]> git.saurik.com Git - apple/ipsec.git/blame - ipsec-tools/racoon/fsm.h
ipsec-317.220.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / fsm.h
CommitLineData
65c25746
A
1/*
2 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22
23#ifndef _FSM_H
24#define _FSM_H
25
26#include <stdlib.h>
27#include <sys/types.h>
28#include <sys/param.h>
29#include <sys/socket.h>
30
31#include "vmbuf.h"
32#include "ike_session.h"
33#include "handler.h"
34#include "strnames.h"
35#include "ipsec_xpc.h"
36
37//================================
38// Defines
39//================================
40//
41
42//
43// State Flags
44//
45// bit#
46// 0 Ike Version 0 = v1 1= v2
47// 1 Expired
48// 2 Established
49// 3 Negotiating
50// 4-5 Ike Phase 1 = Phase1 2 = phase2
51// 6 Reserved
52// 7 Direction 0 = Initiator 1 = Responder
53//
54
55// STATE FLAG MASKS
56#define IKE_STATE_MASK_VERSION 0x8000
57#define IKE_STATE_MASK_EXPIRED 0x4000
58#define IKE_STATE_MASK_ESTABLISHED 0x2000
59#define IKE_STATE_MASK_NEGOTIATING 0x1000
60#define IKE_STATE_MASK_PHASE 0x0C00
61#define IKE_STATE_MASK_XAUTH_OR_EAP_SUCC 0x0200
62#define IKE_STATE_MASK_DIRECTION 0x0100
63#define IKE_STATE_MASK_MODE 0x00C0
64#define IKE_STATE_MASK_STATE 0X003F
65
66#define IKE_STATE_FLAG_VALUE_IKEV1 0x0000
67#define IKE_STATE_FLAG_VALUE_IKEV2 0x8000
68#define IKE_STATE_FLAG_VALUE_EXPIRED 0x4000
69#define IKE_STATE_FLAG_VALUE_ESTABLISED 0x2000
70#define IKE_STATE_FLAG_VALUE_NEGOTIATING 0x1000
71#define IKE_STATE_FLAG_VALUE_PHASE1 0x0400
72#define IKE_STATE_FLAG_VALUE_PHASE2 0x0800
73#define IKE_STATE_FLAG_XAUTH_OR_EAP_SUCC 0x0200
74#define IKE_STATE_FLAG_VALUE_INITIATOR 0x0000
75#define IKE_STATE_FLAG_VALUE_RESPONDER 0x0100
76
77
78//================================
79// MACROS
80//================================
81
82#define FSM_STATE_IS_EXPIRED(s) \
83 ((s) & IKE_STATE_MASK_EXPIRED)
84
85#define FSM_STATE_IS_ESTABLISHED(s) \
86 ((s) & IKE_STATE_MASK_ESTABLISHED)
87
88#define FSM_STATE_IS_ESTABLISHED_OR_EXPIRED(s) \
89 (((s) & IKE_STATE_MASK_ESTABLISHED) | ((s) & IKE_STATE_MASK_EXPIRED))
90
91#define FSM_STATE_IS_NEGOTIATING(s) \
92((s) & IKE_STATE_MASK_NEGOTIATING)
93
94#define FSM_STATE_IS_INITIATOR(s) \
95 ((s & IKE_STATE_MASK_DIRECTION) == IKE_STATE_FLAG_VALUE_INITIATOR)
96
97#define FSM_STATE_IS_RESPONDER(s) \
98((s & IKE_STATE_MASK_DIRECTION) == IKE_STATE_FLAG_VALUE_RESPONDER)
99
100//================================
101// API States
102//================================
103
104//================================
105// IKEv1 States
106//================================
107
108#define IKEV1_STATE_FLAG_VALUE_INFO (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0000)
109#define IKEV1_STATE_FLAG_VALUE_IDENTMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0040)
110#define IKEV1_STATE_FLAG_VALUE_AGGMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0080)
111#define IKEV1_STATE_FLAG_VALUE_QUICKMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x00C0)
112
113
114#define IKEV1_STATE_FLAG_VALUE_SENT 0x0020
115#define IKEV1_STATE_FLAG_VALUE_SPI 0x0010
116#define IKEV1_STATE_FLAG_VALUE_ADDSA 0x0008
117
118
119#define IKEV1_STATE_INITIATOR_IDENT (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
120 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_IDENTMODE)
121
122#define IKEV1_STATE_RESPONDER_IDENT (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
123 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_IDENTMODE)
124
125#define IKEV1_STATE_INITIATOR_AGG (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
126 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_AGGMODE)
127
128#define IKEV1_STATE_RESPONDER_AGG (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
129 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_AGGMODE)
130
131#define IKEV1_STATE_INITIATOR_QUICK (IKE_STATE_FLAG_VALUE_PHASE2 | IKE_STATE_MASK_NEGOTIATING \
132 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_QUICKMODE)
133
134#define IKEV1_STATE_RESPONDER_QUICK (IKE_STATE_FLAG_VALUE_PHASE2 | IKE_STATE_MASK_NEGOTIATING \
135 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_QUICKMODE)
136
137
138#define IKEV1_STATE_PHASE1_ESTABLISHED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE1| IKE_STATE_FLAG_VALUE_ESTABLISED)
139#define IKEV1_STATE_PHASE2_ESTABLISHED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE2| IKE_STATE_FLAG_VALUE_ESTABLISED)
140#define IKEV1_STATE_PHASE1_EXPIRED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE1| IKE_STATE_FLAG_VALUE_EXPIRED)
