]> git.ipfire.org Git - thirdparty/strongswan.git/blob - programs/pluto/packet.h
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- import of strongswan-2.7.0
[thirdparty/strongswan.git] / programs / pluto / packet.h
1 /* parsing packets: formats and tools
2 * Copyright (C) 1997 Angelos D. Keromytis.
3 * Copyright (C) 1998-2001 D. Hugh Redelmeier.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * RCSID $Id: packet.h,v 1.5 2005/01/06 22:10:15 as Exp $
16 */
17
18 #ifndef _PACKET_H
19 #define _PACKET_H
20
21 /* a struct_desc describes a structure for the struct I/O routines.
22 * This requires arrays of field_desc values to describe struct fields.
23 */
24
25 typedef const struct struct_desc {
26 const char *name;
27 const struct field_desc *fields;
28 size_t size;
29 } struct_desc;
30
31 /* Note: if an ft_af_enum field has the ISAKMP_ATTR_AF_TV bit set,
32 * the subsequent ft_lv field will be interpreted as an immediate value.
33 * This matches how attributes are encoded.
34 * See RFC 2408 "ISAKMP" 3.3
35 */
36
37 enum field_type {
38 ft_mbz, /* must be zero */
39 ft_nat, /* natural number (may be 0) */
40 ft_len, /* length of this struct and any following crud */
41 ft_lv, /* length/value field of attribute */
42 ft_enum, /* value from an enumeration */
43 ft_loose_enum, /* value from an enumeration with only some names known */
44 ft_af_loose_enum, /* Attribute Format + enumeration, some names known */
45 ft_af_enum, /* Attribute Format + value from an enumeration */
46 ft_set, /* bits representing set */
47 ft_raw, /* bytes to be left in network-order */
48 ft_end, /* end of field list */
49 };
50
51 typedef const struct field_desc {
52 enum field_type field_type;
53 int size; /* size, in bytes, of field */
54 const char *name;
55 const void *desc; /* enum_names for enum or char *[] for bits */
56 } field_desc;
57
58 /* The formatting of input and output of packets is done
59 * through packet_byte_stream objects.
60 * These describe a stream of bytes in memory.
61 * Several routines are provided to manipulate these objects
62 * Actual packet transfer is done elsewhere.
63 */
64 typedef struct packet_byte_stream {
65 struct packet_byte_stream *container; /* PBS of which we are part */
66 struct_desc *desc;
67 const char *name; /* what does this PBS represent? */
68 u_int8_t
69 *start,
70 *cur, /* current position in stream */
71 *roof; /* byte after last in PBS (actually just a limit on output) */
72 /* For an output PBS, the length field will be filled in later so
73 * we need to record its particulars. Note: it may not be aligned.
74 */
75 u_int8_t *lenfld;
76 field_desc *lenfld_desc;
77 } pb_stream;
78
79 /* For an input PBS, pbs_offset is amount of stream processed.
80 * For an output PBS, pbs_offset is current size of stream.
81 * For an input PBS, pbs_room is size of stream.
82 * For an output PBS, pbs_room is maximum size allowed.
