| TCCIPsec_Definitions.ttcn | |
| Types and Constants | |
| TCCIPsec_IPsecResult | Declares the possible return values of IPsec handling functions |
| c_TCCIPsec_anyPort | Provides port value representing any port |
| c_TCCIPsec_prefixAll | Provides port value representing any port |
| TCCIPsec_Protocol | Declares identifiers for the possible security protocols |
| TCCIPsec_IPsecMode | Declares identifiers for the possible security association |
| TCCIPsec_Extension | Defines a union of possible extensions for Security Associations (SAs) |
| TCCIPsec_ExtensionList | Defines a list of extensions for the SA adding function |
| TCCIPsec_Key | Defines a union for storing a key for an SA. |
| TCCIPsec_EAlgo | Declares identifiers for the possible encryption algorithms |
| TCCIPsec_AAlgo | Declares identifiers for the possible integrity protection algorithms |
| TCCIPsec_Encr | Defines a record for storing the encryption algorithm identifier and key. |
| TCCIPsec_Auth | Defines a record for storing the integrity protection algorithm identifier and key. |
| TCCIPsec_Auth | Defines a record for storing the encryption and integrity protection algorithm identifiers and the keys. |
| TCCIPsec_Algorithm | Defines a union for storing the possible combination of algorithms with its keys. |
| TCCIPsec_TranspProto | Declares identifiers for the possible upper layer protocols |
| TCCIPsec_TranspProto | Declares identifiers for the possible directions for which a policy is applied. |
| TCCIPsec_DiscardRule | Declares a type to represent the policy rule to discard packets. |
| TCCIPsec_NoneRule | Declares a type to represent the policy rule to bypass IPsec. |
| TCCIPsec_Transport | Declares a type to represent the transport IPsec mode - as opposed to tunnel mode |
| TCCIPsec_Tunnel | Declares a type to represent the tunnel IPsec mode - as opposed to transport mode |
| TCCIPsec_Mode | Declares an union for storing to IPsec mode |
| TCCIPsec_DefaultLevel | Declares a type to represent the policy level indicating that system defaults has to be used. |
| TCCIPsec_UseLevel | Declares a type to represent the policy level indicating that IPsec should be used if appropriate SA is available. |
| TCCIPsec_UseLevel | Declares a type to represent the policy level indicating that IPsec has to be used unconditionally. |
| TCCIPsec_UseLevel | Declares a type to represent the policy level indicating that IPsec has to be used with the SA or SAs indicated by id. |
| TCCIPsec_RuleLevel | Defines a union for storing rule level. |
| TCCIPsec_Rule | Declares a record for storing an IPsec rule. |
| TCCIPsec_ExtensionList | Defines a list of IPsec rules |
| TCCIPsec_RuleLevel | Defines a union for storing a policy rule. |
Declares the possible return values of IPsec handling functions
ok: The function finished successfully parameterInvalid: One of the function parameters was invalid The error is indicated either by the library or the kernel. alreadyExisted: Entry already existed while trying to add it notFound: Entry was not found while trying to delete or modify it insufficientPrivilege: The calling process does not have the necessary privilege to use the PF_KEY interface or to handle the databases of IPsec. notImplemented: Not implemented: The library is compiled without IPsec support or with limited support Support for SPD handling is platform dependent socketError: Other type of error during socket operation The logs contain details on the error
type enumerated TCCIPsec_IPsecMode { anyMode (0), transport (1), tunnel (2) }
Declares identifiers for the possible security association
anyMode: this is the unspecified, default mode transport: turns on transport mode in security association tunnel: turns on tunneling mode in security association
-
type union TCCIPsec_Extension { integer policyId, integer hardLifetime, integer softLifetime }
Defines a union of possible extensions for Security Associations (SAs)
| policyId | integer: Identifier to link a Security Association (SA) to Security Policy (SP) |
| hardLifetime | integer: Hard Lifetime in seconds |
| softLifetime | integer: Soft Lifetime in seconds |
-
type union TCCIPsec_Key { hexstring hex, charstring text }
Defines a union for storing a key for an SA. The key is specified inside the TCCIPsec_Algorithm alg parameter of the f_IPsec_SADB_add function.
| hex | hexstring: Key in hexstring format |
| text | charstring: Key in charstring format |
type enumerated TCCIPsec_EAlgo { EALG_NONE (0), EALG_3DESCBC (3), EALG_NULL(11), EALG_AESCBC (12) }
Declares identifiers for the possible encryption algorithms
EALG_NONE: The “null” algorithm EALG_3DESCBC: The “3des-cbc” algorithm (rfc2451) EALG_NULL: The NULL encryption algorithm (rfc2367) EALG_AESCBC: The “aes-cbc” algorithm (
type enumerated TCCIPsec_AAlgo { AALG_NONE (0), AALG_MD5HMAC (2), AALG_SHA1HMAC (3) }
Declares identifiers for the possible integrity protection algorithms
AALG_NONE: The “null” algorithm AALG_MD5HMAC: The “hmac-md5” algorithm (rfc2403) AALG_SHA1HMAC: The “hmac-sha1” algorithm (rfc2404)
type record TCCIPsec_Auth { TCCIPsec_AAlgo algo, TCCIPsec_Key key }
Defines a record for storing the integrity protection algorithm identifier and key.
| algo | TCCIPsec_AAlgo: Identifier of the integrity protection algorithm |
| key | TCCIPsec_Key: Key for the algorithm |
Defines a record for storing the encryption and integrity protection algorithm identifiers and the keys.
