aboutsummaryrefslogtreecommitdiffstats
path: root/vnet/vnet/ipsec/ikev2_priv.h
diff options
context:
space:
mode:
Diffstat (limited to 'vnet/vnet/ipsec/ikev2_priv.h')
-rw-r--r--vnet/vnet/ipsec/ikev2_priv.h270
1 files changed, 151 insertions, 119 deletions
diff --git a/vnet/vnet/ipsec/ikev2_priv.h b/vnet/vnet/ipsec/ikev2_priv.h
index 731bb15e6b2..9f67ad2ae6f 100644
--- a/vnet/vnet/ipsec/ikev2_priv.h
+++ b/vnet/vnet/ipsec/ikev2_priv.h
@@ -38,7 +38,8 @@
#define DBG_PLD(my_args...)
#endif
-typedef enum {
+typedef enum
+{
IKEV2_STATE_UNKNOWN,
IKEV2_STATE_SA_INIT,
IKEV2_STATE_DELETED,
@@ -49,101 +50,113 @@ typedef enum {
IKEV2_STATE_NO_PROPOSAL_CHOSEN,
} ikev2_state_t;
-typedef struct {
+typedef struct
+{
ikev2_auth_method_t method:8;
- u8 * data;
- u8 hex; /* hex encoding of the shared secret */
- EVP_PKEY * key;
+ u8 *data;
+ u8 hex; /* hex encoding of the shared secret */
+ EVP_PKEY *key;
} ikev2_auth_t;
-typedef enum {
+typedef enum
+{
IKEV2_DH_GROUP_MODP = 0,
- IKEV2_DH_GROUP_ECP = 1,
+ IKEV2_DH_GROUP_ECP = 1,
} ikev2_dh_group_t;
-typedef struct {
+typedef struct
+{
ikev2_transform_type_t type;
- union {
- u16 transform_id;
- ikev2_transform_encr_type_t encr_type:16;
- ikev2_transform_prf_type_t prf_type:16;
+ union
+ {
+ u16 transform_id;
+ ikev2_transform_encr_type_t encr_type:16;
+ ikev2_transform_prf_type_t prf_type:16;
ikev2_transform_integ_type_t integ_type:16;
- ikev2_transform_dh_type_t dh_type:16;
- ikev2_transform_esn_type_t esn_type:16;
+ ikev2_transform_dh_type_t dh_type:16;
+ ikev2_transform_esn_type_t esn_type:16;
};
- u8 * attrs;
+ u8 *attrs;
u16 key_len;
u16 key_trunc;
u16 block_size;
u8 dh_group;
int nid;
- const char * dh_p;
- const char * dh_g;
- const void * md;
- const void * cipher;
+ const char *dh_p;
+ const char *dh_g;
+ const void *md;
+ const void *cipher;
} ikev2_sa_transform_t;
-typedef struct {
+typedef struct
+{
u8 proposal_num;
ikev2_protocol_id_t protocol_id:8;
u32 spi;
- ikev2_sa_transform_t * transforms;
+ ikev2_sa_transform_t *transforms;
} ikev2_sa_proposal_t;
-typedef struct {
- u8 ts_type;
- u8 protocol_id;
- u16 selector_len;
- u16 start_port;
- u16 end_port;
+typedef struct
+{
+ u8 ts_type;
+ u8 protocol_id;
+ u16 selector_len;
+ u16 start_port;
+ u16 end_port;
ip4_address_t start_addr;
ip4_address_t end_addr;
} ikev2_ts_t;
-typedef struct {
+typedef struct
+{
ikev2_id_type_t type:8;
- u8 * data;
+ u8 *data;
} ikev2_id_t;
-typedef struct {
+typedef struct
+{
/* sa proposals vectors */
- ikev2_sa_proposal_t * i_proposals;
- ikev2_sa_proposal_t * r_proposals;
+ ikev2_sa_proposal_t *i_proposals;
+ ikev2_sa_proposal_t *r_proposals;
/* Traffic Selectors */
- ikev2_ts_t * tsi;
- ikev2_ts_t * tsr;
+ ikev2_ts_t *tsi;
+ ikev2_ts_t *tsr;
/* keys */
- u8 * sk_ai;
- u8 * sk_ar;
- u8 * sk_ei;
- u8 * sk_er;
+ u8 *sk_ai;
+ u8 *sk_ar;
+ u8 *sk_ei;
+ u8 *sk_er;
} ikev2_child_sa_t;
-typedef struct {
- u8 protocol_id;
- u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */
+typedef struct
+{
+ u8 protocol_id;
+ u32 spi; /*for ESP and AH SPI size is 4, for IKE size is 0 */
} ikev2_delete_t;
-typedef struct {
+typedef struct
+{
u8 protocol_id;
u32 spi;
- ikev2_sa_proposal_t * i_proposal;
- ikev2_sa_proposal_t * r_proposal;
- ikev2_ts_t * tsi;
- ikev2_ts_t * tsr;
+ ikev2_sa_proposal_t *i_proposal;
+ ikev2_sa_proposal_t *r_proposal;
+ ikev2_ts_t *tsi;
+ ikev2_ts_t *tsr;
} ikev2_rekey_t;
-typedef struct {
+typedef struct
+{
u16 msg_type;
