1 /* $OpenBSD: exchange.h,v 1.29 2005/01/31 10:07:59 hshoexer Exp $	 */
2 /* $EOM: exchange.h,v 1.28 2000/09/28 12:54:28 niklas Exp $	 */
3 
4 /*
5  * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 /*
29  * This code was written under funding by Ericsson Radio Systems.
30  */
31 
32 #ifndef _EXCHANGE_H_
33 #define _EXCHANGE_H_
34 
35 #include <sys/param.h>
36 #include <sys/types.h>
37 #include <sys/queue.h>
38 
39 #include "exchange_num.h"
40 #include "isakmp.h"
41 
42 /* Remove an exchange if it has not been fully negotiated in this time.  */
43 #define EXCHANGE_MAX_TIME 120
44 
45 struct crypto_xf;
46 struct certreq_aca;
47 struct doi;
48 struct event;
49 struct keystate;
50 struct message;
51 struct payload;
52 struct transport;
53 struct sa;
54 
55 struct exchange {
56 	/* Link to exchanges with the same hash value.  */
57 	LIST_ENTRY(exchange) link;
58 
59 	/* A name of the SAs this exchange will result in.  XXX non unique?  */
60 	char           *name;
61 
62 	/*
63 	 * A name of the major policy deciding offers and acceptable
64 	 * proposals.
65 	 */
66 	char           *policy;
67 
68 	/*
69 	 * A function with a polymorphic argument called after the exchange
70 	 * has been run to its end, successfully.  The 2nd argument is true
71 	 * if the finalization hook is called due to the exchange not running
72 	 * to its end normally.
73          */
74 	void            (*finalize)(struct exchange *, void *, int);
75 	void           *finalize_arg;
76 
77 	/* When several SA's are being negotiated we keep them here.  */
78 	TAILQ_HEAD(sa_head, sa) sa_list;
79 
80 	/*
81 	 * The event that will occur when it has taken too long time to try to
82 	 * run the exchange and which will trigger auto-destruction.
83          */
84 	struct event   *death;
85 
86 	/*
87 	 * Both initiator and responder cookies.
88 	 * XXX For code clarity we might split this into two fields.
89          */
90 	u_int8_t        cookies[ISAKMP_HDR_COOKIES_LEN];
91 
92 	/* The message ID signifying phase 2 exchanges.  */
93 	u_int8_t        message_id[ISAKMP_HDR_MESSAGE_ID_LEN];
94 
95 	/* The exchange type we are using.  */
96 	u_int8_t        type;
97 
98 	/* Phase is 1 for ISAKMP SA exchanges, and 2 for application ones.  */
99 	u_int8_t        phase;
100 
101 	/* The "step counter" of the exchange, starting from zero.  */
102 	u_int8_t        step;
103 
104 	/* 1 if we are the initiator, 0 if we are the responder.  */
105 	u_int8_t        initiator;
106 
107 	/* Various flags, look below for descriptions.  */
108 	u_int32_t       flags;
109 
110 	/* The DOI that is to handle DOI-specific issues for this exchange.  */
111 	struct doi     *doi;
112 
113 	/*
114 	 * A "program counter" into the script that validate message contents
115 	 * for this exchange.
116          */
117 	int16_t        *exch_pc;
118 
119 	/* The last message received, used for checking for duplicates.  */
120 	struct message *last_received;
121 
122 	/* The last message sent, to be acked when something new is received.  */
123 	struct message *last_sent;
124 
125 	/*
126 	 * If some message is queued up for sending, we want to be able to
127 	 * remove it from the queue, when the exchange is deleted.
128          */
129 	struct message *in_transit;
130 
131 	/*
132 	 * Initiator's & responder's nonces respectively, with lengths.
133 	 * XXX Should this be in the DOI-specific parts instead?
134          */
135 	u_int8_t       *nonce_i;
136 	size_t          nonce_i_len;
137 	u_int8_t       *nonce_r;
138 	size_t          nonce_r_len;
139 
140 	/*
141 	 * The ID payload contents for the initiator & responder,
142 	 * respectively.
143 	 */
144 	u_int8_t       *id_i;
145 	size_t          id_i_len;
146 	u_int8_t       *id_r;
147 	size_t          id_r_len;
148 
149 	/* Policy session identifier, where applicable.  */
150 	int             policy_id;
151 
152 	/* Crypto info needed to encrypt/decrypt packets in this exchange.  */
153 	struct crypto_xf *crypto;
154 	size_t          key_length;
155 	struct keystate *keystate;
156 
157 	/*
158 	 * Used only by KeyNote, to cache the key used to authenticate Phase
159 	 * 1
160 	 */
161 	char           *keynote_key;	/* printable format */
162 
163 	/*
164 	 * Received certificate - used to verify signatures on packet,
165 	 * stored here for later policy processing.
166          *
167 	 * The rules for the recv_* and sent_* fields are:
168 	 * - recv_cert stores the credential (if any) received from the peer;
169 	 *   the kernel may pass us one, but we ignore it. We pass it to the
170 	 *   kernel so processes can peek at it. When doing passphrase
171 	 *   authentication in Phase 1, this is empty.
172 	 * - recv_key stores the key (public or private) used by the peer
173 	 *   to authenticate. Otherwise, same properties as recv_cert except
174 	 *   that we don't tell the kernel about passphrases (so we don't
175 	 *   reveal system-wide passphrases). Processes that used passphrase
176 	 *   authentication already know the passphrase! We ignore it if/when
177 	 *   received from the kernel (meaningless).
178 	 * - sent_cert stores the credential, if any, we used to authenticate
179 	 *   with the peer. It may be passed to us by the kernel, or we may
180 	 *   have found it in our certificate storage. In either case, there's
181 	 *   no point passing it to the kernel, so we don't.
182 	 * - sent key stores the private key we used for authentication with
183 	 *   the peer (private key or passphrase). This may have been received
184 	 *   from the kernel, or may be a system-wide setting. In either case,
185 	 *   we don't pass it to the kernel, to avoid revealing such information
186 	 *   to processes (processes either already know it, or have no business
187 	 *   knowing it).
188          */
189 	int             recv_certtype, recv_keytype;
190 	void           *recv_cert;	/* Certificate received from peer,
191 					 * native format */
192 	void           *recv_key;	/* Key peer used to authenticate,
193 					 * native format */
194 
195 	/* Likewise, for certificates we use. */
196 	int             sent_certtype, sent_keytype;
197 	void           *sent_cert;	/* Certificate (to be) sent to peer,
198 					 * native format */
199 
200 	/* ACQUIRE sequence number.  */
201 	u_int32_t       seq;
202 
203 	/* XXX This is no longer necessary, it is covered by policy.  */
204 
205 	/* Acceptable authorities for cert requests.  */
206 	TAILQ_HEAD(aca_head, certreq_aca) aca_list;
207 
208 	/* DOI-specific opaque data.  */
209 	void           *data;
210 };
211 
212 /* The flag bits.  */
213 #define EXCHANGE_FLAG_I_COMMITTED	0x01
214 #define EXCHANGE_FLAG_HE_COMMITTED	0x02
215 #define EXCHANGE_FLAG_COMMITTED		(EXCHANGE_FLAG_I_COMMITTED \
216 					 | EXCHANGE_FLAG_HE_COMMITTED)
217 #define EXCHANGE_FLAG_ENCRYPT		0x04
218 #define EXCHANGE_FLAG_NAT_T_CAP_PEER	0x08	/* Peer is NAT capable.  */
219 #define EXCHANGE_FLAG_NAT_T_ENABLE	0x10	/* We are doing NAT-T.  */
220 #define EXCHANGE_FLAG_NAT_T_KEEPALIVE	0x20	/* We are the NAT:ed peer.  */
221 #define EXCHANGE_FLAG_DPD_CAP_PEER	0x40	/* Peer is DPD capable.  */
222 
223 extern int      exchange_add_certs(struct message *);
224 extern void     exchange_finalize(struct message *);
225 extern void     exchange_free(struct exchange *);
226 extern void     exchange_free_aca_list(struct exchange *);
227 extern void     exchange_establish(char *name, void (*)(struct exchange *,
228 		    void *, int), void *);
229 extern void	exchange_establish_p1(struct transport *, u_int8_t, u_int32_t,
230 		    char *, void *, void (*)(struct exchange *, void *, int),
231 		    void *);
232 extern void     exchange_establish_p2(struct sa *, u_int8_t, char *, void *,
233 		    void (*)(struct exchange *, void *, int), void *);
234 extern int      exchange_gen_nonce(struct message *, size_t);
235 extern void     exchange_init(void);
236 extern struct exchange *exchange_lookup(u_int8_t *, int);
237 extern struct exchange *exchange_lookup_by_name(char *, int);
238 extern struct exchange *exchange_lookup_from_icookie(u_int8_t *);
239 extern void     exchange_report(void);
240 extern void     exchange_run(struct message *);
241 extern int      exchange_save_nonce(struct message *);
242 extern int      exchange_save_certreq(struct message *);
243 extern int16_t *exchange_script(struct exchange *);
244 extern struct exchange *exchange_setup_p1(struct message *, u_int32_t);
245 extern struct exchange *exchange_setup_p2(struct message *, u_int8_t);
246 extern void     exchange_upgrade_p1(struct message *);
247 
248 #endif				/* _EXCHANGE_H_ */
249