TCCIPsec_Definitions.ttcn

Summary
TCCIPsec_Definitions.ttcn
Types and Constants
TCCIPsec_IPsecResult Declares the possible return values of IPsec handling functions
c_TCCIPsec_anyPort Provides port value representing any port
c_TCCIPsec_prefixAll Provides port value representing any port
TCCIPsec_Protocol Declares identifiers for the possible security protocols
TCCIPsec_IPsecMode Declares identifiers for the possible security association
TCCIPsec_Extension Defines a union of possible extensions for Security Associations (SAs)
TCCIPsec_ExtensionList Defines a list of extensions for the SA adding function
TCCIPsec_Key Defines a union for storing a key for an SA.
TCCIPsec_EAlgo Declares identifiers for the possible encryption algorithms
TCCIPsec_AAlgo Declares identifiers for the possible integrity protection algorithms
TCCIPsec_Encr Defines a record for storing the encryption algorithm identifier and key.
TCCIPsec_Auth Defines a record for storing the integrity protection algorithm identifier and key.
TCCIPsec_Auth Defines a record for storing the encryption and integrity protection algorithm identifiers and the keys.
TCCIPsec_Algorithm Defines a union for storing the possible combination of algorithms with its keys.
TCCIPsec_TranspProto Declares identifiers for the possible upper layer protocols
TCCIPsec_TranspProto Declares identifiers for the possible directions for which a policy is applied.
TCCIPsec_DiscardRule Declares a type to represent the policy rule to discard packets.
TCCIPsec_NoneRule Declares a type to represent the policy rule to bypass IPsec.
TCCIPsec_Transport Declares a type to represent the transport IPsec mode - as opposed to tunnel mode
TCCIPsec_Tunnel Declares a type to represent the tunnel IPsec mode - as opposed to transport mode
TCCIPsec_Mode Declares an union for storing to IPsec mode
TCCIPsec_DefaultLevel Declares a type to represent the policy level indicating that system defaults has to be used.
TCCIPsec_UseLevel Declares a type to represent the policy level indicating that IPsec should be used if appropriate SA is available.
TCCIPsec_UseLevel Declares a type to represent the policy level indicating that IPsec has to be used unconditionally.
TCCIPsec_UseLevel Declares a type to represent the policy level indicating that IPsec has to be used with the SA or SAs indicated by id.
TCCIPsec_RuleLevel Defines a union for storing rule level.
TCCIPsec_Rule Declares a record for storing an IPsec rule.
TCCIPsec_ExtensionList Defines a list of IPsec rules
TCCIPsec_RuleLevel Defines a union for storing a policy rule.

Types and Constants

TCCIPsec_IPsecResult

Purpose

Declares the possible return values of IPsec handling functions

Elements

ok: The function finished successfully parameterInvalid: One of the function parameters was invalid The error is indicated either by the library or the kernel. alreadyExisted: Entry already existed while trying to add it notFound: Entry was not found while trying to delete or modify it insufficientPrivilege: The calling process does not have the necessary privilege to use the PF_KEY interface or to handle the databases of IPsec. notImplemented: Not implemented: The library is compiled without IPsec support or with limited support Support for SPD handling is platform dependent socketError: Other type of error during socket operation The logs contain details on the error

Detailed Comments

c_TCCIPsec_anyPort

const integer c_TCCIPsec_anyPort := 0

Purpose

Provides port value representing any port

Value

0

Detailed Comments

-

c_TCCIPsec_prefixAll

const integer c_TCCIPsec_prefixAll := -1

Purpose

Provides port value representing any port

Value

0

Detailed Comments

-

TCCIPsec_Protocol

Purpose

Declares identifiers for the possible security protocols

Elements

ah: Authentication Header esp: Encapsulated Security Payload

Detailed Comments

TCCIPsec_IPsecMode

type enumerated TCCIPsec_IPsecMode { anyMode (0), transport (1), tunnel (2) }

Purpose

Declares identifiers for the possible security association

Elements

anyMode: this is the unspecified, default mode transport: turns on transport mode in security association tunnel: turns on tunneling mode in security association

Detailed Comments

-

TCCIPsec_Extension

type union TCCIPsec_Extension { integer policyId, integer hardLifetime, integer softLifetime }

Purpose

Defines a union of possible extensions for Security Associations (SAs)

Elements

policyId integer: Identifier to link a Security Association (SA) to Security Policy (SP)
hardLifetime integer: Hard Lifetime in seconds
softLifetime integer: Soft Lifetime in seconds

Detailed Comments

-

TCCIPsec_ExtensionList

type record of TCCIPsec_Extension TCCIPsec_ExtensionList

Purpose

Defines a list of extensions for the SA adding function

Elements

record of TCCIPsec_Extension

Detailed Comments

-

TCCIPsec_Key

type union TCCIPsec_Key { hexstring hex, charstring text }

Purpose

Defines a union for storing a key for an SA.  The key is specified inside the TCCIPsec_Algorithm alg parameter of the f_IPsec_SADB_add function.

Elements

hex hexstring: Key in hexstring format
text charstring: Key in charstring format

Detailed Comments

TCCIPsec_EAlgo

type enumerated TCCIPsec_EAlgo { EALG_NONE (0), EALG_3DESCBC (3), EALG_NULL(11), EALG_AESCBC (12) }

Purpose

Declares identifiers for the possible encryption algorithms

Elements

EALG_NONE: The “null” algorithm EALG_3DESCBC: The “3des-cbc” algorithm (rfc2451) EALG_NULL: The NULL encryption algorithm (rfc2367) EALG_AESCBC: The “aes-cbc” algorithm (

Detailed Comments

TCCIPsec_AAlgo

type enumerated TCCIPsec_AAlgo { AALG_NONE (0), AALG_MD5HMAC (2), AALG_SHA1HMAC (3) }

Purpose

Declares identifiers for the possible integrity protection algorithms

Elements

AALG_NONE: The “null” algorithm AALG_MD5HMAC: The “hmac-md5” algorithm (rfc2403) AALG_SHA1HMAC: The “hmac-sha1” algorithm (rfc2404)

Detailed Comments

TCCIPsec_Encr

type record TCCIPsec_Encr { TCCIPsec_EAlgo algo, TCCIPsec_Key key }

Purpose

Defines a record for storing the encryption algorithm identifier and key.

Elements

algo TCCIPsec_EAlgo: Identifier of the encryption algorithm
key TCCIPsec_Key: Key for the algorithm

Detailed Comments

TCCIPsec_Auth

type record TCCIPsec_Auth { TCCIPsec_AAlgo algo, TCCIPsec_Key key }

Purpose

Defines a record for storing the integrity protection algorithm identifier and key.

Elements

algo TCCIPsec_AAlgo: Identifier of the integrity protection algorithm
key TCCIPsec_Key: Key for the algorithm

Detailed Comments

TCCIPsec_Auth

Purpose

Defines a record for storing the encryption and integrity protection algorithm identifiers and the keys.

Elements

ealgo TCCIPsec_EAlgo: Identifier of the encryption algorithm
ekey TCCIPsec_Key: Key for the encryption algorithm
aalgo TCCIPsec_AAlgo: Identifier of the integrity protection algorithm
akey TCCIPsec_Key: Key for the integrity protection algorithm

Detailed Comments

TCCIPsec_Algorithm

Purpose

Defines a union for storing the possible combination of algorithms with its keys.  It is used as the TCCIPsec_Algorithm alg parameter of the f_IPsec_SADB_add function.

Elements

encr TCCIPsec_Encr: encryption algorithm data
auth TCCIPsec_Auth integrity protection algorithm data
encrAndAuth TCCIPsec_EncrAndAuth Key in charstring format

Detailed Comments

TCCIPsec_TranspProto

type enumerated TCCIPsec_TranspProto { anyTranspProto (0), tcpProto (6), udpProto (17) }

Purpose

Declares identifiers for the possible upper layer protocols

Elements

anyTranspProto: Either TCP or UDP protocol tcpProto: The TCP protocol udpProto: The UDP protocol

Detailed Comments

TCCIPsec_TranspProto

Purpose

Declares identifiers for the possible directions for which a policy is applied.

Elements

inDir: incoming packets outDir: outgoing packets fwdDir: forwarded packets

Detailed Comments

TCCIPsec_DiscardRule

type record TCCIPsec_DiscardRule {}

Purpose

Declares a type to represent the policy rule to discard packets.

Elements

-

Detailed Comments

-

TCCIPsec_NoneRule

type record TCCIPsec_NoneRule {}

Purpose

Declares a type to represent the policy rule to bypass IPsec.

Elements

-

Detailed Comments

-

TCCIPsec_Transport

type record TCCIPsec_Transport {}

Purpose

Declares a type to represent the transport IPsec mode - as opposed to tunnel mode

Elements

-

Detailed Comments

-

TCCIPsec_Tunnel

type record TCCIPsec_Tunnel { charstring srcAddr, integer srcPort, charstring dstAddr, integer dstPort }

Purpose

Declares a type to represent the tunnel IPsec mode - as opposed to transport mode

Elements

srcAddr: source address srcPort: source port dstAddr: destination address dstPort: destination port

Detailed Comments: Address and port pairs for the tunnel.  Used in SPDB rules.

TCCIPsec_Mode

type union TCCIPsec_Mode { TCCIPsec_Transport transport, TCCIPsec_Tunnel tunnel }

Purpose

Declares an union for storing to IPsec mode

Elements

transport TCCIPsec_Transport: identifies the transport IPsec mode
tunnel TCCIPsec_Tunnel: identifies the tunnel IPsec mode

Detailed Comments

IPsec supports transport and tunnel mode.

TCCIPsec_DefaultLevel

type record TCCIPsec_DefaultLevel {}

Purpose

Declares a type to represent the policy level indicating that system defaults has to be used.

Elements

-

Detailed Comments

-

TCCIPsec_UseLevel

type record TCCIPsec_UseLevel {}

Purpose

Declares a type to represent the policy level indicating that IPsec should be used if appropriate SA is available.  If SA is naot available IPsec is bypassed.

Elements

-

Detailed Comments

-

TCCIPsec_UseLevel

Purpose

Declares a type to represent the policy level indicating that IPsec has to be used unconditionally.

Elements

-

Detailed Comments

-

TCCIPsec_UseLevel

Purpose

Declares a type to represent the policy level indicating that IPsec has to be used with the SA or SAs indicated by id.

Elements

id integer: link to SAs

Detailed Comments

An SA is linked to an SP when the SA has a policyId extension with the value of the SP’s id.

TCCIPsec_RuleLevel

type union TCCIPsec_RuleLevel { TCCIPsec_DefaultLevel defaultLevel, TCCIPsec_UseLevel use, TCCIPsec_RequireLevel require, TCCIPsec_UniqueLevel unique }

Purpose

Defines a union for storing rule level.

Elements

defaultLevel TCCIPsec_DefaultLevel: The level represnting default
use TCCIPsec_UseLevel The use level
require TCCIPsec_RequireLevel The require level
unique TCCIPsec_UniqueLevel The unique level

Detailed Comments

-

TCCIPsec_Rule

type record TCCIPsec_Rule { TCCIPsec_Protocol protocol, TCCIPsec_Mode mode, TCCIPsec_RuleLevel level }

Purpose

Declares a record for storing an IPsec rule.

Elements

protocol TCCIPsec_Protocol: The security protocol to use
mode TCCIPsec_Mode: IPsec mode
level TCCIPsec_RuleLevel: rule level

Detailed Comments

-

TCCIPsec_ExtensionList

Purpose

Defines a list of IPsec rules

Elements

record of TCCIPsec_Rule

Detailed Comments

-

TCCIPsec_RuleLevel

Purpose

Defines a union for storing a policy rule.

Elements

discard TCCIPsec_DiscardRule: The discard policy rule
noneRule TCCIPsec_NoneRule The none policy rule
require TCCIPsec_RequireLevel The require level
ipSec TCCIPsec_RuleList A list of IPsec policy rules

Detailed Comments

-

const integer c_TCCIPsec_anyPort := 0
Provides port value representing any port
const integer c_TCCIPsec_prefixAll := -1
Provides port value representing any port
type enumerated TCCIPsec_IPsecMode { anyMode (0), transport (1), tunnel (2) }
Declares identifiers for the possible security association
type union TCCIPsec_Extension { integer policyId, integer hardLifetime, integer softLifetime }
Defines a union of possible extensions for Security Associations (SAs)
type record of TCCIPsec_Extension TCCIPsec_ExtensionList
Defines a list of extensions for the SA adding function
type union TCCIPsec_Key { hexstring hex, charstring text }
Defines a union for storing a key for an SA.
type enumerated TCCIPsec_EAlgo { EALG_NONE (0), EALG_3DESCBC (3), EALG_NULL(11), EALG_AESCBC (12) }
Declares identifiers for the possible encryption algorithms
type enumerated TCCIPsec_AAlgo { AALG_NONE (0), AALG_MD5HMAC (2), AALG_SHA1HMAC (3) }
Declares identifiers for the possible integrity protection algorithms
type record TCCIPsec_Encr { TCCIPsec_EAlgo algo, TCCIPsec_Key key }
Defines a record for storing the encryption algorithm identifier and key.
type record TCCIPsec_Auth { TCCIPsec_AAlgo algo, TCCIPsec_Key key }
Defines a record for storing the integrity protection algorithm identifier and key.
type enumerated TCCIPsec_TranspProto { anyTranspProto (0), tcpProto (6), udpProto (17) }
Declares identifiers for the possible upper layer protocols
type record TCCIPsec_DiscardRule {}
Declares a type to represent the policy rule to discard packets.
type record TCCIPsec_NoneRule {}
Declares a type to represent the policy rule to bypass IPsec.
type record TCCIPsec_Transport {}
Declares a type to represent the transport IPsec mode - as opposed to tunnel mode
type record TCCIPsec_Tunnel { charstring srcAddr, integer srcPort, charstring dstAddr, integer dstPort }
Declares a type to represent the tunnel IPsec mode - as opposed to transport mode
type union TCCIPsec_Mode { TCCIPsec_Transport transport, TCCIPsec_Tunnel tunnel }
Declares an union for storing to IPsec mode
type record TCCIPsec_DefaultLevel {}
Declares a type to represent the policy level indicating that system defaults has to be used.
type record TCCIPsec_UseLevel {}
Declares a type to represent the policy level indicating that IPsec should be used if appropriate SA is available.
type union TCCIPsec_RuleLevel { TCCIPsec_DefaultLevel defaultLevel, TCCIPsec_UseLevel use, TCCIPsec_RequireLevel require, TCCIPsec_UniqueLevel unique }
Defines a union for storing rule level.
type record TCCIPsec_Rule { TCCIPsec_Protocol protocol, TCCIPsec_Mode mode, TCCIPsec_RuleLevel level }
Declares a record for storing an IPsec rule.