4 år sedan · f6efb5b8be
--- a/CertificateManagementObject/certificatemanagement.c
+++ b/CertificateManagementObject/certificatemanagement.c
@@ -63,9 +63,11 @@
 
				  * declaration of (static) Certificate Management object instance 1 data
			
 
				  */
			
 
				 CertificateManagementObjectClassAttributes cmo_class_attr = {
			
 
				-    .capability_flags = kPushModel,
			
 
				+    .capability_flags = kCertificateManagementObjectCapabilityFlagPushModel,
			
 
				     .certificate_list_dummy = 0,
			
 
				-    .certificate_encodings_flag = kEncodingFlagPEM | kEncodingFlagPKCS7,
			
 
				+    .certificate_encodings_flag =
			
 
				+        kCertificateManagementObjectCertificateEncodingFlagPEM |
			
 
				+        kCertificateManagementObjectCertificateEncodingFlagPKCS7,
			
 
				 };
			
 
				 
			
 
				 const char instance_1_name[] = "Default Device Certificate";
			
@@ -77,21 +79,21 @@ const CipShortString name = {
 
				 };
			
 
				 
			
 
				 const Certificate device_certificate = {
			
 
				-    .certificate_status = kCertificateVerified
			
 
				+    .certificate_status = kCertificateManagementObjectCertificateStateValueVerified
			
 
				     // TODO: add path
			
 
				 };
			
 
				 
			
 
				 const Certificate ca_certificate = {
			
 
				-    .certificate_status = kCertificateVerified
			
 
				+    .certificate_status = kCertificateManagementObjectCertificateStateValueVerified
			
 
				     // TODO: add path
			
 
				 };
			
 
				 
			
 
				 CertificateManagementObject g_certificate_management = {
			
 
				     .name = name,                                    /*Attribute 1*/
			
 
				-    .state = kVerified,                              /*Attribute 2*/
			
 
				+    .state = kCertificateManagementObjectStateValueVerified,                              /*Attribute 2*/
			
 
				     .device_certificate = device_certificate,        /*Attribute 3*/
			
 
				     .ca_certificate = ca_certificate,                /*Attribute 4*/
			
 
				-    .certificate_encoding = kCertificateEncodingPEM, /*Attribute 5*/
			
 
				+    .certificate_encoding = kCertificateManagementObjectCertificateEncodingPEM, /*Attribute 5*/
			
 
				 };
			
 
				 
			
 
				 /** @brief Produce the data according to CIP encoding onto the message buffer.
			
@@ -241,7 +243,7 @@ EipStatus CertificateManagementObjectCreate(
 
				 
			
 
				     new_cmo->name.length = GetUsintFromMessage(&message_router_request->data);
			
 
				     new_cmo->name.string = (CipByte *)CipCalloc(new_cmo->name.length, sizeof(CipByte));
			
 
				-    new_cmo->state = kCreated;
			
 
				+    new_cmo->state = kCertificateManagementObjectStateValueCreated;
			
 
				 
			
 
				     memcpy(new_cmo->name.string, message_router_request->data, new_cmo->name.length);
			
 
				     CertificateManagementObjectBindAttributes( certificate_management_object_instance, new_cmo);
			
@@ -504,12 +506,12 @@ EipStatus CertificateManagementObjectInit(void) {
 
				                 "SetAttributeSingle"
			
 
				   );
			
 
				   InsertService(certificate_management_object_class,
			
 
				-                kCreateCSR,
			
 
				+                kCertificateManagementObjectServiceCodeCreateCSR,
			
 
				                 &CertificateManagementObjectCreateCSR,
			
 
				                 "CertificateManagementObjectCreateCSR"
			
 
				   );
			
 
				   InsertService(certificate_management_object_class,
			
 
				-                kVerifyCertificate,
			
 
				+                kCertificateManagementObjectServiceCodeVerifyCertificate,
			
 
				                 &CertificateManagementObjectVerifyCertificate,
			
 
				                 "CertificateManagementObjectVerifyCertificate"
			
 
				   );
			
--- a/CertificateManagementObject/certificatemanagement.h
+++ b/CertificateManagementObject/certificatemanagement.h
@@ -16,14 +16,14 @@ static const CipUint kCertificateManagementObjectClassCode = 0x5FU;
 