83 */
84 #define pbs_offset(pbs) ((size_t)((pbs)->cur - (pbs)->start))
85 #define pbs_room(pbs) ((size_t)((pbs)->roof - (pbs)->start))
86 #define pbs_left(pbs) ((size_t)((pbs)->roof - (pbs)->cur))
87
88 extern void init_pbs(pb_stream *pbs, u_int8_t *start, size_t len, const char *name);
89
90 extern bool in_struct(void *struct_ptr, struct_desc *sd,
91 pb_stream *ins, pb_stream *obj_pbs);
92 extern bool in_raw(void *bytes, size_t len, pb_stream *ins, const char *name);
93
94 extern bool out_struct(const void *struct_ptr, struct_desc *sd,
95 pb_stream *outs, pb_stream *obj_pbs);
96 extern bool out_generic(u_int8_t np, struct_desc *sd,
97 pb_stream *outs, pb_stream *obj_pbs);
98 extern bool out_generic_raw(u_int8_t np, struct_desc *sd,
99 pb_stream *outs, const void *bytes, size_t len, const char *name);
100 #define out_generic_chunk(np, sd, outs, ch, name) \
101 out_generic_raw(np, sd, outs, (ch).ptr, (ch).len, name)
102 extern bool out_zero(size_t len, pb_stream *outs, const char *name);
103 extern bool out_raw(const void *bytes, size_t len, pb_stream *outs, const char *name);
104 #define out_chunk(ch, outs, name) out_raw((ch).ptr, (ch).len, (outs), (name))
105 extern void close_output_pbs(pb_stream *pbs);
106
107 #ifdef DEBUG
108 extern void DBG_print_struct(const char *label, const void *struct_ptr,
109 struct_desc *sd, bool len_meaningful);
110 #endif
111
112 /* ISAKMP Header: for all messages
113 * layout from RFC 2408 "ISAKMP" section 3.1
114 * 1 2 3
115 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
116 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
117 * ! Initiator !
118 * ! Cookie !
119 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
120 * ! Responder !
121 * ! Cookie !
122 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
123 * ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags !
124 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
125 * ! Message ID !
126 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
127 * ! Length !
128 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
129 * Although the drafts are a little unclear, there are a few
130 * places that specify that messages should be padded with 0x00
131 * octets (bytes) to make the length a multiple of something.
132 *
133 * RFC 2408 "ISAKMP" 3.6 specifies that all messages will be
134 * padded to be a multiple of 4 octets in length.
135 * ??? This looks vestigial, and we ignore this requirement.
136 *
137 * RFC 2409 "IKE" Appedix B specifies:
138 * Each message should be padded up to the nearest block size
139 * using bytes containing 0x00.
140 * ??? This does not appear to be limited to encrypted messages,
141 * but it surely must be: the block size is meant to be the encryption
142 * block size, and that is meaningless for a non-encrypted message.
143 *
144 * RFC 2409 "IKE" 5.3 specifies:
145 * Encrypted payloads are padded up to the nearest block size.
146 * All padding bytes, except for the last one, contain 0x00. The
147 * last byte of the padding contains the number of the padding
148 * bytes used, excluding the last one. Note that this means there
149 * will always be padding.
150 * ??? This is nuts since payloads are not padded, messages are.
151 * It also contradicts Appendix B. So we ignore it.
152 *
153 * Summary: we pad encrypted output messages with 0x00 to bring them
154 * up to a multiple of the encryption block size. On input, we require
155 * that any encrypted portion of a message be a multiple of the encryption
156 * block size. After any decryption, we ignore padding (any bytes after
157 * the first payload that specifies a next payload of none; we don't
158 * require them to be zero).
159 */
160
161 struct isakmp_hdr
162 {
163 u_int8_t isa_icookie[COOKIE_SIZE];
164 u_int8_t isa_rcookie[COOKIE_SIZE];
165 u_int8_t isa_np; /* Next payload */
166 u_int8_t isa_version; /* high-order 4 bits: Major; low order 4: Minor */
167 #define ISA_MAJ_SHIFT 4
168 #define ISA_MIN_MASK (~((~0u) << ISA_MAJ_SHIFT))
169 u_int8_t isa_xchg; /* Exchange type */
170 u_int8_t isa_flags;
171 u_int32_t isa_msgid; /* Message ID (RAW) */
172 u_int32_t isa_length; /* Length of message */
173 };
174
175 extern struct_desc isakmp_hdr_desc;
176
177 /* Generic portion of all ISAKMP payloads.
178 * layout from RFC 2408 "ISAKMP" section 3.2
179 * This describes the first 32-bit chunk of all payloads.
180 * The previous next payload depends on the actual payload type.
181 * 1 2 3
182 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
184 * ! Next Payload ! RESERVED ! Payload Length !
185 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
186 */
187 struct isakmp_generic
188 {
189 u_int8_t isag_np;
190 u_int8_t isag_reserved;
191 u_int16_t isag_length;
192 };
193
194 extern struct_desc isakmp_generic_desc;
195
196 /* ISAKMP Data Attribute (generic representation within payloads)
197 * layout from RFC 2408 "ISAKMP" section 3.3
198 * This is not a payload type.
199 * In TLV format, this is followed by a value field.
200 * 1 2 3
201 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
203 * !A! Attribute Type ! AF=0 Attribute Length !
204 * !F! ! AF=1 Attribute Value !
205 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
206 * . AF=0 Attribute Value .
207 * . AF=1 Not Transmitted .
208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
209 */
210 struct isakmp_attribute
211 {
212 /* The high order bit of isaat_af_type is the Attribute Format
213 * If it is off, the format is TLV: lv is the length of the following
214 * attribute value.
215 * If it is on, the format is TV: lv is the value of the attribute.
216 * ISAKMP_ATTR_AF_MASK is the mask in host form.
217 *
218 * The low order 15 bits of isaat_af_type is the Attribute Type.
219 * ISAKMP_ATTR_RTYPE_MASK is the mask in host form.
220 */
221 u_int16_t isaat_af_type; /* high order bit: AF; lower 15: rtype */
222 u_int16_t isaat_lv; /* Length or value */
223 };
224
225 #define ISAKMP_ATTR_AF_MASK 0x8000
226 #define ISAKMP_ATTR_AF_TV ISAKMP_ATTR_AF_MASK /* value in lv */
227 #define ISAKMP_ATTR_AF_TLV 0 /* length in lv; value follows */
228
229 #define ISAKMP_ATTR_RTYPE_MASK 0x7FFF
230
231 extern struct_desc
232 isakmp_oakley_attribute_desc,
233 isakmp_ipsec_attribute_desc;
234
235 /* ISAKMP Security Association Payload
236 * layout from RFC 2408 "ISAKMP" section 3.4
237 * A variable length Situation follows.
238 * Previous next payload: ISAKMP_NEXT_SA
239 * 1 2 3
240 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
241 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
242 * ! Next Payload ! RESERVED ! Payload Length !
243 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
244 * ! Domain of Interpretation (DOI) !
245 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
246 * ! !
247 * ~ Situation ~
248 * ! !
249 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
250 */
251 struct isakmp_sa
252 {
253 u_int8_t isasa_np; /* Next payload */
254 u_int8_t isasa_reserved;
255 u_int16_t isasa_length; /* Payload length */
256 u_int32_t isasa_doi; /* DOI */
257 };
258
259 extern struct_desc isakmp_sa_desc;
260
261 extern struct_desc ipsec_sit_desc;
262
263 /* ISAKMP Proposal Payload
264 * layout from RFC 2408 "ISAKMP" section 3.5
265 * A variable length SPI follows.
266 * Previous next payload: ISAKMP_NEXT_P
267 * 1 2 3
268 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
269 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 * ! Next Payload ! RESERVED ! Payload Length !
271 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
272 * ! Proposal # ! Protocol-Id ! SPI Size !# of Transforms!
273 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
274 * ! SPI (variable) !
275 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
276 */
277 struct isakmp_proposal
278 {
279 u_int8_t isap_np;
280 u_int8_t isap_reserved;
281 u_int16_t isap_length;
282 u_int8_t isap_proposal;
283 u_int8_t isap_protoid;
284 u_int8_t isap_spisize;
285 u_int8_t isap_notrans; /* Number of transforms */
286 };
287
288 extern struct_desc isakmp_proposal_desc;
289
290 /* ISAKMP Transform Payload
291 * layout from RFC 2408 "ISAKMP" section 3.6
292 * Variable length SA Attributes follow.
293 * Previous next payload: ISAKMP_NEXT_T
294 * 1 2 3
295 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
296 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
297 * ! Next Payload ! RESERVED ! Payload Length !
298 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
299 * ! Transform # ! Transform-Id ! RESERVED2 !
300 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
301 * ! !
302 * ~ SA Attributes ~
303 * ! !
304 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
305 */
306 struct isakmp_transform
307 {
308 u_int8_t isat_np;
309 u_int8_t isat_reserved;
310 u_int16_t isat_length;
311 u_int8_t isat_transnum; /* Number of the transform */
312 u_int8_t isat_transid;
313 u_int16_t isat_reserved2;
314 };
315
316 extern struct_desc
317 isakmp_isakmp_transform_desc,
318 isakmp_ah_transform_desc,
319 isakmp_esp_transform_desc,
320 isakmp_ipcomp_transform_desc;
321
322 /* ISAKMP Key Exchange Payload: no fixed fields beyond the generic ones.
323 * layout from RFC 2408 "ISAKMP" section 3.7
324 * Variable Key Exchange Data follow the generic fields.
325 * Previous next payload: ISAKMP_NEXT_KE
326 * 1 2 3
327 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
328 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
329 * ! Next Payload ! RESERVED ! Payload Length !
330 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
331 * ! !
332 * ~ Key Exchange Data ~
333 * ! !
334 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
335 */
336 extern struct_desc isakmp_keyex_desc;
337
338 /* ISAKMP Identification Payload
339 * layout from RFC 2408 "ISAKMP" section 3.8
340 * See "struct identity" declared later.
341 * Variable length Identification Data follow.
342 * Previous next payload: ISAKMP_NEXT_ID
343 * 1 2 3
344 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
345 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
346 * ! Next Payload ! RESERVED ! Payload Length !
347 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
348 * ! ID Type ! DOI Specific ID Data !
349 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
350 * ! !
351 * ~ Identification Data ~
352 * ! !
353 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
354 */
355 struct isakmp_id
356 {
357 u_int8_t isaid_np;
358 u_int8_t isaid_reserved;
359 u_int16_t isaid_length;
360 u_int8_t isaid_idtype;
361 u_int8_t isaid_doi_specific_a;
362 u_int16_t isaid_doi_specific_b;
363 };
364
365 extern struct_desc isakmp_identification_desc;
366
367 /* IPSEC Identification Payload Content
368 * layout from RFC 2407 "IPsec DOI" section 4.6.2
369 * See struct isakmp_id declared earlier.
370 * Note: Hashing skips the ISAKMP generic payload header
371 * Variable length Identification Data follow.
372 * 1 2 3
373 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
374 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
375 * ! Next Payload ! RESERVED ! Payload Length !
376 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
377 * ! ID Type ! Protocol ID ! Port !
378 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
379 * ~ Identification Data ~
380 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
381 */
382 struct isakmp_ipsec_id
383 {
384 u_int8_t isaiid_np;
385 u_int8_t isaiid_reserved;
386 u_int16_t isaiid_length;
387 u_int8_t isaiid_idtype;
388 u_int8_t isaiid_protoid;
389 u_int16_t isaiid_port;
390 };
391
392 extern struct_desc isakmp_ipsec_identification_desc;
393
394 /* ISAKMP Certificate Payload: no fixed fields beyond the generic ones.
395 * layout from RFC 2408 "ISAKMP" section 3.9
396 * Variable length Certificate Data follow the generic fields.
397 * Previous next payload: ISAKMP_NEXT_CERT.
398 * 1 2 3
399 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
400 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
401 * ! Next Payload ! RESERVED ! Payload Length !
402 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
403 * ! Cert Encoding ! !
404 * +-+-+-+-+-+-+-+-+ !
405 * ~ Certificate Data ~
406 * ! !
407 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
408 */
409 struct isakmp_cert
410 {
411 u_int8_t isacert_np;
412 u_int8_t isacert_reserved;
413 u_int16_t isacert_length;
414 u_int8_t isacert_type;
415 };
416
417 /* NOTE: this packet type has a fixed portion that is not a
418 * multiple of 4 octets. This means that sizeof(struct isakmp_cert)
419 * yields the wrong value for the length.
