1/* 2 * Copyright (c) 2012, 2013 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24#ifndef __API_SUPPORT__ 25#define __API_SUPPORT__ 26 27#include <CoreFoundation/CoreFoundation.h> 28#include <net/pfkeyv2.h> 29#include "racoon_types.h" 30#include <sys/socket.h> 31#include <SNIPSecIKEDefinitions.h> 32#include <SNIPSecDBDefinitions.h> 33#include <SNIPSecIKE.h> 34#include <SNIPSecDB.h> 35 36struct isakmp_cfg_state; 37struct ikev2_traffic_selector; 38 39#define kSNIPSecDBSrcRangeEndAddress CFSTR("SrcRangeEndAddress") /* CFString */ 40#define kSNIPSecDBDstRangeEndAddress CFSTR("DstRangeEndAddress") /* CFString */ 41#define kSNIPSecDBSrcRangeEndPort CFSTR("SrcRangeEndPort") /* CFNumber */ 42#define kSNIPSecDBDstRangeEndPort CFSTR("DstRangeEndPort") /* CFNumber */ 43 44#define kSNIPSecDBPolicyID CFSTR("PolicyID") /* CFNumber */ 45 46#define kSNIPSecDBPolicyType CFSTR("PolicyType") /* CFString */ 47#define kSNIPSecDBValPolicyTypeDiscard CFSTR("Discard") 48#define kSNIPSecDBValPolicyTypeNone CFSTR("None") 49#define kSNIPSecDBValPolicyTypeIPSec CFSTR("IPSec") 50#define kSNIPSecDBValPolicyTypeEntrust CFSTR("Entrust") 51#define kSNIPSecDBValPolicyTypeBypass CFSTR("Bypass") 52#define kSNIPSecDBValPolicyTypeGenerate CFSTR("Generate") 53 54#define kSNIPSecDBSACreateTime CFSTR("CreateTime") 55#define kSNIPSecDBSACurrentTime CFSTR("CurrentTime") 56#define kSNIPSecDBSADiffTime CFSTR("DiffTime") 57#define kSNIPSecDBSAHardLifetime CFSTR("HardLifetime") 58#define kSNIPSecDBSASoftLifetime CFSTR("SoftLifetime") 59#define kSNIPSecDBSALastUseTime CFSTR("LastUseTime") 60#define kSNIPSecDBSAHardUseTime CFSTR("HardUseTime") 61#define kSNIPSecDBSASoftUseTime CFSTR("SoftUseTime") 62#define kSNIPSecDBSACurrentBytes CFSTR("CurrentBytes") 63#define kSNIPSecDBSAHardBytes CFSTR("HardBytes") 64#define kSNIPSecDBSASoftBytes CFSTR("SoftBytes") 65#define kSNIPSecDBSACurrentAllocations CFSTR("CurrentAllocations") 66#define kSNIPSecDBSAHardAllocations CFSTR("HardAllocations") 67#define kSNIPSecDBSASoftAllocations CFSTR("SoftAllocations") 68 69#define kSNIPSecDBSAState CFSTR("State") 70#define kSNIPSecDBValSAStateLarval CFSTR("Larval") 71#define kSNIPSecDBValSAStateMature CFSTR("Mature") 72#define kSNIPSecDBValSAStateDying CFSTR("Dying") 73#define kSNIPSecDBValSAStateDead CFSTR("Dead") 74 75#define kSNIPSecIKEAssignedPCSCFIPv6Address CFSTR("AssignedPCSCFIPv6Address") 76 77typedef uint32_t InternalSessionRef; 78typedef uint32_t InternalItemRef; 79 80/* IPSec DB API Types */ 81typedef InternalSessionRef InternalDBRef; 82typedef InternalItemRef InternalDBSARef; 83typedef InternalItemRef InternalDBPolicyRef; 84typedef InternalItemRef InternalDBInterfaceRef; 85#define kInternalDBRefInvalid 0 86#define kInternalDBSARefInvalid 0 87#define kInternalDBPolicyRefInvalid 0 88#define kInternalDBInterfaceRefInvalid 0 89 90/* IKE API Types */ 91typedef InternalSessionRef InternalIKESARef; 92typedef InternalItemRef InternalChildSARef; 93#define kInternalIKESARefInvalid 0 94#define kInternalChildSARefInvalid 0 95 96/* Internal support functions -- Dictionaries should be verified for required keys and valid types before calling these */ 97void ASSendXPCReply (InternalSessionRef sessionRef, InternalItemRef objRef, int callType, void *retVal, Boolean success); 98void ASSendXPCMessage(uint32_t message, void *messageobj, uint32_t sessionID, uint32_t itemID); 99 100/* IPSec DB API Functions */ 101InternalDBRef ASDBCreate (void); 102InternalDBSARef ASDBGetSPI (InternalDBRef ref, CFDictionaryRef sadata); 103InternalDBSARef ASDBCreateSA (InternalDBRef ref, CFDictionaryRef sadata); 104Boolean ASDBUpdateSA (InternalDBRef ref, InternalDBSARef saref, CFDictionaryRef sadata); 105Boolean ASDBDeleteSA (InternalDBRef ref, InternalDBSARef saref); 106Boolean ASDBCopySA (InternalDBRef ref, InternalDBSARef saref); 107Boolean ASDBFlushSA (InternalDBRef ref, Boolean *blockForResponse); 108CFArrayRef ASDBCopySAIDs (InternalDBRef ref); 109InternalDBPolicyRef ASDBAddPolicy (InternalDBRef ref, CFDictionaryRef spdata); 110Boolean ASDBDeletePolicy (InternalDBRef ref, InternalDBPolicyRef policyref); 111Boolean ASDBCopyPolicy (InternalDBRef ref, InternalDBPolicyRef policyref); 112Boolean ASDBFlushPolicy (InternalDBRef ref, Boolean *blockForResponse); 113CFArrayRef ASDBCopyPolicyIDs (InternalDBRef ref); 114Boolean ASDBFlushAll (InternalDBRef ref, Boolean *blockForResponse); 115Boolean ASDBDispose (InternalDBRef ref, Boolean *blockForResponse); 116 117/* IPSec DB Interface Functions */ 118InternalDBInterfaceRef ASDBCreateIPSecInterface (InternalDBRef ref, struct sockaddr_storage *address, struct sockaddr_storage *netmask, struct sockaddr_storage *v6address, int v6prefix); 119Boolean ASDBFlushInterfaces (InternalDBRef ref); 120 121/* IKE API Functions */ 122InternalIKESARef ASIKECreate (CFDictionaryRef ikedata, CFDictionaryRef childData); 123InternalChildSARef ASIKEStartConnection (InternalIKESARef ref); 124Boolean ASIKEStopConnection (InternalIKESARef ref); 125InternalChildSARef ASIKEStartChildSA (InternalIKESARef ref, CFDictionaryRef ikechilddata); 126Boolean ASIKEStopChildSA (InternalIKESARef ref, InternalChildSARef childref); 127SNIPSecIKEStatus ASIKEGetConnectionStatus (InternalIKESARef ref); 128SNIPSecIKEStatus ASIKEGetChildStatus (InternalIKESARef ref, InternalChildSARef childref); 129Boolean ASIKEDispose (InternalIKESARef ref, Boolean *blockForResponse); 130Boolean ASIKEEnableAll (InternalIKESARef ref); 131Boolean ASIKEDisableAll (InternalIKESARef ref); 132 133/* Functions to support racoon */ 134InternalDBSARef ASDBGetSPIFromIKE (InternalDBRef ref, phase2_handle_t *phase2); 135Boolean ASDBAddSAFromIKE (InternalDBRef ref, phase2_handle_t *phase2, Boolean update); 136Boolean ASDBDeleteSAFromIKE (InternalDBRef ref, struct sockaddr_storage *dst, uint32_t spi, int ipsecProtocol); 137Boolean ASDBFlushAllForIKEChildSA (InternalDBRef ref, InternalChildSARef childRef); 138InternalDBPolicyRef ASDBAddPolicyFromIKE (InternalDBRef ref, phase2_handle_t *phase2); 139Boolean ASDBReceivePFKeyMessage (caddr_t *message, int array_size); /* Returns TRUE if handled message */ 140Boolean ASDBGetIPSecInterfaceName (InternalDBRef ref, char *buf, int bufLen); 141Boolean ASIKEConnectionAddChildSAFromIKE (InternalIKESARef ref, phase2_handle_t *childSA); 142Boolean ASIKEConnectionSwapChildSAs (InternalIKESARef ref, InternalChildSARef oldChildSA, InternalChildSARef newChildSA); 143void ASIKEConnectionExpireChildSAFromIKE (InternalIKESARef ref, InternalChildSARef childSARef); 144Boolean ASHasValidSessions (void); 145void ASIKEUpdateLocalAddressesFromIKE (void); 146void ASIKEUpdateStatusFromIKE (InternalIKESARef ref, InternalChildSARef childRef, uint32_t status, uint32_t reason); 147phase2_handle_t *ASIKEConnectionGetChildSAFromIKE (InternalIKESARef ref, InternalChildSARef childSARef); 148void ASIKEUpdateConfigurationFromIKE (InternalIKESARef ref, struct isakmp_cfg_state *config); 149void ASIKEUpdateTrafficSelectorsFromIKE (InternalIKESARef ref, InternalChildSARef childRef, struct ikev2_traffic_selector *local, struct ikev2_traffic_selector *remote); 150void ASIKEStopConnectionFromIKE (InternalIKESARef ref); 151 152#endif 153