summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/sa.h
diff options
context:
space:
mode:
authorOthmar Gsenger <otti@anytun.org>2007-12-08 20:59:57 +0000
committerOthmar Gsenger <otti@anytun.org>2007-12-08 20:59:57 +0000
commitf84dc62cc602eacb0daee3e9918a68b711ba94f0 (patch)
tree1acbdabf30b2ece1da880386da6a4b7c002669c3 /keyexchange/isakmpd-20041012/sa.h
parent* added AuthTag class (diff)
removed isakmpd
Diffstat (limited to 'keyexchange/isakmpd-20041012/sa.h')
-rw-r--r--keyexchange/isakmpd-20041012/sa.h318
1 files changed, 0 insertions, 318 deletions
diff --git a/keyexchange/isakmpd-20041012/sa.h b/keyexchange/isakmpd-20041012/sa.h
deleted file mode 100644
index 4f6100f..0000000
--- a/keyexchange/isakmpd-20041012/sa.h
+++ /dev/null
@@ -1,318 +0,0 @@
-/* $OpenBSD: sa.h,v 1.41 2004/08/10 15:59:10 ho Exp $ */
-/* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */
-
-/*
- * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
- * Copyright (c) 1999, 2001 Angelos D. Keromytis. All rights reserved.
- * Copyright (c) 2004 Håkan Olsson. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _SA_H_
-#define _SA_H_
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/queue.h>
-#include <sys/socket.h>
-
-#include "isakmp.h"
-
-/* Remove a SA if it has not been fully negotiated in this time. */
-#define SA_NEGOTIATION_MAX_TIME 120
-
-struct crypto_xf;
-struct doi;
-struct event;
-struct exchange;
-struct keystate;
-struct message;
-struct payload;
-struct proto_attr;
-struct sa;
-struct transport;
-
-/* A protection suite consists of a set of protocol descriptions like this. */
-struct proto {
- /* Link to the next protocol in the suite. */
- TAILQ_ENTRY(proto) link;
-
- /* The SA we belong to. */
- struct sa *sa;
-
- /* The protocol number as found in the proposal payload. */
- u_int8_t no;
-
- /* The protocol this SA is for. */
- u_int8_t proto;
-
- /*
- * Security parameter index info. Element 0 - outgoing, 1 -
- * incoming.
- */
- u_int8_t spi_sz[2];
- u_int8_t *spi[2];
-
- /*
- * The chosen transform, only valid while the incoming SA payload that
- * held it is available for duplicate testing.
- */
- struct payload *chosen;
-
- /* The chosen transform's ID. */
- u_int8_t id;
-
- /* DOI-specific data. */
- void *data;
-
- /* Proposal transforms data, for validating the responders selection. */
- TAILQ_HEAD(proto_attr_head, proto_attr) xfs;
- size_t xf_cnt;
-};
-
-struct proto_attr {
- /* Link to next transform. */
- TAILQ_ENTRY(proto_attr) next;
-
- /* Transform attribute data and size, suitable for attribute_map(). */
- u_int8_t *attrs;
- size_t len;
-};
-
-struct sa {
- /* Link to SAs with the same hash value. */
- LIST_ENTRY(sa) link;
-
- /*
- * When several SA's are being negotiated in one message we connect
- * them through this link.
- */
- TAILQ_ENTRY(sa) next;
-
- /*
- * A name of the major policy deciding offers and acceptable
- * proposals.
- */
- char *name;
-
- /* The transport this SA got negotiated over. */
- struct transport *transport;
-
- /* Both initiator and responder cookies. */
- u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN];
-
- /* The message ID signifying non-ISAKMP SAs. */
- u_int8_t message_id[ISAKMP_HDR_MESSAGE_ID_LEN];
-
- /* The protection suite chosen. */
- TAILQ_HEAD(proto_head, proto) protos;
-
- /* The exchange type we should use when rekeying. */
- u_int8_t exch_type;
-
- /* Phase is 1 for ISAKMP SAs, and 2 for application ones. */
- u_int8_t phase;
-
- /* A reference counter for this structure. */
- u_int16_t refcnt;
-
- /* Various flags, look below for descriptions. */
- u_int32_t flags;
-
- /* The DOI that is to handle DOI-specific issues for this SA. */
- struct doi *doi;
-
- /*
- * Crypto info needed to encrypt/decrypt packets protected by this
- * SA.
- */
- struct crypto_xf *crypto;
- int key_length;
- struct keystate *keystate;
-
- /* IDs from Phase 1 */
- u_int8_t *id_i;
- size_t id_i_len;
- u_int8_t *id_r;
- size_t id_r_len;
-
- /* Set if we were the initiator of the SA/exchange in Phase 1 */
- int initiator;
-
- /* Policy session ID, where applicable, copied over from the exchange */
- int policy_id;
-
- /*
- * The key used to authenticate phase 1, in printable format, used
- * only by KeyNote.
- */
- char *keynote_key;
-
- /*
- * Certificates or other information from Phase 1; these are copied
- * from the exchange, so look at exchange.h for an explanation of
- * their use.
