X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/52b7d2ce06d68d0a9160d16f6e7c08c21c149d0d..HEAD:/ipsec-tools/racoon/oakley.h?ds=sidebyside

diff --git a/ipsec-tools/racoon/oakley.h b/ipsec-tools/racoon/oakley.h
index 66edfef..597e132 100644
--- a/ipsec-tools/racoon/oakley.h
+++ b/ipsec-tools/racoon/oakley.h
@@ -1,4 +1,6 @@
-/* $Id: oakley.h,v 1.9 2004/10/24 17:37:00 manubsd Exp $ */
+/*	$NetBSD: oakley.h,v 1.5 2006/10/06 12:02:27 manu Exp $	*/
+
+/* Id: oakley.h,v 1.13 2005/05/30 20:12:43 fredsen Exp */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -32,7 +34,14 @@
 #ifndef _OAKLEY_H
 #define _OAKLEY_H
 
+#include "config.h"
+#include "racoon_types.h"
+
 #include "vmbuf.h"
+#ifndef HAVE_OPENSSL
+#include <Security/SecDH.h>
+#endif
+
 
 /* refer to RFC 2409 */
 
@@ -73,7 +82,7 @@
 
 					/*	65001 - 65535 Private Use */
 
-        /* Plain Xauth, Not implemented */
+        /* Plain Xauth */
 #define OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I	65001
 #define OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R	65002
 #define OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I	65003
@@ -84,8 +93,25 @@
 #define OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R	65008
 #define OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I	65009
 #define OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R	65010
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_PSKEY_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_PSKEY_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_DSSSIG_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_DSSSIG_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSASIG_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSASIG_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSASIG_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAENC_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAENC_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAENC_R
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAREV_I OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_I
+#define OAKLEY_ATTR_AUTH_METHOD_EAP_RSAREV_R OAKLEY_ATTR_AUTH_METHOD_XAUTH_RSAREV_R
 #endif
 
+					/*	65500 -> still private
+					 * to avoid clash with GSSAPI_KRB below 
+					 */
+#define FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I	65500
+#define FICTIVE_AUTH_METHOD_EAP_PSKEY_I FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I
+
+
 	/*
 	 * The following are valid when the Vendor ID is one of
 	 * the following:
@@ -145,6 +171,9 @@
 #define MAXPADLWORD	20
 
 struct dhgroup {
+#ifndef HAVE_OPENSSL
+	int desc;
+#endif
 	int type;
 	vchar_t *prime;
 	int gen1;
@@ -154,65 +183,95 @@ struct dhgroup {
 	vchar_t *order;
 };
 
+typedef enum cert_status {
+	CERT_STATUS_OK = 0,
+	CERT_STATUS_PREMATURE,
+	CERT_STATUS_EXPIRED,
+	CERT_STATUS_INVALID_SUBJNAME,
+	CERT_STATUS_INVALID_SUBJALTNAME,
+	CERT_STATUS_INVALID,
+} cert_status_t;
+
+#define IS_CERT_STATUS_ERROR(status) (status > CERT_STATUS_OK && status < CERT_STATUS_INVALID)
+
 /* certificate holder */
 typedef struct cert_t_tag {
 	u_int8_t type;		/* type of CERT, must be same to pl->v[0]*/
 	vchar_t cert;		/* pointer to the CERT */
 	vchar_t *pl;		/* CERT payload minus isakmp general header */
+	cert_status_t status;
+	struct cert_t_tag *chain;
 } cert_t;
 
-struct ph1handle;
-struct ph2handle;
 struct isakmp_ivm;
 
-extern int oakley_get_defaultlifetime __P((void));
+extern int oakley_get_defaultlifetime (void);
 
-extern int oakley_dhinit __P((void));
-extern void oakley_dhgrp_free __P((struct dhgroup *));
-extern int oakley_dh_compute __P((const struct dhgroup *,
-	vchar_t *, vchar_t *, vchar_t *, vchar_t **));
-extern int oakley_dh_generate __P((const struct dhgroup *,
-	vchar_t **, vchar_t **));
-extern int oakley_setdhgroup __P((int, struct dhgroup **));
+extern int oakley_dhinit (void);
+extern void oakley_dhgrp_free (struct dhgroup *);
+#ifdef HAVE_OPENSSL
+extern int oakley_dh_compute (const struct dhgroup *, vchar_t *, vchar_t *, vchar_t *, vchar_t **);
+extern int oakley_dh_generate (const struct dhgroup *, vchar_t **, vchar_t **);
+#else
+extern int oakley_dh_compute (const struct dhgroup *, vchar_t *, size_t, vchar_t **, SecDHContext*);
+extern int oakley_dh_generate (const struct dhgroup *, vchar_t **, size_t *,  SecDHContext*);
+#endif
+extern int oakley_setdhgroup (int, struct dhgroup **);
 
-extern vchar_t *oakley_prf __P((vchar_t *, vchar_t *, struct ph1handle *));
-extern vchar_t *oakley_hash __P((vchar_t *, struct ph1handle *));
+extern vchar_t *oakley_prf (vchar_t *, vchar_t *, phase1_handle_t *);
+extern vchar_t *oakley_hash (vchar_t *, phase1_handle_t *);
 
-extern int oakley_compute_keymat __P((struct ph2handle *, int));
+extern int oakley_compute_keymat (phase2_handle_t *, int);
 
 #if notyet
-extern vchar_t *oakley_compute_hashx __P((void));
+extern vchar_t *oakley_compute_hashx (void);
 #endif
-extern vchar_t *oakley_compute_hash3 __P((struct ph1handle *,
-	u_int32_t, vchar_t *));
-extern vchar_t *oakley_compute_hash1 __P((struct ph1handle *,
-	u_int32_t, vchar_t *));
-extern vchar_t *oakley_ph1hash_common __P((struct ph1handle *, int));
-extern vchar_t *oakley_ph1hash_base_i __P((struct ph1handle *, int));
-extern vchar_t *oakley_ph1hash_base_r __P((struct ph1handle *, int));
-
-extern int oakley_validate_auth __P((struct ph1handle *));
-extern int oakley_getmycert __P((struct ph1handle *));
-extern int oakley_getsign __P((struct ph1handle *));
-extern vchar_t *oakley_getcr __P((struct ph1handle *));
-extern int oakley_checkcr __P((struct ph1handle *));
-extern int oakley_needcr __P((int));
+extern vchar_t *oakley_compute_hash3 (phase1_handle_t *, u_int32_t, vchar_t *);
+extern vchar_t *oakley_compute_hash1 (phase1_handle_t *, u_int32_t, vchar_t *);
+extern vchar_t *oakley_ph1hash_common (phase1_handle_t *, int);
+extern vchar_t *oakley_ph1hash_base_i (phase1_handle_t *, int);
+extern vchar_t *oakley_ph1hash_base_r (phase1_handle_t *, int);
+
+extern int oakley_validate_auth (phase1_handle_t *);
+extern int oakley_getmycert (phase1_handle_t *);
+extern int oakley_getsign (phase1_handle_t *);
+extern cert_t * oakley_get_peer_cert_from_certchain (phase1_handle_t *);
+extern int oakley_find_status_in_certchain (cert_t *, cert_status_t);
+extern void oakley_verify_certid (phase1_handle_t *);
+extern vchar_t *oakley_getcr (phase1_handle_t *);
+extern int oakley_checkcr (phase1_handle_t *);
+extern int oakley_needcr (int);
 struct isakmp_gen;
-extern int oakley_savecert __P((struct ph1handle *, struct isakmp_gen *));
-extern int oakley_savecr __P((struct ph1handle *, struct isakmp_gen *));
-
-extern int oakley_skeyid __P((struct ph1handle *));
-extern int oakley_skeyid_dae __P((struct ph1handle *));
-
-extern int oakley_compute_enckey __P((struct ph1handle *));
-extern cert_t *oakley_newcert __P((void));
-extern void oakley_delcert __P((cert_t *));
-extern int oakley_newiv __P((struct ph1handle *));
-extern struct isakmp_ivm *oakley_newiv2 __P((struct ph1handle *, u_int32_t));
-extern void oakley_delivm __P((struct isakmp_ivm *));
-extern vchar_t *oakley_do_decrypt __P((struct ph1handle *,
-	vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *oakley_do_encrypt __P((struct ph1handle *,
-	vchar_t *, vchar_t *, vchar_t *));
+extern int oakley_savecert (phase1_handle_t *, struct isakmp_gen *);
+extern int oakley_savecr (phase1_handle_t *, struct isakmp_gen *);
+
+extern vchar_t * oakley_getpskall (phase1_handle_t *);
+extern int oakley_skeyid (phase1_handle_t *);
+extern int oakley_skeyid_dae (phase1_handle_t *);
+
+extern int oakley_compute_enckey (phase1_handle_t *);
+extern cert_t *oakley_newcert (void);
+extern void oakley_delcert (cert_t *);
+extern int oakley_newiv (phase1_handle_t *);
+extern struct isakmp_ivm *oakley_newiv2 (phase1_handle_t *, u_int32_t);
+extern void oakley_delivm (struct isakmp_ivm *);
+extern vchar_t *oakley_do_decrypt (phase1_handle_t *, vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *oakley_do_encrypt (phase1_handle_t *, vchar_t *, vchar_t *, vchar_t *);
+
+#ifdef ENABLE_HYBRID
+#define AUTHMETHOD(iph1)						     \
+    (((iph1)->rmconf->xauth &&						     \
+    (iph1)->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I) ? \
+	FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I : (iph1)->approval->authmethod)
+#define RMAUTHMETHOD(iph1)						     \
+    (((iph1)->rmconf->xauth &&						     \
+    (iph1)->rmconf->proposal->authmethod ==                                  \
+	OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_I) ?                             \
+	FICTIVE_AUTH_METHOD_XAUTH_PSKEY_I :                                  \
+	(iph1)->rmconf->proposal->authmethod)
+#else
+#define AUTHMETHOD(iph1) (iph1)->approval->authmethod
+#define RMAUTHMETHOD(iph1) (iph1)->rmconf->proposal->authmethod
+#endif /* ENABLE_HYBRID */
 
 #endif /* _OAKLEY_H */