kernel-netlink: Check return value of both halfs when installing default route in...
[strongswan.git] / src / libipsec / esp_packet.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * HSR Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup esp_packet esp_packet
20 * @{ @ingroup libipsec
21 */
22
23 #ifndef ESP_PACKET_H_
24 #define ESP_PACKET_H_
25
26 #include "ip_packet.h"
27 #include "esp_context.h"
28
29 #include <library.h>
30 #include <networking/host.h>
31 #include <networking/packet.h>
32
33 typedef struct esp_packet_t esp_packet_t;
34
35 /**
36 * ESP packet
37 */
38 struct esp_packet_t {
39
40 /**
41 * Implements packet_t interface to access the raw ESP packet
42 */
43 packet_t packet;
44
45 /**
46 * Get the source address of this packet
47 *
48 * @return source host
49 */
50 host_t *(*get_source)(esp_packet_t *this);
51
52 /**
53 * Get the destination address of this packet
54 *
55 * @return destination host
56 */
57 host_t *(*get_destination)(esp_packet_t *this);
58
59 /**
60 * Parse the packet header before decryption. Tries to read the SPI
61 * from the packet to find a corresponding SA.
62 *
63 * @param spi parsed SPI, in network byte order
64 * @return TRUE when successful, FALSE otherwise (e.g. when the
65 * length of the packet is invalid)
66 */
67 bool (*parse_header)(esp_packet_t *this, uint32_t *spi);
68
69 /**
70 * Authenticate and decrypt the packet. Also verifies the sequence number
71 * using the supplied ESP context and updates the anti-replay window.
72 *
73 * @param esp_context ESP context of corresponding inbound IPsec SA
74 * @return - SUCCESS if successfully authenticated,
75 * decrypted and parsed
76 * - PARSE_ERROR if the length of the packet or the
77 * padding is invalid
78 * - VERIFY_ERROR if the sequence number
79 * verification failed
80 * - FAILED if the ICV (MAC) check or the actual
81 * decryption failed
82 */
83 status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context);
84
85 /**
86 * Encapsulate and encrypt the packet. The sequence number will be generated
87 * using the supplied ESP context.
88 *
89 * @param esp_context ESP context of corresponding outbound IPsec SA
90 * @param spi SPI value to use, in network byte order
91 * @return - SUCCESS if encrypted
92 * - FAILED if sequence number cycled or any of the
93 * cryptographic functions failed
94 * - NOT_FOUND if no suitable IV generator provided
95 */
96 status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
97 uint32_t spi);
98
99 /**
100 * Get the next header field of a packet.
101 *
102 * @note Packet has to be in the decrypted state.
103 *
104 * @return next header field
105 */
106 uint8_t (*get_next_header)(esp_packet_t *this);
107
108 /**
109 * Get the plaintext payload of this packet.
110 *
111 * @return plaintext payload (internal data),
112 * NULL if not decrypted
113 */
114 ip_packet_t *(*get_payload)(esp_packet_t *this);
115
116 /**
117 * Extract the plaintext payload from this packet.
118 *
119 * @return plaintext payload (has to be destroyed),
120 * NULL if not decrypted
121 */
122 ip_packet_t *(*extract_payload)(esp_packet_t *this);
123
124 /**
125 * Destroy an esp_packet_t
126 */
127 void (*destroy)(esp_packet_t *this);
128
129 };
130
131 /**
132 * Create an ESP packet out of data from the wire.
133 *
134 * @param packet the packet data as received, gets owned
135 * @return esp_packet_t instance
136 */
137 esp_packet_t *esp_packet_create_from_packet(packet_t *packet);
138
139 /**
140 * Create an ESP packet from a plaintext payload
141 *
142 * @param src source address
143 * @param dst destination address
144 * @param payload plaintext payload, gets owned
145 * @return esp_packet_t instance
146 */
147 esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst,
148 ip_packet_t *payload);
149
150 #endif /** ESP_PACKET_H_ @}*/
151