2 * Copyright (C) 2009-2015 Tobias Brunner
3 * Copyright (C) 2005-2009 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * @defgroup identification identification
25 #ifndef IDENTIFICATION_H_
26 #define IDENTIFICATION_H_
28 typedef enum id_type_t id_type_t
;
29 typedef struct identification_t identification_t
;
30 typedef enum id_match_t id_match_t
;
31 typedef enum id_part_t id_part_t
;
33 #include <utils/chunk.h>
34 #include <collections/enumerator.h>
37 * Matches returned from identification_t.match
42 /* match to %any ID */
44 /* match with maximum allowed wildcards */
45 ID_MATCH_MAX_WILDCARDS
= 2,
46 /* match with only one wildcard */
47 ID_MATCH_ONE_WILDCARD
= 19,
48 /* perfect match, won't get better */
49 ID_MATCH_PERFECT
= 20,
53 * enum names for id_match_t.
55 extern enum_name_t
*id_match_names
;
58 * ID Types in a ID payload.
63 * private type which matches any other id.
68 * ID data is a single four (4) octet IPv4 address.
73 * ID data is a fully-qualified domain name string.
74 * An example of a ID_FQDN is "example.com".
75 * The string MUST not contain any terminators (e.g., NULL, CR, etc.).
80 * ID data is a fully-qualified RFC822 email address string.
81 * An example of an ID_RFC822_ADDR is "jsmith@example.com".
82 * The string MUST NOT contain any terminators.
84 ID_USER_FQDN
= 3, /* IKEv1 only */
85 ID_RFC822_ADDR
= 3, /* IKEv2 only */
88 * ID data is an IPv4 subnet (IKEv1 only)
90 ID_IPV4_ADDR_SUBNET
= 4,
93 * ID data is a single sixteen (16) octet IPv6 address.
98 * ID data is an IPv6 subnet (IKEv1 only)
100 ID_IPV6_ADDR_SUBNET
= 6,
103 * ID data is an IPv4 address range (IKEv1 only)
105 ID_IPV4_ADDR_RANGE
= 7,
108 * ID data is an IPv6 address range (IKEv1 only)
110 ID_IPV6_ADDR_RANGE
= 8,
113 * ID data is the binary DER encoding of an ASN.1 X.501 Distinguished Name
118 * ID data is the binary DER encoding of an ASN.1 X.509 GeneralName
123 * ID data is an opaque octet stream which may be used to pass vendor-
124 * specific information necessary to do certain proprietary
125 * types of identification.
130 * Private ID type which represents a GeneralName of type URI
132 ID_DER_ASN1_GN_URI
= 201,
136 * enum names for id_type_t.
138 extern enum_name_t
*id_type_names
;
141 * Type of an ID sub part.
144 /** Username part of an RFC822_ADDR */
146 /** Domain part of an RFC822_ADDR */
149 /** Top-Level domain of a FQDN */
151 /** Second-Level domain of a FQDN */
153 /** Another Level domain of a FQDN */
156 /** Country RDN of a DN */
158 /** CommonName RDN of a DN */
160 /** Description RDN of a DN */
162 /** Email RDN of a DN */
164 /** EmployeeNumber RDN of a DN */
166 /** GivenName RDN of a DN */
168 /** Initials RDN of a DN */
170 /** DN Qualifier RDN of a DN */
172 /** dmdName RDN of a DN */
174 /** Pseudonym RDN of a DN */
176 /** UniqueIdentifier RDN of a DN */
178 /** Locality RDN of a DN */
180 /** Name RDN of a DN */
182 /** Organization RDN of a DN */
184 /** OrganizationUnit RDN of a DN */
186 /** Surname RDN of a DN */
188 /** SerialNumber RDN of a DN */
189 ID_PART_RDN_SERIAL_NUMBER
,
190 /** StateOrProvince RDN of a DN */
192 /** Title RDN of a DN */
197 * Generic identification, such as used in ID payload.
199 * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
200 * between them and ID_IPV4_ADDR/RFC822_ADDR would be nice.
202 struct identification_t
{
205 * Get the encoding of this id, to send over
208 * Result points to internal data, do not free.
210 * @return a chunk containing the encoded bytes
212 chunk_t (*get_encoding
) (identification_t
*this);
215 * Get the type of this identification.
219 id_type_t (*get_type
) (identification_t
*this);
222 * Create a hash value for this identification_t object.
224 * @param inc optional value for incremental hashing
227 u_int (*hash
) (identification_t
*this, u_int inc
);
230 * Check if two identification_t objects are equal.
232 * @param other other identification_t object
233 * @return TRUE if the IDs are equal
235 bool (*equals
) (identification_t
*this, identification_t
*other
);
238 * Check if an ID matches a wildcard ID.
240 * An identification_t may contain wildcards, such as
241 * *.strongswan.org. This call checks if a given ID
242 * (e.g. tester.strongswan.org) belongs to a such wildcard
244 * - IDs are identical
245 * - other is of type ID_ANY
246 * - other contains a wildcard and matches this
248 * The larger the return value is, the better is the match. Zero means
249 * no match at all, 1 means a bad match, and 2 a slightly better match.
251 * @param other the ID containing one or more wildcards
252 * @return match value as described above
254 id_match_t (*matches
) (identification_t
*this, identification_t
*other
);
257 * Check if an ID is a wildcard ID.
259 * If the ID represents multiple IDs (with wildcards, or
260 * as the type ID_ANY), TRUE is returned. If it is unique,
263 * @return TRUE if ID contains wildcards
265 bool (*contains_wildcards
) (identification_t
*this);
268 * Create an enumerator over subparts of an identity.
270 * Some identities are built from several parts, e.g. an E-Mail consists
271 * of a username and a domain part, or a DistinguishedName contains several
273 * For identity without subtypes (support), an empty enumerator is
276 * @return an enumerator over (id_part_t type, chunk_t data)
278 enumerator_t
* (*create_part_enumerator
)(identification_t
*this);
281 * Clone a identification_t instance.
283 * @return clone of this
285 identification_t
*(*clone
) (identification_t
*this);
288 * Destroys a identification_t object.
290 void (*destroy
) (identification_t
*this);
294 * Creates an identification_t object from a string.
296 * The input string may be e.g. one of the following:
297 * - ID_IPV4_ADDR: 192.168.0.1
298 * - ID_IPV6_ADDR: 2001:0db8:85a3:08d3:1319:8a2e:0370:7345
299 * - ID_FQDN: www.strongswan.org (optionally with a prepended @)
300 * - ID_RFC822_ADDR: alice@wonderland.org
301 * - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob
303 * In favor of pluto, domainnames are prepended with an @, since
304 * pluto resolves domainnames without an @ to IPv4 addresses. Since
305 * we use a separate host_t class for addresses, this doesn't
308 * A distinguished name may contain one or more of the following RDNs:
309 * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D,
310 * N, G, I, dnQualifier, ID, EN, EmployeeNumber, E, Email, emailAddress, UN,
311 * unstructuredName, TCGID.
313 * To skip automatic type detection the following prefixes may be used to
314 * enforce a specific type: ipv4:, ipv6:, rfc822:, email:, userfqdn:, fqdn:,
315 * dns:, asn1dn:, asn1gn: and keyid:. If a # follows the :, the remaining data
316 * is interpreted as hex encoded binary data for that ID, otherwise the raw
317 * string following the prefix is used as identity data, without conversion.
318 * To specify a non-standard ID type, the numerical type may be prefixed
319 * between curly brackets, building a prefix. For instance the "{1}:" prefix
320 * defines an ID_IPV4_ADDR type.
322 * This constructor never returns NULL. If it does not find a suitable
323 * conversion function, it will copy the string to an ID_KEY_ID.
325 * @param string input string, which will be converted
326 * @return identification_t
328 identification_t
* identification_create_from_string(char *string
);
331 * Creates an identification from a chunk of data, guessing its type.
333 * @param data identification data
334 * @return identification_t
336 identification_t
* identification_create_from_data(chunk_t data
);
339 * Creates an identification_t object from an encoded chunk.
341 * @param type type of this id, such as ID_IPV4_ADDR
342 * @param encoded encoded bytes, such as from identification_t.get_encoding
343 * @return identification_t
345 identification_t
* identification_create_from_encoding(id_type_t type
, chunk_t encoded
);
348 * Creates an identification_t object from a sockaddr struct
350 * @param sockaddr sockaddr struct which contains family and address
351 * @return identification_t
353 identification_t
* identification_create_from_sockaddr(sockaddr_t
*sockaddr
);
356 * printf hook function for identification_t.
359 * identification_t *identification
361 int identification_printf_hook(printf_hook_data_t
*data
,
362 printf_hook_spec_t
*spec
, const void *const *args
);
364 #endif /** IDENTIFICATION_H_ @}*/