projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'sha2-no-trunc'
[strongswan.git] / src / stroke / stroke_msg.h
1 /*
2 * Copyright (C) 2015 Tobias Brunner
3 * Copyright (C) 2006 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #ifndef STROKE_MSG_H_
18 #define STROKE_MSG_H_
19
20 #include <sys/types.h>
21
22 #include <library.h>
23
24 /**
25 * Socket which is used to communicate between charon and stroke
26 */
27 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
28
29 /**
30 * Number of bytes by which the buffer is increased as needed
31 */
32 #define STROKE_BUF_LEN_INC 1024
33
34 typedef enum list_flag_t list_flag_t;
35
36 /**
37 * Definition of the LIST flags, used for
38 * the various stroke list* commands.
39 */
40 enum list_flag_t {
41 /** don't list anything */
42 LIST_NONE = 0x0000,
43 /** list all raw public keys */
44 LIST_PUBKEYS = 0x0001,
45 /** list all host/user certs */
46 LIST_CERTS = 0x0002,
47 /** list all ca certs */
48 LIST_CACERTS = 0x0004,
49 /** list all ocsp signer certs */
50 LIST_OCSPCERTS = 0x0008,
51 /** list all aa certs */
52 LIST_AACERTS = 0x0010,
53 /** list all attribute certs */
54 LIST_ACERTS = 0x0020,
55 /** list all access control groups */
56 LIST_GROUPS = 0x0040,
57 /** list all ca information records */
58 LIST_CAINFOS = 0x0080,
59 /** list all crls */
60 LIST_CRLS = 0x0100,
61 /** list all ocsp cache entries */
62 LIST_OCSP = 0x0200,
63 /** list all supported algorithms */
64 LIST_ALGS = 0x0400,
65 /** list plugin information */
66 LIST_PLUGINS = 0x0800,
67 /** all list options */
68 LIST_ALL = 0x0FFF,
69 };
70
71 typedef enum reread_flag_t reread_flag_t;
72
73 /**
74 * Definition of the REREAD flags, used for
75 * the various stroke reread* commands.
76 */
77 enum reread_flag_t {
78 /** don't reread anything */
79 REREAD_NONE = 0x0000,
80 /** reread all secret keys */
81 REREAD_SECRETS = 0x0001,
82 /** reread all ca certs */
83 REREAD_CACERTS = 0x0002,
84 /** reread all ocsp signer certs */
85 REREAD_OCSPCERTS = 0x0004,
86 /** reread all aa certs */
87 REREAD_AACERTS = 0x0008,
88 /** reread all attribute certs */
89 REREAD_ACERTS = 0x0010,
90 /** reread all crls */
91 REREAD_CRLS = 0x0020,
92 /** all reread options */
93 REREAD_ALL = 0x003F,
94 };
95
96 typedef enum purge_flag_t purge_flag_t;
97
98 /**
99 * Definition of the PURGE flags, currently used for
100 * the stroke purgeocsp command.
101 */
102 enum purge_flag_t {
103 /** don't purge anything */
104 PURGE_NONE = 0x0000,
105 /** purge ocsp cache entries */
106 PURGE_OCSP = 0x0001,
107 /** purge CRL cache entries */
108 PURGE_CRLS = 0x0002,
109 /** purge X509 cache entries */
110 PURGE_CERTS = 0x0004,
111 /** purge IKE_SAs without a CHILD_SA */
112 PURGE_IKE = 0x0008,
113 };
114
115 typedef enum export_flag_t export_flag_t;
116
117 /**
118 * Definition of the export flags
119 */
120 enum export_flag_t {
121 /** export an X509 certificate */
122 EXPORT_X509 = 0x0001,
123 /** export an X509 end entity certificate for a connection */
124 EXPORT_CONN_CERT = 0x0002,
125 /** export the complete trust chain of a connection */
126 EXPORT_CONN_CHAIN = 0x0004,
127 };
128
129 /**
130 * CRL certificate validation policy
131 */
132 typedef enum {
133 CRL_STRICT_NO,
134 CRL_STRICT_YES,
135 CRL_STRICT_IFURI,
136 } crl_policy_t;
137
138
139 typedef struct stroke_end_t stroke_end_t;
140
141 /**
142 * definition of a peer in a stroke message
143 */
144 struct stroke_end_t {
145 char *auth;
146 char *auth2;
147 char *id;
148 char *id2;
149 char *eap_id;
150 char *rsakey;
151 char *cert;
152 char *cert2;
153 char *ca;
154 char *ca2;
155 char *groups;
156 char *groups2;
157 char *cert_policy;
158 char *updown;
159 char *address;
160 uint16_t ikeport;
161 char *sourceip;
162 char *dns;
163 char *subnets;
164 int sendcert;
165 int hostaccess;
166 int tohost;
167 int allow_any;
168 uint8_t protocol;
169 uint16_t from_port;
170 uint16_t to_port;
171 };
172
173 typedef struct stroke_msg_t stroke_msg_t;
174
175 /**
176 * @brief A stroke message sent over the unix socket.