				 /** @brief Certificate management object specific service codes
			
 
				  *  @see Volume 8, Chapter 5-5.7 */
			
 
				 typedef enum {
			
 
				-  kCreateCSR = 0x4B,         /**< Certificate Management object Create CSR service code */
			
 
				-  kVerifyCertificate = 0x4C, /**< Certificate Management object Verify Certificate service code */
			
 
				+  kCertificateManagementObjectServiceCodeCreateCSR = 0x4B,         /**< Certificate Management object Create CSR service code */
			
 
				+  kCertificateManagementObjectServiceCodeVerifyCertificate = 0x4C, /**< Certificate Management object Verify Certificate service code */
			
 
				 } CertificateManagementObjectServiceCode;
			
 
				 
			
 
				 /** @brief Certificate management object specific error codes
			
 
				  *  @see Volume 8, Chapter 5-5.8.1 */
			
 
				 typedef enum {
			
 
				-  kVerificationFailed = 0xD0, /**< Verification of the requested certificate failed */
			
 
				+  kCertificateManagementObjectErrorCodeVerificationFailed = 0xD0, /**< Verification of the requested certificate failed */
			
 
				 } CertificateManagementObjectErrorCode;
			
 
				 
			
 
				 /* *****************************************************************************
			
@@ -36,8 +36,8 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-5.3.1
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kPushModel = 1, /**< Push model for certificate configuration */
			
 
				-  kPullModel = 2, /**< Pull model for certificate configuration */
			
 
				+  kCertificateManagementObjectCapabilityFlagPushModel = 1, /**< Push model for certificate configuration */
			
 
				+  kCertificateManagementObjectCapabilityFlagPullModel = 2, /**< Pull model for certificate configuration */
			
 
				 } CertificateManagementObjectCapabilityFlag;
			
 
				 
			
 
				 /** @brief Valid values for Certificate Management Object Certificate Encoding Flags (class attribute #10)
			
@@ -49,8 +49,8 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-5.3.3
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kEncodingFlagPEM = 1,   /**< device supports PEM Encoding */
			
 
				-  kEncodingFlagPKCS7 = 2, /**< device supports PKCS#7 Encoding */
			
 
				+  kCertificateManagementObjectCertificateEncodingFlagPEM = 1,   /**< device supports PEM Encoding */
			
 
				+  kCertificateManagementObjectCertificateEncodingFlagPKCS7 = 2, /**< device supports PKCS#7 Encoding */
			
 
				 } CertificateManagementObjectCertificateEncodingFlag;
			
 
				 
			
 
				 /** @brief Valid values for Certificate Management Object State (attribute #2)
			
@@ -59,11 +59,11 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-5.4.2
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kNonExistent = 0, /**< The instance doesn't exist */
			
 
				-  kCreated,         /**< The instance has been created, dynamically or static */
			
 
				-  kConfiguring,     /**< One of the certificates are being configured */
			
 
				-  kVerified,        /**< Both certificates, Device Certificate and CA Certificate, have successfully been verified */
			
 
				-  kInvalid,         /**< At least one of the certificates is invalid */
			
 
				+  kCertificateManagementObjectStateValueNonExistent = 0, /**< The instance doesn't exist */
			
 
				+  kCertificateManagementObjectStateValueCreated,         /**< The instance has been created, dynamically or static */
			
 
				+  kCertificateManagementObjectStateValueConfiguring,     /**< One of the certificates are being configured */
			
 
				+  kCertificateManagementObjectStateValueVerified,        /**< Both certificates, Device Certificate and CA Certificate, have successfully been verified */
			
 
				+  kCertificateManagementObjectStateValueInvalid,         /**< At least one of the certificates is invalid */
			
 
				 } CertificateManagementObjectStateValue;
			
 
				 
			
 
				 /** @brief Valid values for Certificate Management Object Certificate State (attribute #3 & #4)
			
@@ -72,9 +72,9 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-5.4.3
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kCertificateNotVerified = 0, /**< Not Verified */
			
 
				-  kCertificateVerified,        /**< Verified */
			
 
				-  kCertificateInvalid,         /**< Invalid */
			
 
				+  kCertificateManagementObjectCertificateStateValueNotVerified = 0, /**< Not Verified */
			
 
				+  kCertificateManagementObjectCertificateStateValueVerified,        /**< Verified */
			
 
				+  kCertificateManagementObjectCertificateStateValueInvalid,         /**< Invalid */
			
 
				 } CertificateManagementObjectCertificateStateValue;
			
 
				 
			
 
				 /** @brief Valid values for Certificate Management Object Certificate Encoding (attribute #5)
			
@@ -84,8 +84,8 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-5.4.5
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kCertificateEncodingPEM = 0, /**< PEM Encoding */
			
 
				-  kCertificateEncodingPKCS7,   /**< PKCS#7 Encoding */
			
 
				+  kCertificateManagementObjectCertificateEncodingPEM = 0, /**< PEM Encoding */
			
 
				+  kCertificateManagementObjectCertificateEncodingPKCS7,   /**< PKCS#7 Encoding */
			
 
				 } CertificateManagementObjectCertificateEncoding;
			
 
				 
			
 
				 /** @brief Type declaration for a X.509 certificate
			
--- a/CipSecurityObject/cipsecurity.c
+++ b/CipSecurityObject/cipsecurity.c
@@ -56,9 +56,9 @@
 
				 /**< definition of CIP Security object instance 1 data */
			
 
				 
			
 
				 CipSecurityObject g_security = {
			
 
				-    .state = kFactoryDefaultConfiguration,
			
 
				-    .security_profiles = kEtherNetIpConfidentialityProfile,
			
 
				-    .security_profiles_configured = kEtherNetIpConfidentialityProfile,
			
 
				+    .state = kCipSecurityObjectStateValueFactoryDefaultConfiguration,
			
 
				+    .security_profiles = kCipSecurityObjectSecurityProfileValueEtherNetIpConfidentialityProfile,
			
 
				+    .security_profiles_configured = kCipSecurityObjectSecurityProfileValueEtherNetIpConfidentialityProfile,
			
 
				 };
			
 
				 
			
 
				 /* ********************************************************************
			
@@ -88,7 +88,7 @@ EipStatus CipSecurityObjectReset(
 
				     if (message_router_request->request_data_size > 0) {
			
 
				       message_router_response->general_status = kCipErrorTooMuchData;
			
 
				     } else {
			
 
				-      g_security.state = kFactoryDefaultConfiguration;
			
 
				+      g_security.state = kCipSecurityObjectStateValueFactoryDefaultConfiguration;
			
 
				       message_router_response->general_status = kCipErrorSuccess;
			
 
				       OPENER_TRACE_INFO("Reset attribute 1 (state) of instance %d\n",
			
 
				                         instance->instance_number);
			
@@ -138,18 +138,18 @@ EipStatus CipSecurityObjectBeginConfig(
 
				 //  attribute #1 state CipUsint state = *(CipUsint*) attribute->data; //TODO: check
			
 
				   CipUsint state = g_security.state;
			
 
				 
			
 
				-  if (kConfigurationInProgress == state) {
			
 
				+  if (kCipSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     message_router_response->general_status = kCipErrorObjectStateConflict;
			
 
				   } else {
			
 
				-    if (kCIPSecurityConfigured == state) {
			
 
				+    if (kCipSecurityObjectStateValueCIPSecurityConfigured == state) {
			
 
				       // TODO: check if command is sent over valid TLS connection, else:
			
 
				       message_router_response->general_status = kCipErrorPrivilegeViolation;
			
 
				     } else {
			
 
				       // TODO: check if other configuration in progress
			
 
				 
			
 
				-      // *(CipUsint*) attribute->data = kConfigurationInProgress; //set state  TODO: check
			
 
				+      // *(CipUsint*) attribute->data = kCipSecurityObjectStateValueConfigurationInProgress; //set state  TODO: check
			
 
				 
			
 
				-      g_security.state = kConfigurationInProgress;
			
 
				+      g_security.state = kCipSecurityObjectStateValueConfigurationInProgress;
			
 
				       g_security_session_start_time = GetMilliSeconds();  // TODO: check
			
 
				 
			
 
				       message_router_response->general_status = kCipErrorSuccess;
			
@@ -179,10 +179,10 @@ EipStatus CipSecurityObjectEndConfig(
 
				 //  CipUsint state = *(CipUsint*) attribute->data; //TODO: check
			
 
				   CipUsint state = g_security.state;
			
