2007-04-10 06:01:03 +00:00
|
|
|
/*
|
2012-12-24 11:59:30 +00:00
|
|
|
* Copyright (C) 2012 Tobias Brunner
|
2007-04-10 06:01:03 +00:00
|
|
|
* Copyright (C) 2005-2007 Martin Willi
|
|
|
|
* Copyright (C) 2005 Jan Hutter
|
|
|
|
* Hochschule fuer Technik Rapperswil
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
2008-03-13 14:14:44 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @defgroup ike_cfg ike_cfg
|
|
|
|
* @{ @ingroup config
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef IKE_CFG_H_
|
|
|
|
#define IKE_CFG_H_
|
|
|
|
|
2012-10-16 12:21:17 +00:00
|
|
|
typedef enum ike_version_t ike_version_t;
|
2012-12-24 11:59:30 +00:00
|
|
|
typedef enum fragmentation_t fragmentation_t;
|
2007-04-10 06:01:03 +00:00
|
|
|
typedef struct ike_cfg_t ike_cfg_t;
|
|
|
|
|
|
|
|
#include <library.h>
|
2012-10-16 12:29:18 +00:00
|
|
|
#include <networking/host.h>
|
2012-10-16 12:54:16 +00:00
|
|
|
#include <collections/linked_list.h>
|
2007-04-10 06:01:03 +00:00
|
|
|
#include <utils/identification.h>
|
|
|
|
#include <config/proposal.h>
|
|
|
|
#include <crypto/diffie_hellman.h>
|
|
|
|
|
2012-10-16 12:21:17 +00:00
|
|
|
/**
|
|
|
|
* IKE version.
|
|
|
|
*/
|
|
|
|
enum ike_version_t {
|
|
|
|
/** any version */
|
|
|
|
IKE_ANY = 0,
|
|
|
|
/** IKE version 1 */
|
|
|
|
IKEV1 = 1,
|
|
|
|
/** IKE version 2 */
|
|
|
|
IKEV2 = 2,
|
|
|
|
};
|
|
|
|
|
2012-12-24 11:59:30 +00:00
|
|
|
/**
|
|
|
|
* Proprietary IKEv1 fragmentation
|
|
|
|
*/
|
|
|
|
enum fragmentation_t {
|
|
|
|
/** disable fragmentation */
|
|
|
|
FRAGMENTATION_NO,
|
|
|
|
/** enable fragmentation if supported by peer */
|
|
|
|
FRAGMENTATION_YES,
|
|
|
|
/** force use of fragmentation (even for the first message) */
|
|
|
|
FRAGMENTATION_FORCE,
|
|
|
|
};
|
|
|
|
|
2012-10-16 12:21:17 +00:00
|
|
|
/**
|
|
|
|
* enum strings fro ike_version_t
|
|
|
|
*/
|
|
|
|
extern enum_name_t *ike_version_names;
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* An ike_cfg_t defines the rules to set up an IKE_SA.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2007-04-11 07:20:39 +00:00
|
|
|
* @see peer_cfg_t to get an overview over the configurations.
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
struct ike_cfg_t {
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2012-10-16 12:24:35 +00:00
|
|
|
/**
|
|
|
|
* Get the IKE version to use with this configuration.
|
|
|
|
*
|
|
|
|
* @return IKE major version
|
|
|
|
*/
|
|
|
|
ike_version_t (*get_version)(ike_cfg_t *this);
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get own address.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @param allow_any allow any address to match
|
|
|
|
* @return string of address/DNS name
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2012-06-08 11:01:08 +00:00
|
|
|
char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
|
2007-04-10 06:01:03 +00:00
|
|
|
|
|
|
|
/**
|
2012-06-08 11:01:08 +00:00
|
|
|
* Get peer's address.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @param allow_any allow any address to match
|
|
|
|
* @return string of address/DNS name
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2012-06-08 11:01:08 +00:00
|
|
|
char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2010-02-22 17:11:42 +00:00
|
|
|
/**
|
|
|
|
* Get the port to use as our source port.
|
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return source address port, host order
|
2010-02-22 17:11:42 +00:00
|
|
|
*/
|
|
|
|
u_int16_t (*get_my_port)(ike_cfg_t *this);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the port to use as destination port.
|
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return destination address, host order
|
2010-02-22 17:11:42 +00:00
|
|
|
*/
|
|
|
|
u_int16_t (*get_other_port)(ike_cfg_t *this);
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Adds a proposal to the list.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* The first added proposal has the highest priority, the last
|
|
|
|
* added the lowest.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @param proposal proposal to add
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Returns a list of all supported proposals.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* Returned list and its proposals must be destroyed after use.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return list containing all the proposals
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
linked_list_t* (*get_proposals) (ike_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Select a proposed from suggested proposals.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* Returned proposal must be destroyed after use.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @param proposals list of proposals to select from
|
|
|
|
* @param private accept algorithms from a private range
|
|
|
|
* @return selected proposal, or NULL if none matches.
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2010-01-07 10:07:53 +00:00
|
|
|
proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
|
|
|
|
bool private);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Should we send a certificate request in IKE_SA_INIT?
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return certificate request sending policy
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
bool (*send_certreq) (ike_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-10-01 16:41:34 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Enforce UDP encapsulation by faking NATD notifies?
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-12-24 11:28:01 +00:00
|
|
|
* @return TRUE to enforce UDP encapsulation
|
2007-10-01 16:41:34 +00:00
|
|
|
*/
|
|
|
|
bool (*force_encap) (ike_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2012-12-24 11:28:01 +00:00
|
|
|
/**
|
|
|
|
* Use proprietary IKEv1 fragmentation
|
|
|
|
*
|
|
|
|
* @return TRUE to use fragmentation
|
|
|
|
*/
|
2012-12-24 11:59:30 +00:00
|
|
|
fragmentation_t (*fragmentation) (ike_cfg_t *this);
|
2012-12-24 11:28:01 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Get the DH group to use for IKE_SA setup.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return dh group to use for initialization
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
|
|
|
diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-03-26 10:06:45 +00:00
|
|
|
/**
|
|
|
|
* Check if two IKE configs are equal.
|
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @param other other to check for equality
|
|
|
|
* @return TRUE if other equal to this
|
2008-03-26 10:06:45 +00:00
|
|
|
*/
|
|
|
|
bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-05-06 10:55:42 +00:00
|
|
|
* Increase reference count.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return reference to this
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2008-05-06 10:55:42 +00:00
|
|
|
ike_cfg_t* (*get_ref) (ike_cfg_t *this);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Destroys a ike_cfg_t object.
|
2009-09-04 11:46:09 +00:00
|
|
|
*
|
2007-04-10 06:01:03 +00:00
|
|
|
* Decrements the internal reference counter and
|
|
|
|
* destroys the ike_cfg when it reaches zero.
|
|
|
|
*/
|
|
|
|
void (*destroy) (ike_cfg_t *this);
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
2008-03-13 14:14:44 +00:00
|
|
|
* Creates a ike_cfg_t object.
|
2007-04-10 06:01:03 +00:00
|
|
|
*
|
|
|
|
* Supplied hosts become owned by ike_cfg, the name gets cloned.
|
|
|
|
*
|
2012-10-16 12:24:35 +00:00
|
|
|
* @param version IKE major version to use for this config
|
2012-06-08 11:01:08 +00:00
|
|
|
* @param certreq TRUE to send a certificate request
|
|
|
|
* @param force_encap enforce UDP encapsulation by faking NATD notify
|
|
|
|
* @param me address/DNS name of local peer
|
|
|
|
* @param my_allow_any allow override of local address by any address
|
|
|
|
* @param my_port IKE port to use as source, 500 uses IKEv2 port floating
|
|
|
|
* @param other address/DNS name of remote peer
|
|
|
|
* @param other_allow_any allow override of remote address by any address
|
|
|
|
* @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
|
2012-12-24 11:28:01 +00:00
|
|
|
* @param fragmentation use IKEv1 fragmentation
|
2012-06-08 11:01:08 +00:00
|
|
|
* @return ike_cfg_t object.
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2012-10-16 12:24:35 +00:00
|
|
|
ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
|
2012-06-08 11:01:08 +00:00
|
|
|
char *me, bool my_allow_any, u_int16_t my_port,
|
2012-12-24 11:28:01 +00:00
|
|
|
char *other, bool other_allow_any, u_int16_t other_port,
|
2012-12-24 11:59:30 +00:00
|
|
|
fragmentation_t fragmentation);
|
2007-04-10 06:01:03 +00:00
|
|
|
|
2009-03-24 17:43:01 +00:00
|
|
|
#endif /** IKE_CFG_H_ @}*/
|