u8 protocol_id;
u32 spi;
- u8 * data;
+ u8 *data;
} ikev2_notify_t;
-typedef struct {
+typedef struct
+{
ikev2_state_t state;
u8 unsupported_cp;
u8 initial_contact;
@@ -151,27 +164,27 @@ typedef struct {
ip4_address_t raddr;
u64 ispi;
u64 rspi;
- u8 * i_nonce;
- u8 * r_nonce;
+ u8 *i_nonce;
+ u8 *r_nonce;
/* DH data */
- u16 dh_group;
- u8 * dh_shared_key;
- u8 * i_dh_data;
- u8 * r_dh_data;
+ u16 dh_group;
+ u8 *dh_shared_key;
+ u8 *i_dh_data;
+ u8 *r_dh_data;
/* sa proposals vectors */
- ikev2_sa_proposal_t * i_proposals;
- ikev2_sa_proposal_t * r_proposals;
+ ikev2_sa_proposal_t *i_proposals;
+ ikev2_sa_proposal_t *r_proposals;
/* keys */
- u8 * sk_d;
- u8 * sk_ai;
- u8 * sk_ar;
- u8 * sk_ei;
- u8 * sk_er;
- u8 * sk_pi;
- u8 * sk_pr;
+ u8 *sk_d;
+ u8 *sk_ai;
+ u8 *sk_ar;
+ u8 *sk_ei;
+ u8 *sk_er;
+ u8 *sk_pi;
+ u8 *sk_pr;
/* auth */
ikev2_auth_t i_auth;
@@ -182,24 +195,25 @@ typedef struct {
ikev2_id_t r_id;
/* pending deletes */
- ikev2_delete_t * del;
+ ikev2_delete_t *del;
/* pending rekeyings */
- ikev2_rekey_t * rekey;
+ ikev2_rekey_t *rekey;
/* packet data */
- u8 * last_sa_init_req_packet_data;
- u8 * last_sa_init_res_packet_data;
+ u8 *last_sa_init_req_packet_data;
+ u8 *last_sa_init_res_packet_data;
/* retransmit */
u32 last_msg_id;
- u8 * last_res_packet_data;
+ u8 *last_res_packet_data;
- ikev2_child_sa_t * childs;
+ ikev2_child_sa_t *childs;
} ikev2_sa_t;
-typedef struct {
- u8 * name;
+typedef struct
+{
+ u8 *name;
u8 is_enabled;
ikev2_auth_t auth;
@@ -209,59 +223,64 @@ typedef struct {
ikev2_ts_t rem_ts;
} ikev2_profile_t;
-typedef struct {
- /* pool of IKEv2 Security Associations */
- ikev2_sa_t * sas;
+typedef struct
+{
+ /* pool of IKEv2 Security Associations */
+ ikev2_sa_t *sas;
- /* hash */
- uword * sa_by_rspi;
+ /* hash */
+ uword *sa_by_rspi;
} ikev2_main_per_thread_data_t;
-typedef struct {
- /* pool of IKEv2 profiles */
- ikev2_profile_t * profiles;
+typedef struct
+{
+ /* pool of IKEv2 profiles */
+ ikev2_profile_t *profiles;
- /* vector of supported transform types */
- ikev2_sa_transform_t * supported_transforms;
+ /* vector of supported transform types */
+ ikev2_sa_transform_t *supported_transforms;
- /* hash */
- mhash_t profile_index_by_name;
+ /* hash */
+ mhash_t profile_index_by_name;
- /* local private key */
- EVP_PKEY * pkey;
+ /* local private key */
+ EVP_PKEY *pkey;
- /* convenience */
- vlib_main_t * vlib_main;
- vnet_main_t * vnet_main;
+ /* convenience */
+ vlib_main_t *vlib_main;
+ vnet_main_t *vnet_main;
- ikev2_main_per_thread_data_t * per_thread_data;
+ ikev2_main_per_thread_data_t *per_thread_data;
} ikev2_main_t;
ikev2_main_t ikev2_main;
-void ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t ** v);
-ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t * p,
- ikev2_transform_type_t type);
+void ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t ** v);
+ikev2_sa_transform_t *ikev2_sa_get_td_for_type (ikev2_sa_proposal_t * p,
+ ikev2_transform_type_t type);
/* ikev2_crypto.c */
-v8 * ikev2_calc_prf(ikev2_sa_transform_t * tr, v8 * key, v8 * data);
-u8 * ikev2_calc_prfplus(ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len);
-v8 * ikev2_calc_integr(ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len);
-v8 * ikev2_decrypt_data(ikev2_sa_t * sa, u8 * data, int len);
-int ikev2_encrypt_data(ikev2_sa_t * sa, v8 * src, u8 * dst);
-void ikev2_generate_dh(ikev2_sa_t * sa, ikev2_sa_transform_t * t);
