#ifndef _SECIOP_IDL_ | |
#define _SECIOP_IDL | |
#include <IOP.idl> | |
#include <Security.idl> | |
#pragma prefix "omg.org" | |
module SECIOP { | |
const IOP::ComponentId TAG_GENERIC_SEC_MECH = 22; | |
const IOP::ComponentId TAG_ASSOCIATION_OPTIONS = 13; | |
const IOP::ComponentId TAG_SEC_NAME = 14; | |
struct TargetAssociationOptions{ | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
}; | |
struct GenericMechanismInfo { | |
sequence <octet> security_mechanism_type; | |
sequence <octet> mech_specific_data; | |
sequence <IOP::TaggedComponent> components; | |
}; | |
enum MsgType { | |
MTEstablishContext, | |
MTCompleteEstablishContext, | |
MTContinueEstablishContext, | |
MTDiscardContext, | |
MTMessageError, | |
MTMessageInContext | |
}; | |
typedef unsigned long long ContextId; | |
enum ContextIdDefn { | |
CIDClient, | |
CIDPeer, | |
CIDSender | |
}; | |
struct EstablishContext { | |
ContextId client_context_id; | |
sequence <octet> initial_context_token; | |
}; | |
struct CompleteEstablishContext { | |
ContextId client_context_id; | |
boolean target_context_id_valid; | |
ContextId target_context_id; | |
sequence <octet> final_context_token; | |
}; | |
struct ContinueEstablishContext { | |
ContextId client_context_id; | |
sequence <octet> continuation_context_token; | |
}; | |
struct DiscardContext { | |
ContextIdDefn message_context_id_defn; | |
ContextId message_context_id; | |
sequence <octet> discard_context_token; | |
}; | |
struct MessageError { | |
ContextIdDefn message_context_id_defn; | |
ContextId message_context_id; | |
long major_status; | |
long minor_status; | |
}; | |
enum ContextTokenType { | |
SecTokenTypeWrap, | |
SecTokenTypeMIC | |
}; | |
struct MessageInContext { | |
ContextIdDefn message_context_id_defn; | |
ContextId message_context_id; | |
ContextTokenType message_context_type; | |
sequence <octet> message_protection_token; | |
}; | |
// message_protection_token is obtained by CDR encoding | |
// the following SequencingHeader followed by the octets of the | |
// frame data. SequencingHeader + Frame Data is called a | |
// SequencedDataFrame | |
struct SequencingHeader { | |
octet control_state; | |
unsigned long direct_sequence_number; | |
unsigned long reverse_sequence_number; | |
unsigned long reverse_window; | |
}; | |
typedef sequence <octet> SecurityName; | |
typedef unsigned short CryptographicProfile; | |
typedef sequence <CryptographicProfile> CryptographicProfileList; | |
// Cryptographic profiles for SPKM | |
const CryptographicProfile MD5_RSA = 20; | |
const CryptographicProfile MD5_DES_CBC = 21; | |
const CryptographicProfile DES_CBC = 22; | |
const CryptographicProfile MD5_DES_CBC_SOURCE = 23; | |
const CryptographicProfile DES_CBC_SOURCE = 24; | |
// Security Mechanism SPKM_1 | |
const IOP::ComponentId TAG_SPKM_1_SEC_MECH = 15; | |
struct SPKM_1 { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
CryptographicProfileList crypto_profile; | |
SecurityName security_name; | |
}; | |
// Security Mechanism SPKM_1 | |
const IOP::ComponentId TAG_SPKM_2_SEC_MECH = 16; | |
struct SPKM_2 { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
CryptographicProfileList crypto_profile; | |
SecurityName security_name; | |
}; | |
// Cryptographic profiles for GSS Kerberos Protocol | |
const CryptographicProfile DES_CBC_DES_MAC = 10; | |
const CryptographicProfile DES_CBC_MD5 = 11; | |
const CryptographicProfile DES_MAC = 12; | |
const CryptographicProfile MD5 = 13; | |
// Security Mechanism KerberosV5 | |
const IOP::ComponentId TAG_KerberosV5_SEC_MECH = 17; | |
struct KerberosV5 { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
CryptographicProfileList crypto_profile; | |
SecurityName security_name; | |
}; | |
// Cryptographic profiles for CSI-ECMA Protocol | |
const CryptographicProfile FullSecurity = 1; | |
const CryptographicProfile NoDataConfidentiality = 2; | |
const CryptographicProfile LowGradeConfidentiality = 3; | |
const CryptographicProfile AgreedDefault = 5; | |
// Security Mechanism CSI_ECMA_Secret | |
const IOP::ComponentId TAG_CSI_ECMA_Secret_SEC_MECH = 18; | |
struct CSI_ECMA_Secret { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
CryptographicProfileList crypto_profile; | |
SecurityName security_name; | |
}; | |
// Security Mechanism CSI_ECMA_Hybrid | |
const IOP::ComponentId TAG_CSI_ECMA_Hybrid_SEC_MECH = 19; | |
struct CSI_ECMA_Hybrid { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
CryptographicProfileList crypto_profile; | |
SecurityName security_name; | |
}; | |
// Security Mechanism CSI_ECMA_Public | |
const IOP::ComponentId TAG_CSI_ECMA_Public_SEC_MECH = 21; | |
struct CSI_ECMA_Public { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
CryptographicProfileList crypto_profile; | |
SecurityName security_name; | |
}; | |
// Tagged component for configuring SECIOP as a CSIv2 mechanism transport | |
const IOP::ComponentId TAG_SECIOP_SEC_TRANS = 35; | |
struct SECIOP_SEC_TRANS { | |
Security::AssociationOptions target_supports; | |
Security::AssociationOptions target_requires; | |
Security::OID mech_oid; | |
Security::GSS_NT_ExportedName target_name; | |
unsigned short port; | |
}; | |
}; | |
#endif /* _SECIOP_IDL */ |