X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=vnet%2Fvnet%2Fipsec%2Fikev2_priv.h;h=9f67ad2ae6f59f6f6b18a7c3a9ac3fb4bc76f8e5;hb=166a9d4c21821bdbc9a2d5a818ec5ae0e8bdc036;hp=731bb15e6b20afb8451a919bbe4b6bb7c421158f;hpb=e2c987e21fa9d2d2be93176429679dd8eaca9576;p=vpp.git diff --git a/vnet/vnet/ipsec/ikev2_priv.h b/vnet/vnet/ipsec/ikev2_priv.h index 731bb15e6b2..9f67ad2ae6f 100644 --- a/vnet/vnet/ipsec/ikev2_priv.h +++ b/vnet/vnet/ipsec/ikev2_priv.h @@ -38,7 +38,8 @@ #define DBG_PLD(my_args...) #endif -typedef enum { +typedef enum +{ IKEV2_STATE_UNKNOWN, IKEV2_STATE_SA_INIT, IKEV2_STATE_DELETED, @@ -49,101 +50,113 @@ typedef enum { IKEV2_STATE_NO_PROPOSAL_CHOSEN, } ikev2_state_t; -typedef struct { +typedef struct +{ ikev2_auth_method_t method:8; - u8 * data; - u8 hex; /* hex encoding of the shared secret */ - EVP_PKEY * key; + u8 *data; + u8 hex; /* hex encoding of the shared secret */ + EVP_PKEY *key; } ikev2_auth_t; -typedef enum { +typedef enum +{ IKEV2_DH_GROUP_MODP = 0, - IKEV2_DH_GROUP_ECP = 1, + IKEV2_DH_GROUP_ECP = 1, } ikev2_dh_group_t; -typedef struct { +typedef struct +{ ikev2_transform_type_t type; - union { - u16 transform_id; - ikev2_transform_encr_type_t encr_type:16; - ikev2_transform_prf_type_t prf_type:16; + union + { + u16 transform_id; + ikev2_transform_encr_type_t encr_type:16; + ikev2_transform_prf_type_t prf_type:16; ikev2_transform_integ_type_t integ_type:16; - ikev2_transform_dh_type_t dh_type:16; - ikev2_transform_esn_type_t esn_type:16; + ikev2_transform_dh_type_t dh_type:16; + ikev2_transform_esn_type_t esn_type:16; }; - u8 * attrs; + u8 *attrs; u16 key_len; u16 key_trunc; u16 block_size; u8 dh_group; int nid; - const char * dh_p; - const char * dh_g; - const void * md; - const void * cipher; + const char *dh_p; + const char *dh_g; + const void *md; + const void *cipher; } ikev2_sa_transform_t; -typedef struct { +typedef struct +{ u8 proposal_num; ikev2_protocol_id_t protocol_id:8; u32 spi; - ikev2_sa_transform_t * transforms; + ikev2_sa_transform_t *transforms; } ikev2_sa_proposal_t; -typedef struct { - u8 ts_type; - u8 protocol_id; - u16 selector_len; - u16 start_port; - u16 end_port; +typedef struct +{ + u8 ts_type; + u8 protocol_id; + u16 selector_len; + u16 start_port; + u16 end_port; ip4_address_t start_addr; ip4_address_t end_addr; } ikev2_ts_t; -typedef struct { +typedef struct +{ ikev2_id_type_t type:8; - u8 * data; + u8 *data; } ikev2_id_t; -typedef struct { +typedef struct +{ /* sa proposals vectors */ - ikev2_sa_proposal_t * i_proposals; - ikev2_sa_proposal_t * r_proposals; + ikev2_sa_proposal_t *i_proposals; + ikev2_sa_proposal_t *r_proposals; /* Traffic Selectors */ - ikev2_ts_t * tsi; - ikev2_ts_t * tsr; + ikev2_ts_t *tsi; + ikev2_ts_t *tsr; /* keys */ - u8 * sk_ai; - u8 * sk_ar; - u8 * sk_ei; - u8 * sk_er; + u8 *sk_ai; + u8 *sk_ar; + u8 *sk_ei; + u8 *sk_er; } ikev2_child_sa_t; -typedef struct { - u8 protocol_id; - u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */ +typedef struct +{ + u8 protocol_id; + u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */ } ikev2_delete_t; -typedef struct { +typedef struct +{ u8 protocol_id; u32 spi; - ikev2_sa_proposal_t * i_proposal; - ikev2_sa_proposal_t * r_proposal; - ikev2_ts_t * tsi; - ikev2_ts_t * tsr; + ikev2_sa_proposal_t *i_proposal; + ikev2_sa_proposal_t *r_proposal; + ikev2_ts_t *tsi; + ikev2_ts_t *tsr; } ikev2_rekey_t; -typedef