Return to proposal.h CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon

ipsec-tools

    1: /*	$NetBSD: proposal.h,v 1.7 2010/02/09 23:05:16 wiz Exp $	*/
    2: 
    3: /* Id: proposal.h,v 1.5 2004/06/11 16:00:17 ludvigm Exp */
    4: 
    5: /*
    6:  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    7:  * All rights reserved.
    8:  * 
    9:  * Redistribution and use in source and binary forms, with or without
   10:  * modification, are permitted provided that the following conditions
   11:  * are met:
   12:  * 1. Redistributions of source code must retain the above copyright
   13:  *    notice, this list of conditions and the following disclaimer.
   14:  * 2. Redistributions in binary form must reproduce the above copyright
   15:  *    notice, this list of conditions and the following disclaimer in the
   16:  *    documentation and/or other materials provided with the distribution.
   17:  * 3. Neither the name of the project nor the names of its contributors
   18:  *    may be used to endorse or promote products derived from this software
   19:  *    without specific prior written permission.
   20:  * 
   21:  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   22:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   23:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   24:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   25:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   26:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   27:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   28:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   29:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   30:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   31:  * SUCH DAMAGE.
   32:  */
   33: 
   34: #ifndef _PROPOSAL_H
   35: #define _PROPOSAL_H
   36: 
   37: #include <sys/queue.h>
   38: 
   39: /*
   40:  *   A. chained list of transform, only for single proto_id
   41:  *      (this is same as set of transforms in single proposal payload)
   42:  *   B. proposal.  this will point to multiple (A) items (order is important
   43:  *      here so pointer to (A) must be ordered array, or chained list). 
   44:  *      this covers multiple proposal on a packet if proposal # is the same.
   45:  *   C. finally, (B) needs to be connected as chained list.
   46:  * 
   47:  * 	head ---> prop[.......] ---> prop[...] ---> prop[...] ---> ...
   48:  * 	               | | | |
   49:  * 	               | | | +- proto4  <== must preserve order here
   50:  * 	               | | +--- proto3
   51:  * 	               | +----- proto2
   52:  * 	               +------- proto1[trans1, trans2, trans3, ...]
   53:  *
   54:  *   incoming packets needs to be parsed to construct the same structure
   55:  *   (check "prop_pair" too).
   56:  */
   57: /* SA proposal specification */
   58: struct saprop {
   59: 	int prop_no;
   60: 	time_t lifetime;
   61: 	int lifebyte;
   62: 	int pfs_group;			/* pfs group */
   63: 	int claim;			/* flag to send RESPONDER-LIFETIME. */
   64: 					/* XXX assumed DOI values are 1 or 2. */
   65: #ifdef HAVE_SECCTX
   66: 	struct security_ctx sctx;       /* security context structure */
   67: #endif
   68: 	struct saproto *head;
   69: 	struct saprop *next;
   70: };
   71: 
   72: /* SA protocol specification */
   73: struct saproto {
   74: 	int proto_id;
   75: 	size_t spisize;			/* spi size */
   76: 	int encmode;			/* encryption mode */
   77: 
   78: 	int udp_encap;			/* UDP encapsulation */
   79: 
   80: 	/* XXX should be vchar_t * */
   81: 	/* these are network byte order */
   82: 	u_int32_t spi;			/* inbound. i.e. --SA-> me */
   83: 	u_int32_t spi_p;		/* outbound. i.e. me -SA-> */
   84: 
   85: 	vchar_t *keymat;		/* KEYMAT */
   86: 	vchar_t *keymat_p;		/* peer's KEYMAT */
   87: 
   88: 	int reqid_out;			/* request id (outbound) */
   89: 	int reqid_in;			/* request id (inbound) */
   90: 
   91: 	int ok;				/* if 1, success to set SA in kernel */
   92: 
   93: 	struct satrns *head;		/* header of transform */
   94: 	struct saproto *next;		/* next protocol */
   95: };
   96: 
   97: /* SA algorithm specification */
   98: struct satrns {
   99: 	int trns_no;
  100: 	int trns_id;			/* transform id */
  101: 	int encklen;			/* key length of encryption algorithm */
  102: 	int authtype;			/* authentication algorithm if ESP */
  103: 
  104: 	struct satrns *next;		/* next transform */
  105: };
  106: 
  107: /*
  108:  * prop_pair: (proposal number, transform number)
  109:  *
  110:  *	(SA (P1 (T1 T2)) (P1' (T1' T2')) (P2 (T1" T2")))
  111:  *
  112:  *              p[1]      p[2]
  113:  *      top     (P1,T1)   (P2",T1")
  114:  *		 |  |tnext     |tnext
  115:  *		 |  v          v
  116:  *		 | (P1, T2)   (P2", T2")
  117:  *		 v next
  118:  *		(P1', T1')
  119:  *		    |tnext
  120:  *		    v
  121:  *		   (P1', T2')
  122:  *
  123:  * when we convert it to saprop in prop2saprop(), it should become like:
  124:  * 
  125:  * 		 (next)
  126:  * 	saprop --------------------> saprop	
  127:  * 	 | (head)                     | (head)
  128:  * 	 +-> saproto                  +-> saproto
  129:  * 	      | | (head)                     | (head)
  130:  * 	      | +-> satrns(P1 T1)            +-> satrns(P2" T1")
  131:  * 	      |      | (next)                     | (next)
  132:  * 	      |      v                            v
  133:  * 	      |     satrns(P1, T2)               satrns(P2", T2")
  134:  * 	      v (next)
  135:  * 	     saproto
  136:  * 		| (head)
  137:  * 		+-> satrns(P1' T1')
  138:  * 		     | (next)
  139:  * 		     v
  140:  * 		    satrns(P1', T2')
  141:  */
  142: struct prop_pair {
  143: 	struct isakmp_pl_p *prop;
  144: 	struct isakmp_pl_t *trns;
  145: 	struct prop_pair *next;	/* next prop_pair with same proposal # */
  146: 				/* (bundle case) */
  147: 	struct prop_pair *tnext; /* next prop_pair in same proposal payload */
  148: 				/* (multiple tranform case) */
  149: };
  150: #define MAXPROPPAIRLEN	256	/* It's enough because field size is 1 octet. */
  151: 
  152: /*
  153:  * Lifetime length selection refered to the section 4.5.4 of RFC2407.  It does
  154:  * not completely conform to the description of RFC.  There are four types of
  155:  * the behavior.  If the value of "proposal_check" in "remote" directive is;
  156:  *     "obey"
  157:  *         the responder obey the initiator anytime.
  158:  *     "strict"
  159:  *         If the responder's length is longer than the initiator's one, the
  160:  *         responder uses the intitiator's one.  Otherwise rejects the proposal.
  161:  *         If PFS is not required by the responder, the responder obeys the
  162:  *         proposal.  If PFS is required by both sides and if the responder's
  163:  *         group is not equal to the initiator's one, then the responder reject
  164:  *         the proposal.
  165:  *     "claim"
  166:  *         If the responder's length is longer than the initiator's one, the
  167:  *         responder use the intitiator's one.  If the responder's length is
  168:  *         shorter than the initiator's one, the responder uses own length
  169:  *         AND send RESPONDER-LIFETIME notify message to a initiator in the
  170:  *         case of lifetime.
  171:  *         About PFS, this directive is same as "strict".
  172:  *     "exact"
  173:  *         If the initiator's length is not equal to the responder's one, the
  174:  *         responder rejects the proposal.
  175:  *         If PFS is required and if the responder's group is not equal to
  176:  *         the initiator's one, then the responder reject the proposal.
  177:  * XXX should be defined the behavior of key length.
  178:  */
  179: #define PROP_CHECK_OBEY		1
  180: #define PROP_CHECK_STRICT	2
  181: #define PROP_CHECK_CLAIM	3
  182: #define PROP_CHECK_EXACT	4
  183: 
  184: struct sainfo;
  185: struct ph1handle;
  186: struct secpolicy;
  187: extern struct saprop *newsaprop __P((void));
  188: extern struct saproto *newsaproto __P((void));
  189: extern void inssaprop __P((struct saprop **, struct saprop *));
  190: extern void inssaproto __P((struct saprop *, struct saproto *));
  191: extern void inssaprotorev __P((struct saprop *, struct saproto *));
  192: extern struct satrns *newsatrns __P((void));
  193: extern void inssatrns __P((struct saproto *, struct satrns *));
  194: extern struct saprop *cmpsaprop_alloc __P((struct ph1handle *,
  195: 	const struct saprop *, const struct saprop *, int));
  196: extern int cmpsaprop __P((const struct saprop *, const struct saprop *));
  197: extern int cmpsatrns __P((int, const struct satrns *, const struct satrns *, int));
  198: extern int set_satrnsbysainfo __P((struct saproto *, struct sainfo *));
  199: extern struct saprop *aproppair2saprop __P((struct prop_pair *));
  200: extern void free_proppair __P((struct prop_pair **));
  201: extern void flushsaprop __P((struct saprop *));
  202: extern void flushsaproto __P((struct saproto *));
  203: extern void flushsatrns __P((struct satrns *));
  204: extern void printsaprop __P((const int, const struct saprop *));
  205: extern void printsaprop0 __P((const int, const struct saprop *));
  206: extern void printsaproto __P((const int, const struct saproto *));
  207: extern void printsatrns __P((const int, const int, const struct satrns *));
  208: extern void print_proppair0 __P((int, struct prop_pair *, int));
  209: extern void print_proppair __P((int, struct prop_pair *));
  210: extern int set_proposal_from_policy __P((struct ph2handle *,
  211: 	struct secpolicy *, struct secpolicy *));
  212: extern int set_proposal_from_proposal __P((struct ph2handle *));
  213: 
  214: #endif /* _PROPOSAL_H */