Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
[strongswan.git] / src / stroke / stroke_msg.h
1 /**
2 * @file stroke_msg.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef STROKE_MSG_H_
24 #define STROKE_MSG_H_
25
26 #include <sys/types.h>
27
28 #include <library.h>
29
30 /**
31 * Socket which is used to communicate between charon and stroke
32 */
33 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
34
35 #define STROKE_BUF_LEN 2048
36
37 typedef enum list_flag_t list_flag_t;
38
39 /**
40 * Definition of the LIST flags, used for
41 * the various stroke list* commands.
42 */
43 enum list_flag_t {
44 /** don't list anything */
45 LIST_NONE = 0x0000,
46 /** list all raw public keys */
47 LIST_PUBKEYS = 0x0001,
48 /** list all host/user certs */
49 LIST_CERTS = 0x0002,
50 /** list all ca certs */
51 LIST_CACERTS = 0x0004,
52 /** list all ocsp signer certs */
53 LIST_OCSPCERTS = 0x0008,
54 /** list all aa certs */
55 LIST_AACERTS = 0x0010,
56 /** list all attribute certs */
57 LIST_ACERTS = 0x0020,
58 /** list all access control groups */
59 LIST_GROUPS = 0x0040,
60 /** list all ca information records */
61 LIST_CAINFOS = 0x0080,
62 /** list all crls */
63 LIST_CRLS = 0x0100,
64 /** list all ocsp cache entries */
65 LIST_OCSP = 0x0200,
66 /** list all supported algorithms */
67 LIST_ALGS = 0x0400,
68 /** all list options */
69 LIST_ALL = 0x07FF,
70 };
71
72 typedef enum reread_flag_t reread_flag_t;
73
74 /**
75 * Definition of the REREAD flags, used for
76 * the various stroke reread* commands.
77 */
78 enum reread_flag_t {
79 /** don't reread anything */
80 REREAD_NONE = 0x0000,
81 /** reread all secret keys */
82 REREAD_SECRETS = 0x0001,
83 /** reread all ca certs */
84 REREAD_CACERTS = 0x0002,
85 /** reread all ocsp signer certs */
86 REREAD_OCSPCERTS = 0x0004,
87 /** reread all aa certs */
88 REREAD_AACERTS = 0x0008,
89 /** reread all attribute certs */
90 REREAD_ACERTS = 0x0010,
91 /** reread all crls */
92 REREAD_CRLS = 0x0020,
93 /** all reread options */
94 REREAD_ALL = 0x003F,
95 };
96
97 typedef enum purge_flag_t purge_flag_t;
98
99 /**
100 * Definition of the PURGE flags, currently used for
101 * the stroke purgeocsp command.
102 */
103 enum purge_flag_t {
104 /** don't purge anything */
105 PURGE_NONE = 0x0000,
106 /** purge ocsp cache entries */
107 PURGE_OCSP = 0x0001,
108 /** purge IKE_SAs without a CHILD_SA */
109 PURGE_IKE = 0x0002,
110 };
111
112 typedef enum export_flag_t export_flag_t;
113
114 /**
115 * Definition of the export flags
116 */
117 enum export_flag_t {
118 /** export an X509 certificate */
119 EXPORT_X509 = 0x0001,
120 };
121
122 /**
123 * CRL certificate validation policy
124 */
125 typedef enum {
126 CRL_STRICT_NO,
127 CRL_STRICT_YES,
128 CRL_STRICT_IFURI,
129 } crl_policy_t;
130
131
132 typedef struct stroke_end_t stroke_end_t;
133
134 /**
135 * definition of a peer in a stroke message
136 */
137 struct stroke_end_t {
138 char *auth;
139 char *auth2;
140 char *id;
141 char *id2;
142 char *eap_id;
143 char *cert;
144 char *cert2;
145 char *ca;
146 char *ca2;
147 char *groups;
148 char *updown;
149 char *address;
150 u_int16_t ikeport;
151 char *sourceip;
152 int sourceip_mask;
153 char *subnets;
154 int sendcert;
155 int hostaccess;
156 int tohost;
157 u_int8_t protocol;
158 u_int16_t port;
159 };
160
161 typedef struct stroke_msg_t stroke_msg_t;
162
163 /**
164 * @brief A stroke message sent over the unix socket.
165 */
166 struct stroke_msg_t {
167 /* length of this message with all strings */
168 u_int16_t length;
169
170 /* type of the message */
171 enum {
172 /* initiate a connection */
173 STR_INITIATE,
174 /* install SPD entries for a policy */
175 STR_ROUTE,
176 /* uninstall SPD entries for a policy */
177 STR_UNROUTE,
178 /* add a connection */
179 STR_ADD_CONN,
180 /* delete a connection */
181 STR_DEL_CONN,
182 /* terminate connection */
183 STR_TERMINATE,
184 /* terminate connection by peers srcip/virtual ip */
185 STR_TERMINATE_SRCIP,
186 /* rekey a connection */
187 STR_REKEY,
188 /* show connection status */
189 STR_STATUS,
190 /* show verbose connection status */
191 STR_STATUS_ALL,
192 /* add a ca information record */
193 STR_ADD_CA,
194 /* delete ca information record */
195 STR_DEL_CA,
196 /* set a log type to log/not log */
197 STR_LOGLEVEL,
198 /* configure global options for stroke */
199 STR_CONFIG,
200 /* list various objects */
201 STR_LIST,
202 /* reread various objects */
203 STR_REREAD,
204 /* purge various objects */
205 STR_PURGE,
206 /* show pool leases */
207 STR_LEASES,
208 /* export credentials */
209 STR_EXPORT,
210 /* more to come */
211 } type;
212
213 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
214 int output_verbosity;
215
216 union {
217 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
218 struct {
219 char *name;
220 } initiate, route, unroute, terminate, rekey, status, del_conn, del_ca;
221
222 /* data for STR_TERMINATE_SRCIP */
223 struct {
224 char *start;
225 char *end;
226 } terminate_srcip;
227
228 /* data for STR_ADD_CONN */
229 struct {
230 char *name;
231 int ikev2;
232 /* next three are deprecated, use stroke_end_t.auth instead */
233 int auth_method;
234 u_int32_t eap_type;
235 u_int32_t eap_vendor;
236 char *eap_identity;
237 char *aaa_identity;
238 int mode;
239 int mobike;
240 int force_encap;
241 int ipcomp;
242 time_t inactivity;
243 int proxy_mode;
244 int install_policy;
245 u_int32_t reqid;
246
247 crl_policy_t crl_policy;
248 int unique;
249 struct {
250 char *ike;
251 char *esp;
252 } algorithms;
253 struct {
254 int reauth;
255 time_t ipsec_lifetime;
256 time_t ike_lifetime;
257 time_t margin;
258 u_int64_t life_bytes;
259 u_int64_t margin_bytes;
260 u_int64_t life_packets;
261 u_int64_t margin_packets;
262 unsigned long tries;
263 unsigned long fuzz;
264 } rekey;
265 struct {
266 time_t delay;
267 int action;
268 } dpd;
269 struct {
270 int mediation;
271 char *mediated_by;
272 char *peerid;
273 } ikeme;
274 struct {
275 u_int32_t value;
276 u_int32_t mask;
277 } mark_in, mark_out;
278 stroke_end_t me, other;
279 } add_conn;
280
281 /* data for STR_ADD_CA */
282 struct {
283 char *name;
284 char *cacert;
285 char *crluri;
286 char *crluri2;
287 char *ocspuri;
288 char *ocspuri2;
289 char *certuribase;
290 } add_ca;
291
292 /* data for STR_LOGLEVEL */
293 struct {
294 char *type;
295 int level;
296 } loglevel;
297
298 /* data for STR_CONFIG */
299 struct {
300 int cachecrl;
301 } config;
302
303 /* data for STR_LIST */
304 struct {
305 list_flag_t flags;
306 int utc;
307 } list;
308
309 /* data for STR_REREAD */
310 struct {
311 reread_flag_t flags;
312 } reread;
313
314 /* data for STR_PURGE */
315 struct {
316 purge_flag_t flags;
317 } purge;
318
319 /* data for STR_EXPORT */
320 struct {
321 export_flag_t flags;
322 char *selector;
323 } export;
324
325 /* data for STR_LEASES */
326 struct {
327 char *pool;
328 char *address;
329 } leases;
330 };
331 char buffer[STROKE_BUF_LEN];
332 };
333
334 #endif /* STROKE_MSG_H_ */