use the Diffie-Hellman functionality of libstrongswan
[strongswan.git] / src / pluto / state.h
1 /* state and event objects
2 * Copyright (C) 1997 Angelos D. Keromytis.
3 * Copyright (C) 1998-2001 D. Hugh Redelmeier.
4 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <time.h>
21
22 #include <crypto/diffie_hellman.h>
23
24 #include "connections.h"
25
26 /* Message ID mechanism.
27 *
28 * A Message ID is contained in each IKE message header.
29 * For Phase 1 exchanges (Main and Aggressive), it will be zero.
30 * For other exchanges, which must be under the protection of an
31 * ISAKMP SA, the Message ID must be unique within that ISAKMP SA.
32 * Effectively, this labels the message as belonging to a particular
33 * exchange.
34 *
35 * RFC2408 "ISAKMP" 3.1 "ISAKMP Header Format" (near end) states that
36 * the Message ID must be unique. We interpret this to be "unique within
37 * one ISAKMP SA".
38 *
39 * BTW, we feel this uniqueness allows rekeying to be somewhat simpler
40 * than specified by draft-jenkins-ipsec-rekeying-06.txt.
41 */
42
43 typedef u_int32_t msgid_t; /* Network order! */
44 #define MAINMODE_MSGID ((msgid_t) 0)
45
46 struct state; /* forward declaration of tag */
47 extern bool reserve_msgid(struct state *isakmp_sa, msgid_t msgid);
48 extern msgid_t generate_msgid(struct state *isakmp_sa);
49
50
51 /* Oakley (Phase 1 / Main Mode) transform and attributes
52 * This is a flattened/decoded version of what is represented
53 * in the Transaction Payload.
54 * Names are chosen to match corresponding names in state.
55 */
56 struct oakley_trans_attrs {
57 u_int16_t encrypt; /* Encryption algorithm */
58 u_int16_t enckeylen; /* encryption key len (bits) */
59 const struct encrypt_desc *encrypter; /* package of encryption routines */
60 u_int16_t hash; /* Hash algorithm */
61 const struct hash_desc *hasher; /* package of hashing routines */
62 u_int16_t auth; /* Authentication method */
63 const struct dh_desc *group; /* Diffie-Hellman group */
64 time_t life_seconds; /* When this SA expires (seconds) */
65 u_int32_t life_kilobytes; /* When this SA is exhausted (kilobytes) */
66 #if 0 /* not yet */
67 u_int16_t prf; /* Pseudo Random Function */
68 #endif
69 };
70
71 /* IPsec (Phase 2 / Quick Mode) transform and attributes
72 * This is a flattened/decoded version of what is represented
73 * by a Transaction Payload. There may be one for AH, one
74 * for ESP, and a funny one for IPCOMP.
75 */
76 struct ipsec_trans_attrs {
77 u_int8_t transid; /* transform id */
78 ipsec_spi_t spi; /* his SPI */
79 time_t life_seconds; /* When this SA expires */
80 u_int32_t life_kilobytes; /* When this SA expires */
81 u_int16_t encapsulation;
82 u_int16_t auth;
83 u_int16_t key_len;
84 u_int16_t key_rounds;
85 #if 0 /* not implemented yet */
86 u_int16_t cmprs_dict_sz;
87 u_int32_t cmprs_alg;
88 #endif
89 };
90
91 /* IPsec per protocol state information */
92 struct ipsec_proto_info {
93 bool present; /* was this transform specified? */
94 struct ipsec_trans_attrs attrs;
95 ipsec_spi_t our_spi;
96 u_int16_t keymat_len; /* same for both */
97 u_char *our_keymat;
98 u_char *peer_keymat;
99 };
100
101 /* state object: record the state of a (possibly nascent) SA
102 *
103 * Invariants (violated only during short transitions):
104 * - each state object will be in statetable exactly once.
105 * - each state object will always have a pending event.
106 * This prevents leaks.
107 */
108 struct state
109 {
110 so_serial_t st_serialno; /* serial number (for seniority) */
111 so_serial_t st_clonedfrom; /* serial number of parent */
112
113 struct connection *st_connection; /* connection for this SA */
114
115 int st_whack_sock; /* fd for our Whack TCP socket.
116 * Single copy: close when freeing struct.
