Use modified encryption payload to encrypt/decrypt complete IKEv1 messages.
[strongswan.git] / src / libcharon / encoding / payloads / payload.h
1 /*
2 * Copyright (C) 2007 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup payload payload
20 * @{ @ingroup payloads
21 */
22
23 #ifndef PAYLOAD_H_
24 #define PAYLOAD_H_
25
26 typedef enum payload_type_t payload_type_t;
27 typedef struct payload_t payload_t;
28
29 #include <library.h>
30 #include <encoding/payloads/encodings.h>
31
32 /**
33 * Domain of interpretation used by IPsec/IKEv1
34 */
35 #define IKEV1_DOI_IPSEC 1
36
37 /**
38 * Payload-Types of an IKE message.
39 *
40 * Header and substructures are also defined as
41 * payload types with values from PRIVATE USE space.
42 */
43 enum payload_type_t {
44
45 /**
46 * End of payload list in next_payload
47 */
48 NO_PAYLOAD = 0,
49
50 /**
51 * The security association (SA) payload containing proposals.
52 */
53 SECURITY_ASSOCIATION_V1 = 1,
54
55 /**
56 * The proposal payload, containing transforms.
57 */
58 PROPOSAL_V1 = 2,
59
60 /**
61 * The transform payload.
62 */
63 TRANSFORM_V1 = 3,
64
65 /**
66 * The key exchange (KE) payload containing diffie-hellman values.
67 */
68 KEY_EXCHANGE_V1 = 4,
69
70 /**
71 * ID payload.
72 */
73 ID_V1 = 5,
74
75 /**
76 * Certificate payload with certificates (CERT).
77 */
78 CERTIFICATE_V1 = 6,
79
80 /**
81 * Certificate request payload.
82 */
83 CERTIFICATE_REQUEST_V1 = 7,
84
85 /**
86 * Hash payload.
87 */
88 HASH_V1 = 8,
89
90 /**
91 * Signature payload
92 */
93 SIGNATURE_V1 = 9,
94
95 /**
96 * Nonce payload.
97 */
98 NONCE_V1 = 10,
99
100 /**
101 * Notification payload.
102 */
103 NOTIFY_V1 = 11,
104
105 /**
106 * Delete payload.
107 */
108 DELETE_V1 = 12,
109
110 /**
111 * Vendor id payload.
112 */
113 VENDOR_ID_V1 = 13,
114
115 /**
116 * The security association (SA) payload containing proposals.
117 */
118 SECURITY_ASSOCIATION = 33,
119
120 /**
121 * The key exchange (KE) payload containing diffie-hellman values.
122 */
123 KEY_EXCHANGE = 34,
124
125 /**
126 * Identification for the original initiator (IDi).
127 */
128 ID_INITIATOR = 35,
129
130 /**
131 * Identification for the original responder (IDr).
132 */
133 ID_RESPONDER = 36,
134
135 /**
136 * Certificate payload with certificates (CERT).
137 */
138 CERTIFICATE = 37,
139
140 /**
141 * Certificate request payload (CERTREQ).
142 */
143 CERTIFICATE_REQUEST = 38,
144
145 /**
146 * Authentication payload contains auth data (AUTH).
147 */
148 AUTHENTICATION = 39,
149
150 /**
151 * Nonces, for initiator and responder (Ni, Nr, N)
152 */
153 NONCE = 40,
154
155 /**
156 * Notify paylaod (N).
157 */
158 NOTIFY = 41,
159
160 /**
161 * Delete payload (D)
162 */
163 DELETE = 42,
164
165 /**
166 * Vendor id paylpoad (V).
167 */
168 VENDOR_ID = 43,
169
170 /**
171 * Traffic selector for the original initiator (TSi).
172 */
173 TRAFFIC_SELECTOR_INITIATOR = 44,
174
175 /**
176 * Traffic selector for the original responser (TSr).
177 */
178 TRAFFIC_SELECTOR_RESPONDER = 45,
179
180 /**
181 * Encryption payload, contains other payloads (E).
182 */
183 ENCRYPTED = 46,
184
185 /**
186 * Configuration payload (CP).
187 */
188 CONFIGURATION = 47,
189
190 /**
191 * Extensible authentication payload (EAP).
192 */
193 EXTENSIBLE_AUTHENTICATION = 48,
194
195 #ifdef ME
196 /**
197 * Identification payload for peers has a value from
198 * the PRIVATE USE space.