141#define IKEV1_STATE_PHASE2_EXPIRED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE2| IKE_STATE_FLAG_VALUE_EXPIRED)
142
143 // PHASE 1 INFO
144#define IKEV1_STATE_INFO (IKE_STATE_FLAG_VALUE_IKEV1 | IKEV1_STATE_FLAG_VALUE_INFO | 0x3F)
145
146 // IDENT MODE
147#define IKEV1_STATE_IDENT_I_START (IKEV1_STATE_INITIATOR_IDENT)
148#define IKEV1_STATE_IDENT_I_MSG1SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 1)
149#define IKEV1_STATE_IDENT_I_MSG2RCVD (IKEV1_STATE_INITIATOR_IDENT | 2)
150#define IKEV1_STATE_IDENT_I_MSG3SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 3)
151#define IKEV1_STATE_IDENT_I_MSG4RCVD (IKEV1_STATE_INITIATOR_IDENT | 4)
152#define IKEV1_STATE_IDENT_I_MSG5SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 5)
153#define IKEV1_STATE_IDENT_I_MSG6RCVD (IKEV1_STATE_INITIATOR_IDENT | 6)
154
155#define IKEV1_STATE_IDENT_R_START (IKEV1_STATE_RESPONDER_IDENT)
156#define IKEV1_STATE_IDENT_R_MSG1RCVD (IKEV1_STATE_RESPONDER_IDENT | 1)
157#define IKEV1_STATE_IDENT_R_MSG2SENT (IKEV1_STATE_RESPONDER_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 2)
158#define IKEV1_STATE_IDENT_R_MSG3RCVD (IKEV1_STATE_RESPONDER_IDENT | 3)
159#define IKEV1_STATE_IDENT_R_MSG4SENT (IKEV1_STATE_RESPONDER_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 4)
160#define IKEV1_STATE_IDENT_R_MSG5RCVD (IKEV1_STATE_RESPONDER_IDENT | 5)
161 // AGG MODE
162#define IKEV1_STATE_AGG_I_START (IKEV1_STATE_INITIATOR_AGG)
163#define IKEV1_STATE_AGG_I_MSG1SENT (IKEV1_STATE_INITIATOR_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 1)
164#define IKEV1_STATE_AGG_I_MSG2RCVD (IKEV1_STATE_INITIATOR_AGG | 2)
165#define IKEV1_STATE_AGG_I_MSG3SENT (IKEV1_STATE_INITIATOR_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 3)
166#define IKEV1_STATE_AGG_R_START (IKEV1_STATE_RESPONDER_AGG)
167#define IKEV1_STATE_AGG_R_MSG1RCVD (IKEV1_STATE_RESPONDER_AGG | 1)
168#define IKEV1_STATE_AGG_R_MSG2SENT (IKEV1_STATE_RESPONDER_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 2)
169#define IKEV1_STATE_AGG_R_MSG3RCVD (IKEV1_STATE_RESPONDER_AGG | 3)
170 // QUICK MODE
171#define IKEV1_STATE_QUICK_I_START (IKEV1_STATE_INITIATOR_QUICK)
172#define IKEV1_STATE_QUICK_I_GETSPISENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | IKEV1_STATE_FLAG_VALUE_SPI)
173#define IKEV1_STATE_QUICK_I_GETSPIDONE (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SPI)
174#define IKEV1_STATE_QUICK_I_MSG1SENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 1)
175#define IKEV1_STATE_QUICK_I_MSG2RCVD (IKEV1_STATE_INITIATOR_QUICK | 2)
176#define IKEV1_STATE_QUICK_I_MSG3SENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 3)
177#define IKEV1_STATE_QUICK_I_ADDSA (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_ADDSA)
178#define IKEV1_STATE_QUICK_R_START (IKEV1_STATE_RESPONDER_QUICK)
179#define IKEV1_STATE_QUICK_R_MSG1RCVD (IKEV1_STATE_RESPONDER_QUICK | 1)
180#define IKEV1_STATE_QUICK_R_GETSPISENT (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | IKEV1_STATE_FLAG_VALUE_SPI)
181#define IKEV1_STATE_QUICK_R_GETSPIDONE (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SPI)
182#define IKEV1_STATE_QUICK_R_MSG2SENT (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 2)
183#define IKEV1_STATE_QUICK_R_MSG3RCVD (IKEV1_STATE_RESPONDER_QUICK | 3)
184#define IKEV1_STATE_QUICK_R_COMMIT (IKEV1_STATE_RESPONDER_QUICK | 4)
185#define IKEV1_STATE_QUICK_R_ADDSA (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_ADDSA)
186
65c25746
A
187extern void fsm_set_state(int *var, int state);
188//================================
189// Version Agnostic Events
190//================================
191extern void fsm_api_handle_connect (struct sockaddr_storage *remote, const int connect_mode);
192extern void fsm_api_handle_disconnect (struct sockaddr_storage *remote, const char *reason);
193
194extern void fsm_pfkey_handle_acquire (phase2_handle_t *iph2);
195extern void fsm_pfkey_getspi_complete (phase2_handle_t *iph2);
196
197extern void fsm_isakmp_initial_pkt (vchar_t *msg, struct sockaddr_storage *local, struct sockaddr_storage *remote);
198
199//================================
200// IKEv1 Events
201//================================
202
203extern int fsm_ikev1_phase1_process_payloads (phase1_handle_t *iph1, vchar_t *msg);
204extern int fsm_ikev1_phase2_process_payloads (phase2_handle_t *iph2, vchar_t *msg);
205extern int fsm_ikev1_phase1_send_response(phase1_handle_t *iph1, vchar_t *msg);
206extern int fsm_ikev1_phase2_send_response(phase2_handle_t *iph2, vchar_t *msg);
207
208
209#endif /* _FSM_H */