike_EM_Auto = 0, + + kPGPike_EM_Always = 1, + kPGPike_EM_Never = 2, + + PGP_ENUM_FORCE( PGPikeEncapsulateMode_ ) +}; +PGPENUM_TYPEDEF( PGPikeEncapsulateMode_, PGPikeEncapsulateMode ); + +typedef struct PGPipsecESPTransform +{ + PGPipsecESPTransformID cipher; + PGPUInt32 keyLength; + /* cipher key bit size, must be 0 for all except AES */ + PGPipsecAuthAttribute authAttr; + PGPipsecEncapsulation mode; +} PGPipsecESPTransform; + +typedef struct PGPipsecAHTransform +{ + PGPipsecAHTransformID authAlg; + PGPipsecAuthAttribute authAttr; + PGPipsecEncapsulation mode; +} PGPipsecAHTransform; + +typedef struct PGPipsecIPCOMPTransform +{ + PGPipsecIPCOMPTransformID compAlg; +} PGPipsecIPCOMPTransform; + +typedef struct PGPikeTransform +{ + PGPikeAuthMethod authMethod; + PGPikeHash hash; + PGPikeCipher cipher; + PGPUInt32 keyLength; /* cipher key bit size, must be 0 for all except AES */ + PGPikeGroupID groupID; +} PGPikeTransform; + +typedef struct PGPipsecTransform +{ + PGPBoolean useESP; + PGPipsecESPTransform esp; + + PGPBoolean useAH; + PGPipsecAHTransform ah; + + PGPBoolean useIPCOMP; + PGPipsecIPCOMPTransform ipcomp; + + PGPikeGroupID groupID; +} PGPipsecTransform; + +typedef struct PGPipsecDOIParams +{ + PGPipsecSPI inSPI; + PGPipsecSPI outSPI; + PGPipsecProtocol protocol; + + union + { + struct + { + PGPipsecAHTransform t; + PGPByte inAuthKey[kPGPike_AuthMaximumKeySize]; + PGPByte outAuthKey[kPGPike_AuthMaximumKeySize]; + } ah; + + struct + { + PGPipsecESPTransform t; + PGPByte inESPKey[kPGPike_ESPMaximumKeySize]; + PGPByte outESPKey[kPGPike_ESPMaximumKeySize]; + PGPByte inAuthKey[kPGPike_AuthMaximumKeySize]; + PGPByte outAuthKey[kPGPike_AuthMaximumKeySize]; + PGPByte explicitIV[kPGPike_MaxExplicitIVSize]; + } esp; + + struct + { + PGPipsecIPCOMPTransform t; + } ipcomp; + } u; +} PGPipsecDOIParams; + +typedef struct PGPipsecSA +{ + struct PGPipsecSA * nextSA; /* INTERNAL USE ONLY */ + struct PGPipsecSA * prevSA; /* INTERNAL USE ONLY */ + PGPUInt32 ipAddress; /* PreNATted(Original) IP Address */ + PGPBoolean destIsRange; /* dest is IP range */ + PGPUInt32 ipAddrStart; /* IP address */ + PGPUInt32 ipMaskEnd; /* mask or end range IP address */ + PGPByte ipProtocol; /* 0 if all protocols */ + PGPUInt16 ipPort; /* 0 if all ports */ + + PGPBoolean bNATTraversal; /* NAT Encapsulation is enabled if true */ + PGPBoolean bIsLocalIPNAT; /* if non-zero, our local IP is natted */ + PGPBoolean bIsRemoteIPNAT; /* if non-zero, remote IP is NATed */ + PGPUInt32 natIPAddress; /* NATed Dest IP Address, 0 if not NATed */ + PGPUInt16 nboNATPort; /* NATed Dest Port value */ + + PGPUInt32 assignedIP; /* if non-zero, use as tunnel IP */ + PGPUInt32 assignedDNS; /* if non-zero, use as tunnel DNS */ + PGPUInt32 assignedWINS; /* if non-zero, use as tunnel WINS */ + + PGPBoolean initiator; /* was this SA initiated locally */ + PGPBoolean activeIn; /* use for inbound data */ + PGPBoolean activeOut; /* use