[apple/ipsec.git] / ipsec-tools / racoon / api_support.h

/*
 * Copyright (c) 2012, 2013 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#ifndef __API_SUPPORT__
#define __API_SUPPORT__

#include <CoreFoundation/CoreFoundation.h>
#include <net/pfkeyv2.h>
#include "racoon_types.h"
#include <sys/socket.h>
#include <SNIPSecIKEDefinitions.h>
#include <SNIPSecDBDefinitions.h>
#include <SNIPSecIKE.h>
#include <SNIPSecDB.h>

struct isakmp_cfg_state;
struct ikev2_traffic_selector;

#define kSNIPSecDBSrcRangeEndAddress        CFSTR("SrcRangeEndAddress")     /* CFString */
#define kSNIPSecDBDstRangeEndAddress        CFSTR("DstRangeEndAddress")     /* CFString */
#define kSNIPSecDBSrcRangeEndPort			CFSTR("SrcRangeEndPort") 		/* CFNumber */
#define kSNIPSecDBDstRangeEndPort			CFSTR("DstRangeEndPort") 		/* CFNumber */

#define kSNIPSecDBPolicyID                  CFSTR("PolicyID") 		/* CFNumber */

#define kSNIPSecDBPolicyType                CFSTR("PolicyType")     /* CFString */
#define kSNIPSecDBValPolicyTypeDiscard      CFSTR("Discard")
#define kSNIPSecDBValPolicyTypeNone         CFSTR("None")
#define kSNIPSecDBValPolicyTypeIPSec        CFSTR("IPSec")
#define kSNIPSecDBValPolicyTypeEntrust      CFSTR("Entrust")
#define kSNIPSecDBValPolicyTypeBypass       CFSTR("Bypass")
#define kSNIPSecDBValPolicyTypeGenerate     CFSTR("Generate")

#define kSNIPSecDBSACreateTime         CFSTR("CreateTime")
#define kSNIPSecDBSACurrentTime         CFSTR("CurrentTime")
#define kSNIPSecDBSADiffTime         CFSTR("DiffTime")
#define kSNIPSecDBSAHardLifetime         CFSTR("HardLifetime")
#define kSNIPSecDBSASoftLifetime         CFSTR("SoftLifetime")
#define kSNIPSecDBSALastUseTime         CFSTR("LastUseTime")
#define kSNIPSecDBSAHardUseTime         CFSTR("HardUseTime")
#define kSNIPSecDBSASoftUseTime         CFSTR("SoftUseTime")
#define kSNIPSecDBSACurrentBytes        CFSTR("CurrentBytes")
#define kSNIPSecDBSAHardBytes           CFSTR("HardBytes")
#define kSNIPSecDBSASoftBytes           CFSTR("SoftBytes")
#define kSNIPSecDBSACurrentAllocations  CFSTR("CurrentAllocations")
#define kSNIPSecDBSAHardAllocations     CFSTR("HardAllocations")
#define kSNIPSecDBSASoftAllocations     CFSTR("SoftAllocations")

#define kSNIPSecDBSAState              CFSTR("State")
#define kSNIPSecDBValSAStateLarval     CFSTR("Larval")
#define kSNIPSecDBValSAStateMature     CFSTR("Mature")
#define kSNIPSecDBValSAStateDying      CFSTR("Dying")
#define kSNIPSecDBValSAStateDead       CFSTR("Dead")

#define kSNIPSecIKEAssignedPCSCFIPv6Address CFSTR("AssignedPCSCFIPv6Address")

typedef uint32_t InternalSessionRef;
typedef uint32_t InternalItemRef;

/* IPSec DB API Types */
typedef InternalSessionRef InternalDBRef;
typedef InternalItemRef InternalDBSARef;
typedef InternalItemRef InternalDBPolicyRef;
typedef InternalItemRef InternalDBInterfaceRef;
#define kInternalDBRefInvalid 0
#define kInternalDBSARefInvalid 0
#define kInternalDBPolicyRefInvalid 0
#define kInternalDBInterfaceRefInvalid 0

/* IKE API Types */
typedef InternalSessionRef InternalIKESARef;
typedef InternalItemRef InternalChildSARef;
#define kInternalIKESARefInvalid 0
#define kInternalChildSARefInvalid 0

/* Internal support functions -- Dictionaries should be verified for required keys and valid types before calling these */
void ASSendXPCReply (InternalSessionRef sessionRef, InternalItemRef objRef, int callType, void *retVal, Boolean success);
void ASSendXPCMessage(uint32_t message, void *messageobj, uint32_t sessionID, uint32_t itemID);

/* IPSec DB API Functions */
InternalDBRef ASDBCreate (void);
InternalDBSARef ASDBGetSPI (InternalDBRef ref, CFDictionaryRef sadata);
InternalDBSARef ASDBCreateSA (InternalDBRef ref, CFDictionaryRef sadata);
Boolean ASDBUpdateSA (InternalDBRef ref, InternalDBSARef saref, CFDictionaryRef sadata);
Boolean ASDBDeleteSA (InternalDBRef ref, InternalDBSARef saref);
Boolean ASDBCopySA (InternalDBRef ref, InternalDBSARef saref);
Boolean ASDBFlushSA (InternalDBRef ref, Boolean *blockForResponse);
CFArrayRef ASDBCopySAIDs (InternalDBRef ref);
InternalDBPolicyRef ASDBAddPolicy (InternalDBRef ref, CFDictionaryRef spdata);
Boolean ASDBDeletePolicy (InternalDBRef ref, InternalDBPolicyRef policyref);
Boolean ASDBCopyPolicy (InternalDBRef ref, InternalDBPolicyRef policyref);
Boolean ASDBFlushPolicy (InternalDBRef ref, Boolean *blockForResponse);
CFArrayRef ASDBCopyPolicyIDs (InternalDBRef ref);
Boolean ASDBFlushAll (InternalDBRef ref, Boolean *blockForResponse);
Boolean ASDBDispose (InternalDBRef ref, Boolean *blockForResponse);

/* IPSec DB Interface Functions */
InternalDBInterfaceRef ASDBCreateIPSecInterface (InternalDBRef ref, struct sockaddr_storage *address, struct sockaddr_storage *netmask, struct sockaddr_storage *v6address, int v6prefix);
Boolean ASDBFlushInterfaces (InternalDBRef ref);

/* IKE API Functions */
InternalIKESARef ASIKECreate (CFDictionaryRef ikedata, CFDictionaryRef childData);
InternalChildSARef ASIKEStartConnection (InternalIKESARef ref);
Boolean ASIKEStopConnection (InternalIKESARef ref);
InternalChildSARef ASIKEStartChildSA (InternalIKESARef ref, CFDictionaryRef ikechilddata);
Boolean ASIKEStopChildSA (InternalIKESARef ref, InternalChildSARef childref);
SNIPSecIKEStatus ASIKEGetConnectionStatus (InternalIKESARef ref);
SNIPSecIKEStatus ASIKEGetChildStatus (InternalIKESARef ref, InternalChildSARef childref);
Boolean ASIKEDispose (InternalIKESARef ref, Boolean *blockForResponse);
Boolean ASIKEEnableAll (InternalIKESARef ref);
Boolean ASIKEDisableAll (InternalIKESARef ref);

