Annotation of embedaddon/ipsec-tools/src/racoon/proposal.h, revision 1.1
1.1 ! misho 1: /* $NetBSD: proposal.h,v 1.7 2010/02/09 23:05:16 wiz Exp $ */
! 2:
! 3: /* Id: proposal.h,v 1.5 2004/06/11 16:00:17 ludvigm Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
! 7: * All rights reserved.
! 8: *
! 9: * Redistribution and use in source and binary forms, with or without
! 10: * modification, are permitted provided that the following conditions
! 11: * are met:
! 12: * 1. Redistributions of source code must retain the above copyright
! 13: * notice, this list of conditions and the following disclaimer.
! 14: * 2. Redistributions in binary form must reproduce the above copyright
! 15: * notice, this list of conditions and the following disclaimer in the
! 16: * documentation and/or other materials provided with the distribution.
! 17: * 3. Neither the name of the project nor the names of its contributors
! 18: * may be used to endorse or promote products derived from this software
! 19: * without specific prior written permission.
! 20: *
! 21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 31: * SUCH DAMAGE.
! 32: */
! 33:
! 34: #ifndef _PROPOSAL_H
! 35: #define _PROPOSAL_H
! 36:
! 37: #include <sys/queue.h>
! 38:
! 39: /*
! 40: * A. chained list of transform, only for single proto_id
! 41: * (this is same as set of transforms in single proposal payload)
! 42: * B. proposal. this will point to multiple (A) items (order is important
! 43: * here so pointer to (A) must be ordered array, or chained list).
! 44: * this covers multiple proposal on a packet if proposal # is the same.
! 45: * C. finally, (B) needs to be connected as chained list.
! 46: *
! 47: * head ---> prop[.......] ---> prop[...] ---> prop[...] ---> ...
! 48: * | | | |
! 49: * | | | +- proto4 <== must preserve order here
! 50: * | | +--- proto3
! 51: * | +----- proto2
! 52: * +------- proto1[trans1, trans2, trans3, ...]
! 53: *
! 54: * incoming packets needs to be parsed to construct the same structure
! 55: * (check "prop_pair" too).
! 56: */
! 57: /* SA proposal specification */
! 58: struct saprop {
! 59: int prop_no;
! 60: time_t lifetime;
! 61: int lifebyte;
! 62: int pfs_group; /* pfs group */
! 63: int claim; /* flag to send RESPONDER-LIFETIME. */
! 64: /* XXX assumed DOI values are 1 or 2. */
! 65: #ifdef HAVE_SECCTX
! 66: struct security_ctx sctx; /* security context structure */
! 67: #endif
! 68: struct saproto *head;
! 69: struct saprop *next;
! 70: };
! 71:
! 72: /* SA protocol specification */
! 73: struct saproto {
! 74: int proto_id;
! 75: size_t spisize; /* spi size */
! 76: int encmode; /* encryption mode */
! 77:
! 78: int udp_encap; /* UDP encapsulation */
! 79:
! 80: /* XXX should be vchar_t * */
! 81: /* these are network byte order */
! 82: u_int32_t spi; /* inbound. i.e. --SA-> me */
! 83: u_int32_t spi_p; /* outbound. i.e. me -SA-> */
! 84:
! 85: vchar_t *keymat; /* KEYMAT */
! 86: vchar_t *keymat_p; /* peer's KEYMAT */
! 87:
! 88: int reqid_out; /* request id (outbound) */
! 89: int reqid_in; /* request id (inbound) */
! 90:
! 91: int ok; /* if 1, success to set SA in kernel */
! 92:
! 93: struct satrns *head; /* header of transform */
! 94: struct saproto *next; /* next protocol */
! 95: };
! 96:
! 97: /* SA algorithm specification */
! 98: struct satrns {
! 99: int trns_no;
! 100: int trns_id; /* transform id */
! 101: int encklen; /* key length of encryption algorithm */
! 102: int authtype; /* authentication algorithm if ESP */
! 103:
! 104: struct satrns *next; /* next transform */
! 105: };
! 106:
! 107: /*
! 108: * prop_pair: (proposal number, transform number)
! 109: *
! 110: * (SA (P1 (T1 T2)) (P1' (T1' T2')) (P2 (T1" T2")))
! 111: *
! 112: * p[1] p[2]
! 113: * top (P1,T1) (P2",T1")
! 114: * | |tnext |tnext
! 115: * | v v
! 116: * | (P1, T2) (P2", T2")
! 117: * v next
! 118: * (P1', T1')
! 119: * |tnext
! 120: * v
! 121: * (P1', T2')
! 122: *
! 123: * when we convert it to saprop in prop2saprop(), it should become like:
! 124: *
! 125: * (next)
! 126: * saprop --------------------> saprop
! 127: * | (head) | (head)
! 128: * +-> saproto +-> saproto
! 129: * | | (head) | (head)
! 130: * | +-> satrns(P1 T1) +-> satrns(P2" T1")
! 131: * | | (next) | (next)
! 132: * | v v
! 133: * | satrns(P1, T2) satrns(P2", T2")
! 134: * v (next)
! 135: * saproto
! 136: * | (head)
! 137: * +-> satrns(P1' T1')
! 138: * | (next)
! 139: * v
! 140: * satrns(P1', T2')
! 141: */
! 142: struct prop_pair {
! 143: struct isakmp_pl_p *prop;
! 144: struct isakmp_pl_t *trns;
! 145: struct prop_pair *next; /* next prop_pair with same proposal # */
! 146: /* (bundle case) */
! 147: struct prop_pair *tnext; /* next prop_pair in same proposal payload */
! 148: /* (multiple tranform case) */
! 149: };
! 150: #define MAXPROPPAIRLEN 256 /* It's enough because field size is 1 octet. */
! 151:
! 152: /*
! 153: * Lifetime length selection refered to the section 4.5.4 of RFC2407. It does
! 154: * not completely conform to the description of RFC. There are four types of
! 155: * the behavior. If the value of "proposal_check" in "remote" directive is;
! 156: * "obey"
! 157: * the responder obey the initiator anytime.
! 158: * "strict"
! 159: * If the responder's length is longer than the initiator's one, the
! 160: * responder uses the intitiator's one. Otherwise rejects the proposal.
! 161: * If PFS is not required by the responder, the responder obeys the
! 162: * proposal. If PFS is required by both sides and if the responder's
! 163: * group is not equal to the initiator's one, then the responder reject
! 164: * the proposal.
! 165: * "claim"
! 166: * If the responder's length is longer than the initiator's one, the
! 167: * responder use the intitiator's one. If the responder's length is
! 168: * shorter than the initiator's one, the responder uses own length
! 169: * AND send RESPONDER-LIFETIME notify message to a initiator in the
! 170: * case of lifetime.
! 171: * About PFS, this directive is same as "strict".
! 172: * "exact"
! 173: * If the initiator's length is not equal to the responder's one, the
! 174: * responder rejects the proposal.
! 175: * If PFS is required and if the responder's group is not equal to
! 176: * the initiator's one, then the responder reject the proposal.
! 177: * XXX should be defined the behavior of key length.
! 178: */
! 179: #define PROP_CHECK_OBEY 1
! 180: #define PROP_CHECK_STRICT 2
! 181: #define PROP_CHECK_CLAIM 3
! 182: #define PROP_CHECK_EXACT 4
! 183:
! 184: struct sainfo;
! 185: struct ph1handle;
! 186: struct secpolicy;
! 187: extern struct saprop *newsaprop __P((void));
! 188: extern struct saproto *newsaproto __P((void));
! 189: extern void inssaprop __P((struct saprop **, struct saprop *));
! 190: extern void inssaproto __P((struct saprop *, struct saproto *));
! 191: extern void inssaprotorev __P((struct saprop *, struct saproto *));
! 192: extern struct satrns *newsatrns __P((void));
! 193: extern void inssatrns __P((struct saproto *, struct satrns *));
! 194: extern struct saprop *cmpsaprop_alloc __P((struct ph1handle *,
! 195: const struct saprop *, const struct saprop *, int));
! 196: extern int cmpsaprop __P((const struct saprop *, const struct saprop *));
! 197: extern int cmpsatrns __P((int, const struct satrns *, const struct satrns *, int));
! 198: extern int set_satrnsbysainfo __P((struct saproto *, struct sainfo *));
! 199: extern struct saprop *aproppair2saprop __P((struct prop_pair *));
! 200: extern void free_proppair __P((struct prop_pair **));
! 201: extern void flushsaprop __P((struct saprop *));
! 202: extern void flushsaproto __P((struct saproto *));
! 203: extern void flushsatrns __P((struct satrns *));
! 204: extern void printsaprop __P((const int, const struct saprop *));
! 205: extern void printsaprop0 __P((const int, const struct saprop *));
! 206: extern void printsaproto __P((const int, const struct saproto *));
! 207: extern void printsatrns __P((const int, const int, const struct satrns *));
! 208: extern void print_proppair0 __P((int, struct prop_pair *, int));
! 209: extern void print_proppair __P((int, struct prop_pair *));
! 210: extern int set_proposal_from_policy __P((struct ph2handle *,
! 211: struct secpolicy *, struct secpolicy *));
! 212: extern int set_proposal_from_proposal __P((struct ph2handle *));
! 213:
! 214: #endif /* _PROPOSAL_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to proposal.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon