-/* $Id: oakley.h,v 1.9 2004/10/24 17:37:00 manubsd Exp $ */
+/* $NetBSD: oakley.h,v 1.5 2006/10/06 12:02:27 manu Exp $ */
+
+/* Id: oakley.h,v 1.13 2005/05/30 20:12:43 fredsen Exp */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
#ifndef _OAKLEY_H
#define _OAKLEY_H
+#include "config.h"
+#include "racoon_types.h"
+
#include "vmbuf.h"
+#ifndef HAVE_OPENSSL
+#include <Security/SecDH.h>
+#endif
+
/* refer to RFC 2409 */
/* 65001 - 65535 Private Use */
- /* Plain Xauth, Not implemented */
+ /* Plain Xauth */
#define OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I 65001
#define OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R 65002
#define OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I 65003
#define OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R 65008
#define OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I 65009
#define OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R 65010
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_PSKEY_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_PSKEY_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_DSSSIG_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_DSSSIG_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSASIG_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSASIG_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAENC_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAENC_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAREV_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAREV_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R
#endif
+ /* 65500 -> still private
+ * to avoid clash with GSSAPI_KRB below
+ */
+#define FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I 65500
+#define FICTIVE_AUTH_METHOD_EAP_PSKEY_I FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I
+
+
/*
* The following are valid when the Vendor ID is one of
* the following:
#define MAXPADLWORD 20
struct dhgroup {
+#ifndef HAVE_OPENSSL
+ int desc;
+#endif
int type;
vchar_t *prime;
int gen1;
vchar_t *order;
};
+typedef enum cert_status {
+ CERT_STATUS_OK = 0,
+ CERT_STATUS_PREMATURE,
+ CERT_STATUS_EXPIRED,
+ CERT_STATUS_INVALID_SUBJNAME,
+ CERT_STATUS_INVALID_SUBJALTNAME,
+ CERT_STATUS_INVALID,
+} cert_status_t;
+
+#define IS_CERT_STATUS_ERROR(status) (status > CERT_STATUS_OK && status < CERT_STATUS_INVALID)
+
/* certificate holder */
typedef struct cert_t_tag {
u_int8_t type; /* type of CERT, must be same to pl->v[0]*/
vchar_t cert; /* pointer to the CERT */
vchar_t *pl; /* CERT payload minus isakmp general header */
+ cert_status_t status;
+ struct cert_t_tag *chain;
} cert_t;
-struct ph1handle;
-struct ph2handle;
struct isakmp_ivm;
-extern int oakley_get_defaultlifetime __P((void));
+extern int oakley_get_defaultlifetime (void);
-extern int oakley_dhinit __P((void));
-extern void oakley_dhgrp_free __P((struct dhgroup *));
-extern int oakley_dh_compute __P((const struct dhgroup *,
- vchar_t *, vchar_t *, vchar_t *, vchar_t **));
-extern int oakley_dh_generate __P((const struct dhgroup *,
- vchar_t **, vchar_t **));
-extern int oakley_setdhgroup __P((int, struct dhgroup **));
+extern int oakley_dhinit (void);
+extern void oakley_dhgrp_free (struct dhgroup *);
+#ifdef HAVE_OPENSSL
+extern int oakley_dh_compute (const struct dhgroup *, vchar_t *, vchar_t *, vchar_t *, vchar_t **);
+extern int oakley_dh_generate (const struct dhgroup *, vchar_t **, vchar_t **);
+#else
+extern int oakley_dh_compute (const struct dhgroup *, vchar_t *, size_t, vchar_t **, SecDHContext*);
+extern int oakley_dh_generate (const struct dhgroup *, vchar_t **, size_t *, SecDHContext*);
+#endif
+extern int oakley_setdhgroup (int, struct dhgroup **);
-extern vchar_t *oakley_prf __P((vchar_t *, vchar_t *, struct ph1handle *));
-extern vchar_t *oakley_hash __P((vchar_t *, struct ph1handle *));
+extern vchar_t *oakley_prf (vchar_t *, vchar_t *, phase1_handle_t *);
+extern vchar_t *oakley_hash (vchar_t *, phase1_handle_t *);
-extern int oakley_compute_keymat __P((struct ph2handle *, int));