420 */
421 #define ISAKMP_CERT_SIZE 5
422
423 extern struct_desc isakmp_ipsec_certificate_desc;
424
425 /* ISAKMP Certificate Request Payload: no fixed fields beyond the generic ones.
426 * layout from RFC 2408 "ISAKMP" section 3.10
427 * Variable length Certificate Types and Certificate Authorities follow.
428 * Previous next payload: ISAKMP_NEXT_CR.
429 * 1 2 3
430 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
431 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
432 * ! Next Payload ! RESERVED ! Payload Length !
433 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
434 * ! Cert. Type ! !
435 * +-+-+-+-+-+-+-+-+ !
436 * ~ Certificate Authority ~
437 * ! !
438 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
439 */
440 struct isakmp_cr
441 {
442 u_int8_t isacr_np;
443 u_int8_t isacr_reserved;
444 u_int16_t isacr_length;
445 u_int8_t isacr_type;
446 };
447
448 /* NOTE: this packet type has a fixed portion that is not a
449 * multiple of 4 octets. This means that sizeof(struct isakmp_cr)
450 * yields the wrong value for the length.
451 */
452 #define ISAKMP_CR_SIZE 5
453
454 extern struct_desc isakmp_ipsec_cert_req_desc;
455
456 /* ISAKMP Hash Payload: no fixed fields beyond the generic ones.
457 * layout from RFC 2408 "ISAKMP" section 3.11
458 * Variable length Hash Data follow.
459 * Previous next payload: ISAKMP_NEXT_HASH.
460 * 1 2 3
461 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
462 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
463 * ! Next Payload ! RESERVED ! Payload Length !
464 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
465 * ! !
466 * ~ Hash Data ~
467 * ! !
468 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
469 */
470 extern struct_desc isakmp_hash_desc;
471
472 /* ISAKMP Signature Payload: no fixed fields beyond the generic ones.
473 * layout from RFC 2408 "ISAKMP" section 3.12
474 * Variable length Signature Data follow.
475 * Previous next payload: ISAKMP_NEXT_SIG.
476 * 1 2 3
477 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
478 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
479 * ! Next Payload ! RESERVED ! Payload Length !
480 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
481 * ! !
482 * ~ Signature Data ~
483 * ! !
484 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
485 */
486 extern struct_desc isakmp_signature_desc;
487
488 /* ISAKMP Nonce Payload: no fixed fields beyond the generic ones.
489 * layout from RFC 2408 "ISAKMP" section 3.13
490 * Variable length Nonce Data follow.
491 * Previous next payload: ISAKMP_NEXT_NONCE.
492 * 1 2 3
493 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
494 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
495 * ! Next Payload ! RESERVED ! Payload Length !
496 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
497 * ! !
498 * ~ Nonce Data ~
499 * ! !
500 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
501 */
502 extern struct_desc isakmp_nonce_desc;
503
504 /* ISAKMP Notification Payload
505 * layout from RFC 2408 "ISAKMP" section 3.14
506 * This is followed by a variable length SPI
507 * and then possibly by variable length Notification Data.
508 * Previous next payload: ISAKMP_NEXT_N
509 * 1 2 3
510 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
511 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
512 * ! Next Payload ! RESERVED ! Payload Length !
513 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
514 * ! Domain of Interpretation (DOI) !
515 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
516 * ! Protocol-ID ! SPI Size ! Notify Message Type !
517 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
518 * ! !
519 * ~ Security Parameter Index (SPI) ~
520 * ! !
521 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
522 * ! !
523 * ~ Notification Data ~
524 * ! !