- */
- int recv_certtype, recv_keytype;
- /* Certificate received from peer, native format. */
- void *recv_cert;
- /* Key peer used to authenticate, native format. */
- void *recv_key;
-
- /*
- * Certificates or other information we used to authenticate to the
- * peer, Phase 1.
- */
- int sent_certtype;
- /* Certificate (to be) sent to peer, native format. */
- void *sent_cert;
-
- /* DOI-specific opaque data. */
- void *data;
-
- /* Lifetime data. */
- u_int64_t seconds;
- u_int64_t kilobytes;
-
- /* ACQUIRE sequence number */
- u_int32_t seq;
-
- /* The events that will occur when an SA has timed out. */
- struct event *soft_death;
- struct event *death;
-
-#if defined (USE_NAT_TRAVERSAL)
- struct event *nat_t_keepalive;
-#endif
-
-#if defined (USE_DPD)
- /* IKE DPD (RFC3706) message sequence number. */
- u_int32_t dpd_seq; /* sent */
- u_int32_t dpd_rseq; /* recieved */
- u_int32_t dpd_failcount; /* # of subsequent failures */
- struct event *dpd_event; /* time of next event */
-#endif
-};
-
-/* This SA is alive. */
-#define SA_FLAG_READY 0x01
-
-/* Renegotiate the SA at each expiry. */
-#define SA_FLAG_STAYALIVE 0x02
-
-/* Establish the SA when it is needed. */
-#define SA_FLAG_ONDEMAND 0x04
-
-/* This SA has been replaced by another newer one. */
-#define SA_FLAG_REPLACED 0x08
-
-/* This SA has seen a soft timeout and wants to be renegotiated on use. */
-#define SA_FLAG_FADING 0x10
-
-/* This SA should always be actively renegotiated (with us as initiator). */
-#define SA_FLAG_ACTIVE_ONLY 0x20
-
-/* This SA flag is a placeholder for a TRANSACTION exchange "SA flag". */
-#define SA_FLAG_IKECFG 0x40
-
-/* This SA flag indicates if we should do DPD with the phase 1 SA peer. */
-#define SA_FLAG_DPD 0x80
-
-/* NAT-T encapsulation state. Kept in isakmp_sa for the new p2 exchange. */
-#define SA_FLAG_NAT_T_ENABLE 0x100
-#define SA_FLAG_NAT_T_KEEPALIVE 0x200
-
-extern void proto_free(struct proto * proto);
-extern int sa_add_transform(struct sa *, struct payload *, int,
- struct proto **);
-extern int sa_create(struct exchange *, struct transport *);
-extern int sa_enter(struct sa *);
-extern void sa_delete(struct sa *, int);
-extern void sa_teardown_all(void);
-extern struct sa *sa_find(int (*) (struct sa *, void *), void *);
-extern int sa_flag(char *);
-extern void sa_free(struct sa *);
-extern void sa_init(void);
-extern void sa_reinit(void);
-extern struct sa *sa_isakmp_lookup_by_peer(struct sockaddr *, socklen_t);
-extern void sa_isakmp_upgrade(struct message *);
-extern struct sa *sa_lookup(u_int8_t *, u_int8_t *);
-extern struct sa *sa_lookup_by_peer(struct sockaddr *, socklen_t);
-extern struct sa *sa_lookup_by_header(u_int8_t *, int);
-extern struct sa *sa_lookup_by_name(char *, int);
-extern struct sa *sa_lookup_from_icookie(u_int8_t *);
-extern struct sa *sa_lookup_isakmp_sa(struct sockaddr *, u_int8_t *);
-extern void sa_mark_replaced(struct sa *);
-extern void sa_reference(struct sa *);
-extern void sa_release(struct sa *);
-extern void sa_remove(struct sa *);
-extern void sa_report(void);
-extern void sa_dump(int, int, char *, struct sa *);
-extern void sa_report_all(FILE *);
-extern int sa_setup_expirations(struct sa *);
-
-/*
- * This structure contains most of the data of the in-kernel SA.
- * Currently only used to collect the tdb_last_used time for DPD.
- */
-struct sa_kinfo {
- u_int32_t flags; /* /usr/include/netinet/ip_ipsp.h */
-
- u_int32_t exp_allocations;
- u_int32_t soft_allocations;
- u_int32_t cur_allocations;
-
- u_int64_t exp_bytes;
- u_int64_t soft_bytes;
- u_int64_t cur_bytes;
-
- u_int64_t exp_timeout;
- u_int64_t soft_timeout;
-
- u_int64_t first_use;
- u_int64_t established;
- u_int64_t soft_first_use;
- u_int64_t exp_first_use;
-
- u_int64_t last_used;
- u_int64_t last_marked;
-
- struct sockaddr_storage dst;
- struct sockaddr_storage src;
- struct sockaddr_storage proxy;
-
- u_int32_t spi;
- u_int32_t rpl;
- u_int16_t udpencap_port;
- u_int16_t amxkeylen;
- u_int16_t emxkeylen;
- u_int16_t ivlen;
- u_int8_t sproto;
- u_int8_t wnd;
- u_int8_t satype;
-};
-
-#endif /* _SA_H_ */