for outbound data */ + PGPUInt32 kbLifeTime; /* max KB to be sent on this SA */ + PGPUInt32 secLifeTime; /* max seconds this SA will live */ + /* 0 means no limit for either */ + PGPTime birthTime; + + PGPUInt16 numTransforms; + PGPipsecDOIParams transform[kPGPike_MaxTransforms]; + + PGPTime termSchedule; /* SA will be terminated, private */ + PGPByte userData[kPGPike_UserDataSize];/* for your use */ +} PGPipsecSA; + +/* When sent a kPGPike_MT_SARequest, pgpIKE will expect that + all fields below will be filled in. The approved member is + irrelevant in that case. + + When you are called with kPGPike_MT_PolicyCheck, pgpIKE will + set everything to 0 except the IP address. You are expected + to fill in the other fields with local policy. The PolicyCheck + is used for remote-initiated SA negotiation. Since you cannot + predict which remote network might be trying to communicate + with us, you should leave the destIsRange/ipAddrStart/ipMaskEnd + and ipPort/ipProtocol fields set to 0 for this message. You + will be called to check those later with the ClientIDCheck. +*/ +typedef struct PGPikeMTSASetup +{ + PGPBoolean approved; /* > */ + + PGPUInt32 ipAddress; /* destination */ + PGPUInt32 localIPAddress; /* source */ + PGPByte ipProtocol; + PGPUInt16 ipPort; + PGPByte * sharedKey; /* null if none, data will be copied */ + PGPSize sharedKeySize; /* w/o NULL-terminate */ + PGPBoolean aggressive; /* set for aggressive mode */ + PGPBoolean lightweight; /* only for SARequest, set to + TRUE for only 1 retry */ + /* set the fields below to use tunnel mode */ + PGPBoolean destIsRange; + PGPUInt32 ipAddrStart; + PGPUInt32 ipMaskEnd; + + PGPBoolean virtualIP; /* whether to use mode-cfg */ + PGPikeAuthStyle authStyle; /* whether to use xauth/hybrid */ + PGPikeEncapsulateMode encapsulateMode; /* Force NAT Traversal mode */ + + PGPipsecIdentity idType; /* only useful in shared key mode */ + PGPByte * idData; /* data will be copied */ + PGPSize idDataSize; /* this is the Phase 1 ID */ +} PGPikeMTSASetup; + +/* + When you are called with a kPGPike_MT_ClientIDCheck, all fields + will be set appropriately. If the destIsRange/ipAddrStart/ipMaskEnd + triad is permitted to be represented by the IP address, set + the approved field to true. This message is only sent in the case + where the remote side is the initiator and you have already been + called with a kPGPike_MT_PolicyCheck message. +*/ +typedef struct PGPikeMTClientIDCheck +{ + PGPBoolean approved; /* > */ + + PGPUInt32 ipAddress; + PGPByte ipProtocol; + PGPUInt16 ipPort; + + PGPBoolean destIsRange; + PGPUInt32 ipAddrStart; + PGPUInt32 ipMaskEnd; +} PGPikeMTClientIDCheck; + +typedef struct PGPikeMTSAEstablished +{ + PGPipsecSA * sa; + PGPBoolean remoteValid; + PGPByte * remoteAuthKey; /* binary exported key data */ + PGPSize remoteAuthKeySize; +} PGPikeMTSAEstablished; + +typedef struct PGPikeMTSAFailed +{ + PGPUInt32 ipAddress; /* destination */ + PGPByte ipProtocol; + PGPUInt16 ipPort; + + PGPBoolean destIsRange; + PGPUInt32 ipAddrStart; + PGPUInt32 ipMaskEnd; + +} PGPikeMTSAFailed; + +typedef struct PGPikeMTCert +{ + PGPUInt32 ipAddress; /* < */ + PGPKeyDBRef baseKeyDB; /* > */ + PGPKeyDBObjRef authObj; /* > PGP key or X.509 cert */ + + PGPBoolean isPassKey; /* > */ + void * pass; /* > null-term if passphrase, Unicode, copied */ + PGPSize passLength; /* > in PGPChar8s */ +} PGPikeMTCert; + +typedef struct PGPikeMTRemoteCert +{ + PGPBoolean approved; /* > */ + PGPBoolean valid; /* > */ + PGPUInt32 ipAddress; /* < */ + PGPKeyDBObjRef remoteObj; /* < PGPkey or X.509 cert */ + PGPKeyDBRef remoteKeyDB; /* < any other keys/certs are part of + this cert's chain */ +} PGPikeMTRemoteCert; + +typedef struct PGPikeMTPacket +{ + PGPUInt32 ipAddress; /* source or destination */ + PGPUInt16 port; /* usually UDP 500, but might not be */ + PGPSize packetSize; + PGPByte * packet; /* msg *sender* must free this */ +} PGPikeMTPacket; + +typedef struct PGPikeMTIdentity +{ + PGPBoolean active; /* TRUE = set it, FALSE= dead */ + PGPUInt32 ipAddress; /* Gateway IP */ + PGPUInt32 assignedIP; + PGPUInt32 assignedDNS; + PGPUInt32 assignedWINS; +} PGPikeMTIdentity; + +typedef struct PGPikeMTAlert +{ + PGPikeAlert alert; + PGPUInt32 ipAddress; + PGPikeInternalAlert value; /* used if alert is kPGPike_AL_None */ + PGPBoolean remoteGenerated; +} PGPikeMTAlert; + +typedef PGPUInt32 PGPikeAESKeyLengthMask; + +#define kPGPike_AESKeyLength128 1 +#define kPGPike_AESKeyLength192 2 +#define kPGPike_AESKeyLength256 4 +#define kPGPike_AESKeyLengthAll 7 + +typedef struct PGPikeAllowedAlgorithms +{ + PGPBoolean cast5; + PGPBoolean tripleDES; + PGPBoolean singleDES; + PGPikeAESKeyLengthMask aes; + PGPBoolean espNULL; + + PGPBoolean sha1; + PGPBoolean md5; + PGPBoolean sha2_256; + PGPBoolean sha2_384; + PGPBoolean sha2_512; + PGPBoolean noAuth; + + PGPBoolean lzs; + PGPBoolean deflate; + + PGPBoolean modpOne768; + PGPBoolean modpTwo1024; + PGPBoolean modpFive1536; + + PGPBoolean ec2n163; + PGPBoolean ec2n283; + + PGPBoolean modp2048; + PGPBoolean modp3072; + PGPBoolean modp4096; + PGPBoolean modp6144; + PGPBoolean modp8192; + +} PGPikeAllowedAlgorithms; + +typedef struct PGPikeMTPref +{ + PGPikePref pref; + + union + { + struct + { + PGPUInt32 kbLifeTimeIKE; + PGPUInt32 secLifeTimeIKE; + PGPUInt32 kbLifeTimeIPSEC; + PGPUInt32 secLifeTimeIPSEC; + } expiration; /* kPGPike_PF_Expiration */ + + struct + { + PGPUInt32 numTransforms; + PGPikeTransform * t; + } ikeProposals; /* kPGPike_PF_IKEProposals */ + + + struct + { + PGPUInt32 numTransforms; + PGPipsecTransform * t; + } ipsecProposals; /* kPGPike_PF_IPSECProposals */ + + PGPikeAllowedAlgorithms allowedAlgorithms; + /*kPGPike_PF_AllowedAlgorithms*/ + } u; +} PGPikeMTPref; + +/* This message will be sent to check extended authentication. The buffer + will be freed after your callback is called, so if