summaryrefslogtreecommitdiffstats
path: root/Schemas/CIM228/DMTF/IPsecPolicy/CIM_IKEProposal.mof
blob: 6c099b116e67f2bb0825472c496e585d97f55814 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
// Copyright (c) 2005 DMTF.  All rights reserved.
   [Version ( "2.8.0" ), 
    UMLPackagePath ( "CIM::IPsecPolicy" ), 
    Description ( 
       "IKEProposal contains the parameters necessary to drive the "
       "phase 1 IKE negotiation." ), 
    MappingStrings { "IPSP Policy Model.IETF|IKEProposal" }]
class CIM_IKEProposal : CIM_SAProposal {

      [Description ( 
          "MaxLifetimeSeconds specifies the maximum time the IKE "
          "message sender proposes for an SA to be considered valid "
          "after it has been created. A value of zero indicates "
          "that the default of 8 hours be used. A non-zero value "
          "indicates the maximum seconds lifetime." ), 
       Units ( "Seconds" ), 
       MappingStrings { 
          "IPSP Policy Model.IETF|IKEProposal.MaxLifetimeSeconds" }, 
       ModelCorrespondence { 
          "CIM_SecurityAssociationEndpoint.LifetimeSeconds" }, 
       PUnit ( "second" )]
   uint64 MaxLifetimeSeconds;

      [Description ( 
          "MaxLifetimeKilobytes specifies the maximum kilobyte "
          "lifetime the IKE message sender proposes for an SA to be "
          "considered valid after it has been created. A value of "
          "zero (the default) indicates that there should be no "
          "maximum kilobyte lifetime. A non-zero value specifies "
          "the desired kilobyte lifetime." ), 
       Units ( "KiloBytes" ), 
       MappingStrings { 
          "IPSP Policy Model.IETF|IKEProposal.MaxLifetimeKilobytes" }, 
       ModelCorrespondence { 
          "CIM_SecurityAssociationEndpoint.LifetimeKilobytes" }, 
       PUnit ( "byte * 10^3" )]
   uint64 MaxLifetimeKilobytes;

      [Description ( 
          "CipherAlgorithm is an enumeration that specifies the "
          "proposed encryption algorithm. The list of algorithms "
          "was generated from Appendix A of RFC2409. Note that the "
          "enumeration is different than the RFC list and aligns "
          "with the values in IKESAEndpoint.CipherAlgorithm." ), 
       ValueMap { "1", "2", "3", "4", "5", "6", "7", "8..65000", 
          "65001..65535" }, 
       Values { "Other", "DES", "IDEA", "Blowfish", "RC5", "3DES", 
          "CAST", "DMTF/IANA Reserved", "Vendor Reserved" }, 
       MappingStrings { 
          "IPSP Policy Model.IETF|IKEProposal.CipherAlgorithm", 
          "RFC2409.IETF|Appendix A" }, 
       ModelCorrespondence { "CIM_IKESAEndpoint.CipherAlgorithm", 
          "CIM_IKEProposal.OtherCipherAlgorithm" }]
   uint16 CipherAlgorithm;

      [Description ( 
          "Description of the encryption algorithm when the value 1 "
          "(\"Other\") is specified for the property, "
          "CipherAlgorithm." ), 
       ModelCorrespondence { 
          "CIM_IKESAEndpoint.OtherCipherAlgorithm", 
          "CIM_IKEProposal.CipherAlgorithm" }]
   string OtherCipherAlgorithm;

      [Description ( 
          "HashAlgorithm is an enumeration that specifies the "
          "proposed hash function. The list of algorithms was "
          "generated from Appendix A of RFC2409. Note that the "
          "enumeration is different than the RFC list and aligns "
          "with the values in IKESAEndpoint.HashAlgorithm." ), 
       ValueMap { "1", "2", "3", "4", "5..65000", "65001..65535" }, 
       Values { "Other", "MD5", "SHA-1", "Tiger", 
          "DMTF/IANA Reserved", "Vendor Reserved" }, 
       MappingStrings { 
          "IPSP Policy Model.IETF|IKEProposal.HashAlgorithm", 
          "RFC2409.IETF|Appendix A" }, 
       ModelCorrespondence { "CIM_IKESAEndpoint.HashAlgorithm", 
          "CIM_IKEProposal.OtherHashAlgorithm" }]
   uint16 HashAlgorithm;

      [Description ( 
          "Description of the hash function when the value 1 "
          "(\"Other\") is specified for the property, "
          "HashAlgorithm." ), 
       ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm", 
          "CIM_IKEProposal.HashAlgorithm" }]
   string OtherHashAlgorithm;

      [Description ( 
          "AuthenticationMethod is an enumeration that specifies "
          "the proposed authentication. The list of methods was "
          "generated from Appendix A of RFC2409. Note that the "
          "enumeration is different than the RFC list and aligns "
          "with the values in IKESAEndpoint.AuthenticationMethod. "
          "There is one change to the list - the value 65000 has "
          "special meaning. It is a special value that indicates "
          "that this particular proposal should be repeated once "
          "for each authentication method corresponding to "
          "credentials installed on the machine. For example, if "
          "the system has a pre-shared key and an public-key "
          "certificate, a proposal list would be constructed which "
          "includes a proposal that specifies a pre-shared key and "
          "a proposal for any of the public-key certificates." ), 
       ValueMap { "1", "2", "3", "4", "5", "6", "7..64999", "65000", 
          "65001..65535" }, 
       Values { "Other", "Pre-shared Key", "DSS Signatures", 
          "RSA Signatures", "Encryption with RSA", 
          "Revised Encryption with RSA", "DMTF/IANA Reserved", 
          "Any", "Vendor Reserved" }, 
       MappingStrings { 
          "IPSP Policy Model.IETF|IKEProposal.AuthenticationMethod", 
          "RFC2409.IETF|Appendix A" }, 
       ModelCorrespondence { 
          "CIM_IKESAEndpoint.AuthenticationMethod", 
          "CIM_IKEProposal.OtherAuthenticationMethod" }]
   uint16 AuthenticationMethod;

      [Description ( 
          "Description of the method when the value 1 (\"Other\") "
          "is specified for the property, AuthenticationMethod." ), 
       ModelCorrespondence { 
          "CIM_IKESAEndpoint.OtherAuthenticationMethod", 
          "CIM_IKEProposal.AuthenticationMethod" }]
   string OtherAuthenticationMethod;

      [Description ( 
          "The property GroupId specifies the proposed phase 1 "
          "security association key exchange group. This property "
          "is ignored for all aggressive mode exchanges "
          "(IKEAction.ExchangeMode = 4). If the GroupID number is "
          "from the vendor-specific range (32768-65535), the "
          "property VendorID qualifies the group number. Well-known "
          "group identifiers from RFC2412, Appendix E, are: Group "
          "1=\'768 bit prime\', Group 2=\'1024 bit prime\', Group 3 "
          "=\'Elliptic Curve Group with 155 bit field element\', "
          "Group 4= \'Large Elliptic Curve Group with 185 bit field "
          "element\', and Group 5=\'1536 bit prime\'." ), 
       ValueMap { "0", "1", "2", "3", "4", "5", "..", "0x8000.." }, 
       Values { "No Group/Non-Diffie-Hellman Exchange", 
          "DH-768 bit prime", "DH-1024 bit prime", 
          "EC2N-155 bit field element", 
          "EC2N-185 bit field element", "DH-1536 bit prime", 
          "Standard Group - Reserved", "Vendor Reserved" }, 
       MappingStrings { 
          "IPSP Policy Model.IETF|IKEProposal.GroupID", 
          "RFC2412.IETF|Appendix E" }, 
       ModelCorrespondence { "CIM_IKESAEndpoint.GroupID", 
          "CIM_IKEProposal.VendorID" }]
   uint16 GroupId;

      [Description ( 
          "VendorID identifies the vendor when the value of GroupID "
          "is in the vendor-specific range, 32768 to 65535." ), 
       ModelCorrespondence { "CIM_IKESAEndpoint.VendorID", 
          "CIM_IKEProposal.GroupId" }]
   string VendorID;


};