177 */
178 struct stroke_msg_t {
179 /* length of this message with all strings */
180 uint16_t length;
181
182 /* type of the message */
183 enum {
184 /* initiate a connection */
185 STR_INITIATE,
186 /* install SPD entries for a policy */
187 STR_ROUTE,
188 /* uninstall SPD entries for a policy */
189 STR_UNROUTE,
190 /* add a connection */
191 STR_ADD_CONN,
192 /* delete a connection */
193 STR_DEL_CONN,
194 /* terminate connection */
195 STR_TERMINATE,
196 /* terminate connection by peers srcip/virtual ip */
197 STR_TERMINATE_SRCIP,
198 /* rekey a connection */
199 STR_REKEY,
200 /* show connection status */
201 STR_STATUS,
202 /* show verbose connection status */
203 STR_STATUS_ALL,
204 /* show verbose connection status, non-blocking variant */
205 STR_STATUS_ALL_NOBLK,
206 /* add a ca information record */
207 STR_ADD_CA,
208 /* delete ca information record */
209 STR_DEL_CA,
210 /* set a log type to log/not log */
211 STR_LOGLEVEL,
212 /* configure global options for stroke */
213 STR_CONFIG,
214 /* list various objects */
215 STR_LIST,
216 /* reread various objects */
217 STR_REREAD,
218 /* purge various objects */
219 STR_PURGE,
220 /* show pool leases */
221 STR_LEASES,
222 /* export credentials */
223 STR_EXPORT,
224 /* print memory usage details */
225 STR_MEMUSAGE,
226 /* set username and password for a connection */
227 STR_USER_CREDS,
228 /* print/reset counters */
229 STR_COUNTERS,
230 /* more to come */
231 } type;
232
233 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
234 int output_verbosity;
235
236 union {
237 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
238 struct {
239 char *name;
240 } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
241
242 /* data for STR_TERMINATE_SRCIP */
243 struct {
244 char *start;
245 char *end;
246 } terminate_srcip;
247
248 /* data for STR_ADD_CONN */
249 struct {
250 char *name;
251 int version;
252 char *eap_identity;
253 char *aaa_identity;
254 char *xauth_identity;
255 int mode;
256 int mobike;
257 int aggressive;
258 int pushmode;
259 int force_encap;
260 int fragmentation;
261 int ipcomp;
262 time_t inactivity;
263 int proxy_mode;
264 int install_policy;
265 int close_action;
266 uint32_t reqid;
267 uint32_t tfc;
268 uint8_t ikedscp;
269
270 crl_policy_t crl_policy;
271 int unique;
272 struct {
273 char *ike;
274 char *esp;
275 char *ah;
276 } algorithms;
277 struct {
278 int reauth;
279 time_t ipsec_lifetime;
280 time_t ike_lifetime;
281 time_t margin;
282 uint64_t life_bytes;
283 uint64_t margin_bytes;
284 uint64_t life_packets;
285 uint64_t margin_packets;
286 unsigned long tries;
287 unsigned long fuzz;
288 } rekey;
289 struct {
290 time_t delay;
291 time_t timeout;
292 int action;
293 } dpd;
294 struct {
295 int mediation;
296 char *mediated_by;
297 char *peerid;
298 } ikeme;
299 struct {
300 uint32_t value;
301 uint32_t mask;
302 } mark_in, mark_out;
303 stroke_end_t me, other;
304 uint32_t replay_window;
305 bool sha256_96;
306 } add_conn;
307
308 /* data for STR_ADD_CA */
309 struct {
310 char *name;
311 char *cacert;
312 char *crluri;
313 char *crluri2;
314 char *ocspuri;
315 char *ocspuri2;
316 char *certuribase;
317 } add_ca;
318
319 /* data for STR_LOGLEVEL */
320 struct {
321 char *type;
322 int level;
323 } loglevel;
324
325 /* data for STR_CONFIG */
326 struct {
327 int cachecrl;
328 } config;
329
330 /* data for STR_LIST */
331 struct {
332 list_flag_t flags;
333 int utc;
334 } list;
335
336 /* data for STR_REREAD */
337 struct {
338 reread_flag_t flags;
339 } reread;
340
341 /* data for STR_PURGE */
342 struct {
343 purge_flag_t flags;
344 } purge;
345
346 /* data for STR_EXPORT */
347 struct {
348 export_flag_t flags;
349 char *selector;
350 } export;
351
352 /* data for STR_LEASES */
353 struct {
354 char *pool;
355 char *address;
356 } leases;
357
358 /* data for STR_USER_CREDS */
359 struct {
360 char *name;
361 char *username;
362 char *password;
363 } user_creds;
364
365 /* data for STR_COUNTERS */
366 struct {
367 /* reset or print counters? */
368 int reset;
369 char *name;
370 } counters;
371 };
372 /* length of the string buffer */
373 uint16_t buflen;
374 /* string buffer */
375 char buffer[];
376 };
377
378 #endif /* STROKE_MSG_H_ */
strongSwan - IPsec VPN