Main Page | Data Structures | File List | Data Fields | Globals | Related Pages

session.h

Go to the documentation of this file.
00001 /*
00002  *  session.h  -  session control structure
00003  *  
00004  *  EAP-IKEv2
00005  *
00006  *  This library implements ideas of draft-tschofenig-eap-ikev2-10.txt
00007  *  Internet-Draft. Version of the document that this library corresponds
00008  *  to you can find at
00009  *  http://tools.ietf.org/wg/eap/draft-tschofenig-eap-ikev2-10.txt.
00010  *
00011  *  This file is part of libeap-ikev2.
00012  *
00013  *  libeap-ikev2 is free software; you can redistribute it and/or modify
00014  *  it under the terms of the GNU General Public License as published by
00015  *  the Free Software Foundation; either version 2 of the License, or
00016  *  (at your option) any later version.
00017  *
00018  *  libeap-ikev2 is distributed in the hope that it will be useful,
00019  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00020  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00021  *  GNU General Public License for more details.
00022  *
00023  *  You should have received a copy of the GNU General Public License
00024  *  along with libeap-ikev2; if not, write to the Free Software
00025  *
00026  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00027  *
00028  *  Copyright (C) 2005-2006 Krzysztof Rzecki <krzysztof.rzecki@ccns.pl>      
00029  *  Copyright (C) 2005-2006 Rafal Mijal <rafal.mijal@ccns.pl>                
00030  *  Copyright (C) 2005-2006 Piotr Marnik <piotr.marnik@ccns.pl>              
00031  *  Copyright (C) 2005-2006 Pawel Matejski <pawel.matejski@ccns.pl>          
00032  *  Copyright (C) 2003      Udo Schilcher <udo.schilcher@edu.uni-klu.ac.at>
00033  *  Copyright (C) 2003      Thomas Hambrusch <thambrus@edu.uni-klu.ac.at>          
00034  *
00035  */
00036 
00037 #ifndef __session_h
00038 #define __session_h
00039 
00040 #ifdef __cplusplus
00041 extern "C" {
00042 #endif
00043 
00044 #include"common.h"
00045 
00046 #include <openssl/dh.h>
00047 
00048 
00049 #include"transforms.h"
00050 
00051 // defines
00052 
00053 #define IKEv2_STY_INITIATOR         1
00054 #define IKEv2_STY_RESPONDER         2
00055 
00056 // session status
00057 typedef enum {
00058  IKEv2_SST_NORMAL=0,
00059  IKEv2_SST_FAILED,
00060  IKEv2_SST_ESTABLISHED,
00061  IKEv2_SST_REKEYING,
00062 } IKEv2_SST;
00063 
00064 
00065 // default option values
00066 
00067 #define IKEv2_DEFAULT_DH_COUNTER_MAX 3
00068 #define IKEv2_DEFAULT_DH_COUNTER_MAX_STR TOSTRING(IKEv2_DEFAULT_DH_COUNTER_MAX)
00069 
00070 #define IKEv2_DEFAULT_MAX_FRAGMENT_SIZE 1398
00071 #define IKEv2_DEFAULT_MAX_FRAGMENT_SIZE_STR TOSTRING(IKEv2_DEFAULT_MAX_FRAGMENT_SIZE)
00072 
00073 #define IKEv2_DEFAULT_IDTYPE  IKEv2_IDT_KEY_ID
00074 #define IKEv2_DEFAULT_IDTYPE_STR "KEY_ID"
00075 
00076 
00077 
00078 #define RAW_FASTID_LEN 20
00079     
00080 // structures
00081 
00082 
00087 struct IKEv2Session
00088 {
00089   uint32_t timestamp;          
00090   struct IKEv2Session *next;  
00091 
00092   int Type;                    
00093   
00094   uint64_t iSPI;               
00095   uint64_t rSPI;               
00096   uint32_t State;              
00097   uint32_t MsgID;              
00098   uint32_t recvMsgID;          
00099 
00100   uint32_t Status;             
00101   
00102   int WaitResponse;            
00103   uint32_t respMsgID;          
00104 
00105   struct Protocol *UsedTransforms; 
00106     
00107   DH *dh;                      
00108   uint8_t *DHKey;              
00109   uint32_t DHKeyLen;           
00110   uint32_t DHCounter;          
00111   BIGNUM *Ni;                  
00112   BIGNUM *Nr;                  
00113   
00114   uint8_t *fmsg;               
00115   uint32_t fmlen;              
00116   uint8_t *rmsg;               
00117   uint32_t rmlen;              
00118   int include_integ;           
00119   int expect_integ;            
00120 
00121   uint8_t *IDr;                
00122   int IDrLen;                  
00123   uint8_t *pwd;                
00124   uint16_t pwdlen;             
00125 
00126   int SK_ready;                
00127   uint8_t *SK_d;               
00128   uint8_t *SK_ai;              
00129   uint8_t *SK_ar;              
00130   uint8_t *SK_ei;              
00131   uint8_t *SK_er;              
00132   uint8_t *SK_pi;              
00133   uint8_t *SK_pr;              
00134   char *fastID;                
00135 
00136 
00137   uint8_t *fragdata;           
00138   uint32_t fdlen;              
00139   uint32_t fragment;           
00140   bool sendfrag;               
00141 
00142   //bool hasinteg;             ///< insert an integrity checksum?
00143   uint8_t *integkey;           
00144   uint32_t iklen;              
00145   uint32_t integtype;          
00146 
00147   uint8_t *ointegkey;          
00148   uint32_t oiklen;             
00149 
00150   uint8_t eapMsgID;            
00151   uint8_t *eapKeyData;         
00152 
00153   bool fFastReconnect;         
00154   bool fDHExchange;            
00155 };
00156 
00157 
00162 typedef struct ikev2_ctx
00163 {
00164    uint32_t max_fragment_size;   
00165    struct IKEv2Session *SessionList;  
00166    struct Proposal *suppProp;    
00167 
00168    uint8_t *id;                  
00169    unsigned int idlen;           
00170    int idtype;                   
00171    int authtype;                 
00172    char *certfile;               
00173    char *crl_file;               
00174    char *trusted;                
00175    uint8_t *pwd;                 
00176    int pwdlen;                   
00177    char *pkfile;                 
00178    char *pkfile_pwd;             
00179 
00180    EVP_PKEY *rpk;                
00181    uint8_t *cert;                
00182    int certlen;                  
00183    int send_sk_idr;              
00184    
00185    uint32_t DHCounterMax;        
00186    uint8_t sendCertReq;          
00187    X509_STORE *x509_store;       
00188    uint8_t *CAsHashString;       
00189    uint32_t CAsHashStringLen;    
00190    struct sharedSecList *sslist; 
00191    bool enableFastReconnect;     
00192    bool enableFastDHEx;          
00193    uint32_t fastExpire;          
00194 #ifdef HAVE_PTHREAD_H 
00195    pthread_mutex_t mutex;
00196 #endif
00197 } ikev2_ctx;
00198  
00199 
00200 // function prototypes
00201 
00202 struct IKEv2Session *NewSession( struct ikev2_ctx *i2, uint64_t iSPI, uint64_t rSPI, int Type );
00203 struct IKEv2Session *FindISession( struct ikev2_ctx *i2, uint64_t iSPI );
00204 struct IKEv2Session *FindRSession( struct ikev2_ctx *i2, uint64_t rSPI );
00205 struct IKEv2Session *FindSession( struct ikev2_ctx *i2, uint64_t SPI );
00206 struct IKEv2Session *FindSessionByFastid( struct ikev2_ctx *i2, const char* fastid);
00207 void DeleteSession( struct ikev2_ctx *i2, struct IKEv2Session *s );
00208 void ComputeSessionKeys( struct IKEv2Session *s );
00209 void ComputeNewKeys( struct IKEv2Session *s,int dhex );
00210 struct ikev2_ctx * Create_ikev2_ctx(void);
00211 void Free_ikev2_ctx(struct ikev2_ctx *i2);
00212 void FreeSession( struct IKEv2Session *s );
00213 void FreeSessionList(struct IKEv2Session *s);
00214 int FreeSessionIfExpired(struct ikev2_ctx *i2,uint32_t currentTime);
00215 
00216 void DumpIKEv2SessionKeys(const struct IKEv2Session *s) ;
00217 #ifdef __cplusplus
00218 }
00219 #endif
00220 
00221 #endif
Project hosted by: SourceForge.net Logo