1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
|
/*
* Copyright (C) 2012 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup proposal_substructure proposal_substructure
* @{ @ingroup payloads
*/
#ifndef PROPOSAL_SUBSTRUCTURE_H_
#define PROPOSAL_SUBSTRUCTURE_H_
typedef enum encap_t encap_t;
typedef struct proposal_substructure_t proposal_substructure_t;
#include <library.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_substructure.h>
#include <crypto/proposal/proposal.h>
#include <collections/linked_list.h>
#include <kernel/kernel_ipsec.h>
#include <sa/authenticator.h>
/**
* Encap type for proposal substructure
*/
enum encap_t {
ENCAP_NONE = 0,
ENCAP_UDP,
ENCAP_UDP_DRAFT_00_03,
};
/**
* Class representing an IKEv1/IKEv2 proposal substructure.
*/
struct proposal_substructure_t {
/**
* The payload_t interface.
*/
payload_t payload_interface;
/**
* Sets the proposal number of current proposal.
*
* @param id proposal number to set
*/
void (*set_proposal_number) (proposal_substructure_t *this,
uint8_t proposal_number);
/**
* get proposal number of current proposal.
*
* @return proposal number of current proposal substructure.
*/
uint8_t (*get_proposal_number) (proposal_substructure_t *this);
/**
* Sets the protocol id of current proposal.
*
* @param id protocol id to set
*/
void (*set_protocol_id) (proposal_substructure_t *this,
uint8_t protocol_id);
/**
* get protocol id of current proposal.
*
* @return protocol id of current proposal substructure.
*/
uint8_t (*get_protocol_id) (proposal_substructure_t *this);
/**
* Sets the next_payload field of this substructure
*
* If this is the last proposal, next payload field is set to 0,
* otherwise to 2
*
* @param is_last When TRUE, next payload field is set to 0, otherwise to 2
*/
void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last);
/**
* Returns the currently set SPI of this proposal.
*
* @return chunk_t pointing to the value
*/
chunk_t (*get_spi) (proposal_substructure_t *this);
/**
* Sets the SPI of the current proposal.
*
* @warning SPI is getting copied
*
* @param spi chunk_t pointing to the value to set
*/
void (*set_spi) (proposal_substructure_t *this, chunk_t spi);
/**
* Gets the CPI of the current proposal (IKEv1 only).
*
* @param cpi the CPI if a supported algorithm is proposed
* @return TRUE if a supported algorithm is proposed
*/
bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi);
/**
* Get proposals contained in a propsal_substructure_t.
*
* @param list list to add created proposals to
*/
void (*get_proposals) (proposal_substructure_t *this, linked_list_t *list);
/**
* Create an enumerator over transform substructures.
*
* @return enumerator over transform_substructure_t
*/
enumerator_t* (*create_substructure_enumerator)(proposal_substructure_t *this);
/**
* Get the (shortest) lifetime of a proposal (IKEv1 only).
*
* @return lifetime, in seconds
*/
uint32_t (*get_lifetime)(proposal_substructure_t *this);
/**
* Get the (shortest) life duration of a proposal (IKEv1 only).
*
* @return life duration, in bytes
*/
uint64_t (*get_lifebytes)(proposal_substructure_t *this);
/**
* Get the first authentication method from the proposal (IKEv1 only).
*
* @return auth method, or AUTH_NONE
*/
auth_method_t (*get_auth_method)(proposal_substructure_t *this);
/**
* Get the (first) encapsulation mode from a proposal (IKEv1 only).
*
* @param udp set to TRUE if UDP encapsulation used
* @return ipsec encapsulation mode
*/
ipsec_mode_t (*get_encap_mode)(proposal_substructure_t *this, bool *udp);
/**
* Destroys an proposal_substructure_t object.
*/
void (*destroy) (proposal_substructure_t *this);
};
/**
* Creates an empty proposal_substructure_t object
*
* @param type PLV2_PROPOSAL_SUBSTRUCTURE or PLV1_PROPOSAL_SUBSTRUCTURE
* @return proposal_substructure_t object
*/
proposal_substructure_t *proposal_substructure_create(payload_type_t type);
/**
* Creates an IKEv2 proposal_substructure_t from a proposal_t.
*
* @param proposal proposal to build a substruct out of it
* @return proposal_substructure_t PLV2_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
proposal_t *proposal);
/**
* Creates an IKEv1 proposal_substructure_t from a proposal_t.
*
* @param proposal proposal to build a substruct out of it
* @param lifetime lifetime in seconds
* @param lifebytes lifebytes, in bytes
* @param auth authentication method to use, or AUTH_NONE
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
* @param udp ENCAP_UDP to use UDP encapsulation
* @return proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp);
/**
* Creates an IKEv1 proposal_substructure_t from a list of proposal_t.
*
* @param proposals list of proposal_t to encode in a substructure
* @param lifetime lifetime in seconds
* @param lifebytes lifebytes, in bytes
* @param auth authentication method to use, or AUTH_NONE
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
* @param udp ENCAP_UDP to use UDP encapsulation
* @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes,
auth_method_t auth, ipsec_mode_t mode, encap_t udp);
/**
* Creates an IKEv1 proposal_substructure_t for IPComp with the given
* proposal_number (e.g. of a ESP proposal to bundle them).
*
* @param lifetime lifetime in seconds
* @param lifebytes lifebytes, in bytes
* @param cpi the CPI to be used
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
* @param udp ENCAP_UDP to use UDP encapsulation
* @param proposal_number the proposal number of the proposal to be linked
* @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE
*/
proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1(
uint32_t lifetime, uint64_t lifebytes, uint16_t cpi,
ipsec_mode_t mode, encap_t udp, uint8_t proposal_number);
#endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/
|
