Return to esp_packet.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec |
1.1 ! misho 1: /* ! 2: * Copyright (C) 2012 Tobias Brunner ! 3: * Copyright (C) 2012 Giuliano Grassi ! 4: * Copyright (C) 2012 Ralf Sager ! 5: * HSR Hochschule fuer Technik Rapperswil ! 6: * ! 7: * This program is free software; you can redistribute it and/or modify it ! 8: * under the terms of the GNU General Public License as published by the ! 9: * Free Software Foundation; either version 2 of the License, or (at your ! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. ! 11: * ! 12: * This program is distributed in the hope that it will be useful, but ! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ! 15: * for more details. ! 16: */ ! 17: ! 18: /** ! 19: * @defgroup esp_packet esp_packet ! 20: * @{ @ingroup libipsec ! 21: */ ! 22: ! 23: #ifndef ESP_PACKET_H_ ! 24: #define ESP_PACKET_H_ ! 25: ! 26: #include "ip_packet.h" ! 27: #include "esp_context.h" ! 28: ! 29: #include <library.h> ! 30: #include <networking/host.h> ! 31: #include <networking/packet.h> ! 32: ! 33: typedef struct esp_packet_t esp_packet_t; ! 34: ! 35: /** ! 36: * ESP packet ! 37: */ ! 38: struct esp_packet_t { ! 39: ! 40: /** ! 41: * Implements packet_t interface to access the raw ESP packet ! 42: */ ! 43: packet_t packet; ! 44: ! 45: /** ! 46: * Get the source address of this packet ! 47: * ! 48: * @return source host ! 49: */ ! 50: host_t *(*get_source)(esp_packet_t *this); ! 51: ! 52: /** ! 53: * Get the destination address of this packet ! 54: * ! 55: * @return destination host ! 56: */ ! 57: host_t *(*get_destination)(esp_packet_t *this); ! 58: ! 59: /** ! 60: * Parse the packet header before decryption. Tries to read the SPI ! 61: * from the packet to find a corresponding SA. ! 62: * ! 63: * @param spi parsed SPI, in network byte order ! 64: * @return TRUE when successful, FALSE otherwise (e.g. when the ! 65: * length of the packet is invalid) ! 66: */ ! 67: bool (*parse_header)(esp_packet_t *this, uint32_t *spi); ! 68: ! 69: /** ! 70: * Authenticate and decrypt the packet. Also verifies the sequence number ! 71: * using the supplied ESP context and updates the anti-replay window. ! 72: * ! 73: * @param esp_context ESP context of corresponding inbound IPsec SA ! 74: * @return - SUCCESS if successfully authenticated, ! 75: * decrypted and parsed ! 76: * - PARSE_ERROR if the length of the packet or the ! 77: * padding is invalid ! 78: * - VERIFY_ERROR if the sequence number ! 79: * verification failed ! 80: * - FAILED if the ICV (MAC) check or the actual ! 81: * decryption failed ! 82: */ ! 83: status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context); ! 84: ! 85: /** ! 86: * Encapsulate and encrypt the packet. The sequence number will be generated ! 87: * using the supplied ESP context. ! 88: * ! 89: * @param esp_context ESP context of corresponding outbound IPsec SA ! 90: * @param spi SPI value to use, in network byte order ! 91: * @return - SUCCESS if encrypted ! 92: * - FAILED if sequence number cycled or any of the ! 93: * cryptographic functions failed ! 94: * - NOT_FOUND if no suitable IV generator provided ! 95: */ ! 96: status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context, ! 97: uint32_t spi); ! 98: ! 99: /** ! 100: * Get the next header field of a packet. ! 101: * ! 102: * @note Packet has to be in the decrypted state. ! 103: * ! 104: * @return next header field ! 105: */ ! 106: uint8_t (*get_next_header)(esp_packet_t *this); ! 107: ! 108: /** ! 109: * Get the plaintext payload of this packet. ! 110: * ! 111: * @return plaintext payload (internal data), ! 112: * NULL if not decrypted ! 113: */ ! 114: ip_packet_t *(*get_payload)(esp_packet_t *this); ! 115: ! 116: /** ! 117: * Extract the plaintext payload from this packet. ! 118: * ! 119: * @return plaintext payload (has to be destroyed), ! 120: * NULL if not decrypted ! 121: */ ! 122: ip_packet_t *(*extract_payload)(esp_packet_t *this); ! 123: ! 124: /** ! 125: * Destroy an esp_packet_t ! 126: */ ! 127: void (*destroy)(esp_packet_t *this); ! 128: ! 129: }; ! 130: ! 131: /** ! 132: * Create an ESP packet out of data from the wire. ! 133: * ! 134: * @param packet the packet data as received, gets owned ! 135: * @return esp_packet_t instance ! 136: */ ! 137: esp_packet_t *esp_packet_create_from_packet(packet_t *packet); ! 138: ! 139: /** ! 140: * Create an ESP packet from a plaintext payload ! 141: * ! 142: * @param src source address ! 143: * @param dst destination address ! 144: * @param payload plaintext payload, gets owned ! 145: * @return esp_packet_t instance ! 146: */ ! 147: esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst, ! 148: ip_packet_t *payload); ! 149: ! 150: #endif /** ESP_PACKET_H_ @}*/ ! 151: