[BACK]Return to esp_packet.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec / esp_packet.h
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:44 2020 UTC (4 years, 3 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

    1: /*
    2:  * Copyright (C) 2012 Tobias Brunner
    3:  * Copyright (C) 2012 Giuliano Grassi
    4:  * Copyright (C) 2012 Ralf Sager
    5:  * HSR Hochschule fuer Technik Rapperswil
    6:  *
    7:  * This program is free software; you can redistribute it and/or modify it
    8:  * under the terms of the GNU General Public License as published by the
    9:  * Free Software Foundation; either version 2 of the License, or (at your
   10:  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   11:  *
   12:  * This program is distributed in the hope that it will be useful, but
   13:  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
   14:  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   15:  * for more details.
   16:  */
   17: 
   18: /**
   19:  * @defgroup esp_packet esp_packet
   20:  * @{ @ingroup libipsec
   21:  */
   22: 
   23: #ifndef ESP_PACKET_H_
   24: #define ESP_PACKET_H_
   25: 
   26: #include "ip_packet.h"
   27: #include "esp_context.h"
   28: 
   29: #include <library.h>
   30: #include <networking/host.h>
   31: #include <networking/packet.h>
   32: 
   33: typedef struct esp_packet_t esp_packet_t;
   34: 
   35: /**
   36:  *  ESP packet
   37:  */
   38: struct esp_packet_t {
   39: 
   40: 	/**
   41: 	 * Implements packet_t interface to access the raw ESP packet
   42: 	 */
   43: 	packet_t packet;
   44: 
   45: 	/**
   46: 	 * Get the source address of this packet
   47: 	 *
   48: 	 * @return				source host
   49: 	 */
   50: 	host_t *(*get_source)(esp_packet_t *this);
   51: 
   52: 	/**
   53: 	 * Get the destination address of this packet
   54: 	 *
   55: 	 * @return				destination host
   56: 	 */
   57: 	host_t *(*get_destination)(esp_packet_t *this);
   58: 
   59: 	/**
   60: 	 * Parse the packet header before decryption. Tries to read the SPI
   61: 	 * from the packet to find a corresponding SA.
   62: 	 *
   63: 	 * @param spi			parsed SPI, in network byte order
   64: 	 * @return				TRUE when successful, FALSE otherwise (e.g. when the
   65: 	 *						length of the packet is invalid)
   66: 	 */
   67: 	bool (*parse_header)(esp_packet_t *this, uint32_t *spi);
   68: 
   69: 	/**
   70: 	 * Authenticate and decrypt the packet. Also verifies the sequence number
   71: 	 * using the supplied ESP context and updates the anti-replay window.
   72: 	 *
   73: 	 * @param esp_context		ESP context of corresponding inbound IPsec SA
   74: 	 * @return					- SUCCESS if successfully authenticated,
   75: 	 *							  decrypted and parsed
   76: 	 *							- PARSE_ERROR if the length of the packet or the
   77: 	 *							  padding is invalid
   78: 	 *							- VERIFY_ERROR if the sequence number
   79: 	 *							  verification failed
   80: 	 *							- FAILED if the ICV (MAC) check or the actual
   81: 	 *							  decryption failed
   82: 	 */
   83: 	status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context);
   84: 
   85: 	/**
   86: 	 * Encapsulate and encrypt the packet. The sequence number will be generated
   87: 	 * using the supplied ESP context.
   88: 	 *
   89: 	 * @param esp_context		ESP context of corresponding outbound IPsec SA
   90: 	 * @param spi				SPI value to use, in network byte order
   91: 	 * @return					- SUCCESS if encrypted
   92: 	 *							- FAILED if sequence number cycled or any of the
   93: 	 *							  cryptographic functions failed
   94: 	 *							- NOT_FOUND if no suitable IV generator provided
   95: 	 */
   96: 	status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
   97: 						uint32_t spi);
   98: 
   99: 	/**
  100: 	 * Get the next header field of a packet.
  101: 	 *
  102: 	 * @note Packet has to be in the decrypted state.
  103: 	 *
  104: 	 * @return					next header field
  105: 	 */
  106: 	uint8_t (*get_next_header)(esp_packet_t *this);
  107: 
  108: 	/**
  109: 	 * Get the plaintext payload of this packet.
  110: 	 *
  111: 	 * @return					plaintext payload (internal data),
  112: 	 *							NULL if not decrypted
  113: 	 */
  114: 	ip_packet_t *(*get_payload)(esp_packet_t *this);
  115: 
  116: 	/**
  117: 	 * Extract the plaintext payload from this packet.
  118: 	 *
  119: 	 * @return					plaintext payload (has to be destroyed),
  120: 	 *							NULL if not decrypted
  121: 	 */
  122: 	ip_packet_t *(*extract_payload)(esp_packet_t *this);
  123: 
  124: 	/**
  125: 	 * Destroy an esp_packet_t
  126: 	 */
  127: 	void (*destroy)(esp_packet_t *this);
  128: 
  129: };
  130: 
  131: /**
  132:  * Create an ESP packet out of data from the wire.
  133:  *
  134:  * @param packet		the packet data as received, gets owned
  135:  * @return				esp_packet_t instance
  136:  */
  137: esp_packet_t *esp_packet_create_from_packet(packet_t *packet);
  138: 
  139: /**
  140:  * Create an ESP packet from a plaintext payload
  141:  *
  142:  * @param src			source address
  143:  * @param dst			destination address
  144:  * @param payload		plaintext payload, gets owned
  145:  * @return				esp_packet_t instance
  146:  */
  147: esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst,
  148: 											 ip_packet_t *payload);
  149: 
  150: #endif /** ESP_PACKET_H_ @}*/
  151:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>