 
				 
			
 
				-  if (kConfigurationInProgress == state) {
			
 
				+  if (kCipSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     message_router_response->general_status = kCipErrorSuccess;
			
 
				-//    *(CipUsint *)attribute->data = kCIPSecurityConfigured;  // set state
			
 
				-    g_security.state = kCIPSecurityConfigured;
			
 
				+//    *(CipUsint *)attribute->data = kCipSecurityObjectStateValueCIPSecurityConfigured;  // set state
			
 
				+    g_security.state = kCipSecurityObjectStateValueCIPSecurityConfigured;
			
 
				   }
			
 
				 
			
 
				   return kEipStatusOk;
			
@@ -208,7 +208,7 @@ EipStatus CipSecurityObjectKickTimer(
 
				 //  CipUsint state = *(CipUsint *)attribute->data;  // TODO: check
			
 
				   CipUsint state = g_security.state;
			
 
				 
			
 
				-  if (kConfigurationInProgress == state) {
			
 
				+  if (kCipSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     // reset configuration session timer
			
 
				     g_security_session_start_time = GetMilliSeconds();  // actual time TODO: check
			
 
				     message_router_response->general_status = kCipErrorSuccess;
			
@@ -228,7 +228,7 @@ EipStatus CipSecurityObjectCleanup(
 
				     CipMessageRouterResponse *const message_router_response,
			
 
				     const struct sockaddr *originator_address,
			
 
				     const int encapsulation_session) {
			
 
				-  message_router_response->general_status = kNoOrphanObjects;
			
 
				+  message_router_response->general_status = kCipSecurityObjectErrorCodeNoOrphanObjects;
			
 
				   message_router_response->size_of_additional_status = 0;
			
 
				   InitializeENIPMessage(&message_router_response->message);
			
 
				   message_router_response->reply_service = (0x80 | message_router_request->service);
			
@@ -391,7 +391,8 @@ void CipSecurityObjectInitializeClassSettings(CipClass *class) {
 
				                 &GetAttributeSingle,
			
 
				                 "GetAttributeSingle"
			
 
				   );
			
 
				-  InsertService(meta_class, kCIPSecurityObjectCleanup,
			
 
				+  InsertService(meta_class,
			
 
				+                kCIPSecurityObjectServiceCodeObjectCleanup,
			
 
				                 &CipSecurityObjectCleanup,
			
 
				                 "CipSecurityObjectCleanup"
			
 
				   );
			
@@ -464,15 +465,18 @@ EipStatus CipSecurityInit(void) {
 
				                 &CipSecurityObjectReset,
			
 
				                 "CipSecurityObjectReset"
			
 
				   );
			
 
				-  InsertService(cip_security_object_class, kCIPSecurityBeginConfig,
			
 
				+  InsertService(cip_security_object_class,
			
 
				+                kCIPSecurityObjectServiceCodeBeginConfig,
			
 
				                 &CipSecurityObjectBeginConfig,
			
 
				                 "CipSecurityObjectBeginConfig"
			
 
				   );
			
 
				-  InsertService(cip_security_object_class, kCIPSecurityKickTimer,
			
 
				+  InsertService(cip_security_object_class,
			
 
				+                kCIPSecurityObjectServiceCodeKickTimer,
			
 
				                 &CipSecurityObjectKickTimer,
			
 
				                 "CipSecurityObjectKickTimer"
			
 
				   );
			
 
				-  InsertService(cip_security_object_class, kCIPSecurityEndConfig,
			
 
				+  InsertService(cip_security_object_class,
			
 
				+                kCIPSecurityObjectServiceCodeEndConfig,
			
 
				                 &CipSecurityObjectEndConfig,
			
 
				                 "CipSecurityObjectEndConfig"
			
 
				   );
			
--- a/CipSecurityObject/cipsecurity.h
+++ b/CipSecurityObject/cipsecurity.h
@@ -20,16 +20,16 @@ static const CipUint kCipSecurityObjectClassCode = 0x5DU;
 
				 /** @brief CIP Security object specific service codes
			
 
				  *  @see Volume 8, Chapter 5-3.7 */
			
 
				 typedef enum {
			
 
				-  kCIPSecurityBeginConfig = 0x4B,   /**< CIP Security object Begin_Config service code */
			
