-
Notifications
You must be signed in to change notification settings - Fork 2
/
ion_ionsec_admin.json
178 lines (176 loc) · 5.82 KB
/
ion_ionsec_admin.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
{
"Mdat": [{
"name": "name",
"type": "STR",
"value": "ionsec_admin",
"description": "The human-readable name of the ADM."
},
{
"name": "enum",
"type": "INT",
"value": 8
},
{
"name": "namespace",
"type": "STR",
"value": "DTN/ION/ionsecadmin",
"description": "The namespace of the ADM."
},
{
"name": "version",
"type": "STR",
"value": "v0.0",
"description": "The version of the ADM."
},
{
"name": "organization",
"type": "STR",
"value": "JHUAPL",
"description": "The name of the issuing organization of the ADM."
}
],
"Tblt": [{
"name": "ltp_rx_rules",
"columns": [{
"type": "UINT",
"name": "ltp_engine_id"
}, {
"type": "UINT",
"name": "ciphersuite_nbr"
}, {
"type": "STR",
"name": "key_name"
}],
"description": "This table lists all LTP segment authentication rulesin the security policy database."
},
{
"name": "ltp_tx_rules",
"columns": [{
"type": "UINT",
"name": "ltp_engine_id"
}, {
"type": "UINT",
"name": "ciphersuite_nbr"
}, {
"type": "STR",
"name": "key_name"
}],
"description": "This table lists all LTP segment signing rules in the security policy database."
}
],
"Ctrl": [{
"name": "key_add",
"parmspec": [{
"type": "STR",
"name": "key_name"
}, {
"type": "BYTESTR",
"name": "key_value"
}],
"description": "This control adds a named key value to the security policy database. The content of file_name is taken as the value of the key.Named keys can be referenced by other elements of thesecurity policy database."
},
{
"name": "key_change",
"parmspec": [{
"type": "STR",
"name": "key_name"
}, {
"type": "BYTESTR",
"name": "key_value"
}],
"description": "This control changes the value of the named key, obtaining the new key value from the content of file_name."
},
{
"name": "key_del",
"parmspec": [{
"type": "STR",
"name": "key_name"
}],
"description": "This control deletes the key identified by name."
},
{
"name": "ltp_rx_rule_add",
"parmspec": [{
"type": "UINT",
"name": "ltp_engine_id"
}, {
"type": "UINT",
"name": "ciphersuite_nbr"
}, {
"type": "STR",
"name": "key_name"
}],
"description": "This control adds a rule specifying the manner in which LTP segment authentication will be applied to LTP segmentsrecieved from the indicated LTP engine. A segment from the indicated LTP engine will only be deemed authentic if it contains an authentication extension computed via the ciphersuite identified by ciphersuite_nbr using the applicable key value. If ciphersuite_nbr is 255 then the applicable key value is a hard-coded constant and key_name must be omitted; otherwise key_nameis required and the applicable key value is the current value of the key named key_name in the local security policy database. Valid values of ciphersuite_nbr are: 0: HMAC-SHA1-80 1: RSA-SHA256 255: NULL"
},
{
"name": "ltp_rx_rule_change",
"parmspec": [{
"type": "UINT",
"name": "ltp_engine_id"
}, {
"type": "UINT",
"name": "ciphersuite_nbr"
}, {
"type": "STR",
"name": "key_name"
}],
"description": "This control changes the parameters of the LTP segment authentication rule for the indicated LTP engine."
},
{
"name": "ltp_rx_rule_del",
"parmspec": [{
"type": "UINT",
"name": "ltp_engine_id"
}],
"description": "This control deletes the LTP segment authentication rule for the indicated LTP engine."
},
{
"name": "ltp_tx_rule_add",
"parmspec": [{
"type": "UINT",
"name": "ltp_engine_id"
}, {
"type": "UINT",
"name": "ciphersuite_nbr"
}, {
"type": "STR",
"name": "key_name"
}],
"description": "This control adds a rule specifying the manner in which LTP segments transmitted to the indicated LTP engine mustbe signed. Signing a segment destined for the indicated LTP engineentails computing an authentication extension via the ciphersuite identified by ciphersuite_nbr using the applicable key value. If ciphersuite_nbr is 255 then the applicable key value is a hard-coded constant and key_name must be omitted; otherwise key_nameis required and the applicable key value is the current value of the key named key_name in the local security policy database.Valid values of ciphersuite_nbr are: 0:HMAC_SHA1-80 1: RSA_SHA256 255: NULL"
},
{
"name": "ltp_tx_rule_change",
"parmspec": [{
"type": "UINT",
"name": "ltp_engine_id"
}, {
"type": "UINT",
"name": "ciphersuite_nbr"
}, {
"type": "STR",
"name": "key_name"
}],
"description": "This control changes the parameters of the LTP segment signing rule for the indicated LTP engine."
},
{
"name": "ltp_tx_rule_del",
"parmspec": [{
"type": "UINT",
"name": "ltp_engine_id"
}],
"description": "This control deletes the LTP segment signing rule forthe indicated LTP engine."
},
{
"name": "list_keys",
"description": "This control lists the names of keys available in the key policy database."
},
{
"name": "list_ltp_rx_rules",
"description": "This control lists all LTP segment authentication rules in the security policy database."
},
{
"name": "list_ltp_tx_rules",
"description": "This control lists all LTP segment signing rules in the security policy database."
}
]
}