Annotation of embedaddon/strongswan/src/libstrongswan/utils/identification.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009-2015 Tobias Brunner
! 3: * Copyright (C) 2005-2009 Martin Willi
! 4: * Copyright (C) 2005 Jan Hutter
! 5: * HSR Hochschule fuer Technik Rapperswil
! 6: *
! 7: * This program is free software; you can redistribute it and/or modify it
! 8: * under the terms of the GNU General Public License as published by the
! 9: * Free Software Foundation; either version 2 of the License, or (at your
! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 11: *
! 12: * This program is distributed in the hope that it will be useful, but
! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 15: * for more details.
! 16: */
! 17:
! 18: /**
! 19: * @defgroup identification identification
! 20: * @{ @ingroup utils
! 21: */
! 22:
! 23:
! 24: #ifndef IDENTIFICATION_H_
! 25: #define IDENTIFICATION_H_
! 26:
! 27: typedef enum id_type_t id_type_t;
! 28: typedef struct identification_t identification_t;
! 29: typedef enum id_match_t id_match_t;
! 30: typedef enum id_part_t id_part_t;
! 31:
! 32: #include <utils/chunk.h>
! 33: #include <collections/enumerator.h>
! 34:
! 35: /**
! 36: * Matches returned from identification_t.match
! 37: */
! 38: enum id_match_t {
! 39: /* no match */
! 40: ID_MATCH_NONE = 0,
! 41: /* match to %any ID */
! 42: ID_MATCH_ANY = 1,
! 43: /* match with maximum allowed wildcards */
! 44: ID_MATCH_MAX_WILDCARDS = 2,
! 45: /* match with only one wildcard */
! 46: ID_MATCH_ONE_WILDCARD = 19,
! 47: /* perfect match, won't get better */
! 48: ID_MATCH_PERFECT = 20,
! 49: };
! 50:
! 51: /**
! 52: * enum names for id_match_t.
! 53: */
! 54: extern enum_name_t *id_match_names;
! 55:
! 56: /**
! 57: * ID Types in a ID payload.
! 58: */
! 59: enum id_type_t {
! 60:
! 61: /**
! 62: * private type which matches any other id.
! 63: */
! 64: ID_ANY = 0,
! 65:
! 66: /**
! 67: * ID data is a single four (4) octet IPv4 address.
! 68: */
! 69: ID_IPV4_ADDR = 1,
! 70:
! 71: /**
! 72: * ID data is a fully-qualified domain name string.
! 73: * An example of a ID_FQDN is "example.com".
! 74: * The string MUST not contain any terminators (e.g., NULL, CR, etc.).
! 75: */
! 76: ID_FQDN = 2,
! 77:
! 78: /**
! 79: * ID data is a fully-qualified RFC822 email address string.
! 80: * An example of an ID_RFC822_ADDR is "jsmith@example.com".
! 81: * The string MUST NOT contain any terminators.
! 82: */
! 83: ID_USER_FQDN = 3, /* IKEv1 only */
! 84: ID_RFC822_ADDR = 3, /* IKEv2 only */
! 85:
! 86: /**
! 87: * ID data is an IPv4 subnet (IKEv1 only)
! 88: */
! 89: ID_IPV4_ADDR_SUBNET = 4,
! 90:
! 91: /**
! 92: * ID data is a single sixteen (16) octet IPv6 address.
! 93: */
! 94: ID_IPV6_ADDR = 5,
! 95:
! 96: /**
! 97: * ID data is an IPv6 subnet (IKEv1 only)
! 98: */
! 99: ID_IPV6_ADDR_SUBNET = 6,
! 100:
! 101: /**
! 102: * ID data is an IPv4 address range (IKEv1 only)
! 103: */
! 104: ID_IPV4_ADDR_RANGE = 7,
! 105:
! 106: /**
! 107: * ID data is an IPv6 address range (IKEv1 only)
! 108: */
! 109: ID_IPV6_ADDR_RANGE = 8,
! 110:
! 111: /**
! 112: * ID data is the binary DER encoding of an ASN.1 X.501 Distinguished Name
! 113: */
! 114: ID_DER_ASN1_DN = 9,
! 115:
! 116: /**
! 117: * ID data is the binary DER encoding of an ASN.1 X.509 GeneralName
! 118: */
! 119: ID_DER_ASN1_GN = 10,
! 120:
! 121: /**
! 122: * ID data is an opaque octet stream which may be used to pass vendor-
! 123: * specific information necessary to do certain proprietary
! 124: * types of identification.
! 125: */
! 126: ID_KEY_ID = 11,
! 127:
! 128: /**
! 129: * Private ID type which represents a GeneralName of type URI
! 130: */
! 131: ID_DER_ASN1_GN_URI = 201,
! 132: };
! 133:
! 134: /**
! 135: * enum names for id_type_t.
! 136: */
! 137: extern enum_name_t *id_type_names;
! 138:
! 139: /**
! 140: * Type of an ID sub part.
! 141: */
! 142: enum id_part_t {
! 143: /** Username part of an RFC822_ADDR */
! 144: ID_PART_USERNAME,
! 145: /** Domain part of an RFC822_ADDR */
! 146: ID_PART_DOMAIN,
! 147:
! 148: /** Top-Level domain of a FQDN */
! 149: ID_PART_TLD,
! 150: /** Second-Level domain of a FQDN */
! 151: ID_PART_SLD,
! 152: /** Another Level domain of a FQDN */
! 153: ID_PART_ALD,
! 154:
! 155: /** Country RDN of a DN */
! 156: ID_PART_RDN_C,
! 157: /** CommonName RDN of a DN */
! 158: ID_PART_RDN_CN,
! 159: /** Description RDN of a DN */
! 160: ID_PART_RDN_D,
! 161: /** Email RDN of a DN */
! 162: ID_PART_RDN_E,
! 163: /** EmployeeNumber RDN of a DN */
! 164: ID_PART_RDN_EN,
! 165: /** GivenName RDN of a DN */
! 166: ID_PART_RDN_G,
! 167: /** Initials RDN of a DN */
! 168: ID_PART_RDN_I,
! 169: /** DN Qualifier RDN of a DN */
! 170: ID_PART_RDN_DNQ,
! 171: /** dmdName RDN of a DN */
! 172: ID_PART_RDN_DMDN,
! 173: /** Pseudonym RDN of a DN */
! 174: ID_PART_RDN_PN,
! 175: /** UniqueIdentifier RDN of a DN */
! 176: ID_PART_RDN_ID,
! 177: /** Locality RDN of a DN */
! 178: ID_PART_RDN_L,
! 179: /** Name RDN of a DN */
! 180: ID_PART_RDN_N,
! 181: /** Organization RDN of a DN */
! 182: ID_PART_RDN_O,
! 183: /** OrganizationUnit RDN of a DN */
! 184: ID_PART_RDN_OU,
! 185: /** Surname RDN of a DN */
! 186: ID_PART_RDN_S,
! 187: /** SerialNumber RDN of a DN */
! 188: ID_PART_RDN_SN,
! 189: /** StateOrProvince RDN of a DN */
! 190: ID_PART_RDN_ST,
! 191: /** Title RDN of a DN */
! 192: ID_PART_RDN_T,
! 193: };
! 194:
! 195: /**
! 196: * Generic identification, such as used in ID payload.
! 197: *
! 198: * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
! 199: * between them and ID_IPV4_ADDR/RFC822_ADDR would be nice.
! 200: */
! 201: struct identification_t {
! 202:
! 203: /**
! 204: * Get the encoding of this id, to send over
! 205: * the network.
! 206: *
! 207: * Result points to internal data, do not free.
! 208: *
! 209: * @return a chunk containing the encoded bytes
! 210: */
! 211: chunk_t (*get_encoding) (identification_t *this);
! 212:
! 213: /**
! 214: * Get the type of this identification.
! 215: *
! 216: * @return id_type_t
! 217: */
! 218: id_type_t (*get_type) (identification_t *this);
! 219:
! 220: /**
! 221: * Create a hash value for this identification_t object.
! 222: *
! 223: * @param inc optional value for incremental hashing
! 224: * @return hash value
! 225: */
! 226: u_int (*hash) (identification_t *this, u_int inc);
! 227:
! 228: /**
! 229: * Check if two identification_t objects are equal.
! 230: *
! 231: * @param other other identification_t object
! 232: * @return TRUE if the IDs are equal
! 233: */
! 234: bool (*equals) (identification_t *this, identification_t *other);
! 235:
! 236: /**
! 237: * Check if an ID matches a wildcard ID.
! 238: *
! 239: * An identification_t may contain wildcards, such as
! 240: * *.strongswan.org. This call checks if a given ID
! 241: * (e.g. tester.strongswan.org) belongs to a such wildcard
! 242: * ID. Returns > 0 if
! 243: * - IDs are identical
! 244: * - other is of type ID_ANY
! 245: * - other contains a wildcard and matches this
! 246: *
! 247: * The larger the return value is, the better is the match. Zero means
! 248: * no match at all, 1 means a bad match, and 2 a slightly better match.
! 249: *
! 250: * @param other the ID containing one or more wildcards
! 251: * @return match value as described above
! 252: */
! 253: id_match_t (*matches) (identification_t *this, identification_t *other);
! 254:
! 255: /**
! 256: * Check if an ID is a wildcard ID.
! 257: *
! 258: * If the ID represents multiple IDs (with wildcards, or
! 259: * as the type ID_ANY), TRUE is returned. If it is unique,
! 260: * FALSE is returned.
! 261: *
! 262: * @return TRUE if ID contains wildcards
! 263: */
! 264: bool (*contains_wildcards) (identification_t *this);
! 265:
! 266: /**
! 267: * Create an enumerator over subparts of an identity.
! 268: *
! 269: * Some identities are built from several parts, e.g. an E-Mail consists
! 270: * of a username and a domain part, or a DistinguishedName contains several
! 271: * RDNs.
! 272: * For identity without subtypes (support), an empty enumerator is
! 273: * returned.
! 274: *
! 275: * @return an enumerator over (id_part_t type, chunk_t data)
! 276: */
! 277: enumerator_t* (*create_part_enumerator)(identification_t *this);
! 278:
! 279: /**
! 280: * Clone a identification_t instance.
! 281: *
! 282: * @return clone of this
! 283: */
! 284: identification_t *(*clone) (identification_t *this);
! 285:
! 286: /**
! 287: * Destroys a identification_t object.
! 288: */
! 289: void (*destroy) (identification_t *this);
! 290: };
! 291:
! 292: /**
! 293: * Creates an identification_t object from a string.
! 294: *
! 295: * The input string may be e.g. one of the following:
! 296: * - ID_IPV4_ADDR: 192.168.0.1
! 297: * - ID_IPV6_ADDR: 2001:0db8:85a3:08d3:1319:8a2e:0370:7345
! 298: * - ID_FQDN: www.strongswan.org (optionally with a prepended @)
! 299: * - ID_RFC822_ADDR: alice@wonderland.org
! 300: * - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob
! 301: *
! 302: * In favour of pluto, domainnames are prepended with an @, since
! 303: * pluto resolves domainnames without an @ to IPv4 addresses. Since
! 304: * we use a separate host_t class for addresses, this doesn't
! 305: * make sense for us.
! 306: *
! 307: * A distinguished name may contain one or more of the following RDNs:
! 308: * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D,
! 309: * N, G, I, dnQualifier, ID, EN, EmployeeNumber, E, Email, emailAddress, UN,
! 310: * unstructuredName, TCGID.
! 311: *
! 312: * To skip automatic type detection the following prefixes may be used to
! 313: * enforce a specific type: ipv4:, ipv6:, rfc822:, email:, userfqdn:, fqdn:,
! 314: * dns:, asn1dn:, asn1gn: and keyid:. If a # follows the :, the remaining data
! 315: * is interpreted as hex encoded binary data for that ID, otherwise the raw
! 316: * string following the prefix is used as identity data, without conversion.
! 317: * To specify a non-standard ID type, the numerical type may be prefixed
! 318: * between curly brackets, building a prefix. For instance the "{1}:" prefix
! 319: * defines an ID_IPV4_ADDR type.
! 320: *
! 321: * This constructor never returns NULL. If it does not find a suitable
! 322: * conversion function, it will copy the string to an ID_KEY_ID.
! 323: *
! 324: * @param string input string, which will be converted
! 325: * @return identification_t
! 326: */
! 327: identification_t * identification_create_from_string(char *string);
! 328:
! 329: /**
! 330: * Creates an identification from a chunk of data, guessing its type.
! 331: *
! 332: * @param data identification data
! 333: * @return identification_t
! 334: */
! 335: identification_t * identification_create_from_data(chunk_t data);
! 336:
! 337: /**
! 338: * Creates an identification_t object from an encoded chunk.
! 339: *
! 340: * @param type type of this id, such as ID_IPV4_ADDR
! 341: * @param encoded encoded bytes, such as from identification_t.get_encoding
! 342: * @return identification_t
! 343: */
! 344: identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded);
! 345:
! 346: /**
! 347: * Creates an identification_t object from a sockaddr struct
! 348: *
! 349: * @param sockaddr sockaddr struct which contains family and address
! 350: * @return identification_t
! 351: */
! 352: identification_t * identification_create_from_sockaddr(sockaddr_t *sockaddr);
! 353:
! 354: /**
! 355: * printf hook function for identification_t.
! 356: *
! 357: * Arguments are:
! 358: * identification_t *identification
! 359: */
! 360: int identification_printf_hook(printf_hook_data_t *data,
! 361: printf_hook_spec_t *spec, const void *const *args);
! 362:
! 363: #endif /** IDENTIFICATION_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>