Annotation of embedaddon/ipsec-tools/src/racoon/proposal.h, revision 1.1.1.1
1.1 misho 1: /* $NetBSD: proposal.h,v 1.7 2010/02/09 23:05:16 wiz Exp $ */
2:
3: /* Id: proposal.h,v 1.5 2004/06/11 16:00:17 ludvigm Exp */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifndef _PROPOSAL_H
35: #define _PROPOSAL_H
36:
37: #include <sys/queue.h>
38:
39: /*
40: * A. chained list of transform, only for single proto_id
41: * (this is same as set of transforms in single proposal payload)
42: * B. proposal. this will point to multiple (A) items (order is important
43: * here so pointer to (A) must be ordered array, or chained list).
44: * this covers multiple proposal on a packet if proposal # is the same.
45: * C. finally, (B) needs to be connected as chained list.
46: *
47: * head ---> prop[.......] ---> prop[...] ---> prop[...] ---> ...
48: * | | | |
49: * | | | +- proto4 <== must preserve order here
50: * | | +--- proto3
51: * | +----- proto2
52: * +------- proto1[trans1, trans2, trans3, ...]
53: *
54: * incoming packets needs to be parsed to construct the same structure
55: * (check "prop_pair" too).
56: */
57: /* SA proposal specification */
58: struct saprop {
59: int prop_no;
60: time_t lifetime;
61: int lifebyte;
62: int pfs_group; /* pfs group */
63: int claim; /* flag to send RESPONDER-LIFETIME. */
64: /* XXX assumed DOI values are 1 or 2. */
65: #ifdef HAVE_SECCTX
66: struct security_ctx sctx; /* security context structure */
67: #endif
68: struct saproto *head;
69: struct saprop *next;
70: };
71:
72: /* SA protocol specification */
73: struct saproto {
74: int proto_id;
75: size_t spisize; /* spi size */
76: int encmode; /* encryption mode */
77:
78: int udp_encap; /* UDP encapsulation */
79:
80: /* XXX should be vchar_t * */
81: /* these are network byte order */
82: u_int32_t spi; /* inbound. i.e. --SA-> me */
83: u_int32_t spi_p; /* outbound. i.e. me -SA-> */
84:
85: vchar_t *keymat; /* KEYMAT */
86: vchar_t *keymat_p; /* peer's KEYMAT */
87:
88: int reqid_out; /* request id (outbound) */
89: int reqid_in; /* request id (inbound) */
90:
91: int ok; /* if 1, success to set SA in kernel */
92:
93: struct satrns *head; /* header of transform */
94: struct saproto *next; /* next protocol */
95: };
96:
97: /* SA algorithm specification */
98: struct satrns {
99: int trns_no;
100: int trns_id; /* transform id */
101: int encklen; /* key length of encryption algorithm */
102: int authtype; /* authentication algorithm if ESP */
103:
104: struct satrns *next; /* next transform */
105: };
106:
107: /*
108: * prop_pair: (proposal number, transform number)
109: *
110: * (SA (P1 (T1 T2)) (P1' (T1' T2')) (P2 (T1" T2")))
111: *
112: * p[1] p[2]
113: * top (P1,T1) (P2",T1")
114: * | |tnext |tnext
115: * | v v
116: * | (P1, T2) (P2", T2")
117: * v next
118: * (P1', T1')
119: * |tnext
120: * v
121: * (P1', T2')
122: *
123: * when we convert it to saprop in prop2saprop(), it should become like:
124: *
125: * (next)
126: * saprop --------------------> saprop
127: * | (head) | (head)
128: * +-> saproto +-> saproto
129: * | | (head) | (head)
130: * | +-> satrns(P1 T1) +-> satrns(P2" T1")
131: * | | (next) | (next)
132: * | v v
133: * | satrns(P1, T2) satrns(P2", T2")
134: * v (next)
135: * saproto
136: * | (head)
137: * +-> satrns(P1' T1')
138: * | (next)
139: * v
140: * satrns(P1', T2')
141: */
142: struct prop_pair {
143: struct isakmp_pl_p *prop;
144: struct isakmp_pl_t *trns;
145: struct prop_pair *next; /* next prop_pair with same proposal # */
146: /* (bundle case) */
147: struct prop_pair *tnext; /* next prop_pair in same proposal payload */
148: /* (multiple tranform case) */
149: };
150: #define MAXPROPPAIRLEN 256 /* It's enough because field size is 1 octet. */
151:
152: /*
153: * Lifetime length selection refered to the section 4.5.4 of RFC2407. It does
154: * not completely conform to the description of RFC. There are four types of
155: * the behavior. If the value of "proposal_check" in "remote" directive is;
156: * "obey"
157: * the responder obey the initiator anytime.
158: * "strict"
159: * If the responder's length is longer than the initiator's one, the
160: * responder uses the intitiator's one. Otherwise rejects the proposal.
161: * If PFS is not required by the responder, the responder obeys the
162: * proposal. If PFS is required by both sides and if the responder's
163: * group is not equal to the initiator's one, then the responder reject
164: * the proposal.
165: * "claim"
166: * If the responder's length is longer than the initiator's one, the
167: * responder use the intitiator's one. If the responder's length is
168: * shorter than the initiator's one, the responder uses own length
169: * AND send RESPONDER-LIFETIME notify message to a initiator in the
170: * case of lifetime.
171: * About PFS, this directive is same as "strict".
172: * "exact"
173: * If the initiator's length is not equal to the responder's one, the
174: * responder rejects the proposal.
175: * If PFS is required and if the responder's group is not equal to
176: * the initiator's one, then the responder reject the proposal.
177: * XXX should be defined the behavior of key length.
178: */
179: #define PROP_CHECK_OBEY 1
180: #define PROP_CHECK_STRICT 2
181: #define PROP_CHECK_CLAIM 3
182: #define PROP_CHECK_EXACT 4
183:
184: struct sainfo;
185: struct ph1handle;
186: struct secpolicy;
187: extern struct saprop *newsaprop __P((void));
188: extern struct saproto *newsaproto __P((void));
189: extern void inssaprop __P((struct saprop **, struct saprop *));
190: extern void inssaproto __P((struct saprop *, struct saproto *));
191: extern void inssaprotorev __P((struct saprop *, struct saproto *));
192: extern struct satrns *newsatrns __P((void));
193: extern void inssatrns __P((struct saproto *, struct satrns *));
194: extern struct saprop *cmpsaprop_alloc __P((struct ph1handle *,
195: const struct saprop *, const struct saprop *, int));
196: extern int cmpsaprop __P((const struct saprop *, const struct saprop *));
197: extern int cmpsatrns __P((int, const struct satrns *, const struct satrns *, int));
198: extern int set_satrnsbysainfo __P((struct saproto *, struct sainfo *));
199: extern struct saprop *aproppair2saprop __P((struct prop_pair *));
200: extern void free_proppair __P((struct prop_pair **));
201: extern void flushsaprop __P((struct saprop *));
202: extern void flushsaproto __P((struct saproto *));
203: extern void flushsatrns __P((struct satrns *));
204: extern void printsaprop __P((const int, const struct saprop *));
205: extern void printsaprop0 __P((const int, const struct saprop *));
206: extern void printsaproto __P((const int, const struct saproto *));
207: extern void printsatrns __P((const int, const int, const struct satrns *));
208: extern void print_proppair0 __P((int, struct prop_pair *, int));
209: extern void print_proppair __P((int, struct prop_pair *));
210: extern int set_proposal_from_policy __P((struct ph2handle *,
211: struct secpolicy *, struct secpolicy *));
212: extern int set_proposal_from_proposal __P((struct ph2handle *));
213:
214: #endif /* _PROPOSAL_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to proposal.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon