OpenHIP 0.9svn1
|
00001 /* -*- Mode:cc-mode; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ 00002 /* vim: set ai sw=2 ts=2 et cindent cino={1s: */ 00003 /* 00004 * Host Identity Protocol 00005 * Copyright (c) 2002-2012 the Boeing Company 00006 * 00007 * Permission is hereby granted, free of charge, to any person obtaining a copy 00008 * of this software and associated documentation files (the "Software"), to deal 00009 * in the Software without restriction, including without limitation the rights 00010 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 00011 * copies of the Software, and to permit persons to whom the Software is 00012 * furnished to do so, subject to the following conditions: 00013 * 00014 * The above copyright notice and this permission notice shall be included in 00015 * all copies or substantial portions of the Software. 00016 * 00017 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 00018 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 00019 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 00020 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 00021 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 00022 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 00023 * THE SOFTWARE. 00024 * 00025 * \file hip_proto.h 00026 * 00027 * \authors Jeff Ahrenholz, <jeffrey.m.ahrenholz@boeing.com> 00028 * Tom Henderson, <thomas.r.henderson@boeing.com> 00029 * 00030 * \brief Definitions for the HIP protocol. 00031 * 00032 */ 00033 00034 #ifndef _HIP_PROTO_H_ 00035 #define _HIP_PROTO_H_ 00036 00037 #include <openssl/bn.h> 00038 #include <openssl/hmac.h> 00039 #include <openssl/rsa.h> 00040 00041 00042 /* 00043 * Protocol constants 00044 */ 00045 00046 00047 #define H_PROTO_UDP 17 00048 #define HIP_UDP_PORT 10500 00049 00050 #define HIP_PROTO_VER 1 00051 #define H_PROTO_HIP 139 /* IP layer protocol number for private encryption */ 00052 #define HIP_PAYLOAD_PROTOCOL 59 00053 #define STATUS_PORT 4051 /* UDP port for obtaining status data */ 00054 00055 #define SPI_RESERVED 255 00056 #define HIP_ALIGN 4 00057 #define ACCEPTABLE_R1_COUNT_RANGE 2 00058 00059 #define HIT_SIZE 16 00060 #define HIT_PREFIX_TYPE1_SHA1 0x40 00061 00062 typedef enum { 00063 UNASSOCIATED, /* State machine start */ 00064 I1_SENT, /* Initiating HIP */ 00065 I2_SENT, /* Waiting to finish HIP */ 00066 R2_SENT, /* Waiting to finish HIP */ 00067 ESTABLISHED, /* HIP SA established */ 00068 REKEYING, /* HIP SA established, rekeying */ 00069 CLOSING, /* HIP SA closing, no data can be sent */ 00070 CLOSED, /* HIP SA closed, no data can be sent */ 00071 E_FAILED /* HIP SA establishment failed */ 00072 } HIP_STATES; 00073 00074 /* HIP packet types */ 00075 typedef enum { 00076 HIP_I1 = 1, 00077 HIP_R1, 00078 HIP_I2, 00079 HIP_R2, 00080 CER, /* 5 - removed from draft-ietf-hip-base-03 */ 00081 BOS = 11, /* 11 - removed from draft-ietf-hip-base-01 */ 00082 UPDATE = 16, /* 16 */ 00083 NOTIFY = 17, /* 17 */ 00084 CLOSE = 18, /* 18 */ 00085 CLOSE_ACK = 19, /* 19 */ 00086 HIP_HDRR, /* 20 */ 00087 } HIP_PACKETS; 00088 00089 /* HIP controls */ 00090 typedef enum { 00091 CTL_ANON = 0x0001, 00092 } HIP_CONTROLS; 00093 00094 00095 /* HIP TLV parameters */ 00096 #define PARAM_ESP_INFO 65 00097 #define PARAM_R1_COUNTER 128 00098 #define PARAM_LOCATOR 193 00099 #define PARAM_PUZZLE 257 00100 #define PARAM_SOLUTION 321 00101 #define PARAM_SEQ 385 00102 #define PARAM_ACK 449 00103 #define PARAM_DIFFIE_HELLMAN 513 00104 #define PARAM_HIP_TRANSFORM 577 00105 #define PARAM_ENCRYPTED 641 00106 #define PARAM_HOST_ID 705 00107 #define PARAM_CERT 768 00108 #define PARAM_PROXY_TICKET 812 00109 #define PARAM_AUTH_TICKET 822 00110 #define PARAM_NOTIFY 832 00111 #define PARAM_ECHO_REQUEST 897 00112 #define PARAM_REG_INFO 930 00113 #define PARAM_REG_REQUEST 932 00114 #define PARAM_REG_RESPONSE 934 00115 #define PARAM_REG_FAILED 936 00116 #define PARAM_REG_REQUIRED /* TBD */ 00117 #define PARAM_ECHO_RESPONSE 961 00118 #define PARAM_ESP_TRANSFORM 4095 00119 #define PARAM_TRANSFORM_LOW 2048 /* defines range for transforms */ 00120 #define PARAM_TRANSFORM_HIGH 4095 00121 #define PARAM_HMAC 61505 00122 #define PARAM_HMAC_2 61569 00123 #define PARAM_HIP_SIGNATURE_2 61633 00124 #define PARAM_HIP_SIGNATURE 61697 00125 #define PARAM_ESP_INFO_NOSIG 62565 00126 #define PARAM_ECHO_REQUEST_NOSIG 63661 00127 #define PARAM_ECHO_RESPONSE_NOSIG 63425 00128 #define PARAM_FROM 65498 00129 #define PARAM_RVS_HMAC 65500 00130 #define PARAM_VIA_RVS 65502 00131 #define PARAM_CRITICAL_BIT 0x0001 00132 00133 /* encryption algorithms */ 00134 typedef enum { 00135 RESERVED, /* 0 */ 00136 ESP_AES_CBC_HMAC_SHA1, /* 1 */ 00137 ESP_3DES_CBC_HMAC_SHA1, /* 2 */ 00138 ESP_3DES_CBC_HMAC_MD5, /* 3 */ 00139 ESP_BLOWFISH_CBC_HMAC_SHA1, /* 4 */ 00140 ESP_NULL_HMAC_SHA1, /* 5 */ 00141 ESP_NULL_HMAC_MD5, /* 6 */ 00142 SUITE_ID_MAX, /* 7 */ 00143 } SUITE_IDS; 00144 #define ENCR_NULL(a) ((a == ESP_NULL_HMAC_SHA1) || \ 00145 (a == ESP_NULL_HMAC_MD5)) 00146 /* Supported transforms are compressed into a bitmask... */ 00147 /* Default HIP transforms proposed when none are specified in config */ 00148 #define DEFAULT_HIP_TRANS \ 00149 ((1 << ESP_AES_CBC_HMAC_SHA1) | \ 00150 (1 << ESP_3DES_CBC_HMAC_SHA1) | \ 00151 (1 << ESP_3DES_CBC_HMAC_MD5) | \ 00152 (1 << ESP_BLOWFISH_CBC_HMAC_SHA1) | \ 00153 (1 << ESP_NULL_HMAC_SHA1) | \ 00154 (1 << ESP_NULL_HMAC_MD5)) 00155 /* Default ESP transforms proposed when none are specified in config */ 00156 #define ESP_OFFSET 8 00157 #define DEFAULT_ESP_TRANS \ 00158 ((1 << (ESP_OFFSET + ESP_AES_CBC_HMAC_SHA1)) | \ 00159 (1 << (ESP_OFFSET + ESP_3DES_CBC_HMAC_SHA1)) | \ 00160 (1 << (ESP_OFFSET + ESP_3DES_CBC_HMAC_MD5)) | \ 00161 (1 << (ESP_OFFSET + ESP_BLOWFISH_CBC_HMAC_SHA1)) | \ 00162 (1 << (ESP_OFFSET + ESP_NULL_HMAC_SHA1)) | \ 00163 (1 << (ESP_OFFSET + ESP_NULL_HMAC_MD5))) 00164 00165 /* HI (signature) algorithms */ 00166 typedef enum { 00167 HI_ALG_RESERVED, 00168 HI_ALG_DSA = 3, 00169 HI_ALG_RSA = 5, 00170 } HI_ALGORITHMS; 00171 #define HIP_RSA_DFT_EXP RSA_F4 /* 0x10001L = 65537; 3 and 17 are also common */ 00172 #define HI_TYPESTR(a) ((a == HI_ALG_DSA) ? "DSA" : \ 00173 (a == HI_ALG_RSA) ? "RSA" : "UNKNOWN") 00174 00175 /* SADB algorithms */ 00176 #define SADB_EALG_3DESCBC 3 00177 #define SADB_X_EALG_BLOWFISHCBC 7 00178 #define SADB_EALG_NULL 11 00179 #define SADB_X_EALG_AESCBC 12 00180 #define SADB_AALG_MD5HMAC 2 00181 #define SADB_AALG_SHA1HMAC 3 00182 00183 /* HI Domain Identifier types */ 00184 typedef enum { 00185 DIT_NONE, /* none included */ 00186 DIT_FQDN, /* Fully Qualified Domain Name, in binary format */ 00187 DIT_NAI, /* Network Access Identifier, binary, login@FQDN */ 00188 } HI_DIT; 00189 00190 typedef enum { 00191 UNVERIFIED, 00192 ACTIVE, 00193 DEPRECATED, 00194 DELETED, /* not in spec, but used when address is removed */ 00195 } ADDRESS_STATES; 00196 00197 typedef enum { 00198 HIP_ENCRYPTION, 00199 HIP_INTEGRITY, 00200 ESP_ENCRYPTION, 00201 ESP_AUTH, 00202 } KEY_TYPES; 00203 00204 typedef enum { 00205 GL_HIP_ENCRYPTION_KEY, /* 0 */ 00206 GL_HIP_INTEGRITY_KEY, 00207 LG_HIP_ENCRYPTION_KEY, 00208 LG_HIP_INTEGRITY_KEY, 00209 GL_ESP_ENCRYPTION_KEY, 00210 GL_ESP_AUTH_KEY, 00211 LG_ESP_ENCRYPTION_KEY, 00212 LG_ESP_AUTH_KEY /* 7 */ 00213 } HIP_KEYMAT_KEYS; 00214 00215 typedef enum { 00216 KEY_LEN_NULL = 0, /* RFC 2410 */ 00217 KEY_LEN_MD5 = 16, /* 128 bits per RFC 2403 */ 00218 KEY_LEN_SHA1 = 20, /* 160 bits per RFC 2404 */ 00219 KEY_LEN_3DES = 24, /* 192 bits (3x64-bit keys) RFC 2451 */ 00220 KEY_LEN_AES = 16, /* 128 bits per RFC 3686; also 192, 256-bits */ 00221 KEY_LEN_BLOWFISH = 16, /* 128 bits per RFC 2451 */ 00222 } HIP_KEYLENS; 00223 00224 /* Diffie-Hellman Group IDs */ 00225 typedef enum { 00226 DH_RESERVED, 00227 DH_384, 00228 DH_OAKLEY_1, 00229 DH_MODP_1536, 00230 DH_MODP_3072, 00231 DH_MODP_6144, 00232 DH_MODP_8192, 00233 DH_MAX 00234 } DH_GROUP_IDS; 00235 /* choose default DH group here */ 00236 #define DEFAULT_DH_GROUP_ID DH_MODP_1536 00237 #define DH_MAX_LEN 1024 00238 00239 /* 00240 * HIP LOCATOR parameters 00241 */ 00242 #define LOCATOR_PREFERRED 0x01 00243 #define LOCATOR_TRAFFIC_TYPE_BOTH 0x00 00244 #define LOCATOR_TRAFFIC_TYPE_SIGNALING 0x01 00245 #define LOCATOR_TRAFFIC_TYPE_DATA 0x02 00246 #define LOCATOR_TYPE_IPV6 0x00 00247 #define LOCATOR_TYPE_SPI_IPV6 0x01 00248 00249 /* 00250 * Notify error types 00251 */ 00252 #define NOTIFY_UNSUPPORTED_CRITICAL_PARAMETER_TYPE 1 00253 #define NOTIFY_INVALID_SYNTAX 7 00254 #define NOTIFY_NO_DH_PROPOSAL_CHOSEN 14 00255 #define NOTIFY_INVALID_DH_CHOSEN 15 00256 #define NOTIFY_NO_HIP_PROPOSAL_CHOSEN 16 00257 #define NOTIFY_INVALID_HIP_TRANSFORM_CHOSEN 17 00258 #define NOTIFY_NO_ESP_PROPOSAL_CHOSEN 18 00259 #define NOTIFY_INVALID_ESP_TRANSFORM_CHOSEN 19 00260 #define NOTIFY_AUTHENTICATION_FAILED 24 00261 #define NOTIFY_CHECKSUM_FAILED 26 00262 #define NOTIFY_HMAC_FAILED 28 00263 #define NOTIFY_ENCRYPTION_FAILED 32 00264 #define NOTIFY_INVALID_HIT 40 00265 #define NOTIFY_BLOCKED_BY_POLICY 42 00266 #define NOTIFY_SERVER_BUSY_PLEASE_RETRY 44 00267 #define NOTIFY_LOCATOR_TYPE_UNSUPPORTED 46 00268 #define NOTIFY_I2_ACKNOWLEDGEMENT 16384 00269 #define NOTIFY_LOSS_DETECT 16385 00270 00271 /* 00272 * Registration types 00273 */ 00274 typedef enum { 00275 REGTYPE_RESERVED, 00276 REGTYPE_RVS, /* 1 = Rendezvous Server */ 00277 REGTYPE_RELAY_UDP_HIP, /* 2 = UDP/HIP NAT Relay Server */ 00278 REGTYPE_MR, /* 3 = Mobile Router */ 00279 } HIP_REGTYPES; 00280 00281 #endif /* !_HIP_PROTO_H_ */ 00282 00283