 
				-  kCIPSecurityKickTimer = 0x4C,     /**< CIP Security object Kick_Timer service code */
			
 
				-  kCIPSecurityEndConfig = 0x4D,     /**< CIP Security object End_Config service code */
			
 
				-  kCIPSecurityObjectCleanup = 0x4E, /**< CIP Security object Object_Cleanup service code */
			
 
				+  kCIPSecurityObjectServiceCodeBeginConfig = 0x4B,   /**< CIP Security object Begin_Config service code */
			
 
				+  kCIPSecurityObjectServiceCodeKickTimer = 0x4C,     /**< CIP Security object Kick_Timer service code */
			
 
				+  kCIPSecurityObjectServiceCodeEndConfig = 0x4D,     /**< CIP Security object End_Config service code */
			
 
				+  kCIPSecurityObjectServiceCodeObjectCleanup = 0x4E, /**< CIP Security object Object_Cleanup service code */
			
 
				 } CIPSecurityObjectServiceCode;
			
 
				 
			
 
				 /** @brief CIP Security object specific error codes
			
 
				  *  @see Volume 8, Chapter 5-3.8 */
			
 
				 typedef enum {
			
 
				-  kNoOrphanObjects = 0xD0, /**< No orphan objects for cleanup */
			
 
				+  kCipSecurityObjectErrorCodeNoOrphanObjects = 0xD0, /**< No orphan objects for cleanup */
			
 
				 } CipSecurityObjectErrorCode;
			
 
				 
			
 
				 /** @brief Valid values for CIP Security Object State (attribute #1)
			
@@ -38,10 +38,10 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-3.4.1
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kFactoryDefaultConfiguration = 0, /**< Factory Default Configuration */
			
 
				-  kConfigurationInProgress,         /**< ConfigurationIn Progress */
			
 
				-  kCIPSecurityConfigured,           /**< Configured */
			
 
				-  kIncompleteConfiguration,         /**< Incomplete Configuration */
			
 
				+  kCipSecurityObjectStateValueFactoryDefaultConfiguration = 0, /**< Factory Default Configuration */
			
 
				+  kCipSecurityObjectStateValueConfigurationInProgress,         /**< ConfigurationIn Progress */
			
 
				+  kCipSecurityObjectStateValueCIPSecurityConfigured,           /**< Configured */
			
 
				+  kCipSecurityObjectStateValueIncompleteConfiguration,         /**< Incomplete Configuration */
			
 
				 } CipSecurityObjectStateValue;
			
 
				 
			
 
				 /** @brief Valid values for CIP Security Object Security Profiles (attribute #2)
			
@@ -51,10 +51,10 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-3.4.2
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kEtherNetIpIntegrityProfile = 0x01U,       /**< The device supports the EtherNet/IP Integrity Profile (Obsoleted) */
			
 
				-  kEtherNetIpConfidentialityProfile = 0x02U, /**< The device supports the EtherNet/IP Confidentiality Profile */
			
 
				-  kCipAuthorizationProfile = 0x04U,          /**< The device supports the CIP Authorization Profile */
			
 
				-  kCipUserAuthenticationProfile = 0x08U,     /**< The device supports the CIP User Authentication Profile */
			
 
				+  kCipSecurityObjectSecurityProfileValueEtherNetIpIntegrityProfile = 0x01U,       /**< The device supports the EtherNet/IP Integrity Profile (Obsoleted) */
			
 
				+  kCipSecurityObjectSecurityProfileValueEtherNetIpConfidentialityProfile = 0x02U, /**< The device supports the EtherNet/IP Confidentiality Profile */
			
 
				+  kCipSecurityObjectSecurityProfileValueCipAuthorizationProfile = 0x04U,          /**< The device supports the CIP Authorization Profile */
			
 
				+  kCipSecurityObjectSecurityProfileValueCipUserAuthenticationProfile = 0x08U,     /**< The device supports the CIP User Authentication Profile */
			
 
				 } CipSecurityObjectSecurityProfileValue;
			
 
				 
			
 
				 /** @brief Type declaration for the CIP Security object
			
--- a/EtherNetIPSecurityObject/ethernetipsecurity.c
+++ b/EtherNetIPSecurityObject/ethernetipsecurity.c
@@ -83,7 +83,7 @@ const EIPSecurityObjectPathList active_device_certificates = {
 
				 };
			
 
				 
			
 
				 EIPSecurityObject g_eip_security = { //TODO: add object configuration
			
 
				-    .state = kEIPFactoryDefaultConfiguration,                 /** Attribute #1 */
			
 
				+    .state = kEIPSecurityObjectStateValueFactoryDefaultConfiguration,                 /** Attribute #1 */
			
 
				     .active_device_certificates = active_device_certificates, /** Attribute #6 */
			
 
				     .pre_shared_keys.number_of_pre_shared_keys = 0,           /** Attribute #5 */
			
 
				     .pull_model_enabled = true,  // default: true             /** Attribute #13 */
			
@@ -177,10 +177,10 @@ EipStatus EIPSecurityObjectReset(
 
				 
			
 
				     if (enable_pull_model) {       // data: 01
			
 
				       pull_model_status = 0x0000;  // TODO: 0x0000 not allowed - check
			
 
				-      state = kEIPFactoryDefaultConfiguration;
			
 
				+      state = kEIPSecurityObjectStateValueFactoryDefaultConfiguration;
			
 
				     } else {  // data: 00
			
 
				       pull_model_status = 0xFFFF;
			
 
				-      state = kPullModelDisabled;
			
 
				+      state = kEIPSecurityObjectStateValuePullModelDisabled;
			
 
				     }
			
 
				   } else {
			
 
				     pull_model_status = 0xFFFF;
			
@@ -225,11 +225,11 @@ EipStatus EIPSecurityObjectBeginConfig(
 
				   CipAttributeStruct *attribute = GetCipAttribute(instance, 1);  // attribute #1 state
			
 
				   CipUsint state = *(CipUsint *)attribute->data;
			
 
				 
			
 
				-  if (kEIPFactoryDefaultConfiguration != state) {
			
 
				+  if (kEIPSecurityObjectStateValueFactoryDefaultConfiguration != state) {
			
 
				     message_router_response->general_status = kCipErrorObjectStateConflict;
			
 
				   } else {
			
 
				     // TODO: save current instance config before starting new config
			
 
				-    *(CipUsint *)attribute->data = kEIPConfigurationInProgress;  // set state
			
 
				+    *(CipUsint *)attribute->data = kEIPSecurityObjectStateValueConfigurationInProgress;  // set state
			
 
				 
			
 
				     // TODO: start configuration session timer
			
 
				   }
			
@@ -256,7 +256,7 @@ EipStatus EIPSecurityObjectKickTimer(
 
				   CipAttributeStruct *attribute = GetCipAttribute(instance, 1);  // attribute #1 state
			
 
				   CipUsint state = *(CipUsint *)attribute->data;
			
 
				 
			
 
				-  if (kEIPConfigurationInProgress == state) {
			
 
				+  if (kEIPSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     // TODO: reset configuration session timer
			
 
				     message_router_response->general_status = kCipErrorSuccess;
			
 
				   }
			
@@ -283,7 +283,7 @@ EipStatus EIPSecurityObjectApplyConfig(
 
				   CipAttributeStruct *attribute = GetCipAttribute(instance, 1);  // attribute #1 state
			
 
				   CipUsint state = *(CipUsint *)attribute->data;
			
 
				 
			
 
				-  if (kEIPConfigurationInProgress == state) {
			
 
				+  if (kEIPSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     /* The default values if parameters were omitted. */
			
 
				     CipWord apply_behavior_flags = 0;
			
 
				     CipUint close_delay = 0;
			
@@ -307,7 +307,7 @@ EipStatus EIPSecurityObjectApplyConfig(
 
				      * settings when establishing new (D)TLS sessions. */
			
 
				 
			
 
				     // TODO: change state to configured
			
 
				-    //*(CipUsint*) attribute->data = kEIPConfigured;
			
 
				+    //*(CipUsint*) attribute->data = kEIPSecurityObjectStateValueConfigured;
			
 
				     message_router_response->general_status = kCipErrorSuccess;
			
 
				   }
			
 
				 