-int ikev2_verify_sign(EVP_PKEY *pkey, u8 * sigbuf, u8 * data);
-u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 * data);
-EVP_PKEY * ikev2_load_cert_file(u8 * file);
-EVP_PKEY * ikev2_load_key_file(u8 * file);
+v8 *ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data);
+u8 *ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed,
+ int len);
+v8 *ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data,
+ int len);
+v8 *ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len);
+int ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst);
+void ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t);
+int ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data);
+u8 *ikev2_calc_sign (EVP_PKEY * pkey, u8 * data);
+EVP_PKEY *ikev2_load_cert_file (u8 * file);
+EVP_PKEY *ikev2_load_key_file (u8 * file);
void ikev2_crypto_init (ikev2_main_t * km);
/* ikev2_payload.c */
-typedef struct {
+typedef struct
+{
u8 first_payload_type;
u16 last_hdr_off;
- u8 * data;
+ u8 *data;
} ikev2_payload_chain_t;
#define ikev2_payload_new_chain(V) vec_validate (V, 0)
@@ -270,20 +289,33 @@ typedef struct {
vec_free(V); \
} while (0)
-void ikev2_payload_add_notify(ikev2_payload_chain_t * c, u16 msg_type, u8 * data);
-void ikev2_payload_add_sa(ikev2_payload_chain_t * c, ikev2_sa_proposal_t * proposals);
-void ikev2_payload_add_ke(ikev2_payload_chain_t * c, u16 dh_group, u8 * dh_data);
-void ikev2_payload_add_nonce(ikev2_payload_chain_t * c, u8 * nonce);
-void ikev2_payload_add_id(ikev2_payload_chain_t *c, ikev2_id_t * id, u8 type);
-void ikev2_payload_add_auth(ikev2_payload_chain_t *c, ikev2_auth_t * auth);
-void ikev2_payload_add_ts(ikev2_payload_chain_t * c, ikev2_ts_t * ts, u8 type);
-void ikev2_payload_add_delete(ikev2_payload_chain_t *c, ikev2_delete_t * d);
-void ikev2_payload_chain_add_padding(ikev2_payload_chain_t * c, int bs);
-void ikev2_parse_vendor_payload(ike_payload_header_t * ikep);
-ikev2_sa_proposal_t * ikev2_parse_sa_payload(ike_payload_header_t * ikep);
-ikev2_ts_t * ikev2_parse_ts_payload(ike_payload_header_t * ikep);
-ikev2_delete_t * ikev2_parse_delete_payload(ike_payload_header_t * ikep);
-ikev2_notify_t * ikev2_parse_notify_payload(ike_payload_header_t * ikep);
+void ikev2_payload_add_notify (ikev2_payload_chain_t * c, u16 msg_type,
+ u8 * data);
+void ikev2_payload_add_sa (ikev2_payload_chain_t * c,
+ ikev2_sa_proposal_t * proposals);
+void ikev2_payload_add_ke (ikev2_payload_chain_t * c, u16 dh_group,
+ u8 * dh_data);
+void ikev2_payload_add_nonce (ikev2_payload_chain_t * c, u8 * nonce);
+void ikev2_payload_add_id (ikev2_payload_chain_t * c, ikev2_id_t * id,
+ u8 type);
+void ikev2_payload_add_auth (ikev2_payload_chain_t * c, ikev2_auth_t * auth);
+void ikev2_payload_add_ts (ikev2_payload_chain_t * c, ikev2_ts_t * ts,
+ u8 type);
+void ikev2_payload_add_delete (ikev2_payload_chain_t * c, ikev2_delete_t * d);
+void ikev2_payload_chain_add_padding (ikev2_payload_chain_t * c, int bs);
+void ikev2_parse_vendor_payload (ike_payload_header_t * ikep);
+ikev2_sa_proposal_t *ikev2_parse_sa_payload (ike_payload_header_t * ikep);
+ikev2_ts_t *ikev2_parse_ts_payload (ike_payload_header_t * ikep);
+ikev2_delete_t *ikev2_parse_delete_payload (ike_payload_header_t * ikep);
+ikev2_notify_t *ikev2_parse_notify_payload (ike_payload_header_t * ikep);
#endif /* __included_ikev2_priv_h__ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */