]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/fsm.h
ipsec-317.220.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / fsm.h
1 /*
2 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
11 *
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
18 * under the License.
19 *
20 * @APPLE_LICENSE_HEADER_END@
21 */
22
23 #ifndef _FSM_H
24 #define _FSM_H
25
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/param.h>
29 #include <sys/socket.h>
30
31 #include "vmbuf.h"
32 #include "ike_session.h"
33 #include "handler.h"
34 #include "strnames.h"
35 #include "ipsec_xpc.h"
36
37 //================================
38 // Defines
39 //================================
40 //
41
42 //
43 // State Flags
44 //
45 // bit#
46 // 0 Ike Version 0 = v1 1= v2
47 // 1 Expired
48 // 2 Established
49 // 3 Negotiating
50 // 4-5 Ike Phase 1 = Phase1 2 = phase2
51 // 6 Reserved
52 // 7 Direction 0 = Initiator 1 = Responder
53 //
54
55 // STATE FLAG MASKS
56 #define IKE_STATE_MASK_VERSION 0x8000
57 #define IKE_STATE_MASK_EXPIRED 0x4000
58 #define IKE_STATE_MASK_ESTABLISHED 0x2000
59 #define IKE_STATE_MASK_NEGOTIATING 0x1000
60 #define IKE_STATE_MASK_PHASE 0x0C00
61 #define IKE_STATE_MASK_XAUTH_OR_EAP_SUCC 0x0200
62 #define IKE_STATE_MASK_DIRECTION 0x0100
63 #define IKE_STATE_MASK_MODE 0x00C0
64 #define IKE_STATE_MASK_STATE 0X003F
65
66 #define IKE_STATE_FLAG_VALUE_IKEV1 0x0000
67 #define IKE_STATE_FLAG_VALUE_IKEV2 0x8000
68 #define IKE_STATE_FLAG_VALUE_EXPIRED 0x4000
69 #define IKE_STATE_FLAG_VALUE_ESTABLISED 0x2000
70 #define IKE_STATE_FLAG_VALUE_NEGOTIATING 0x1000
71 #define IKE_STATE_FLAG_VALUE_PHASE1 0x0400
72 #define IKE_STATE_FLAG_VALUE_PHASE2 0x0800
73 #define IKE_STATE_FLAG_XAUTH_OR_EAP_SUCC 0x0200
74 #define IKE_STATE_FLAG_VALUE_INITIATOR 0x0000
75 #define IKE_STATE_FLAG_VALUE_RESPONDER 0x0100
76
77
78 //================================
79 // MACROS
80 //================================
81
82 #define FSM_STATE_IS_EXPIRED(s) \
83 ((s) & IKE_STATE_MASK_EXPIRED)
84
85 #define FSM_STATE_IS_ESTABLISHED(s) \
86 ((s) & IKE_STATE_MASK_ESTABLISHED)
87
88 #define FSM_STATE_IS_ESTABLISHED_OR_EXPIRED(s) \
89 (((s) & IKE_STATE_MASK_ESTABLISHED) | ((s) & IKE_STATE_MASK_EXPIRED))
90
91 #define FSM_STATE_IS_NEGOTIATING(s) \
92 ((s) & IKE_STATE_MASK_NEGOTIATING)
93
94 #define FSM_STATE_IS_INITIATOR(s) \
95 ((s & IKE_STATE_MASK_DIRECTION) == IKE_STATE_FLAG_VALUE_INITIATOR)
96
97 #define FSM_STATE_IS_RESPONDER(s) \
98 ((s & IKE_STATE_MASK_DIRECTION) == IKE_STATE_FLAG_VALUE_RESPONDER)
99
100 //================================
101 // API States
102 //================================
103
104 //================================
105 // IKEv1 States
106 //================================
107
108 #define IKEV1_STATE_FLAG_VALUE_INFO (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0000)
109 #define IKEV1_STATE_FLAG_VALUE_IDENTMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0040)
110 #define IKEV1_STATE_FLAG_VALUE_AGGMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0080)
111 #define IKEV1_STATE_FLAG_VALUE_QUICKMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x00C0)