525 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
526 */
527 struct isakmp_notification
528 {
529 u_int8_t isan_np;
530 u_int8_t isan_reserved;
531 u_int16_t isan_length;
532 u_int32_t isan_doi;
533 u_int8_t isan_protoid;
534 u_int8_t isan_spisize;
535 u_int16_t isan_type;
536 };
537
538 extern struct_desc isakmp_notification_desc;
539
540 /* ISAKMP Delete Payload
541 * layout from RFC 2408 "ISAKMP" section 3.15
542 * This is followed by a variable length SPI.
543 * Previous next payload: ISAKMP_NEXT_D
544 * 1 2 3
545 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
546 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
547 * ! Next Payload ! RESERVED ! Payload Length !
548 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
549 * ! Domain of Interpretation (DOI) !
550 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
551 * ! Protocol-Id ! SPI Size ! # of SPIs !
552 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
553 * ! !
554 * ~ Security Parameter Index(es) (SPI) ~
555 * ! !
556 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
557 */
558 struct isakmp_delete
559 {
560 u_int8_t isad_np;
561 u_int8_t isad_reserved;
562 u_int16_t isad_length;
563 u_int32_t isad_doi;
564 u_int8_t isad_protoid;
565 u_int8_t isad_spisize;
566 u_int16_t isad_nospi;
567 };
568
569 extern struct_desc isakmp_delete_desc;
570
571 /* From draft-dukes-ike-mode-cfg
572 3.2. Attribute Payload
573 1 2 3
574 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
575 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
576 ! Next Payload ! RESERVED ! Payload Length !
577 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
578 ! Type ! RESERVED ! Identifier !
579 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
580 ! !
581 ! !
582 ~ Attributes ~
583 ! !
584 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
585 */
586 struct isakmp_mode_attr
587 {
588 u_int8_t isama_np;
589 u_int8_t isama_reserved;
590 u_int16_t isama_length;
591 u_int8_t isama_type;
592 u_int8_t isama_reserved2;
593 u_int16_t isama_identifier;
594 };
595
596 extern struct_desc isakmp_attr_desc;
597 extern struct_desc isakmp_modecfg_attribute_desc;
598
599 /* ISAKMP Vendor ID Payload
600 * layout from RFC 2408 "ISAKMP" section 3.15
601 * This is followed by a variable length VID.
602 * Previous next payload: ISAKMP_NEXT_VID
603 * 1 2 3
604 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
606 * ! Next Payload ! RESERVED ! Payload Length !
607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
608 * ! !
609 * ~ Vendor ID (VID) ~
610 * ! !
611 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
612 */
613 extern struct_desc isakmp_vendor_id_desc;
614
615 struct isakmp_nat_oa
616 {
617 u_int8_t isanoa_np;
618 u_int8_t isanoa_reserved_1;
619 u_int16_t isanoa_length;
620 u_int8_t isanoa_idtype;
621 u_int8_t isanoa_reserved_2;
622 u_int16_t isanoa_reserved_3;
623 };
624
625 extern struct_desc isakmp_nat_d;
626 extern struct_desc isakmp_nat_oa;
627
628 /* union of all payloads */
629
630 union payload {
631 struct isakmp_generic generic;
632 struct isakmp_sa sa;
633 struct isakmp_proposal proposal;
634 struct isakmp_transform transform;
635 struct isakmp_id id; /* Main Mode */
636 struct isakmp_cert cert;
637 struct isakmp_cr cr;
638 struct isakmp_ipsec_id ipsec_id; /* Quick Mode */
639 struct isakmp_notification notification;
640 struct isakmp_delete delete;
641 struct isakmp_nat_oa nat_oa;
642 struct isakmp_mode_attr attribute;
643 };
644
645 /* descriptor for each payload type
646 *
647 * There is a slight problem in that some payloads differ, depending
648 * on the mode. Since this is table only used for top-level payloads,
649 * Proposal and Transform payloads need not be handled.
650 * That leaves only Identification payloads as a problem.
651 * We make all these entries NULL
652 */
653 extern struct_desc *const payload_descs[ISAKMP_NEXT_ROOF];
654
655 #endif /* _PACKET_H */
Unnamed repository; edit this file 'description' to name the repository.