// Copyright (c) 2005 DMTF. All rights reserved. // Add UmlPackagePath // qualifier values to CIM Schema. // ================================================================== // CIM_IKEProposal // ================================================================== [UMLPackagePath ( "CIM::IPsecPolicy" ), Version ( "2.8.0" ), Description ( "IKEProposal contains the parameters necessary to drive the " "phase 1 IKE negotiation."), MappingStrings { "IPSP Policy Model.IETF|IKEProposal" }] class CIM_IKEProposal : CIM_SAProposal { [Description ( "MaxLifetimeSeconds specifies the maximum time the IKE " "message sender proposes for an SA to be considered valid " "after it has been created. A value of zero indicates that " "the default of 8 hours be used. A non-zero value indicates " "the maximum seconds lifetime."), Units ( "Seconds" ), MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.MaxLifetimeSeconds" }, ModelCorrespondence { "CIM_SecurityAssociationEndpoint.LifetimeSeconds" }] uint64 MaxLifetimeSeconds; [Description ( "MaxLifetimeKilobytes specifies the maximum kilobyte " "lifetime the IKE message sender proposes for an SA to be " "considered valid after it has been created. A value of zero " "(the default) indicates that there should be no maximum " "kilobyte lifetime. A non-zero value specifies the desired " "kilobyte lifetime."), Units ( "KiloBytes" ), MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.MaxLifetimeKilobytes" }, ModelCorrespondence { "CIM_SecurityAssociationEndpoint.LifetimeKilobytes" }] uint64 MaxLifetimeKilobytes; [Description ( "CipherAlgorithm is an enumeration that specifies the " "proposed encryption algorithm. The list of algorithms was " "generated from Appendix A of RFC2409. Note that the " "enumeration is different than the RFC list and aligns with " "the values in IKESAEndpoint.CipherAlgorithm."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "8..65000", "65001..65535" }, Values { "Other", "DES", "IDEA", "Blowfish", "RC5", "3DES", "CAST", "DMTF/IANA Reserved", "Vendor Reserved" }, MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.CipherAlgorithm", "RFC2409.IETF|Appendix A" }, ModelCorrespondence { "CIM_IKESAEndpoint.CipherAlgorithm", "CIM_IKEProposal.OtherCipherAlgorithm" }] uint16 CipherAlgorithm; [Description ( "Description of the encryption algorithm when the value 1 " "(\"Other\") is specified for the property, CipherAlgorithm."), ModelCorrespondence { "CIM_IKESAEndpoint.OtherCipherAlgorithm", "CIM_IKEProposal.CipherAlgorithm" }] string OtherCipherAlgorithm; [Description ( "HashAlgorithm is an enumeration that specifies the proposed " "hash function. The list of algorithms was generated from " "Appendix A of RFC2409. Note that the enumeration is " "different than the RFC list and aligns with the values in " "IKESAEndpoint.HashAlgorithm."), ValueMap { "1", "2", "3", "4", "5..65000", "65001..65535" }, Values { "Other", "MD5", "SHA-1", "Tiger", "DMTF/IANA Reserved", "Vendor Reserved" }, MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.HashAlgorithm", "RFC2409.IETF|Appendix A" }, ModelCorrespondence { "CIM_IKESAEndpoint.HashAlgorithm", "CIM_IKEProposal.OtherHashAlgorithm" }] uint16 HashAlgorithm; [Description ( "Description of the hash function when the value 1 " "(\"Other\") is specified for the property, HashAlgorithm."), ModelCorrespondence { "CIM_IKESAEndpoint.OtherHashAlgorithm", "CIM_IKEProposal.HashAlgorithm" }] string OtherHashAlgorithm; [Description ( "AuthenticationMethod is an enumeration that specifies the " "proposed authentication. The list of methods was generated " "from Appendix A of RFC2409. Note that the enumeration is " "different than the RFC list and aligns with the values in " "IKESAEndpoint.AuthenticationMethod. There is one change to " "the list - the value 65000 has special meaning. It is a " "special value that indicates that this particular proposal " "should be repeated once for each authentication method " "corresponding to credentials installed on the machine. For " "example, if the system has a pre-shared key and an " "public-key certificate, a proposal list would be " "constructed which includes a proposal that specifies a " "pre-shared key and a proposal for any of the public-key " "certificates."), ValueMap { "1", "2", "3", "4", "5", "6", "7..64999", "65000", "65001..65535" }, Values { "Other", "Pre-shared Key", "DSS Signatures", "RSA Signatures", "Encryption with RSA", "Revised Encryption with RSA", "DMTF/IANA Reserved", "Any", "Vendor Reserved" }, MappingStrings { "IPSP Policy " "Model.IETF|IKEProposal.AuthenticationMethod", "RFC2409.IETF|Appendix A" }, ModelCorrespondence { "CIM_IKESAEndpoint.AuthenticationMethod", "CIM_IKEProposal.OtherAuthenticationMethod" }] uint16 AuthenticationMethod; [Description ( "Description of the method when the value 1 (\"Other\") is " "specified for the property, AuthenticationMethod."), ModelCorrespondence { "CIM_IKESAEndpoint.OtherAuthenticationMethod", "CIM_IKEProposal.AuthenticationMethod" }] string OtherAuthenticationMethod; [Description ( "The property GroupId specifies the proposed phase 1 " "security association key exchange group. This property is " "ignored for all aggressive mode exchanges " "(IKEAction.ExchangeMode = 4). If the GroupID number is from " "the vendor-specific range (32768-65535), the property " "VendorID qualifies the group number. Well-known group " "identifiers from RFC2412, Appendix E, are: Group 1='768 bit " "prime', Group 2='1024 bit prime', Group 3 ='Elliptic Curve " "Group with 155 bit field element', Group 4= 'Large Elliptic " "Curve Group with 185 bit field element', and Group 5='1536 " "bit prime'."), ValueMap { "0", "1", "2", "3", "4", "5", "..", "0x8000.." }, Values { "No Group/Non-Diffie-Hellman Exchange", "DH-768 bit prime", "DH-1024 bit prime", "EC2N-155 bit field element", "EC2N-185 bit field element", "DH-1536 bit prime", "Standard Group - Reserved", "Vendor Reserved" }, MappingStrings { "IPSP Policy Model.IETF|IKEProposal.GroupID", "RFC2412.IETF|Appendix E" }, ModelCorrespondence { "CIM_IKESAEndpoint.GroupID", "CIM_IKEProposal.VendorID" }] uint16 GroupId; [Description ( "VendorID identifies the vendor when the value of GroupID is " "in the vendor-specific range, 32768 to 65535."), ModelCorrespondence { "CIM_IKESAEndpoint.VendorID", "CIM_IKEProposal.GroupId" }] string VendorID; };