			
@@ -333,11 +333,11 @@ EipStatus EIPSecurityObjectAbortConfig(
 
				   CipAttributeStruct *attribute = GetCipAttribute(instance, 1);  // attribute #1 state
			
 
				   CipUsint state = *(CipUsint *)attribute->data;
			
 
				 
			
 
				-  if (kEIPConfigurationInProgress == state) {
			
 
				+  if (kEIPSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     // TODO: implement service
			
 
				 
			
 
				     // TODO: change back to state before configuration in progress
			
 
				-    *(CipUsint *)attribute->data = kEIPConfigured;  // TODO: remove
			
 
				+    *(CipUsint *)attribute->data = kEIPSecurityObjectStateValueConfigured;  // TODO: remove
			
 
				     message_router_response->general_status = kCipErrorSuccess;
			
 
				   }
			
 
				 
			
@@ -533,7 +533,7 @@ int DecodeDTLSTimeout(
 
				   CipAttributeStruct *attribute = GetCipAttribute(instance, 1);  // attribute #1 state
			
 
				   CipUsint state = *(CipUsint *)attribute->data;
			
 
				 
			
 
				-  if (kEIPConfigurationInProgress == state) {
			
 
				+  if (kEIPSecurityObjectStateValueConfigurationInProgress == state) {
			
 
				     CipUint dtls_timeout = GetUintFromMessage(&(message_router_request->data));
			
 
				 
			
 
				     if (0 <= dtls_timeout && 3600 >= dtls_timeout) {
			
@@ -794,22 +794,22 @@ EipStatus EIPSecurityInit(void) {
 
				                 "SetAttributeSingle"
			
 
				   );
			
 
				   InsertService(eip_security_object_class,
			
 
				-                kEIPSecurityBeginConfig,
			
 
				+                kEIPSecurityObjectServiceCodeBeginConfig,
			
 
				                 &EIPSecurityObjectBeginConfig,
			
 
				                 "EIPSecurityObjectBeginConfig"
			
 
				   );
			
 
				   InsertService(eip_security_object_class,
			
 
				-                kEIPSecurityKickTimer,
			
 
				+                kEIPSecurityObjectServiceCodeKickTimer,
			
 
				                 &EIPSecurityObjectKickTimer,
			
 
				                 "EIPSecurityObjectKickTimer"
			
 
				   );
			
 
				   InsertService(eip_security_object_class,
			
 
				-                kEIPSecurityApplyConfig,
			
 
				+                kEIPSecurityObjectServiceCodeApplyConfig,
			
 
				                 &EIPSecurityObjectApplyConfig,
			
 
				                 "EIPSecurityObjectApplyConfig"
			
 
				   );
			
 
				   InsertService(eip_security_object_class,
			
 
				-                kEIPSecurityAbortConfig,
			
 
				+                kEIPSecurityObjectServiceCodeAbortConfig,
			
 
				                 &EIPSecurityObjectAbortConfig,
			
 
				                 "EIPSecurityObjectAbortConfig"
			
 
				   );
			
--- a/EtherNetIPSecurityObject/ethernetipsecurity.h
+++ b/EtherNetIPSecurityObject/ethernetipsecurity.h
@@ -27,10 +27,10 @@ static const CipUsint SIZE_MAX_PSK = 64;
 
				 /** @brief EtherNet/IP Security object specific service codes
			
 
				  *  @see Volume 8, Chapter 5-4.7 */
			
 
				 typedef enum {
			
 
				-  kEIPSecurityBeginConfig = 0x4B, /**< EtherNet/IP Security object Begin_Config service code */
			
 
				-  kEIPSecurityKickTimer = 0x4C,   /**< EtherNet/IP Security object Kick_Timer service code */
			
 
				-  kEIPSecurityApplyConfig = 0x4D, /**< EtherNet/IP Security object Apply_Config service code */
			
 
				-  kEIPSecurityAbortConfig = 0x4E, /**< EtherNet/IP Security object Abort_Config service code */
			
 
				+  kEIPSecurityObjectServiceCodeBeginConfig = 0x4B, /**< EtherNet/IP Security object Begin_Config service code */
			
 
				+  kEIPSecurityObjectServiceCodeKickTimer = 0x4C,   /**< EtherNet/IP Security object Kick_Timer service code */
			