+extern int oakley_compute_keymat (phase2_handle_t *, int);
#if notyet
-extern vchar_t *oakley_compute_hashx __P((void));
+extern vchar_t *oakley_compute_hashx (void);
#endif
-extern vchar_t *oakley_compute_hash3 __P((struct ph1handle *,
- u_int32_t, vchar_t *));
-extern vchar_t *oakley_compute_hash1 __P((struct ph1handle *,
- u_int32_t, vchar_t *));
-extern vchar_t *oakley_ph1hash_common __P((struct ph1handle *, int));
-extern vchar_t *oakley_ph1hash_base_i __P((struct ph1handle *, int));
-extern vchar_t *oakley_ph1hash_base_r __P((struct ph1handle *, int));
-
-extern int oakley_validate_auth __P((struct ph1handle *));
-extern int oakley_getmycert __P((struct ph1handle *));
-extern int oakley_getsign __P((struct ph1handle *));
-extern vchar_t *oakley_getcr __P((struct ph1handle *));
-extern int oakley_checkcr __P((struct ph1handle *));
-extern int oakley_needcr __P((int));
+extern vchar_t *oakley_compute_hash3 (phase1_handle_t *, u_int32_t, vchar_t *);
+extern vchar_t *oakley_compute_hash1 (phase1_handle_t *, u_int32_t, vchar_t *);
+extern vchar_t *oakley_ph1hash_common (phase1_handle_t *, int);
+extern vchar_t *oakley_ph1hash_base_i (phase1_handle_t *, int);
+extern vchar_t *oakley_ph1hash_base_r (phase1_handle_t *, int);
+
+extern int oakley_validate_auth (phase1_handle_t *);
+extern int oakley_getmycert (phase1_handle_t *);
+extern int oakley_getsign (phase1_handle_t *);
+extern cert_t * oakley_get_peer_cert_from_certchain (phase1_handle_t *);
+extern int oakley_find_status_in_certchain (cert_t *, cert_status_t);
+extern void oakley_verify_certid (phase1_handle_t *);
+extern vchar_t *oakley_getcr (phase1_handle_t *);
+extern int oakley_checkcr (phase1_handle_t *);
+extern int oakley_needcr (int);
struct isakmp_gen;
-extern int oakley_savecert __P((struct ph1handle *, struct isakmp_gen *));
-extern int oakley_savecr __P((struct ph1handle *, struct isakmp_gen *));
-
-extern int oakley_skeyid __P((struct ph1handle *));
-extern int oakley_skeyid_dae __P((struct ph1handle *));
-
-extern int oakley_compute_enckey __P((struct ph1handle *));
-extern cert_t *oakley_newcert __P((void));
-extern void oakley_delcert __P((cert_t *));
-extern int oakley_newiv __P((struct ph1handle *));
-extern struct isakmp_ivm *oakley_newiv2 __P((struct ph1handle *, u_int32_t));
-extern void oakley_delivm __P((struct isakmp_ivm *));
-extern vchar_t *oakley_do_decrypt __P((struct ph1handle *,
- vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *oakley_do_encrypt __P((struct ph1handle *,
- vchar_t *, vchar_t *, vchar_t *));
+extern int oakley_savecert (phase1_handle_t *, struct isakmp_gen *);
+extern int oakley_savecr (phase1_handle_t *, struct isakmp_gen *);
+
+extern vchar_t * oakley_getpskall (phase1_handle_t *);
+extern int oakley_skeyid (phase1_handle_t *);
+extern int oakley_skeyid_dae (phase1_handle_t *);
+
+extern int oakley_compute_enckey (phase1_handle_t *);
+extern cert_t *oakley_newcert (void);
+extern void oakley_delcert (cert_t *);
+extern int oakley_newiv (phase1_handle_t *);
+extern struct isakmp_ivm *oakley_newiv2 (phase1_handle_t *, u_int32_t);
+extern void oakley_delivm (struct isakmp_ivm *);
+extern vchar_t *oakley_do_decrypt (phase1_handle_t *, vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *oakley_do_encrypt (phase1_handle_t *, vchar_t *, vchar_t *, vchar_t *);
+
+#ifdef ENABLE_HYBRID
+#define AUTHMETHOD(iph1) \
+ (((iph1)->rmconf->xauth && \
+ (iph1)->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I) ? \
+ FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I : (iph1)->approval->authmethod)
+#define RMAUTHMETHOD(iph1) \
+ (((iph1)->rmconf->xauth && \
+ (iph1)->rmconf->proposal->authmethod == \
+ OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I) ? \
+ FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I : \
+ (iph1)->rmconf->proposal->authmethod)
+#else
+#define AUTHMETHOD(iph1) (iph1)->approval->authmethod
+#define RMAUTHMETHOD(iph1) (iph1)->rmconf->proposal->authmethod
+#endif /* ENABLE_HYBRID */
#endif /* _OAKLEY_H */
projects / apple / ipsec.git / blobdiff