199 */
200 ID_PEER = 128,
201 #endif /* ME */
202
203 /**
204 * Header has a value of PRIVATE USE space.
205 *
206 * This type and all the following are never sent over wire and are
207 * used internally only.
208 */
209 HEADER = 256,
210
211 /**
212 * PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload.
213 */
214 PROPOSAL_SUBSTRUCTURE,
215
216 /**
217 * PROPOSAL_SUBSTRUCTURE_V1, IKEv1 proposals in a SA payload.
218 */
219 PROPOSAL_SUBSTRUCTURE_V1,
220
221 /**
222 * TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure.
223 */
224 TRANSFORM_SUBSTRUCTURE,
225
226 /**
227 * TRANSFORM_SUBSTRUCTURE_V1, IKEv1 transforms in a proposal substructure.
228 */
229 TRANSFORM_SUBSTRUCTURE_V1,
230
231 /**
232 * TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform.
233 */
234 TRANSFORM_ATTRIBUTE,
235
236 /**
237 * TRANSFORM_ATTRIBUTE_V1, IKEv1 attribute in a transform.
238 */
239 TRANSFORM_ATTRIBUTE_V1,
240
241 /**
242 * TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload.
243 */
244 TRAFFIC_SELECTOR_SUBSTRUCTURE,
245
246 /**
247 * CONFIGURATION_ATTRIBUTE, attribute in a configuration payload.
248 */
249 CONFIGURATION_ATTRIBUTE,
250
251 /**
252 * This is not really a payload, but rather the complete IKEv1 message.
253 */
254 ENCRYPTED_V1,
255 };
256
257 /**
258 * enum names for payload_type_t.
259 */
260 extern enum_name_t *payload_type_names;
261
262 /**
263 * enum names for payload_type_t in a short form.
264 */
265 extern enum_name_t *payload_type_short_names;
266
267 /**
268 * Generic interface for all payload types (incl.header and substructures).
269 *
270 * To handle all kinds of payloads on a generic way, this interface must
271 * be implemented by every payload. This allows parser_t/generator_t a simple
272 * handling of all payloads.
273 */
274 struct payload_t {
275
276 /**
277 * Get encoding rules for this payload.
278 *
279 * @param rules location to store pointer to rules
280 * @return number of rules
281 */
282 int (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules);
283
284 /**
285 * Get non-variable header length for a variable length payload.
286 *
287 * @return fixed length of the payload
288 */
289 int (*get_header_length)(payload_t *this);
290
291 /**
292 * Get type of payload.
293 *
294 * @return type of this payload
295 */
296 payload_type_t (*get_type) (payload_t *this);
297
298 /**
299 * Get type of next payload or NO_PAYLOAD (0) if this is the last one.
300 *
301 * @return type of next payload
302 */
303 payload_type_t (*get_next_type) (payload_t *this);
304
305 /**
306 * Set type of next payload.
307 *
308 * @param type type of next payload
309 */
310 void (*set_next_type) (payload_t *this,payload_type_t type);
311
312 /**
313 * Get length of payload.
314 *
315 * @return length of this payload
316 */
317 size_t (*get_length) (payload_t *this);
318
319 /**
320 * Verifies payload structure and makes consistence check.
321 *
322 * @return SUCCESS, FAILED if consistence not given
323 */
324 status_t (*verify) (payload_t *this);
325
326 /**
327 * Destroys a payload and all included substructures.
328 */
329 void (*destroy) (payload_t *this);
330 };
331
332 /**
333 * Create an empty payload.
334 *
335 * Useful for the parser, who wants a generic constructor for all payloads.
336 * It supports all payload_t methods. If a payload type is not known,
337 * an unknwon_paylod is created with the chunk of data in it.
338 *
339 * @param type type of the payload to create
340 * @return payload_t object
341 */
342 payload_t *payload_create(payload_type_t type);
343
344 /**
345 * Check if a specific payload is implemented, or handled as unknown payload.
346 *
347 * @param type type of the payload to check
348 * @return FALSE if payload type handled as unknown payload
349 */
350 bool payload_is_known(payload_type_t type);
351
352 /**
353 * Get the value field in a payload using encoding rules.
354 *
355 * @param payload payload to look up a field
356 * @param type encoding rule type to look up
357 * @param skip number rules of type to skip, 0 to get first
358 * @return type specific value pointer, NULL if not found
359 */
360 void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip);
361
362 #endif /** PAYLOAD_H_ @}*/