 
				+  kEIPSecurityObjectServiceCodeApplyConfig = 0x4D, /**< EtherNet/IP Security object Apply_Config service code */
			
 
				+  kEIPSecurityObjectServiceCodeAbortConfig = 0x4E, /**< EtherNet/IP Security object Abort_Config service code */
			
 
				 } EIPSecurityObjectServiceCode;
			
 
				 
			
 
				 /** @brief Valid values for EtherNet/IP Security Object State (attribute #1)
			
@@ -39,12 +39,12 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-4.4.1
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kEIPFactoryDefaultConfiguration = 0, /**< Factory Default Configuration */
			
 
				-  kEIPConfigurationInProgress,         /**< Configuration In Progress */
			
 
				-  kEIPConfigured,                      /**< Configured */
			
 
				-  kPullModelInProgress,                /**< Pull Model In Progress */
			
 
				-  kPullModelCompleted,                 /**< Pull Model Completed */
			
 
				-  kPullModelDisabled,                  /**< Pull Model Disabled */
			
 
				+  kEIPSecurityObjectStateValueFactoryDefaultConfiguration = 0, /**< Factory Default Configuration */
			
 
				+  kEIPSecurityObjectStateValueConfigurationInProgress,         /**< Configuration In Progress */
			
 
				+  kEIPSecurityObjectStateValueConfigured,                      /**< Configured */
			
 
				+  kEIPSecurityObjectStateValuePullModelInProgress,             /**< Pull Model In Progress */
			
 
				+  kEIPSecurityObjectStateValuePullModelCompleted,              /**< Pull Model Completed */
			
 
				+  kEIPSecurityObjectStateValuePullModelDisabled,               /**< Pull Model Disabled */
			
 
				 } EIPSecurityObjectStateValue;
			
 
				 
			
 
				 /** @brief Provide bit masks for the Capability Flags attribute (#2)
			
@@ -54,19 +54,19 @@ typedef enum {
 
				  *  @see Volume 8, Chapter 5-4.4.2
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kSecureRenegotiation = 0x01, /**< Indicates whether or not the device supports
			
 
				-                                * secure renegotiation via the Renegotiation
			
 
				-                                * Indication Extension defined in RFC 5746. */
			
 
				+  kEIPSecurityObjectCapabilityFlagSecureRenegotiation = 0x01, /**< Indicates whether or not the device supports
			
 
				+                                                               * secure renegotiation via the Renegotiation
			
 
				+                                                               * Indication Extension defined in RFC 5746. */
			
 
				 } EIPSecurityObjectCapabilityFlag;
			
 
				 
			
 
				 /** @brief Extended status error codes for Apply_Config service
			
 
				  *  @see Volume 8, Chapter 5-4.8.1
			
 
				  */
			
 
				 typedef enum {
			
 
				-  kNoPSKConfigured = 0x0001,                 /**< Only PSK cipher suited allowed but no Pre-Shared Keys configured */
			
 
				-  kNoCertificatesConfigured = 0x0002,        /**< Only certificate suites allowed, but no certificates configured */
			
 
				-  kCertificateSuitesNoneConsistent = 0x0003, /**< Certificate suites allowed but none consistent with the device private key type */
			
 
				-  kNoActiveCipherSuitesConfigured = 0x0004,  /**< No Active Cipher Suites configured */
			
 
				+  kEIPSecurityObjectApplyConfigErrorCodeExtendedNoPSKConfigured = 0x0001,                 /**< Only PSK cipher suited allowed but no Pre-Shared Keys configured */
			
 
				+  kEIPSecurityObjectApplyConfigErrorCodeExtendedNoCertificatesConfigured = 0x0002,        /**< Only certificate suites allowed, but no certificates configured */
			
 
				+  kEIPSecurityObjectApplyConfigErrorCodeExtendedCertificateSuitesNoneConsistent = 0x0003, /**< Certificate suites allowed but none consistent with the device private key type */
			
 
				+  kEIPSecurityObjectApplyConfigErrorCodeExtendedNoActiveCipherSuitesConfigured = 0x0004,  /**< No Active Cipher Suites configured */
			
 
				 } EIPSecurityObjectApplyConfigErrorCodeExtended;
			
 
				 
			
 
				 /** @brief Type declaration for a single IANA cipher suite ID