/* Functions to support racoon */
InternalDBSARef ASDBGetSPIFromIKE (InternalDBRef ref, phase2_handle_t *phase2);
Boolean ASDBAddSAFromIKE (InternalDBRef ref, phase2_handle_t *phase2, Boolean update);
Boolean ASDBDeleteSAFromIKE (InternalDBRef ref, struct sockaddr_storage *dst, uint32_t spi, int ipsecProtocol);
Boolean ASDBFlushAllForIKEChildSA (InternalDBRef ref, InternalChildSARef childRef);
InternalDBPolicyRef ASDBAddPolicyFromIKE (InternalDBRef ref, phase2_handle_t *phase2);
Boolean ASDBReceivePFKeyMessage (caddr_t *message, int array_size); /* Returns TRUE if handled message */
Boolean ASDBGetIPSecInterfaceName (InternalDBRef ref, char *buf, int bufLen);
Boolean ASIKEConnectionAddChildSAFromIKE (InternalIKESARef ref, phase2_handle_t *childSA);
Boolean ASIKEConnectionSwapChildSAs (InternalIKESARef ref, InternalChildSARef oldChildSA, InternalChildSARef newChildSA);
void ASIKEConnectionExpireChildSAFromIKE (InternalIKESARef ref, InternalChildSARef childSARef);
Boolean ASHasValidSessions (void);
void ASIKEUpdateLocalAddressesFromIKE (void);
void ASIKEUpdateStatusFromIKE (InternalIKESARef ref, InternalChildSARef childRef, uint32_t status, uint32_t reason);
phase2_handle_t *ASIKEConnectionGetChildSAFromIKE (InternalIKESARef ref, InternalChildSARef childSARef);
void ASIKEUpdateConfigurationFromIKE (InternalIKESARef ref, struct isakmp_cfg_state *config);
void ASIKEUpdateTrafficSelectorsFromIKE (InternalIKESARef ref, InternalChildSARef childRef, struct ikev2_traffic_selector *local, struct ikev2_traffic_selector *remote);
void ASIKEStopConnectionFromIKE (InternalIKESARef ref);

#endif
Commit	Line	Data
65c25746 A	1	/*
	2	* Copyright (c) 2012, 2013 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#ifndef __API_SUPPORT__
	25	#define __API_SUPPORT__
	26
	27	#include <CoreFoundation/CoreFoundation.h>
	28	#include <net/pfkeyv2.h>
	29	#include "racoon_types.h"
	30	#include <sys/socket.h>
	31	#include <SNIPSecIKEDefinitions.h>
	32	#include <SNIPSecDBDefinitions.h>
	33	#include <SNIPSecIKE.h>
	34	#include <SNIPSecDB.h>
	35
	36	struct isakmp_cfg_state;
	37	struct ikev2_traffic_selector;
	38
	39	#define kSNIPSecDBSrcRangeEndAddress CFSTR("SrcRangeEndAddress") /* CFString */
	40	#define kSNIPSecDBDstRangeEndAddress CFSTR("DstRangeEndAddress") /* CFString */
	41	#define kSNIPSecDBSrcRangeEndPort CFSTR("SrcRangeEndPort") /* CFNumber */
	42	#define kSNIPSecDBDstRangeEndPort CFSTR("DstRangeEndPort") /* CFNumber */
	43
	44	#define kSNIPSecDBPolicyID CFSTR("PolicyID") /* CFNumber */
	45
	46	#define kSNIPSecDBPolicyType CFSTR("PolicyType") /* CFString */
	47	#define kSNIPSecDBValPolicyTypeDiscard CFSTR("Discard")
	48	#define kSNIPSecDBValPolicyTypeNone CFSTR("None")
	49	#define kSNIPSecDBValPolicyTypeIPSec CFSTR("IPSec")
	50	#define kSNIPSecDBValPolicyTypeEntrust CFSTR("Entrust")
	51	#define kSNIPSecDBValPolicyTypeBypass CFSTR("Bypass")
	52	#define kSNIPSecDBValPolicyTypeGenerate CFSTR("Generate")
	53
	54	#define kSNIPSecDBSACreateTime CFSTR("CreateTime")
	55	#define kSNIPSecDBSACurrentTime CFSTR("CurrentTime")
	56	#define kSNIPSecDBSADiffTime CFSTR("DiffTime")
	57	#define kSNIPSecDBSAHardLifetime CFSTR("HardLifetime")
	58	#define kSNIPSecDBSASoftLifetime CFSTR("SoftLifetime")
	59	#define kSNIPSecDBSALastUseTime CFSTR("LastUseTime")
	60	#define kSNIPSecDBSAHardUseTime CFSTR("HardUseTime")
	61	#define kSNIPSecDBSASoftUseTime CFSTR("SoftUseTime")
	62	#define kSNIPSecDBSACurrentBytes CFSTR("CurrentBytes")
	63	#define kSNIPSecDBSAHardBytes CFSTR("HardBytes")
	64	#define kSNIPSecDBSASoftBytes CFSTR("SoftBytes")
65	#define kSNIPSecDBSACurrentAllocations CFSTR("CurrentAllocations")
66	#define kSNIPSecDBSAHardAllocations CFSTR("HardAllocations")
67	#define kSNIPSecDBSASoftAllocations CFSTR("SoftAllocations")
68
69	#define kSNIPSecDBSAState CFSTR("State")
70	#define kSNIPSecDBValSAStateLarval CFSTR("Larval")
71	#define kSNIPSecDBValSAStateMature CFSTR("Mature")
72	#define kSNIPSecDBValSAStateDying CFSTR("Dying")
73	#define kSNIPSecDBValSAStateDead CFSTR("Dead")
74
75	#define kSNIPSecIKEAssignedPCSCFIPv6Address CFSTR("AssignedPCSCFIPv6Address")
76
77	typedef uint32_t InternalSessionRef;
78	typedef uint32_t InternalItemRef;
79
80	/* IPSec DB API Types */
81	typedef InternalSessionRef InternalDBRef;
82	typedef InternalItemRef InternalDBSARef;
83	typedef InternalItemRef InternalDBPolicyRef;
84	typedef InternalItemRef InternalDBInterfaceRef;
85	#define kInternalDBRefInvalid 0
86	#define kInternalDBSARefInvalid 0
87	#define kInternalDBPolicyRefInvalid 0
88	#define kInternalDBInterfaceRefInvalid 0
89
90	/* IKE API Types */
91	typedef InternalSessionRef InternalIKESARef;
92	typedef InternalItemRef InternalChildSARef;
93	#define kInternalIKESARefInvalid 0
94	#define kInternalChildSARefInvalid 0
95
96	/* Internal support functions -- Dictionaries should be verified for required keys and valid types before calling these */
97	void ASSendXPCReply (InternalSessionRef sessionRef, InternalItemRef objRef, int callType, void *retVal, Boolean success);
98	void ASSendXPCMessage(uint32_t message, void *messageobj, uint32_t sessionID, uint32_t itemID);
99
100	/* IPSec DB API Functions */
101	InternalDBRef ASDBCreate (void);
102	InternalDBSARef ASDBGetSPI (InternalDBRef ref, CFDictionaryRef sadata);
