esp_packet_t implements packet_t interface
[strongswan.git] / src / libipsec / esp_packet.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup esp_packet esp_packet
20 * @{ @ingroup libipsec
21 */
22
23 #ifndef ESP_PACKET_H_
24 #define ESP_PACKET_H_
25
26 #include "esp_context.h"
27
28 #include <library.h>
29 #include <utils/host.h>
30 #include <utils/packet.h>
31
32 typedef struct esp_packet_t esp_packet_t;
33
34 /**
35 * ESP packet
36 */
37 struct esp_packet_t {
38
39 /**
40 * Implements packet_t interface to access the raw ESP packet
41 */
42 packet_t packet;
43
44 /**
45 * Get the source address of this packet
46 *
47 * @return source host
48 */
49 host_t *(*get_source)(esp_packet_t *this);
50
51 /**
52 * Get the destination address of this packet
53 *
54 * @return destination host
55 */
56 host_t *(*get_destination)(esp_packet_t *this);
57
58 /**
59 * Parse the packet header before decryption. Tries to read the SPI
60 * from the packet to find a corresponding SA.
61 *
62 * @param spi parsed SPI, in network byte order
63 * @return TRUE when successful, FALSE otherwise (e.g. when the
64 * length of the packet is invalid)
65 */
66 bool (*parse_header)(esp_packet_t *this, u_int32_t *spi);
67
68 /**
69 * Authenticate and decrypt the packet. Also verifies the sequence number
70 * using the supplied ESP context and updates the anti-replay window.
71 *
72 * @param esp_context ESP context of corresponding inbound IPsec SA
73 * @return - SUCCESS if successfully authenticated,
74 * decrypted and parsed
75 * - PARSE_ERROR if the length of the packet or the
76 * padding is invalid
77 * - VERIFY_ERROR if the sequence number
78 * verification failed
79 * - FAILED if the ICV (MAC) check or the actual
80 * decryption failed
81 */
82 status_t (*decrypt)(esp_packet_t *this, esp_context_t *esp_context);
83
84 /**
85 * Encapsulate and encrypt the packet. The sequence number will be generated
86 * using the supplied ESP context.
87 *
88 * @param esp_context ESP context of corresponding outbound IPsec SA
89 * @param spi SPI value to use, in network byte order
90 * @return - SUCCESS if encrypted
91 * - FAILED if sequence number cycled or any of the
92 * cryptographic functions failed
93 * - NOT_FOUND if no suitable RNG could be found
94 */
95 status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context,
96 u_int32_t spi);
97
98 /**
99 * Get the next header field of a packet.
100 *
101 * @note Packet has to be in the decrypted state.
102 *
103 * @return next header field
104 */
105 u_int8_t (*get_next_header)(esp_packet_t *this);
106
107 /**
108 * Get the plaintext payload of this packet (e.g. inner IP packet).
109 *
110 * @return plaintext payload (internal data),
111 * chunk_empty if not decrypted
112 */
113 chunk_t (*get_payload)(esp_packet_t *this);
114
115 /**
116 * Destroy an esp_packet_t
117 */
118 void (*destroy)(esp_packet_t *this);
119
120 };
121
122 /**
123 * Create an ESP packet out of data from the wire.
124 *
125 * @param packet the packet data as received, gets owned
126 * @return esp_packet_t instance
127 */
128 esp_packet_t *esp_packet_create_from_packet(packet_t *packet);
129
130 /**
131 * Create an ESP packet from a plaintext payload (e.g. inner IP packet)
132 *
133 * @param src source address
134 * @param dst destination address
135 * @param payload plaintext payload (e.g. inner IP packet), gets owned
136 * @param next_header next header type of the payload (e.g IPPROTO_IPIP)
137 * @return esp_packet_t instance
138 */
139 esp_packet_t *esp_packet_create_from_payload(host_t *src, host_t *dst,
140 chunk_t payload,
141 u_int8_t next_header);
142
143 #endif /** ESP_PACKET_H_ @}*/
144