racoon.tproj/remoteconf.h

   1 /*      $KAME: remoteconf.h,v 1.27 2001/12/07 08:39:39 sakane Exp $     */
   2
   3 /*
   4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  * 3. Neither the name of the project nor the names of its contributors
  16  *    may be used to endorse or promote products derived from this software
  17  *    without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31
  32 #ifndef __REMOTECONF_H__
  33 #define __REMOTECONF_H__
  34
  35 /* remote configuration */
  36
  37 #include <sys/queue.h>
  38 #include <CoreFoundation/CFData.h>
  39
  40
  41 struct etypes {
  42         int type;
  43         struct etypes *next;
  44 };
  45
  46 struct remoteconf {
  47         struct sockaddr *remote;        /* remote IP address */
  48                                         /* if family is AF_UNSPEC, that is
  49                                          * for anonymous configuration. */
  50
  51         struct etypes *etypes;  /* exchange type list. the head
  52                                                          * is a type to be sent first. */
  53         int doitype;                    /* doi type */
  54         int sittype;                    /* situation type */
  55
  56         int idvtype;                    /* my identifier type */
  57         vchar_t *idv;                   /* my identifier */
  58         int idvtype_p;                  /* peer's identifier type */
  59         vchar_t *idv_p;                 /* peer's identifier */
  60
  61         int secrettype;                 /* type of secret [use, key, keychain] */
  62         vchar_t *shared_secret; /* shared secret */
  63         vchar_t *open_dir_auth_group;   /* group to be used to authorize user */
  64
  65         int certtype;                   /* certificate type if need */
  66         int     identity_in_keychain;   /* cert and private key is in the keychain */
  67         CFDataRef keychainCertRef;      /* peristant keychain ref for cert */
  68         char *mycertfile;               /* file name of my certificate */
  69         char *myprivfile;               /* file name of my private key file */
  70         char *peerscertfile;    /* file name of peer's certifcate */
  71
  72         int getcert_method;             /* the way to get peer's certificate */
  73         int send_cert;                  /* send to CERT or not */
  74         int send_cr;                    /* send to CR or not */
  75         int verify_cert;                /* verify a CERT strictly */
  76         int cert_verification;  /* openssl or security framework */
  77         int cert_verification_option;   /* nothing, peers identifier, or open_dir */
  78         int verify_identifier;  /* vefify the peer's identifier */
  79         int nonce_size;                 /* the number of bytes of nonce */
  80         int keepalive;                  /* XXX may not use */
  81         int passive;                    /* never initiate */
  82         int support_mip6;               /* support mip6 */
  83         int gen_policy;                 /* generate policy if no policy found */
  84         int ini_contact;                /* initial contact */
  85         int pcheck_level;               /* level of protocol checking */
  86
  87         int dh_group;                   /* use it when only aggressive mode */
  88         struct dhgroup *dhgrp;  /* use it when only aggressive mode */
  89                                                         /* above two can't be defined by user*/
  90
  91         int retry_counter;              /* times to retry. */
  92         int retry_interval;             /* interval each retry. */
  93                                                         /* above 2 values are copied from localconf. */
  94
  95         struct isakmpsa *proposal;              /* proposal list */
  96         LIST_ENTRY(remoteconf) chain;   /* next remote conf */
  97 };
  98
  99 struct dhgroup;
 100
 101 /* ISAKMP SA specification */
 102 struct isakmpsa {
 103         int prop_no;
 104         int trns_no;
 105         time_t lifetime;
 106         int lifebyte;
 107         int enctype;
 108         int encklen;
 109         int authmethod;
 110         int hashtype;
 111         int vendorid;
 112 #ifdef HAVE_GSSAPI
 113         vchar_t *gssid;
 114 #endif
 115         int dh_group;                   /* don't use it if aggressive mode */
 116         struct dhgroup *dhgrp;          /* don't use it if aggressive mode */
 117
 118         struct isakmpsa *next;          /* next transform */
 119         struct remoteconf *rmconf;      /* backpointer to remoteconf */
 120 };
 121
 122 struct remoteconf *getrmconf __P((struct sockaddr *));
 123 extern struct remoteconf *newrmconf __P((void));
 124 extern void delrmconf __P((struct remoteconf *));
 125 extern void delisakmpsa __P((struct isakmpsa *));
 126 extern void deletypes __P((struct etypes *));
 127 extern void insrmconf __P((struct remoteconf *));
 128 extern void remrmconf __P((struct remoteconf *));
 129 extern void flushrmconf __P((void));
 130 extern void initrmconf __P((void));
 131 extern struct etypes *check_etypeok
 132         __P((struct remoteconf *, u_int8_t));
 133
 134 extern struct isakmpsa *newisakmpsa __P((void));
 135 extern void insisakmpsa __P((struct isakmpsa *, struct remoteconf *));
 136 extern const char *rm2str __P((const struct remoteconf *));
 137
 138 #endif /* __REMOTECONF_H__ */
 139