diff options
author | Othmar Gsenger <otti@anytun.org> | 2007-12-08 20:59:57 +0000 |
---|---|---|
committer | Othmar Gsenger <otti@anytun.org> | 2007-12-08 20:59:57 +0000 |
commit | f84dc62cc602eacb0daee3e9918a68b711ba94f0 (patch) | |
tree | 1acbdabf30b2ece1da880386da6a4b7c002669c3 /keyexchange/isakmpd-20041012/sa.h | |
parent | * added AuthTag class (diff) |
removed isakmpd
Diffstat (limited to 'keyexchange/isakmpd-20041012/sa.h')
-rw-r--r-- | keyexchange/isakmpd-20041012/sa.h | 318 |
1 files changed, 0 insertions, 318 deletions
diff --git a/keyexchange/isakmpd-20041012/sa.h b/keyexchange/isakmpd-20041012/sa.h deleted file mode 100644 index 4f6100f..0000000 --- a/keyexchange/isakmpd-20041012/sa.h +++ /dev/null @@ -1,318 +0,0 @@ -/* $OpenBSD: sa.h,v 1.41 2004/08/10 15:59:10 ho Exp $ */ -/* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */ - -/* - * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved. - * Copyright (c) 1999, 2001 Angelos D. Keromytis. All rights reserved. - * Copyright (c) 2004 Håkan Olsson. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#ifndef _SA_H_ -#define _SA_H_ - -#include <sys/param.h> -#include <sys/types.h> -#include <sys/queue.h> -#include <sys/socket.h> - -#include "isakmp.h" - -/* Remove a SA if it has not been fully negotiated in this time. */ -#define SA_NEGOTIATION_MAX_TIME 120 - -struct crypto_xf; -struct doi; -struct event; -struct exchange; -struct keystate; -struct message; -struct payload; -struct proto_attr; -struct sa; -struct transport; - -/* A protection suite consists of a set of protocol descriptions like this. */ -struct proto { - /* Link to the next protocol in the suite. */ - TAILQ_ENTRY(proto) link; - - /* The SA we belong to. */ - struct sa *sa; - - /* The protocol number as found in the proposal payload. */ - u_int8_t no; - - /* The protocol this SA is for. */ - u_int8_t proto; - - /* - * Security parameter index info. Element 0 - outgoing, 1 - - * incoming. - */ - u_int8_t spi_sz[2]; - u_int8_t *spi[2]; - - /* - * The chosen transform, only valid while the incoming SA payload that - * held it is available for duplicate testing. - */ - struct payload *chosen; - - /* The chosen transform's ID. */ - u_int8_t id; - - /* DOI-specific data. */ - void *data; - - /* Proposal transforms data, for validating the responders selection. */ - TAILQ_HEAD(proto_attr_head, proto_attr) xfs; - size_t xf_cnt; -}; - -struct proto_attr { - /* Link to next transform. */ - TAILQ_ENTRY(proto_attr) next; - - /* Transform attribute data and size, suitable for attribute_map(). */ - u_int8_t *attrs; - size_t len; -}; - -struct sa { - /* Link to SAs with the same hash value. */ - LIST_ENTRY(sa) link; - - /* - * When several SA's are being negotiated in one message we connect - * them through this link. - */ - TAILQ_ENTRY(sa) next; - - /* - * A name of the major policy deciding offers and acceptable - * proposals. - */ - char *name; - - /* The transport this SA got negotiated over. */ - struct transport *transport; - - /* Both initiator and responder cookies. */ - u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN]; - - /* The message ID signifying non-ISAKMP SAs. */ - u_int8_t message_id[ISAKMP_HDR_MESSAGE_ID_LEN]; - - /* The protection suite chosen. */ - TAILQ_HEAD(proto_head, proto) protos; - - /* The exchange type we should use when rekeying. */ - u_int8_t exch_type; - - /* Phase is 1 for ISAKMP SAs, and 2 for application ones. */ - u_int8_t phase; - - /* A reference counter for this structure. */ - u_int16_t refcnt; - - /* Various flags, look below for descriptions. */ - u_int32_t flags; - - /* The DOI that is to handle DOI-specific issues for this SA. */ - struct doi *doi; - - /* - * Crypto info needed to encrypt/decrypt packets protected by this - * SA. - */ - struct crypto_xf *crypto; - int key_length; - struct keystate *keystate; - - /* IDs from Phase 1 */ - u_int8_t *id_i; - size_t id_i_len; - u_int8_t *id_r; - size_t id_r_len; - - /* Set if we were the initiator of the SA/exchange in Phase 1 */ - int initiator; - - /* Policy session ID, where applicable, copied over from the exchange */ - int policy_id; - - /* - * The key used to authenticate phase 1, in printable format, used - * only by KeyNote. - */ - char *keynote_key; - - /* - * Certificates or other information from Phase 1; these are copied - * from the exchange, so look at exchange.h for an explanation of - * their use. - */ - int recv_certtype, recv_keytype; - /* Certificate received from peer, native format. */ - void *recv_cert; - /* Key peer used to authenticate, native format. */ - void *recv_key; - - /* - * Certificates or other information we used to authenticate to the - * peer, Phase 1. - */ - int sent_certtype; - /* Certificate (to be) sent to peer, native format. */ - void *sent_cert; - - /* DOI-specific opaque data. */ - void *data; - - /* Lifetime data. */ - u_int64_t seconds; - u_int64_t kilobytes; - - /* ACQUIRE sequence number */ - u_int32_t seq; - - /* The events that will occur when an SA has timed out. */ - struct event *soft_death; - struct event *death; - -#if defined (USE_NAT_TRAVERSAL) - struct event *nat_t_keepalive; -#endif - -#if defined (USE_DPD) - /* IKE DPD (RFC3706) message sequence number. */ - u_int32_t dpd_seq; /* sent */ - u_int32_t dpd_rseq; /* recieved */ - u_int32_t dpd_failcount; /* # of subsequent failures */ - struct event *dpd_event; /* time of next event */ -#endif -}; - -/* This SA is alive. */ -#define SA_FLAG_READY 0x01 - -/* Renegotiate the SA at each expiry. */ -#define SA_FLAG_STAYALIVE 0x02 - -/* Establish the SA when it is needed. */ -#define SA_FLAG_ONDEMAND 0x04 - -/* This SA has been replaced by another newer one. */ -#define SA_FLAG_REPLACED 0x08 - -/* This SA has seen a soft timeout and wants to be renegotiated on use. */ -#define SA_FLAG_FADING 0x10 - -/* This SA should always be actively renegotiated (with us as initiator). */ -#define SA_FLAG_ACTIVE_ONLY 0x20 - -/* This SA flag is a placeholder for a TRANSACTION exchange "SA flag". */ -#define SA_FLAG_IKECFG 0x40 - -/* This SA flag indicates if we should do DPD with the phase 1 SA peer. */ -#define SA_FLAG_DPD 0x80 - -/* NAT-T encapsulation state. Kept in isakmp_sa for the new p2 exchange. */ -#define SA_FLAG_NAT_T_ENABLE 0x100 -#define SA_FLAG_NAT_T_KEEPALIVE 0x200 - -extern void proto_free(struct proto * proto); -extern int sa_add_transform(struct sa *, struct payload *, int, - struct proto **); -extern int sa_create(struct exchange *, struct transport *); -extern int sa_enter(struct sa *); -extern void sa_delete(struct sa *, int); -extern void sa_teardown_all(void); -extern struct sa *sa_find(int (*) (struct sa *, void *), void *); -extern int sa_flag(char *); -extern void sa_free(struct sa *); -extern void sa_init(void); -extern void sa_reinit(void); -extern struct sa *sa_isakmp_lookup_by_peer(struct sockaddr *, socklen_t); -extern void sa_isakmp_upgrade(struct message *); -extern struct sa *sa_lookup(u_int8_t *, u_int8_t *); -extern struct sa *sa_lookup_by_peer(struct sockaddr *, socklen_t); -extern struct sa *sa_lookup_by_header(u_int8_t *, int); -extern struct sa *sa_lookup_by_name(char *, int); -extern struct sa *sa_lookup_from_icookie(u_int8_t *); -extern struct sa *sa_lookup_isakmp_sa(struct sockaddr *, u_int8_t *); -extern void sa_mark_replaced(struct sa *); -extern void sa_reference(struct sa *); -extern void sa_release(struct sa *); -extern void sa_remove(struct sa *); -extern void sa_report(void); -extern void sa_dump(int, int, char *, struct sa *); -extern void sa_report_all(FILE *); -extern int sa_setup_expirations(struct sa *); - -/* - * This structure contains most of the data of the in-kernel SA. - * Currently only used to collect the tdb_last_used time for DPD. - */ -struct sa_kinfo { - u_int32_t flags; /* /usr/include/netinet/ip_ipsp.h */ - - u_int32_t exp_allocations; - u_int32_t soft_allocations; - u_int32_t cur_allocations; - - u_int64_t exp_bytes; - u_int64_t soft_bytes; - u_int64_t cur_bytes; - - u_int64_t exp_timeout; - u_int64_t soft_timeout; - - u_int64_t first_use; - u_int64_t established; - u_int64_t soft_first_use; - u_int64_t exp_first_use; - - u_int64_t last_used; - u_int64_t last_marked; - - struct sockaddr_storage dst; - struct sockaddr_storage src; - struct sockaddr_storage proxy; - - u_int32_t spi; - u_int32_t rpl; - u_int16_t udpencap_port; - u_int16_t amxkeylen; - u_int16_t emxkeylen; - u_int16_t ivlen; - u_int8_t sproto; - u_int8_t wnd; - u_int8_t satype; -}; - -#endif /* _SA_H_ */ |