struct { +typedef struct +{ u16 msg_type; u8 protocol_id; u32 spi; - u8 * data; + u8 *data; } ikev2_notify_t; -typedef struct { +typedef struct +{ ikev2_state_t state; u8 unsupported_cp; u8 initial_contact; @@ -151,27 +164,27 @@ typedef struct { ip4_address_t raddr; u64 ispi; u64 rspi; - u8 * i_nonce; - u8 * r_nonce; + u8 *i_nonce; + u8 *r_nonce; /* DH data */ - u16 dh_group; - u8 * dh_shared_key; - u8 * i_dh_data; - u8 * r_dh_data; + u16 dh_group; + u8 *dh_shared_key; + u8 *i_dh_data; + u8 *r_dh_data; /* sa proposals vectors */ - ikev2_sa_proposal_t * i_proposals; - ikev2_sa_proposal_t * r_proposals; + ikev2_sa_proposal_t *i_proposals; + ikev2_sa_proposal_t *r_proposals; /* keys */ - u8 * sk_d; - u8 * sk_ai; - u8 * sk_ar; - u8 * sk_ei; - u8 * sk_er; - u8 * sk_pi; - u8 * sk_pr; + u8 *sk_d; + u8 *sk_ai; + u8 *sk_ar; + u8 *sk_ei; + u8 *sk_er; + u8 *sk_pi; + u8 *sk_pr; /* auth */ ikev2_auth_t i_auth; @@ -182,24 +195,25 @@ typedef struct { ikev2_id_t r_id; /* pending deletes */ - ikev2_delete_t * del; + ikev2_delete_t *del; /* pending rekeyings */ - ikev2_rekey_t * rekey; + ikev2_rekey_t *rekey; /* packet data */ - u8 * last_sa_init_req_packet_data; - u8 * last_sa_init_res_packet_data; + u8 *last_sa_init_req_packet_data; + u8 *last_sa_init_res_packet_data; /* retransmit */ u32 last_msg_id; - u8 * last_res_packet_data; + u8 *last_res_packet_data; - ikev2_child_sa_t * childs; + ikev2_child_sa_t *childs; } ikev2_sa_t; -typedef struct { - u8 * name; +typedef struct +{ + u8 *name; u8 is_enabled; ikev2_auth_t auth; @@ -209,59 +223,64 @@ typedef struct { ikev2_ts_t rem_ts; } ikev2_profile_t; -typedef struct { - /* pool of IKEv2 Security Associations */ - ikev2_sa_t * sas; +typedef struct +{ + /* pool of IKEv2 Security Associations */ + ikev2_sa_t *sas; - /* hash */ - uword * sa_by_rspi; + /* hash */ + uword *sa_by_rspi; } ikev2_main_per_thread_data_t; -typedef struct { - /* pool of IKEv2 profiles */ - ikev2_profile_t * profiles; +typedef struct +{ + /* pool of IKEv2 profiles */ + ikev2_profile_t *profiles; - /* vector of supported transform types */ - ikev2_sa_transform_t * supported_transforms; + /* vector of supported transform types */ + ikev2_sa_transform_t *supported_transforms; - /* hash */ - mhash_t profile_index_by_name; + /* hash */ + mhash_t profile_index_by_name; - /* local private key */ - EVP_PKEY * pkey; + /* local private key */ + EVP_PKEY *pkey; - /* convenience */ - vlib_main_t * vlib_main; - vnet_main_t * vnet_main; + /* convenience */ + vlib_main_t *vlib_main; + vnet_main_t *vnet_main; - ikev2_main_per_thread_data_t * per_thread_data; + ikev2_main_per_thread_data_t *per_thread_data; } ikev2_main_t; ikev2_main_t ikev2_main; -void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t ** v); -ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t * p, - ikev2_transform_type_t type); +void ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t ** v); +ikev2_sa_transform_t *ikev2_sa_get_td_for_type (ikev2_sa_proposal_t * p, + ikev2_transform_type_t type); /* ikev2_crypto.c */ -v8 * ikev2_calc_prf(ikev2_sa_transform_t * tr, v8 * key, v8 * data); -u8 * ikev2_calc_prfplus(ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len); -v8 * ikev2_calc_integr(ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len); -v8 * ikev2_decrypt_data(ikev2_sa_t * sa, u8 * data, int len); -int ikev2_encrypt_data(ikev2_sa_t * sa, v8 * src, u8 * dst); -void ikev2_generate_dh(ikev2_sa_t * sa, ikev2_sa_transform_t * t); -int ikev2_verify_sign(EVP_PKEY *pkey, u8 * sigbuf, u8 * data); -u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 * data); -EVP_PKEY * ikev2_load_cert_file(u8 * file); -EVP_PKEY * ikev2_load_key_file(u8 * file); +v8 *ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data); +u8 *ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, + int len); +v8 *ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, + int len); +v8 *ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len); +int ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst); +void ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t); +int ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data); +u8 *ikev2_calc_sign (EVP_PKEY * pkey, u8 * data); +EVP_PKEY *ikev2_load_cert_file (u8 * file); +EVP_PKEY *ikev2_load_key_file (u8 * file); void ikev2_crypto_init (ikev2_main_t * km); /* ikev2_payload.c */ -typedef struct { +typedef struct +{ u8 first_payload_type; u16 last_hdr_off; - u8 * data; + u8 *data; } ikev2_payload_chain_t; #define ikev2_payload_new_chain(V) vec_validate (V, 0) @@ -270,20 +289,33 @@ typedef struct { vec_free(V); \ } while (0) -void ikev2_payload_add_notify(ikev2_payload_chain_t * c, u16 msg_type, u8 * data); -void ikev2_payload_add_sa(ikev2_payload_chain_t * c, ikev2_sa_proposal_t * proposals); -void ikev2_payload_add_ke(ikev2_payload_chain_t * c, u16 dh_group, u8 * dh_data); -void ikev2_payload_add_nonce(ikev2_payload_chain_t * c, u8 * nonce); -void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t * id, u8 type); -void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t * auth); -void ikev2_payload_add_ts(ikev2_payload_chain_t * c, ikev2_ts_t * ts, u8 type); -void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t * d); -void ikev2_payload_chain_add_padding(ikev2_payload_chain_t * c, int bs); -void ikev2_parse_vendor_payload(ike_payload_header_t * ikep); -ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t * ikep); -ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t * ikep); -ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t * ikep); -ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t * ikep); +void ikev2_payload_add_notify (ikev2_payload_chain_t * c, u16 msg_type, + u8 * data); +void ikev2_payload_add_sa (ikev2_payload_chain_t * c, + ikev2_sa_proposal_t * proposals); +void ikev2_payload_add_ke (ikev2_payload_chain_t * c, u16 dh_group, + u8 * dh_data); +void ikev2_payload_add_nonce (ikev2_payload_chain_t * c, u8 * nonce); +void ikev2_payload_add_id (ikev2_payload_chain_t * c, ikev2_id_t * id, + u8 type); +void ikev2_payload_add_auth (ikev2_payload_chain_t * c, ikev2_auth_t * auth); +void ikev2_payload_add_ts (ikev2_payload_chain_t * c, ikev2_ts_t * ts, + u8 type); +void ikev2_payload_add_delete (ikev2_payload_chain_t * c, ikev2_delete_t * d); +void ikev2_payload_chain_add_padding (ikev2_payload_chain_t * c, int bs); +void ikev2_parse_vendor_payload (ike_payload_header_t * ikep); +ikev2_sa_proposal_t *ikev2_parse_sa_payload (ike_payload_header_t * ikep); +ikev2_ts_t *ikev2_parse_ts_payload (ike_payload_header_t * ikep); +ikev2_delete_t *ikev2_parse_delete_payload (ike_payload_header_t * ikep); +ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep); #endif /* __included_ikev2_priv_h__ */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */