Return to payload.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / encoding / payloads |
1.1 misho 1: /* 2: * Copyright (C) 2007-2015 Tobias Brunner 3: * Copyright (C) 2005-2006 Martin Willi 4: * Copyright (C) 2005 Jan Hutter 5: * HSR Hochschule fuer Technik Rapperswil 6: * 7: * This program is free software; you can redistribute it and/or modify it 8: * under the terms of the GNU General Public License as published by the 9: * Free Software Foundation; either version 2 of the License, or (at your 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 11: * 12: * This program is distributed in the hope that it will be useful, but 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15: * for more details. 16: */ 17: 18: /** 19: * @defgroup payload payload 20: * @{ @ingroup payloads 21: */ 22: 23: #ifndef PAYLOAD_H_ 24: #define PAYLOAD_H_ 25: 26: typedef enum payload_type_t payload_type_t; 27: typedef struct payload_t payload_t; 28: 29: #include <library.h> 30: #include <encoding/payloads/encodings.h> 31: 32: /** 33: * Domain of interpretation used by IPsec/IKEv1 34: */ 35: #define IKEV1_DOI_IPSEC 1 36: 37: /** 38: * Payload-Types of an IKE message. 39: * 40: * Header and substructures are also defined as 41: * payload types with values from PRIVATE USE space. 42: */ 43: enum payload_type_t { 44: 45: /** 46: * End of payload list in next_payload 47: */ 48: PL_NONE = 0, 49: 50: /** 51: * The security association (SA) payload containing proposals. 52: */ 53: PLV1_SECURITY_ASSOCIATION = 1, 54: 55: /** 56: * The proposal payload, containing transforms. 57: */ 58: PLV1_PROPOSAL = 2, 59: 60: /** 61: * The transform payload. 62: */ 63: PLV1_TRANSFORM = 3, 64: 65: /** 66: * The key exchange (KE) payload containing diffie-hellman values. 67: */ 68: PLV1_KEY_EXCHANGE = 4, 69: 70: /** 71: * ID payload. 72: */ 73: PLV1_ID = 5, 74: 75: /** 76: * Certificate payload with certificates (CERT). 77: */ 78: PLV1_CERTIFICATE = 6, 79: 80: /** 81: * Certificate request payload. 82: */ 83: PLV1_CERTREQ = 7, 84: 85: /** 86: * Hash payload. 87: */ 88: PLV1_HASH = 8, 89: 90: /** 91: * Signature payload 92: */ 93: PLV1_SIGNATURE = 9, 94: 95: /** 96: * Nonce payload. 97: */ 98: PLV1_NONCE = 10, 99: 100: /** 101: * Notification payload. 102: */ 103: PLV1_NOTIFY = 11, 104: 105: /** 106: * Delete payload. 107: */ 108: PLV1_DELETE = 12, 109: 110: /** 111: * Vendor id payload. 112: */ 113: PLV1_VENDOR_ID = 13, 114: 115: /** 116: * Attribute payload (ISAKMP Mode Config, aka configuration payload. 117: */ 118: PLV1_CONFIGURATION = 14, 119: 120: /** 121: * NAT discovery payload (NAT-D). 122: */ 123: PLV1_NAT_D = 20, 124: 125: /** 126: * NAT original address payload (NAT-OA). 127: */ 128: PLV1_NAT_OA = 21, 129: 130: /** 131: * The security association (SA) payload containing proposals. 132: */ 133: PLV2_SECURITY_ASSOCIATION = 33, 134: 135: /** 136: * The key exchange (KE) payload containing diffie-hellman values. 137: */ 138: PLV2_KEY_EXCHANGE = 34, 139: 140: /** 141: * Identification for the original initiator (IDi). 142: */ 143: PLV2_ID_INITIATOR = 35, 144: 145: /** 146: * Identification for the original responder (IDr). 147: */ 148: PLV2_ID_RESPONDER = 36, 149: 150: /** 151: * Certificate payload with certificates (CERT). 152: */ 153: PLV2_CERTIFICATE = 37, 154: 155: /** 156: * Certificate request payload (CERTREQ). 157: */ 158: PLV2_CERTREQ = 38, 159: 160: /** 161: * Authentication payload contains auth data (AUTH). 162: */ 163: PLV2_AUTH = 39, 164: 165: /** 166: * Nonces, for initiator and responder (Ni, Nr, N) 167: */ 168: PLV2_NONCE = 40, 169: 170: /** 171: * Notify payload (N). 172: */ 173: PLV2_NOTIFY = 41, 174: 175: /** 176: * Delete payload (D) 177: */ 178: PLV2_DELETE = 42, 179: 180: /** 181: * Vendor id payload (V). 182: */ 183: PLV2_VENDOR_ID = 43, 184: 185: /** 186: * Traffic selector for the original initiator (TSi). 187: */ 188: PLV2_TS_INITIATOR = 44, 189: 190: /** 191: * Traffic selector for the original responder (TSr). 192: */ 193: PLV2_TS_RESPONDER = 45, 194: 195: /** 196: * Encrypted payload, contains other payloads (E). 197: */ 198: PLV2_ENCRYPTED = 46, 199: 200: /** 201: * Configuration payload (CP). 202: */ 203: PLV2_CONFIGURATION = 47, 204: 205: /** 206: * Extensible authentication payload (EAP). 207: */ 208: PLV2_EAP = 48, 209: 210: /** 211: * Generic Secure Password Method (GSPM). 212: */ 213: PLV2_GSPM = 49, 214: 215: /** 216: * Group Identification (draft-yeung-g-ikev2) 217: */ 218: PLV2_IDG = 50, 219: 220: /** 221: * Group Security Association (draft-yeung-g-ikev2) 222: */ 223: PLV2_GSA = 51, 224: 225: /** 226: * Key Download (draft-yeung-g-ikev2) 227: */ 228: PLV2_KD = 52, 229: 230: /** 231: * Encrypted fragment payload (SKF), RFC 7383 232: */ 233: PLV2_FRAGMENT = 53, 234: 235: #ifdef ME 236: /** 237: * Identification payload for peers has a value from 238: * the PRIVATE USE space. 239: */ 240: PLV2_ID_PEER = 128, 241: #endif /* ME */ 242: 243: /** 244: * NAT discovery payload (NAT-D) (drafts). 245: */ 246: PLV1_NAT_D_DRAFT_00_03 = 130, 247: 248: /** 249: * NAT original address payload (NAT-OA) (drafts). 250: */ 251: PLV1_NAT_OA_DRAFT_00_03 = 131, 252: 253: /** 254: * IKEv1 fragment (proprietary IKEv1 extension) 255: */ 256: PLV1_FRAGMENT = 132, 257: 258: /** 259: * Header has a value of PRIVATE USE space. 260: * 261: * This type and all the following are never sent over wire and are 262: * used internally only. 263: */ 264: PL_HEADER = 256, 265: 266: /** 267: * Used to handle unknown or invalid payload types. 268: */ 269: PL_UNKNOWN, 270: 271: /** 272: * PLV2_PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload. 273: */ 274: PLV2_PROPOSAL_SUBSTRUCTURE, 275: 276: /** 277: * PLV1_PROPOSAL_SUBSTRUCTURE, IKEv1 proposals in a SA payload. 278: */ 279: PLV1_PROPOSAL_SUBSTRUCTURE, 280: 281: /** 282: * PLV2_TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure. 283: */ 284: PLV2_TRANSFORM_SUBSTRUCTURE, 285: 286: /** 287: * PLV1_TRANSFORM_SUBSTRUCTURE, IKEv1 transforms in a proposal substructure. 288: */ 289: PLV1_TRANSFORM_SUBSTRUCTURE, 290: 291: /** 292: * PLV2_TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform. 293: */ 294: PLV2_TRANSFORM_ATTRIBUTE, 295: 296: /** 297: * PLV1_TRANSFORM_ATTRIBUTE, IKEv1 attribute in a transform. 298: */ 299: PLV1_TRANSFORM_ATTRIBUTE, 300: 301: /** 302: * PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload. 303: */ 304: PLV2_TRAFFIC_SELECTOR_SUBSTRUCTURE, 305: 306: /** 307: * PLV2_CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. 308: */ 309: PLV2_CONFIGURATION_ATTRIBUTE, 310: 311: /** 312: * PLV1_CONFIGURATION_ATTRIBUTE, IKEv1 attribute in a configuration payload. 313: */ 314: PLV1_CONFIGURATION_ATTRIBUTE, 315: 316: /** 317: * This is not really a payload, but rather the complete IKEv1 message. 318: */ 319: PLV1_ENCRYPTED, 320: }; 321: 322: /** 323: * enum names for payload_type_t. 324: */ 325: extern enum_name_t *payload_type_names; 326: 327: /** 328: * enum names for payload_type_t in a short form. 329: */ 330: extern enum_name_t *payload_type_short_names; 331: 332: /** 333: * Generic interface for all payload types (incl.header and substructures). 334: * 335: * To handle all kinds of payloads on a generic way, this interface must 336: * be implemented by every payload. This allows parser_t/generator_t a simple 337: * handling of all payloads. 338: */ 339: struct payload_t { 340: 341: /** 342: * Get encoding rules for this payload. 343: * 344: * @param rules location to store pointer to rules 345: * @return number of rules 346: */ 347: int (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules); 348: 349: /** 350: * Get non-variable header length for a variable length payload. 351: * 352: * @return fixed length of the payload 353: */ 354: int (*get_header_length)(payload_t *this); 355: 356: /** 357: * Get type of payload. 358: * 359: * @return type of this payload 360: */ 361: payload_type_t (*get_type) (payload_t *this); 362: 363: /** 364: * Get type of next payload or PL_NONE (0) if this is the last one. 365: * 366: * @return type of next payload 367: */ 368: payload_type_t (*get_next_type) (payload_t *this); 369: 370: /** 371: * Set type of next payload. 372: * 373: * @param type type of next payload 374: */ 375: void (*set_next_type) (payload_t *this,payload_type_t type); 376: 377: /** 378: * Get length of payload. 379: * 380: * @return length of this payload 381: */ 382: size_t (*get_length) (payload_t *this); 383: 384: /** 385: * Verifies payload structure and makes consistency check. 386: * 387: * @return SUCCESS, FAILED if consistency not given 388: */ 389: status_t (*verify) (payload_t *this); 390: 391: /** 392: * Destroys a payload and all included substructures. 393: */ 394: void (*destroy) (payload_t *this); 395: }; 396: 397: /** 398: * Create an empty payload. 399: * 400: * Useful for the parser, who wants a generic constructor for all payloads. 401: * It supports all payload_t methods. If a payload type is not known, 402: * an unknown_payload is created with the chunk of data in it. 403: * 404: * @param type type of the payload to create 405: * @return payload_t object 406: */ 407: payload_t *payload_create(payload_type_t type); 408: 409: /** 410: * Check if a specific payload is implemented, or handled as unknown payload. 411: * 412: * @param type type of the payload to check 413: * @param maj_ver major IKE version (use 0 to skip version check) 414: * @return FALSE if payload type handled as unknown payload 415: */ 416: bool payload_is_known(payload_type_t type, uint8_t maj_ver); 417: 418: /** 419: * Get the value field in a payload using encoding rules. 420: * 421: * @param payload payload to look up a field 422: * @param type encoding rule type to look up 423: * @param skip number rules of type to skip, 0 to get first 424: * @return type specific value pointer, NULL if not found 425: */ 426: void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip); 427: 428: #endif /** PAYLOAD_H_ @}*/