File: ikev2_send.h

package info (click to toggle)
libreswan 4.3-1%2Bdeb11u4
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 62,688 kB
  • sloc: ansic: 108,293; sh: 25,973; xml: 11,756; python: 10,230; makefile: 1,580; javascript: 1,353; yacc: 825; sed: 647; perl: 584; lex: 159; awk: 156
file content (146 lines) | stat: -rw-r--r-- 4,383 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
/* IKEv2 send packet routines, for Libreswan
 *
 * Copyright (C) 2018-202- Andrew Cagney
 * Copyright (C) 2019 D. Hugh Redelmeier <hugh@mimosa.com>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <https://www.gnu.org/licenses/gpl2.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#ifndef IKEV2_SEND_H
#define IKEV2_SEND_H

#include "chunk.h"

#include "packet.h"		/* for pb_stream */

struct msg_digest;
struct dh_desc;
struct ike_sa;

struct v2_incoming_fragment {
	chunk_t text;		/* cipher or plain - decrypt in place */
	chunk_t plain;		/* read-only; points into cipher text */
	size_t iv_offset;	/* into text */
};

struct v2_incoming_fragments {
	unsigned total;
	unsigned count;
	/*
	 * Next-Payload from first fragment.
	 */
	int first_np;
	/*
	 * For simplicity, index by fragment number which is 1-based;
	 * leaving element 0 empty.
	 */
	struct v2_incoming_fragment frags[MAX_IKE_FRAGMENTS + 1];
};

/* hunk like */

struct v2_outgoing_fragment {
	struct v2_outgoing_fragment *next;
	size_t len;
	uint8_t ptr[1]; /* can be bigger */
};

/*
 * Should the payload be encrypted/protected (don't confuse this with
 * authenticated)?
 */

enum payload_security {
	ENCRYPTED_PAYLOAD = 1,
	UNENCRYPTED_PAYLOAD,
};

void record_v2N_response(struct logger *logger,
			 struct ike_sa *ike,
			 struct msg_digest *md,
			 v2_notification_t type,
			 const chunk_t *data /* optional */,
			 enum payload_security security);

void record_v2N_spi_response(struct logger *logger,
			     struct ike_sa *st,
			     struct msg_digest *md,
			     enum ikev2_sec_proto_id protoid,
			     ipsec_spi_t *spi,
			     v2_notification_t type,
			     const chunk_t *data /* optional */,
			     enum payload_security security);

bool send_recorded_v2_message(struct ike_sa *ike, const char *where,
			      enum message_role role);

void send_v2N_response_from_md(struct msg_digest *md,
			       v2_notification_t type,
			       const chunk_t *data);

typedef bool payload_emitter_fn(struct state *st, pb_stream *pbs);

extern stf_status record_v2_informational_request(const char *name,
						  struct ike_sa *owner,
						  struct state *sender,
						  payload_emitter_fn *emit_payloads);
void record_v2_outgoing_fragment(struct pbs_out *pbs,
				 const char *what,
				 struct v2_outgoing_fragment **frags);
void record_v2_message(struct ike_sa *ike,
		       struct pbs_out *msg,
		       const char *what,
		       enum message_role message);

void free_v2_message_queues(struct state *st);
void free_v2_incoming_fragments(struct v2_incoming_fragments **frags);
void free_v2_outgoing_fragments(struct v2_outgoing_fragment **frags);

/*
 * Emit an IKEv2 payload.
 *
 * Like the out_*() primitives, these have the pb_stream for emission as
 * the last parameter (or second last if the last one is the pb_stream
 * for the sub-payload).
 */

bool emit_v2UNKNOWN(const char *victim, enum isakmp_xchg_types exchange_type,
		    struct pbs_out *outs);

/* emit a v2 Notification payload, with optional SA and optional sub-payload */
bool emit_v2Nsa_pl(v2_notification_t ntype,
		enum ikev2_sec_proto_id protoid,
		const ipsec_spi_t *spi, /* optional */
		pb_stream *outs,
		pb_stream *payload_pbs /* optional */);

/* emit a v2 Notification payload, with optional sub-payload */
/* i.e., emit header then open a containing payload? */
bool emit_v2Npl(v2_notification_t ntype,
		pb_stream *outs,
		pb_stream *payload_pbs /* optional */);

/* emit a v2 Notification payload, with optional hunk as sub-payload */
bool emit_v2N_bytes(v2_notification_t ntype,
		   const void *bytes, size_t size,
		   pb_stream *outs);
#define emit_v2N_hunk(NTYPE, HUNK, OUTS)	emit_v2N_bytes(NTYPE, (HUNK).ptr, (HUNK).len, OUTS)

/* output a v2 simple Notification payload */
bool emit_v2N(v2_notification_t ntype,
	       pb_stream *outs);

bool emit_v2V(const char *string, pb_stream *outs);

bool emit_v2N_signature_hash_algorithms(lset_t sighash_policy,
					pb_stream *outs);

#endif