112
113
114 #define IKEV1_STATE_FLAG_VALUE_SENT 0x0020
115 #define IKEV1_STATE_FLAG_VALUE_SPI 0x0010
116 #define IKEV1_STATE_FLAG_VALUE_ADDSA 0x0008
117
118
119 #define IKEV1_STATE_INITIATOR_IDENT (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
120 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_IDENTMODE)
121
122 #define IKEV1_STATE_RESPONDER_IDENT (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
123 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_IDENTMODE)
124
125 #define IKEV1_STATE_INITIATOR_AGG (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
126 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_AGGMODE)
127
128 #define IKEV1_STATE_RESPONDER_AGG (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \
129 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_AGGMODE)
130
131 #define IKEV1_STATE_INITIATOR_QUICK (IKE_STATE_FLAG_VALUE_PHASE2 | IKE_STATE_MASK_NEGOTIATING \
132 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_QUICKMODE)
133
134 #define IKEV1_STATE_RESPONDER_QUICK (IKE_STATE_FLAG_VALUE_PHASE2 | IKE_STATE_MASK_NEGOTIATING \
135 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_QUICKMODE)
136
137
138 #define IKEV1_STATE_PHASE1_ESTABLISHED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE1| IKE_STATE_FLAG_VALUE_ESTABLISED)
139 #define IKEV1_STATE_PHASE2_ESTABLISHED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE2| IKE_STATE_FLAG_VALUE_ESTABLISED)
140 #define IKEV1_STATE_PHASE1_EXPIRED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE1| IKE_STATE_FLAG_VALUE_EXPIRED)
141 #define IKEV1_STATE_PHASE2_EXPIRED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE2| IKE_STATE_FLAG_VALUE_EXPIRED)
142
143 // PHASE 1 INFO
144 #define IKEV1_STATE_INFO (IKE_STATE_FLAG_VALUE_IKEV1 | IKEV1_STATE_FLAG_VALUE_INFO | 0x3F)
145
146 // IDENT MODE
147 #define IKEV1_STATE_IDENT_I_START (IKEV1_STATE_INITIATOR_IDENT)
148 #define IKEV1_STATE_IDENT_I_MSG1SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 1)
149 #define IKEV1_STATE_IDENT_I_MSG2RCVD (IKEV1_STATE_INITIATOR_IDENT | 2)
150 #define IKEV1_STATE_IDENT_I_MSG3SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 3)
151 #define IKEV1_STATE_IDENT_I_MSG4RCVD (IKEV1_STATE_INITIATOR_IDENT | 4)
152 #define IKEV1_STATE_IDENT_I_MSG5SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 5)
153 #define IKEV1_STATE_IDENT_I_MSG6RCVD (IKEV1_STATE_INITIATOR_IDENT | 6)
154
155 #define IKEV1_STATE_IDENT_R_START (IKEV1_STATE_RESPONDER_IDENT)
156 #define IKEV1_STATE_IDENT_R_MSG1RCVD (IKEV1_STATE_RESPONDER_IDENT | 1)
157 #define IKEV1_STATE_IDENT_R_MSG2SENT (IKEV1_STATE_RESPONDER_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 2)
158 #define IKEV1_STATE_IDENT_R_MSG3RCVD (IKEV1_STATE_RESPONDER_IDENT | 3)
159 #define IKEV1_STATE_IDENT_R_MSG4SENT (IKEV1_STATE_RESPONDER_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 4)
160 #define IKEV1_STATE_IDENT_R_MSG5RCVD (IKEV1_STATE_RESPONDER_IDENT | 5)
161 // AGG MODE
162 #define IKEV1_STATE_AGG_I_START (IKEV1_STATE_INITIATOR_AGG)
