]>
Commit | Line | Data |
---|---|---|
47eb8943 TB |
1 | /* |
2 | * Copyright (C) 2012 Tobias Brunner | |
3 | * Copyright (C) 2012 Giuliano Grassi | |
4 | * Copyright (C) 2012 Ralf Sager | |
5 | * Hochschule fuer Technik Rapperswil | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * @defgroup esp_packet esp_packet | |
20 | * @{ @ingroup libipsec | |
21 | */ | |
22 | ||
23 | #ifndef ESP_PACKET_H_ | |
24 | #define ESP_PACKET_H_ | |
25 | ||
b37758c4 | 26 | #include "ip_packet.h" |
47eb8943 TB |
27 | #include "esp_context.h" |
28 | ||
29 | #include <library.h> | |
2e7cc07e | 30 | #include <networking/host.h> |
05a2a795 | 31 | #include <utils/packet.h> |
47eb8943 TB |
32 | |
33 | typedef struct esp_packet_t esp_packet_t; | |
34 | ||
35 | /** | |
36 | * ESP packet | |
37 | */ | |
38 | struct esp_packet_t { | |
39 | ||
05a2a795 TB |
40 | /** |
41 | * Implements packet_t interface to access the raw ESP packet | |
42 | */ | |
43 | packet_t packet; | |
44 | ||
47eb8943 TB |
45 | /** |
46 | * Get the source address of this packet | |
47 | * | |
48 | * @return source host | |
49 | */ | |
50 | host_t *(*get_source)(esp_packet_t *this); | |
51 | ||
52 | /** | |
53 | * Get the destination address of this packet | |
54 | * | |
55 | * @return destination host | |
56 | */ | |
57 | host_t *(*get_destination)(esp_packet_t *this); | |
58 | ||
59 | /** | |
60 | * Parse the packet header before decryption. Tries to read the SPI | |
61 | * from the packet to find a corresponding SA. | |
62 | * | |
63 | * @param spi parsed SPI, in network byte order | |
64 | * @return TRUE when successful, FALSE otherwise (e.g. when the | |
65 | * length of the packet is invalid) | |
66 | */ | |
67 | bool (*parse_header)(esp_packet_t *this, u_int32_t *spi); | |
68 | ||
69 | /** | |
70 | * Authenticate and decrypt the packet. Also verifies the sequence number | |
71 | * using the supplied ESP context and updates the anti-replay window. | |
72 | * | |
73 | * @param esp_context ESP context of corresponding inbound IPsec SA | |
74 | * @return - SUCCESS if successfully authenticated, | |
75 | * decrypted and parsed | |
76 | * - PARSE_ERROR if the length of the packet or the | |
77 | * padding is invalid | |
78 | * - VERIFY_ERROR if the sequence number | |
79 | * verification failed | |
80 | * - FAILED if the ICV (MAC) check or the actual | |
81 | * decryption failed | |
82 | */ | |
83 | status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context); | |
84 | ||
85 | /** | |
86 | * Encapsulate and encrypt the packet. The sequence number will be generated | |
87 | * using the supplied ESP context. | |
88 | * | |
89 | * @param esp_context ESP context of corresponding outbound IPsec SA | |
90 | * @param spi SPI value to use, in network byte order | |
91 | * @return - SUCCESS if encrypted | |
92 | * - FAILED if sequence number cycled or any of the | |
93 | * cryptographic functions failed | |
94 | * - NOT_FOUND if no suitable RNG could be found | |
95 | */ | |
96 | status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context, | |
97 | u_int32_t spi); | |
98 | ||
99 | /** | |
100 | * Get the next header field of a packet. | |
101 | * | |
102 | * @note Packet has to be in the decrypted state. | |
103 | * | |
104 | * @return next header field | |
105 | */ | |
106 | u_int8_t (*get_next_header)(esp_packet_t *this); | |
107 | ||
108 | /** | |
b37758c4 | 109 | * Get the plaintext payload of this packet. |
47eb8943 TB |
110 | * |
111 | * @return plaintext payload (internal data), | |
b37758c4 | 112 | * NULL if not decrypted |
47eb8943 | 113 | */ |
b37758c4 TB |
114 | ip_packet_t *(*get_payload)(esp_packet_t *this); |
115 | ||
116 | /** | |
117 | * Extract the plaintext payload from this packet. | |
118 | * | |
119 | * @return plaintext payload (has to be destroyed), | |
120 | * NULL if not decrypted | |
121 | */ | |
122 | ip_packet_t *(*extract_payload)(esp_packet_t *this); | |
47eb8943 | 123 | |
47eb8943 TB |
124 | /** |
125 | * Destroy an esp_packet_t | |
126 | */ | |
127 | void (*destroy)(esp_packet_t *this); | |
128 | ||
129 | }; | |
130 | ||
131 | /** | |
132 | * Create an ESP packet out of data from the wire. | |
133 | * | |
05a2a795 | 134 | * @param packet the packet data as received, gets owned |
47eb8943 TB |
135 | * @return esp_packet_t instance |
136 | */ | |
05a2a795 | 137 | esp_packet_t *esp_packet_create_from_packet(packet_t *packet); |
47eb8943 TB |
138 | |
139 | /** | |
b37758c4 | 140 | * Create an ESP packet from a plaintext payload |
47eb8943 TB |
141 | * |
142 | * @param src source address | |
143 | * @param dst destination address | |
b37758c4 | 144 | * @param payload plaintext payload, gets owned |
47eb8943 TB |
145 | * @return esp_packet_t instance |
146 | */ | |
147 | esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst, | |
b37758c4 | 148 | ip_packet_t *payload); |
47eb8943 TB |
149 | |
150 | #endif /** ESP_PACKET_H_ @}*/ | |
151 |