| ealgo | TCCIPsec_EAlgo: Identifier of the encryption algorithm |
| ekey | TCCIPsec_Key: Key for the encryption algorithm |
| aalgo | TCCIPsec_AAlgo: Identifier of the integrity protection algorithm |
| akey | TCCIPsec_Key: Key for the integrity protection algorithm |
Defines a union for storing the possible combination of algorithms with its keys. It is used as the TCCIPsec_Algorithm alg parameter of the f_IPsec_SADB_add function.
| encr | TCCIPsec_Encr: encryption algorithm data |
| auth | TCCIPsec_Auth integrity protection algorithm data |
| encrAndAuth | TCCIPsec_EncrAndAuth Key in charstring format |
type enumerated TCCIPsec_TranspProto { anyTranspProto (0), tcpProto (6), udpProto (17) }
Declares identifiers for the possible upper layer protocols
anyTranspProto: Either TCP or UDP protocol tcpProto: The TCP protocol udpProto: The UDP protocol
type record TCCIPsec_Tunnel { charstring srcAddr, integer srcPort, charstring dstAddr, integer dstPort }
Declares a type to represent the tunnel IPsec mode - as opposed to transport mode
srcAddr: source address srcPort: source port dstAddr: destination address dstPort: destination port
Detailed Comments: Address and port pairs for the tunnel. Used in SPDB rules.
type union TCCIPsec_Mode { TCCIPsec_Transport transport, TCCIPsec_Tunnel tunnel }
Declares an union for storing to IPsec mode
| transport | TCCIPsec_Transport: identifies the transport IPsec mode |
| tunnel | TCCIPsec_Tunnel: identifies the tunnel IPsec mode |
IPsec supports transport and tunnel mode.
type union TCCIPsec_RuleLevel { TCCIPsec_DefaultLevel defaultLevel, TCCIPsec_UseLevel use, TCCIPsec_RequireLevel require, TCCIPsec_UniqueLevel unique }
Defines a union for storing rule level.
| defaultLevel | TCCIPsec_DefaultLevel: The level represnting default |
| use | TCCIPsec_UseLevel The use level |
| require | TCCIPsec_RequireLevel The require level |
| unique | TCCIPsec_UniqueLevel The unique level |
-
type record TCCIPsec_Rule { TCCIPsec_Protocol protocol, TCCIPsec_Mode mode, TCCIPsec_RuleLevel level }
Declares a record for storing an IPsec rule.
| protocol | TCCIPsec_Protocol: The security protocol to use |
| mode | TCCIPsec_Mode: IPsec mode |
| level | TCCIPsec_RuleLevel: rule level |
-
Defines a union for storing a policy rule.
| discard | TCCIPsec_DiscardRule: The discard policy rule |
| noneRule | TCCIPsec_NoneRule The none policy rule |
| require | TCCIPsec_RequireLevel The require level |
| ipSec | TCCIPsec_RuleList A list of IPsec policy rules |
-
Provides port value representing any port
const integer c_TCCIPsec_anyPort := 0
Provides port value representing any port
const integer c_TCCIPsec_prefixAll := -1
Declares identifiers for the possible security association
type enumerated TCCIPsec_IPsecMode { anyMode (0), transport (1), tunnel (2) }
Defines a union of possible extensions for Security Associations (SAs)
type union TCCIPsec_Extension { integer policyId, integer hardLifetime, integer softLifetime }
Defines a list of extensions for the SA adding function
type record of TCCIPsec_Extension TCCIPsec_ExtensionList
Defines a union for storing a key for an SA.
type union TCCIPsec_Key { hexstring hex, charstring text }
Declares identifiers for the possible encryption algorithms
type enumerated TCCIPsec_EAlgo { EALG_NONE (0), EALG_3DESCBC (3), EALG_NULL(11), EALG_AESCBC (12) }
Declares identifiers for the possible integrity protection algorithms
type enumerated TCCIPsec_AAlgo { AALG_NONE (0), AALG_MD5HMAC (2), AALG_SHA1HMAC (3) }
Defines a record for storing the encryption algorithm identifier and key.
type record TCCIPsec_Encr { TCCIPsec_EAlgo algo, TCCIPsec_Key key }
Defines a record for storing the integrity protection algorithm identifier and key.
type record TCCIPsec_Auth { TCCIPsec_AAlgo algo, TCCIPsec_Key key }
Declares identifiers for the possible upper layer protocols
type enumerated TCCIPsec_TranspProto { anyTranspProto (0), tcpProto (6), udpProto (17) }
Declares a type to represent the policy rule to discard packets.
type record TCCIPsec_DiscardRule {}
Declares a type to represent the policy rule to bypass IPsec.
type record TCCIPsec_NoneRule {}
Declares a type to represent the transport IPsec mode - as opposed to tunnel mode
type record TCCIPsec_Transport {}
Declares a type to represent the tunnel IPsec mode - as opposed to transport mode
type record TCCIPsec_Tunnel { charstring srcAddr, integer srcPort, charstring dstAddr, integer dstPort }
Declares an union for storing to IPsec mode
type union TCCIPsec_Mode { TCCIPsec_Transport transport, TCCIPsec_Tunnel tunnel }
Declares a type to represent the policy level indicating that system defaults has to be used.
type record TCCIPsec_DefaultLevel {}
Declares a type to represent the policy level indicating that IPsec should be used if appropriate SA is available.
type record TCCIPsec_UseLevel {}
Defines a union for storing rule level.
type union TCCIPsec_RuleLevel { TCCIPsec_DefaultLevel defaultLevel, TCCIPsec_UseLevel use, TCCIPsec_RequireLevel require, TCCIPsec_UniqueLevel unique }
Declares a record for storing an IPsec rule.
type record TCCIPsec_Rule { TCCIPsec_Protocol protocol, TCCIPsec_Mode mode, TCCIPsec_RuleLevel level }