you need it, + copy the data elsewhere. You must retrieve the information and then + send an AuthCheck message back to IKE with the contents filled in, + and all contents preserved other than what you filled in. The message + you send back is your memory, IKE will not free it. */ +typedef struct PGPikeMTAuthCheck +{ + PGPBoolean success; /* set to true unless user aborts */ + PGPUInt32 gatewayIP; + PGPikeXAuthType xauthType; + PGPUInt16 transactionID; /* private */ + PGPBoolean includeType; /* private */ + + PGPBoolean useUserName; + PGPBoolean usePassword; + PGPBoolean usePasscode; + PGPBoolean useMessage; + PGPBoolean useChallenge; + PGPBoolean useDomain; + + PGPChar8 userName[kPGPike_XAuthStringLen]; + PGPChar8 password[kPGPike_XAuthStringLen]; + PGPChar8 passcode[kPGPike_XAuthStringLen]; + PGPChar8 message[kPGPike_XAuthMessageLen]; + PGPChar8 challenge[kPGPike_XAuthStringLen]; + PGPChar8 domain[kPGPike_XAuthStringLen]; + PGPSize challengeSize; +} PGPikeMTAuthCheck; + +enum PGPikeMessageType_ +{ + /* + Message types followed by ">" may be sent to PGPike + Message typed followed by "<" may be sent by PGPike + */ + kPGPike_MT_Idle = 0, /* > call this often */ + kPGPike_MT_SARequest, /* > PGPikeMTSASetup */ + kPGPike_MT_SARequestFailed, /* < PGPikeMTSAFailed */ + kPGPike_MT_SAEstablished, /* < PGPikeMTSAEstablished */ + kPGPike_MT_SARekey, /* > PGPipsecSA */ + kPGPike_MT_SADied, /* >< PGPipsecSA */ + kPGPike_MT_SAUpdate, /* < PGPipsecSA */ + kPGPike_MT_SAKillAll, /* > none */ + + kPGPike_MT_PolicyCheck, /* < PGPikeMTSASetup */ + kPGPike_MT_ClientIDCheck, /* < PGPikeMTClientIDCheck */ + kPGPike_MT_AuthCheck, /* >< PGPikeMTAuthCheck */ + kPGPike_MT_LocalPGPCert, /* < PGPikeMTCert */ + kPGPike_MT_LocalX509Cert, /* < PGPikeMTCert */ + kPGPike_MT_RemoteCert, /* < PGPikeMTRemoteCert */ + kPGPike_MT_Identity, /* < PGPikeMTIdentity */ + + kPGPike_MT_Packet, /* >< PGPikeMTPacket */ + kPGPike_MT_Alert, /* < PGPikeMTAlert */ + + kPGPike_MT_Pref, /* > PGPikeMTPref */ + + kPGPike_MT_DebugLog, /* < PGPChar8 * */ + + PGP_ENUM_FORCE( PGPikeMessageType_ ) +}; +PGPENUM_TYPEDEF( PGPikeMessageType_, PGPikeMessageType ); + +typedef PGPError (* PGPikeMessageProcPtr)( + PGPikeContextRef ike, + void * inUserData, + PGPikeMessageType msg, + void * data ); + +PGPError PGPNewIKEContext( + PGPContextRef context, + PGPikeMessageProcPtr ikeMessageProc, + void * inUserData, + PGPikeContextRef * outRef ); + +PGPError PGPFreeIKEContext( + PGPikeContextRef ref ); + +/* Any error from PGPikeProcessMessage is fatal. Non-fatal + errors are sent through the kPGPike_MT_Alert message. */ + +PGPError PGPikeProcessMessage( + PGPikeContextRef ref, + PGPikeMessageType msg, + void * data ); + + +#if PGP_WIN32 +# pragma pack(pop) +#endif + +PGP_END_C_DECLARATIONS + +#endif /* ] Included_PGPike_h */ + + +/*__Editor_settings____ + + Local Variables: + tab-width: 4 + End: + vi: ts=4 sw=4 + vim: si +_____________________*/ |