117 */
118
119 struct msg_digest *st_suspended_md; /* suspended state-transition */
120
121 struct oakley_trans_attrs st_oakley;
122
123 struct ipsec_proto_info st_ah;
124 struct ipsec_proto_info st_esp;
125 struct ipsec_proto_info st_ipcomp;
126 #ifdef KLIPS
127 ipsec_spi_t st_tunnel_in_spi; /* KLUDGE */
128 ipsec_spi_t st_tunnel_out_spi; /* KLUDGE */
129 #endif
130
131 const struct dh_desc *st_pfs_group; /* group for Phase 2 PFS */
132
133 u_int32_t st_doi; /* Domain of Interpretation */
134 u_int32_t st_situation;
135
136 lset_t st_policy; /* policy for IPsec SA */
137
138 msgid_t st_msgid; /* MSG-ID from header. Network Order! */
139
140 /* only for a state representing an ISAKMP SA */
141 struct msgid_list *st_used_msgids; /* used-up msgids */
142
143 /* symmetric stuff */
144
145 /* initiator stuff */
146 chunk_t st_gi; /* Initiator public value */
147 u_int8_t st_icookie[COOKIE_SIZE];/* Initiator Cookie */
148 chunk_t st_ni; /* Ni nonce */
149
150 /* responder stuff */
151 chunk_t st_gr; /* Responder public value */
152 u_int8_t st_rcookie[COOKIE_SIZE];/* Responder Cookie */
153 chunk_t st_nr; /* Nr nonce */
154
155
156 /* my stuff */
157
158 chunk_t st_tpacket; /* Transmitted packet */
159
160 /* Phase 2 ID payload info about my user */
161 u_int8_t st_myuserprotoid; /* IDcx.protoid */
162 u_int16_t st_myuserport;
163
164 /* his stuff */
165
166 chunk_t st_rpacket; /* Received packet */
167
168 /* Phase 2 ID payload info about peer's user */
169 u_int8_t st_peeruserprotoid; /* IDcx.protoid */
170 u_int16_t st_peeruserport;
171
172 /* end of symmetric stuff */
173
174 diffie_hellman_t *st_dh; /* Our local DH secret value */
175 chunk_t st_shared; /* Derived shared secret
176 * Note: during Quick Mode,
177 * presence indicates PFS
178 * selected.
179 */
180
181 /* In a Phase 1 state, preserve peer's public key after authentication */
182 struct pubkey *st_peer_pubkey;
183
184 enum state_kind st_state; /* State of exchange */
185 u_int8_t st_retransmit; /* Number of retransmits */
186 unsigned long st_try; /* number of times rekeying attempted */
187 /* 0 means the only time */
188 time_t st_margin; /* life after EVENT_SA_REPLACE */
189 unsigned long st_outbound_count; /* traffic through eroute */
190 time_t st_outbound_time; /* time of last change to st_outbound_count */
191 chunk_t st_p1isa; /* Phase 1 initiator SA (Payload) for HASH */
192 chunk_t st_skeyid; /* Key material */
193 chunk_t st_skeyid_d; /* KM for non-ISAKMP key derivation */
194 chunk_t st_skeyid_a; /* KM for ISAKMP authentication */
195 chunk_t st_skeyid_e; /* KM for ISAKMP encryption */
196 u_char st_iv[MAX_DIGEST_LEN]; /* IV for encryption */
197 u_char st_new_iv[MAX_DIGEST_LEN];
198 u_char st_ph1_iv[MAX_DIGEST_LEN]; /* IV at end if phase 1 */
199 unsigned int st_iv_len;
200 unsigned int st_new_iv_len;
201 unsigned int st_ph1_iv_len;
202
203 chunk_t st_enc_key; /* Oakley Encryption key */
204
205 struct event *st_event; /* backpointer for certain events */
206 struct state *st_hashchain_next; /* Next in list */
207 struct state *st_hashchain_prev; /* Previous in list */
208
209 struct {
210 bool vars_set;
211 bool started;
212 } st_modecfg;
213
214 struct {
215 int attempt;
216 bool started;
217 bool status;
218 } st_xauth;
219
220 u_int32_t nat_traversal;
221 ip_address nat_oa;
222
223 /* RFC 3706 Dead Peer Detection */
224 bool st_dpd; /* Peer supports DPD */
225 time_t st_last_dpd; /* Time of last DPD transmit */
226 u_int32_t st_dpd_seqno; /* Next R_U_THERE to send */
227 u_int32_t st_dpd_expectseqno; /* Next R_U_THERE_ACK to receive */
228 u_int32_t st_dpd_peerseqno; /* global variables */
229 struct event *st_dpd_event; /* backpointer for DPD events */
230
231 u_int32_t st_seen_vendorid; /* Bit field about recognized Vendor ID */
232 };
233
234 /* global variables */
235
236 extern u_int16_t pluto_port; /* Pluto's port */
237
238 extern bool states_use_connection(struct connection *c);
239
240 /* state functions */
241
242 extern struct state *new_state(void);
243 extern void init_states(void);
244 extern void insert_state(struct state *st);
245 extern void unhash_state(struct state *st);
246 extern void release_whack(struct state *st);
247 extern void state_eroute_usage(ip_subnet *ours, ip_subnet *his
248 , unsigned long count, time_t nw);
249 extern void delete_state(struct state *st);
250 extern void delete_states_by_connection(struct connection *c, bool relations);
251
252 extern struct state
253 *duplicate_state(struct state *st),
254 *find_state(const u_char *icookie
255 , const u_char *rcookie
256 , const ip_address *peer
257 , msgid_t msgid),
258 *state_with_serialno(so_serial_t sn),
259 *find_phase2_state_to_delete(const struct state *p1st, u_int8_t protoid
260 , ipsec_spi_t spi, bool *bogus),
261 *find_phase1_state(const struct connection *c, lset_t ok_states),
262 *find_sender(size_t packet_len, u_char *packet);
263
264 extern void show_states_status(bool all, const char *name);
265 extern void for_each_state(void *(f)(struct state *, void *data), void *data);
266 extern void find_my_cpi_gap(cpi_t *latest_cpi, cpi_t *first_busy_cpi);
267 extern ipsec_spi_t uniquify_his_cpi(ipsec_spi_t cpi, struct state *st);
268 extern void fmt_state(bool all, struct state *st, time_t n
269 , char *state_buf, size_t state_buf_len
270 , char *state_buf2, size_t state_buf_len2);
271 extern void delete_states_by_peer(ip_address *peer);