--- /dev/null
+/* $Id: proposal.h,v 1.5 2004/06/11 16:00:17 ludvigm Exp $ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _PROPOSAL_H
+#define _PROPOSAL_H
+
+#include <sys/queue.h>
+
+/*
+ * A. chained list of transform, only for single proto_id
+ * (this is same as set of transforms in single proposal payload)
+ * B. proposal. this will point to multiple (A) items (order is important
+ * here so pointer to (A) must be ordered array, or chained list).
+ * this covers multiple proposal on a packet if proposal # is the same.
+ * C. finally, (B) needs to be connected as chained list.
+ *
+ * head ---> prop[.......] ---> prop[...] ---> prop[...] ---> ...
+ * | | | |
+ * | | | +- proto4 <== must preserve order here
+ * | | +--- proto3
+ * | +----- proto2
+ * +------- proto1[trans1, trans2, trans3, ...]
+ *
+ * incoming packets needs to be parsed to construct the same structure
+ * (check "prop_pair" too).
+ */
+/* SA proposal specification */
+struct saprop {
+ int prop_no;
+ time_t lifetime;
+ int lifebyte;
+ int pfs_group; /* pfs group */
+ int claim; /* flag to send RESPONDER-LIFETIME. */
+ /* XXX assumed DOI values are 1 or 2. */
+
+ struct saproto *head;
+ struct saprop *next;
+};
+
+/* SA protocol specification */
+struct saproto {
+ int proto_id;
+ size_t spisize; /* spi size */
+ int encmode; /* encryption mode */
+
+ int udp_encap; /* UDP encapsulation */
+
+ /* XXX should be vchar_t * */
+ /* these are network byte order */
+ u_int32_t spi; /* inbound. i.e. --SA-> me */
+ u_int32_t spi_p; /* outbound. i.e. me -SA-> */
+
+ vchar_t *keymat; /* KEYMAT */
+ vchar_t *keymat_p; /* peer's KEYMAT */
+
+ int reqid_out; /* request id (outbound) */
+ int reqid_in; /* request id (inbound) */
+
+ int ok; /* if 1, success to set SA in kenrel */
+
+ struct satrns *head; /* header of transform */
+ struct saproto *next; /* next protocol */
+};
+
+/* SA algorithm specification */
+struct satrns {
+ int trns_no;
+ int trns_id; /* transform id */
+ int encklen; /* key length of encryption algorithm */
+ int authtype; /* authentication algorithm if ESP */
+
+ struct satrns *next; /* next transform */
+};
+
+/*
+ * prop_pair: (proposal number, transform number)
+ *
+ * (SA (P1 (T1 T2)) (P1' (T1' T2')) (P2 (T1" T2")))
+ *
+ * p[1] p[2]
+ * top (P1,T1) (P2",T1")
+ * | |tnext |tnext
+ * | v v
+ * | (P1, T2) (P2", T2")
+ * v next
+ * (P1', T1')
+ * |tnext
+ * v
+ * (P1', T2')
+ *
+ * when we convert it to saprop in prop2saprop(), it should become like:
+ *
+ * (next)
+ * saprop --------------------> saprop
+ * | (head) | (head)
+ * +-> saproto +-> saproto
+ * | | (head) | (head)
+ * | +-> satrns(P1 T1) +-> satrns(P2" T1")
+ * | | (next) | (next)
+ * | v v
+ * | satrns(P1, T2) satrns(P2", T2")
+ * v (next)
+ * saproto
+ * | (head)
+ * +-> satrns(P1' T1')
+ * | (next)
+ * v
+ * satrns(P1', T2')
+ */
+struct prop_pair {
+ struct isakmp_pl_p *prop;
+ struct isakmp_pl_t *trns;
+ struct prop_pair *next; /* next prop_pair with same proposal # */
+ /* (bundle case) */
+ struct prop_pair *tnext; /* next prop_pair in same proposal payload */
+ /* (multiple tranform case) */
+};
+#define MAXPROPPAIRLEN 256 /* It's enough because field size is 1 octet. */
+
+/*
+ * Lifetime length selection refered to the section 4.5.4 of RFC2407. It does
+ * not completely conform to the description of RFC. There are four types of
+ * the behavior. If the value of "proposal_check" in "remote" directive is;
+ * "obey"
+ * the responder obey the initiator anytime.
+ * "strict"
+ * If the responder's length is longer than the initiator's one, the
+ * responder uses the intitiator's one. Otherwise rejects the proposal.
+ * If PFS is not required by the responder, the responder obeys the
+ * proposal. If PFS is required by both sides and if the responder's
+ * group is not equal to the initiator's one, then the responder reject
+ * the proposal.
+ * "claim"
+ * If the responder's length is longer than the initiator's one, the
+ * responder use the intitiator's one. If the responder's length is
+ * shorter than the initiator's one, the responder uses own length
+ * AND send RESPONDER-LIFETIME notify message to a initiator in the
+ * case of lifetime.
+ * About PFS, this directive is same as "strict".
+ * "exact"
+ * If the initiator's length is not equal to the responder's one, the
+ * responder rejects the proposal.
+ * If PFS is required and if the responder's group is not equal to
+ * the initiator's one, then the responder reject the proposal.
+ * XXX should be defined the behavior of key length.
+ */
+#define PROP_CHECK_OBEY 1
+#define PROP_CHECK_STRICT 2
+#define PROP_CHECK_CLAIM 3
+#define PROP_CHECK_EXACT 4
+
+struct sainfo;
+struct ph1handle;
+struct secpolicy;
+extern struct saprop *newsaprop __P((void));
+extern struct saproto *newsaproto __P((void));
+extern void inssaprop __P((struct saprop **, struct saprop *));
+extern void inssaproto __P((struct saprop *, struct saproto *));
+extern void inssaprotorev __P((struct saprop *, struct saproto *));
+extern struct satrns *newsatrns __P((void));
+extern void inssatrns __P((struct saproto *, struct satrns *));
+extern struct saprop *cmpsaprop_alloc __P((struct ph1handle *,
+ const struct saprop *, const struct saprop *, int));
+extern int cmpsaprop __P((const struct saprop *, const struct saprop *));
+extern int cmpsatrns __P((int, const struct satrns *, const struct satrns *));
+extern int set_satrnsbysainfo __P((struct saproto *, struct sainfo *));
+extern struct saprop *aproppair2saprop __P((struct prop_pair *));
+extern void free_proppair __P((struct prop_pair **));
+extern void flushsaprop __P((struct saprop *));
+extern void flushsaproto __P((struct saproto *));
+extern void flushsatrns __P((struct satrns *));
+extern void printsaprop __P((const int, const struct saprop *));
+extern void printsaprop0 __P((const int, const struct saprop *));
+extern void printsaproto __P((const int, const struct saproto *));
+extern void printsatrns __P((const int, const int, const struct satrns *));
+extern void print_proppair0 __P((int, struct prop_pair *, int));
+extern void print_proppair __P((int, struct prop_pair *));
+extern int set_proposal_from_policy __P((struct ph2handle *,
+ struct secpolicy *, struct secpolicy *));
+extern int set_proposal_from_proposal __P((struct ph2handle *));
+
+#endif /* _PROPOSAL_H */
projects / bcm963xx.git / blobdiff