163 #define IKEV1_STATE_AGG_I_MSG1SENT (IKEV1_STATE_INITIATOR_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 1)
164 #define IKEV1_STATE_AGG_I_MSG2RCVD (IKEV1_STATE_INITIATOR_AGG | 2)
165 #define IKEV1_STATE_AGG_I_MSG3SENT (IKEV1_STATE_INITIATOR_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 3)
166 #define IKEV1_STATE_AGG_R_START (IKEV1_STATE_RESPONDER_AGG)
167 #define IKEV1_STATE_AGG_R_MSG1RCVD (IKEV1_STATE_RESPONDER_AGG | 1)
168 #define IKEV1_STATE_AGG_R_MSG2SENT (IKEV1_STATE_RESPONDER_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 2)
169 #define IKEV1_STATE_AGG_R_MSG3RCVD (IKEV1_STATE_RESPONDER_AGG | 3)
170 // QUICK MODE
171 #define IKEV1_STATE_QUICK_I_START (IKEV1_STATE_INITIATOR_QUICK)
172 #define IKEV1_STATE_QUICK_I_GETSPISENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | IKEV1_STATE_FLAG_VALUE_SPI)
173 #define IKEV1_STATE_QUICK_I_GETSPIDONE (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SPI)
174 #define IKEV1_STATE_QUICK_I_MSG1SENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 1)
175 #define IKEV1_STATE_QUICK_I_MSG2RCVD (IKEV1_STATE_INITIATOR_QUICK | 2)
176 #define IKEV1_STATE_QUICK_I_MSG3SENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 3)
177 #define IKEV1_STATE_QUICK_I_ADDSA (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_ADDSA)
178 #define IKEV1_STATE_QUICK_R_START (IKEV1_STATE_RESPONDER_QUICK)
179 #define IKEV1_STATE_QUICK_R_MSG1RCVD (IKEV1_STATE_RESPONDER_QUICK | 1)
180 #define IKEV1_STATE_QUICK_R_GETSPISENT (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | IKEV1_STATE_FLAG_VALUE_SPI)
181 #define IKEV1_STATE_QUICK_R_GETSPIDONE (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SPI)
182 #define IKEV1_STATE_QUICK_R_MSG2SENT (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 2)
183 #define IKEV1_STATE_QUICK_R_MSG3RCVD (IKEV1_STATE_RESPONDER_QUICK | 3)
184 #define IKEV1_STATE_QUICK_R_COMMIT (IKEV1_STATE_RESPONDER_QUICK | 4)
185 #define IKEV1_STATE_QUICK_R_ADDSA (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_ADDSA)
186
187 extern void fsm_set_state(int *var, int state);
188 //================================
189 // Version Agnostic Events
190 //================================
191 extern void fsm_api_handle_connect (struct sockaddr_storage *remote, const int connect_mode);
192 extern void fsm_api_handle_disconnect (struct sockaddr_storage *remote, const char *reason);
193
194 extern void fsm_pfkey_handle_acquire (phase2_handle_t *iph2);
195 extern void fsm_pfkey_getspi_complete (phase2_handle_t *iph2);
196
197 extern void fsm_isakmp_initial_pkt (vchar_t *msg, struct sockaddr_storage *local, struct sockaddr_storage *remote);
198
199 //================================
200 // IKEv1 Events
201 //================================
202
203 extern int fsm_ikev1_phase1_process_payloads (phase1_handle_t *iph1, vchar_t *msg);
204 extern int fsm_ikev1_phase2_process_payloads (phase2_handle_t *iph2, vchar_t *msg);
205 extern int fsm_ikev1_phase1_send_response(phase1_handle_t *iph1, vchar_t *msg);
206 extern int fsm_ikev1_phase2_send_response(phase2_handle_t *iph2, vchar_t *msg);
207
208
209 #endif /* _FSM_H */