projects / thirdparty / strongswan.git / blame
| Commit | Line | Data |
|---|---|---|
| 47eb8943 TB |
1 | /* |
| 2 | * Copyright (C) 2012 Tobias Brunner | |
| 3 | * Copyright (C) 2012 Giuliano Grassi | |
| 4 | * Copyright (C) 2012 Ralf Sager | |
| 5 | * Hochschule fuer Technik Rapperswil | |
| 6 | * | |
| 7 | * This program is free software; you can redistribute it and/or modify it | |
| 8 | * under the terms of the GNU General Public License as published by the | |
| 9 | * Free Software Foundation; either version 2 of the License, or (at your | |
| 10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
| 11 | * | |
| 12 | * This program is distributed in the hope that it will be useful, but | |
| 13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
| 14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
| 15 | * for more details. | |
| 16 | */ | |
| 17 | ||
| 18 | /** | |
| 19 | * @defgroup esp_packet esp_packet | |
| 20 | * @{ @ingroup libipsec | |
| 21 | */ | |
| 22 | ||
| 23 | #ifndef ESP_PACKET_H_ | |
| 24 | #define ESP_PACKET_H_ | |
| 25 | ||
| b37758c4 | 26 | #include "ip_packet.h" |
| 47eb8943 TB |
27 | #include "esp_context.h" |
| 28 | ||
| 29 | #include <library.h> | |
| 2e7cc07e | 30 | #include <networking/host.h> |
| 05a2a795 | 31 | #include <utils/packet.h> |
| 47eb8943 TB |
32 | |
| 33 | typedef struct esp_packet_t esp_packet_t; | |
| 34 | ||
| 35 | /** | |
| 36 | * ESP packet | |
| 37 | */ | |
| 38 | struct esp_packet_t { | |
| 39 | ||
| 05a2a795 TB |
40 | /** |
| 41 | * Implements packet_t interface to access the raw ESP packet | |
| 42 | */ | |
| 43 | packet_t packet; | |
| 44 | ||
| 47eb8943 TB |
45 | /** |
| 46 | * Get the source address of this packet | |
| 47 | * | |
| 48 | * @return source host | |
| 49 | */ | |
| 50 | host_t *(*get_source)(esp_packet_t *this); | |
| 51 | ||
| 52 | /** | |
| 53 | * Get the destination address of this packet | |
| 54 | * | |
| 55 | * @return destination host | |
| 56 | */ | |
| 57 | host_t *(*get_destination)(esp_packet_t *this); | |
| 58 | ||
| 59 | /** | |
| 60 | * Parse the packet header before decryption. Tries to read the SPI | |
| 61 | * from the packet to find a corresponding SA. | |
| 62 | * | |
| 63 | * @param spi parsed SPI, in network byte order | |
| 64 | * @return TRUE when successful, FALSE otherwise (e.g. when the | |
| 65 | * length of the packet is invalid) | |
| 66 | */ | |
| 67 | bool (*parse_header)(esp_packet_t *this, u_int32_t *spi); | |
| 68 | ||
| 69 | /** | |
| 70 | * Authenticate and decrypt the packet. Also verifies the sequence number | |
| 71 | * using the supplied ESP context and updates the anti-replay window. | |
| 72 | * | |
| 73 | * @param esp_context ESP context of corresponding inbound IPsec SA | |
| 74 | * @return - SUCCESS if successfully authenticated, | |
| 75 | * decrypted and parsed | |
| 76 | * - PARSE_ERROR if the length of the packet or the | |
| 77 | * padding is invalid | |
| 78 | * - VERIFY_ERROR if the sequence number | |
| 79 | * verification failed | |
| 80 | * - FAILED if the ICV (MAC) check or the actual | |
| 81 | * decryption failed | |
| 82 | */ | |
| 83 | status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context); | |
| 84 | ||
| 85 | /** | |
| 86 | * Encapsulate and encrypt the packet. The sequence number will be generated | |
| 87 | * using the supplied ESP context. | |
| 88 | * | |
| 89 | * @param esp_context ESP context of corresponding outbound IPsec SA | |
| 90 | * @param spi SPI value to use, in network byte order | |
| 91 | * @return - SUCCESS if encrypted | |
| 92 | * - FAILED if sequence number cycled or any of the | |
| 93 | * cryptographic functions failed | |
| 94 | * - NOT_FOUND if no suitable RNG could be found | |
| 95 | */ | |
| 96 | status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context, | |
| 97 | u_int32_t spi); | |
| 98 | ||
| 99 | /** | |
| 100 | * Get the next header field of a packet. | |
| 101 | * | |
| 102 | * @note Packet has to be in the decrypted state. | |
| 103 | * | |
| 104 | * @return next header field | |
| 105 | */ | |
| 106 | u_int8_t (*get_next_header)(esp_packet_t *this); | |
| 107 | ||
| 108 | /** | |
| b37758c4 | 109 | * Get the plaintext payload of this packet. |
| 47eb8943 TB |
110 | * |
| 111 | * @return plaintext payload (internal data), | |
| b37758c4 | 112 | * NULL if not decrypted |
| 47eb8943 | 113 | */ |
| b37758c4 TB |
114 | ip_packet_t *(*get_payload)(esp_packet_t *this); |
| 115 | ||
| 116 | /** | |
| 117 | * Extract the plaintext payload from this packet. | |
| 118 | * | |
| 119 | * @return plaintext payload (has to be destroyed), | |
| 120 | * NULL if not decrypted | |
| 121 | */ | |
| 122 | ip_packet_t *(*extract_payload)(esp_packet_t *this); | |
| 47eb8943 | 123 | |
| 47eb8943 TB |
124 | /** |
| 125 | * Destroy an esp_packet_t | |
| 126 | */ | |
| 127 | void (*destroy)(esp_packet_t *this); | |
| 128 | ||
| 129 | }; | |
| 130 | ||
| 131 | /** | |
| 132 | * Create an ESP packet out of data from the wire. | |
| 133 | * | |
| 05a2a795 | 134 | * @param packet the packet data as received, gets owned |
| 47eb8943 TB |
135 | * @return esp_packet_t instance |
| 136 | */ | |
| 05a2a795 | 137 | esp_packet_t *esp_packet_create_from_packet(packet_t *packet); |
| 47eb8943 TB |
138 | |
| 139 | /** | |
| b37758c4 | 140 | * Create an ESP packet from a plaintext payload |
| 47eb8943 TB |
141 | * |
| 142 | * @param src source address | |
| 143 | * @param dst destination address | |
| b37758c4 | 144 | * @param payload plaintext payload, gets owned |
| 47eb8943 TB |
145 | * @return esp_packet_t instance |
| 146 | */ | |
| 147 | esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst, | |
| b37758c4 | 148 | ip_packet_t *payload); |
| 47eb8943 TB |
149 | |
| 150 | #endif /** ESP_PACKET_H_ @}*/ | |
| 151 |