103	InternalDBSARef ASDBCreateSA (InternalDBRef ref, CFDictionaryRef sadata);
104	Boolean ASDBUpdateSA (InternalDBRef ref, InternalDBSARef saref, CFDictionaryRef sadata);
105	Boolean ASDBDeleteSA (InternalDBRef ref, InternalDBSARef saref);
106	Boolean ASDBCopySA (InternalDBRef ref, InternalDBSARef saref);
107	Boolean ASDBFlushSA (InternalDBRef ref, Boolean *blockForResponse);
108	CFArrayRef ASDBCopySAIDs (InternalDBRef ref);
109	InternalDBPolicyRef ASDBAddPolicy (InternalDBRef ref, CFDictionaryRef spdata);
110	Boolean ASDBDeletePolicy (InternalDBRef ref, InternalDBPolicyRef policyref);
111	Boolean ASDBCopyPolicy (InternalDBRef ref, InternalDBPolicyRef policyref);
112	Boolean ASDBFlushPolicy (InternalDBRef ref, Boolean *blockForResponse);
113	CFArrayRef ASDBCopyPolicyIDs (InternalDBRef ref);
114	Boolean ASDBFlushAll (InternalDBRef ref, Boolean *blockForResponse);
115	Boolean ASDBDispose (InternalDBRef ref, Boolean *blockForResponse);
116
117	/* IPSec DB Interface Functions */
118	InternalDBInterfaceRef ASDBCreateIPSecInterface (InternalDBRef ref, struct sockaddr_storage address, struct sockaddr_storage netmask, struct sockaddr_storage *v6address, int v6prefix);
119	Boolean ASDBFlushInterfaces (InternalDBRef ref);
120
121	/* IKE API Functions */
122	InternalIKESARef ASIKECreate (CFDictionaryRef ikedata, CFDictionaryRef childData);
123	InternalChildSARef ASIKEStartConnection (InternalIKESARef ref);
124	Boolean ASIKEStopConnection (InternalIKESARef ref);
125	InternalChildSARef ASIKEStartChildSA (InternalIKESARef ref, CFDictionaryRef ikechilddata);
126	Boolean ASIKEStopChildSA (InternalIKESARef ref, InternalChildSARef childref);
127	SNIPSecIKEStatus ASIKEGetConnectionStatus (InternalIKESARef ref);
128	SNIPSecIKEStatus ASIKEGetChildStatus (InternalIKESARef ref, InternalChildSARef childref);
129	Boolean ASIKEDispose (InternalIKESARef ref, Boolean *blockForResponse);
130	Boolean ASIKEEnableAll (InternalIKESARef ref);
131	Boolean ASIKEDisableAll (InternalIKESARef ref);
132
133	/* Functions to support racoon */
134	InternalDBSARef ASDBGetSPIFromIKE (InternalDBRef ref, phase2_handle_t *phase2);
135	Boolean ASDBAddSAFromIKE (InternalDBRef ref, phase2_handle_t *phase2, Boolean update);
136	Boolean ASDBDeleteSAFromIKE (InternalDBRef ref, struct sockaddr_storage *dst, uint32_t spi, int ipsecProtocol);
137	Boolean ASDBFlushAllForIKEChildSA (InternalDBRef ref, InternalChildSARef childRef);
138	InternalDBPolicyRef ASDBAddPolicyFromIKE (InternalDBRef ref, phase2_handle_t *phase2);
139	Boolean ASDBReceivePFKeyMessage (caddr_t message, int array_size); / Returns TRUE if handled message */
140	Boolean ASDBGetIPSecInterfaceName (InternalDBRef ref, char *buf, int bufLen);
141	Boolean ASIKEConnectionAddChildSAFromIKE (InternalIKESARef ref, phase2_handle_t *childSA);
142	Boolean ASIKEConnectionSwapChildSAs (InternalIKESARef ref, InternalChildSARef oldChildSA, InternalChildSARef newChildSA);
143	void ASIKEConnectionExpireChildSAFromIKE (InternalIKESARef ref, InternalChildSARef childSARef);
144	Boolean ASHasValidSessions (void);
145	void ASIKEUpdateLocalAddressesFromIKE (void);
146	void ASIKEUpdateStatusFromIKE (InternalIKESARef ref, InternalChildSARef childRef, uint32_t status, uint32_t reason);
147	phase2_handle_t *ASIKEConnectionGetChildSAFromIKE (InternalIKESARef ref, InternalChildSARef childSARef);
148	void ASIKEUpdateConfigurationFromIKE (InternalIKESARef ref, struct isakmp_cfg_state *config);
149	void ASIKEUpdateTrafficSelectorsFromIKE (InternalIKESARef ref, InternalChildSARef childRef, struct ikev2_traffic_selector local, struct ikev2_traffic_selector remote);
150	void ASIKEStopConnectionFromIKE (InternalIKESARef ref);
151
152	#endif