get_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consis...
[strongswan.git] / src / stroke / stroke_msg.h
1 /**
2 * @file stroke_msg.h
3 *
4 * @brief Definition of stroke_msg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 *
22 * RCSID $Id$
23 */
24
25 #ifndef STROKE_MSG_H_
26 #define STROKE_MSG_H_
27
28 #include <sys/types.h>
29
30 /**
31 * Socket which is used to communicate between charon and stroke
32 */
33 #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
34
35 #define STROKE_BUF_LEN 2048
36
37 typedef enum list_flag_t list_flag_t;
38
39 /**
40 * Definition of the LIST flags, used for
41 * the various stroke list* commands.
42 */
43 enum list_flag_t {
44 /** don't list anything */
45 LIST_NONE = 0x0000,
46 /** list all host/user certs */
47 LIST_CERTS = 0x0001,
48 /** list all ca certs */
49 LIST_CACERTS = 0x0002,
50 /** list all ocsp signer certs */
51 LIST_OCSPCERTS = 0x0004,
52 /** list all aa certs */
53 LIST_AACERTS = 0x0008,
54 /** list all attribute certs */
55 LIST_ACERTS = 0x0010,
56 /** list all access control groups */
57 LIST_GROUPS = 0x0020,
58 /** list all ca information records */
59 LIST_CAINFOS = 0x0040,
60 /** list all crls */
61 LIST_CRLS = 0x0080,
62 /** list all ocsp cache entries */
63 LIST_OCSP = 0x0100,
64 /** list all supported algorithms */
65 LIST_ALGS = 0x0200,
66 /** all list options */
67 LIST_ALL = 0x03FF,
68 };
69
70 typedef enum reread_flag_t reread_flag_t;
71
72 /**
73 * Definition of the REREAD flags, used for
74 * the various stroke reread* commands.
75 */
76 enum reread_flag_t {
77 /** don't reread anything */
78 REREAD_NONE = 0x0000,
79 /** reread all secret keys */
80 REREAD_SECRETS = 0x0001,
81 /** reread all ca certs */
82 REREAD_CACERTS = 0x0002,
83 /** reread all ocsp signer certs */
84 REREAD_OCSPCERTS = 0x0004,
85 /** reread all aa certs */
86 REREAD_AACERTS = 0x0008,
87 /** reread all attribute certs */
88 REREAD_ACERTS = 0x0010,
89 /** reread all crls */
90 REREAD_CRLS = 0x0020,
91 /** all reread options */
92 REREAD_ALL = 0x003F,
93 };
94
95 typedef enum purge_flag_t purge_flag_t;
96
97 /**
98 * Definition of the PURGE flags, currently used for
99 * the stroke purgeocsp command.
100 */
101 enum purge_flag_t {
102 /** don't purge anything */
103 PURGE_NONE = 0x0000,
104 /** purge ocsp cache entries */
105 PURGE_OCSP = 0x0001,
106 };
107
108 /**
109 * CRL certificate validation policy
110 */
111 typedef enum {
112 CRL_STRICT_NO,
113 CRL_STRICT_YES,
114 CRL_STRICT_IFURI,
115 } crl_policy_t;
116
117
118 typedef struct stroke_end_t stroke_end_t;
119
120 /**
121 * definition of a peer in a stroke message
122 */
123 struct stroke_end_t {
124 char *id;
125 char *cert;
126 char *ca;
127 char *groups;
128 char *updown;
129 char *address;
130 char *sourceip;
131 int sourceip_size;
132 char *subnets;
133 int sendcert;
134 int hostaccess;
135 int tohost;
136 u_int8_t protocol;
137 u_int16_t port;
138 };
139
140 typedef struct stroke_msg_t stroke_msg_t;
141
142 /**
143 * @brief A stroke message sent over the unix socket.
144 */
145 struct stroke_msg_t {
146 /* length of this message with all strings */
147 u_int16_t length;
148
149 /* type of the message */
150 enum {
151 /* initiate a connection */
152 STR_INITIATE,
153 /* install SPD entries for a policy */
154 STR_ROUTE,
155 /* uninstall SPD entries for a policy */
156 STR_UNROUTE,
157 /* add a connection */
158 STR_ADD_CONN,
159 /* delete a connection */
160 STR_DEL_CONN,
161 /* terminate connection */
162 STR_TERMINATE,
163 /* terminate connection by peers srcip/virtual ip */
164 STR_TERMINATE_SRCIP,
165 /* show connection status */
166 STR_STATUS,
167 /* show verbose connection status */
168 STR_STATUS_ALL,
169 /* add a ca information record */
170 STR_ADD_CA,
171 /* delete ca information record */
172 STR_DEL_CA,
173 /* set a log type to log/not log */
174 STR_LOGLEVEL,
175 /* configure global options for stroke */
176 STR_CONFIG,
177 /* list various objects */
178 STR_LIST,
179 /* reread various objects */
180 STR_REREAD,
181 /* purge various objects */
182 STR_PURGE
183 /* more to come */
184 } type;
185
186 /* verbosity of output returned from charon (-from -1=silent to 4=private)*/
187 int output_verbosity;
188
189 union {
190 /* data for STR_INITIATE, STR_ROUTE, STR_UP, STR_DOWN, ... */
191 struct {
192 char *name;
193 } initiate, route, unroute, terminate, status, del_conn, del_ca;
194
195 /* data for STR_TERMINATE_SRCIP */
196 struct {
197 char *start;
198 char *end;
199 } terminate_srcip;
200
201 /* data for STR_ADD_CONN */
202 struct {
203 char *name;
204 int ikev2;
205 int auth_method;
206 u_int32_t eap_type;
207 u_int32_t eap_vendor;
208 char *eap_identity;
209 int mode;
210 int mobike;
211 int force_encap;
212 int ipcomp;
213 crl_policy_t crl_policy;
214 int unique;
215 struct {
216 char *ike;
217 char *esp;
218 } algorithms;
219 struct {
220 int reauth;
221 time_t ipsec_lifetime;
222 time_t ike_lifetime;
223 time_t margin;
224 unsigned long tries;
225 unsigned long fuzz;
226 } rekey;
227 struct {
228 time_t delay;
229 int action;
230 } dpd;
231 struct {
232 int mediation;
233 char *mediated_by;
234 char *peerid;
235 } ikeme;
236 stroke_end_t me, other;
237 } add_conn;
238
239 /* data for STR_ADD_CA */
240 struct {
241 char *name;
242 char *cacert;
243 char *crluri;
244 char *crluri2;
245 char *ocspuri;
246 char *ocspuri2;
247 char *certuribase;
248 } add_ca;
249
250 /* data for STR_LOGLEVEL */
251 struct {
252 char *type;
253 int level;
254 } loglevel;
255
256 /* data for STR_CONFIG */
257 struct {
258 int cachecrl;
259 } config;
260
261 /* data for STR_LIST */
262 struct {
263 list_flag_t flags;
264 int utc;
265 } list;
266
267 /* data for STR_REREAD */
268 struct {
269 reread_flag_t flags;
270 } reread;
271
272 /* data for STR_PURGE */
273 struct {
274 purge_flag_t flags;
275 } purge;
276 };
277 char buffer[STROKE_BUF_LEN];
278 };
279
280 #endif /* STROKE_MSG_H_ */