![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to esp_packet.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec|
Return to esp_packet.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec |
1.1 misho 1: /*
2: * Copyright (C) 2012 Tobias Brunner
3: * Copyright (C) 2012 Giuliano Grassi
4: * Copyright (C) 2012 Ralf Sager
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup esp_packet esp_packet
20: * @{ @ingroup libipsec
21: */
22:
23: #ifndef ESP_PACKET_H_
24: #define ESP_PACKET_H_
25:
26: #include "ip_packet.h"
27: #include "esp_context.h"
28:
29: #include <library.h>
30: #include <networking/host.h>
31: #include <networking/packet.h>
32:
33: typedef struct esp_packet_t esp_packet_t;
34:
35: /**
36: * ESP packet
37: */
38: struct esp_packet_t {
39:
40: /**
41: * Implements packet_t interface to access the raw ESP packet
42: */
43: packet_t packet;
44:
45: /**
46: * Get the source address of this packet
47: *
48: * @return source host
49: */
50: host_t *(*get_source)(esp_packet_t *this);
51:
52: /**
53: * Get the destination address of this packet
54: *
55: * @return destination host
56: */
57: host_t *(*get_destination)(esp_packet_t *this);
58:
59: /**
60: * Parse the packet header before decryption. Tries to read the SPI
61: * from the packet to find a corresponding SA.
62: *
63: * @param spi parsed SPI, in network byte order
64: * @return TRUE when successful, FALSE otherwise (e.g. when the
65: * length of the packet is invalid)
66: */
67: bool (*parse_header)(esp_packet_t *this, uint32_t *spi);
68:
69: /**
70: * Authenticate and decrypt the packet. Also verifies the sequence number
71: * using the supplied ESP context and updates the anti-replay window.
72: *
73: * @param esp_context ESP context of corresponding inbound IPsec SA
74: * @return - SUCCESS if successfully authenticated,
75: * decrypted and parsed
76: * - PARSE_ERROR if the length of the packet or the
77: * padding is invalid
78: * - VERIFY_ERROR if the sequence number
79: * verification failed
80: * - FAILED if the ICV (MAC) check or the actual
81: * decryption failed
82: */
83: status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context);
84:
85: /**
86: * Encapsulate and encrypt the packet. The sequence number will be generated
87: * using the supplied ESP context.
88: *
89: * @param esp_context ESP context of corresponding outbound IPsec SA
90: * @param spi SPI value to use, in network byte order
91: * @return - SUCCESS if encrypted
92: * - FAILED if sequence number cycled or any of the
93: * cryptographic functions failed
94: * - NOT_FOUND if no suitable IV generator provided
95: */
96: status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
97: uint32_t spi);
98:
99: /**
100: * Get the next header field of a packet.
101: *
102: * @note Packet has to be in the decrypted state.
103: *
104: * @return next header field
105: */
106: uint8_t (*get_next_header)(esp_packet_t *this);
107:
108: /**
109: * Get the plaintext payload of this packet.
110: *
111: * @return plaintext payload (internal data),
112: * NULL if not decrypted
113: */
114: ip_packet_t *(*get_payload)(esp_packet_t *this);
115:
116: /**
117: * Extract the plaintext payload from this packet.
118: *
119: * @return plaintext payload (has to be destroyed),
120: * NULL if not decrypted
121: */
122: ip_packet_t *(*extract_payload)(esp_packet_t *this);
123:
124: /**
125: * Destroy an esp_packet_t
126: */
127: void (*destroy)(esp_packet_t *this);
128:
129: };
130:
131: /**
132: * Create an ESP packet out of data from the wire.
133: *
134: * @param packet the packet data as received, gets owned
135: * @return esp_packet_t instance
136: */
137: esp_packet_t *esp_packet_create_from_packet(packet_t *packet);
138:
139: /**
140: * Create an ESP packet from a plaintext payload
141: *
142: * @param src source address
143: * @param dst destination address
144: * @param payload plaintext payload, gets owned
145: * @return esp_packet_t instance
146: */
147: esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst,
148: ip_packet_t *payload);
149:
150: #endif /** ESP_PACKET_H_ @}*/
151: