| #ifndef _SECIOP_IDL_ | |
| #define _SECIOP_IDL | |
| #include <IOP.idl> | |
| #include <Security.idl> | |
| #pragma prefix "omg.org" | |
| module SECIOP { | |
| const IOP::ComponentId TAG_GENERIC_SEC_MECH = 22; | |
| const IOP::ComponentId TAG_ASSOCIATION_OPTIONS = 13; | |
| const IOP::ComponentId TAG_SEC_NAME = 14; | |
| struct TargetAssociationOptions{ | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| }; | |
| struct GenericMechanismInfo { | |
| sequence <octet> security_mechanism_type; | |
| sequence <octet> mech_specific_data; | |
| sequence <IOP::TaggedComponent> components; | |
| }; | |
| enum MsgType { | |
| MTEstablishContext, | |
| MTCompleteEstablishContext, | |
| MTContinueEstablishContext, | |
| MTDiscardContext, | |
| MTMessageError, | |
| MTMessageInContext | |
| }; | |
| typedef unsigned long long ContextId; | |
| enum ContextIdDefn { | |
| CIDClient, | |
| CIDPeer, | |
| CIDSender | |
| }; | |
| struct EstablishContext { | |
| ContextId client_context_id; | |
| sequence <octet> initial_context_token; | |
| }; | |
| struct CompleteEstablishContext { | |
| ContextId client_context_id; | |
| boolean target_context_id_valid; | |
| ContextId target_context_id; | |
| sequence <octet> final_context_token; | |
| }; | |
| struct ContinueEstablishContext { | |
| ContextId client_context_id; | |
| sequence <octet> continuation_context_token; | |
| }; | |
| struct DiscardContext { | |
| ContextIdDefn message_context_id_defn; | |
| ContextId message_context_id; | |
| sequence <octet> discard_context_token; | |
| }; | |
| struct MessageError { | |
| ContextIdDefn message_context_id_defn; | |
| ContextId message_context_id; | |
| long major_status; | |
| long minor_status; | |
| }; | |
| enum ContextTokenType { | |
| SecTokenTypeWrap, | |
| SecTokenTypeMIC | |
| }; | |
| struct MessageInContext { | |
| ContextIdDefn message_context_id_defn; | |
| ContextId message_context_id; | |
| ContextTokenType message_context_type; | |
| sequence <octet> message_protection_token; | |
| }; | |
| // message_protection_token is obtained by CDR encoding | |
| // the following SequencingHeader followed by the octets of the | |
| // frame data. SequencingHeader + Frame Data is called a | |
| // SequencedDataFrame | |
| struct SequencingHeader { | |
| octet control_state; | |
| unsigned long direct_sequence_number; | |
| unsigned long reverse_sequence_number; | |
| unsigned long reverse_window; | |
| }; | |
| typedef sequence <octet> SecurityName; | |
| typedef unsigned short CryptographicProfile; | |
| typedef sequence <CryptographicProfile> CryptographicProfileList; | |
| // Cryptographic profiles for SPKM | |
| const CryptographicProfile MD5_RSA = 20; | |
| const CryptographicProfile MD5_DES_CBC = 21; | |
| const CryptographicProfile DES_CBC = 22; | |
| const CryptographicProfile MD5_DES_CBC_SOURCE = 23; | |
| const CryptographicProfile DES_CBC_SOURCE = 24; | |
| // Security Mechanism SPKM_1 | |
| const IOP::ComponentId TAG_SPKM_1_SEC_MECH = 15; | |
| struct SPKM_1 { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| CryptographicProfileList crypto_profile; | |
| SecurityName security_name; | |
| }; | |
| // Security Mechanism SPKM_1 | |
| const IOP::ComponentId TAG_SPKM_2_SEC_MECH = 16; | |
| struct SPKM_2 { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| CryptographicProfileList crypto_profile; | |
| SecurityName security_name; | |
| }; | |
| // Cryptographic profiles for GSS Kerberos Protocol | |
| const CryptographicProfile DES_CBC_DES_MAC = 10; | |
| const CryptographicProfile DES_CBC_MD5 = 11; | |
| const CryptographicProfile DES_MAC = 12; | |
| const CryptographicProfile MD5 = 13; | |
| // Security Mechanism KerberosV5 | |
| const IOP::ComponentId TAG_KerberosV5_SEC_MECH = 17; | |
| struct KerberosV5 { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| CryptographicProfileList crypto_profile; | |
| SecurityName security_name; | |
| }; | |
| // Cryptographic profiles for CSI-ECMA Protocol | |
| const CryptographicProfile FullSecurity = 1; | |
| const CryptographicProfile NoDataConfidentiality = 2; | |
| const CryptographicProfile LowGradeConfidentiality = 3; | |
| const CryptographicProfile AgreedDefault = 5; | |
| // Security Mechanism CSI_ECMA_Secret | |
| const IOP::ComponentId TAG_CSI_ECMA_Secret_SEC_MECH = 18; | |
| struct CSI_ECMA_Secret { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| CryptographicProfileList crypto_profile; | |
| SecurityName security_name; | |
| }; | |
| // Security Mechanism CSI_ECMA_Hybrid | |
| const IOP::ComponentId TAG_CSI_ECMA_Hybrid_SEC_MECH = 19; | |
| struct CSI_ECMA_Hybrid { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| CryptographicProfileList crypto_profile; | |
| SecurityName security_name; | |
| }; | |
| // Security Mechanism CSI_ECMA_Public | |
| const IOP::ComponentId TAG_CSI_ECMA_Public_SEC_MECH = 21; | |
| struct CSI_ECMA_Public { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| CryptographicProfileList crypto_profile; | |
| SecurityName security_name; | |
| }; | |
| // Tagged component for configuring SECIOP as a CSIv2 mechanism transport | |
| const IOP::ComponentId TAG_SECIOP_SEC_TRANS = 35; | |
| struct SECIOP_SEC_TRANS { | |
| Security::AssociationOptions target_supports; | |
| Security::AssociationOptions target_requires; | |
| Security::OID mech_oid; | |
| Security::GSS_NT_ExportedName target_name; | |
| unsigned short port; | |
| }; | |
| }; | |
| #endif /* _SECIOP_IDL */ |