1/* 2 * Copyright (c) 2008 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * The contents of this file constitute Original Code as defined in and 7 * are subject to the Apple Public Source License Version 1.1 (the 8 * "License"). You may not use this file except in compliance with the 9 * License. Please obtain a copy of the License at 10 * http://www.apple.com/publicsource and read it before using this file. 11 * 12 * This Original Code and all software distributed under the License are 13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER 14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the 17 * License for the specific language governing rights and limitations 18 * under the License. 19 * 20 * @APPLE_LICENSE_HEADER_END@ 21 */ 22 23#ifndef _FSM_H 24#define _FSM_H 25 26#include <stdlib.h> 27#include <sys/types.h> 28#include <sys/param.h> 29#include <sys/socket.h> 30 31#include "vmbuf.h" 32#include "ike_session.h" 33#include "handler.h" 34#include "strnames.h" 35#include "ipsec_xpc.h" 36 37//================================ 38// Defines 39//================================ 40// 41 42// 43// State Flags 44// 45// bit# 46// 0 Ike Version 0 = v1 1= v2 47// 1 Expired 48// 2 Established 49// 3 Negotiating 50// 4-5 Ike Phase 1 = Phase1 2 = phase2 51// 6 Reserved 52// 7 Direction 0 = Initiator 1 = Responder 53// 54 55// STATE FLAG MASKS 56#define IKE_STATE_MASK_VERSION 0x8000 57#define IKE_STATE_MASK_EXPIRED 0x4000 58#define IKE_STATE_MASK_ESTABLISHED 0x2000 59#define IKE_STATE_MASK_NEGOTIATING 0x1000 60#define IKE_STATE_MASK_PHASE 0x0C00 61#define IKE_STATE_MASK_XAUTH_OR_EAP_SUCC 0x0200 62#define IKE_STATE_MASK_DIRECTION 0x0100 63#define IKE_STATE_MASK_MODE 0x00C0 64#define IKE_STATE_MASK_STATE 0X003F 65 66#define IKE_STATE_FLAG_VALUE_IKEV1 0x0000 67#define IKE_STATE_FLAG_VALUE_IKEV2 0x8000 68#define IKE_STATE_FLAG_VALUE_EXPIRED 0x4000 69#define IKE_STATE_FLAG_VALUE_ESTABLISED 0x2000 70#define IKE_STATE_FLAG_VALUE_NEGOTIATING 0x1000 71#define IKE_STATE_FLAG_VALUE_PHASE1 0x0400 72#define IKE_STATE_FLAG_VALUE_PHASE2 0x0800 73#define IKE_STATE_FLAG_XAUTH_OR_EAP_SUCC 0x0200 74#define IKE_STATE_FLAG_VALUE_INITIATOR 0x0000 75#define IKE_STATE_FLAG_VALUE_RESPONDER 0x0100 76 77 78//================================ 79// MACROS 80//================================ 81 82#define FSM_STATE_IS_EXPIRED(s) \ 83 ((s) & IKE_STATE_MASK_EXPIRED) 84 85#define FSM_STATE_IS_ESTABLISHED(s) \ 86 ((s) & IKE_STATE_MASK_ESTABLISHED) 87 88#define FSM_STATE_IS_ESTABLISHED_OR_EXPIRED(s) \ 89 (((s) & IKE_STATE_MASK_ESTABLISHED) | ((s) & IKE_STATE_MASK_EXPIRED)) 90 91#define FSM_STATE_IS_NEGOTIATING(s) \ 92((s) & IKE_STATE_MASK_NEGOTIATING) 93 94#define FSM_STATE_IS_INITIATOR(s) \ 95 ((s & IKE_STATE_MASK_DIRECTION) == IKE_STATE_FLAG_VALUE_INITIATOR) 96 97#define FSM_STATE_IS_RESPONDER(s) \ 98((s & IKE_STATE_MASK_DIRECTION) == IKE_STATE_FLAG_VALUE_RESPONDER) 99 100//================================ 101// API States 102//================================ 103 104//================================ 105// IKEv1 States 106//================================ 107 108#define IKEV1_STATE_FLAG_VALUE_INFO (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0000) 109#define IKEV1_STATE_FLAG_VALUE_IDENTMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0040) 110#define IKEV1_STATE_FLAG_VALUE_AGGMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x0080) 111#define IKEV1_STATE_FLAG_VALUE_QUICKMODE (IKE_STATE_FLAG_VALUE_IKEV1 | 0x00C0) 112 113 114#define IKEV1_STATE_FLAG_VALUE_SENT 0x0020 115#define IKEV1_STATE_FLAG_VALUE_SPI 0x0010 116#define IKEV1_STATE_FLAG_VALUE_ADDSA 0x0008 117 118 119#define IKEV1_STATE_INITIATOR_IDENT (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \ 120 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_IDENTMODE) 121 122#define IKEV1_STATE_RESPONDER_IDENT (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \ 123 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_IDENTMODE) 124 125#define IKEV1_STATE_INITIATOR_AGG (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \ 126 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_AGGMODE) 127 128#define IKEV1_STATE_RESPONDER_AGG (IKE_STATE_FLAG_VALUE_PHASE1 | IKE_STATE_MASK_NEGOTIATING \ 129 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_AGGMODE) 130 131#define IKEV1_STATE_INITIATOR_QUICK (IKE_STATE_FLAG_VALUE_PHASE2 | IKE_STATE_MASK_NEGOTIATING \ 132 | IKE_STATE_FLAG_VALUE_INITIATOR | IKEV1_STATE_FLAG_VALUE_QUICKMODE) 133 134#define IKEV1_STATE_RESPONDER_QUICK (IKE_STATE_FLAG_VALUE_PHASE2 | IKE_STATE_MASK_NEGOTIATING \ 135 | IKE_STATE_FLAG_VALUE_RESPONDER | IKEV1_STATE_FLAG_VALUE_QUICKMODE) 136 137 138#define IKEV1_STATE_PHASE1_ESTABLISHED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE1| IKE_STATE_FLAG_VALUE_ESTABLISED) 139#define IKEV1_STATE_PHASE2_ESTABLISHED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE2| IKE_STATE_FLAG_VALUE_ESTABLISED) 140#define IKEV1_STATE_PHASE1_EXPIRED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE1| IKE_STATE_FLAG_VALUE_EXPIRED) 141#define IKEV1_STATE_PHASE2_EXPIRED (IKE_STATE_FLAG_VALUE_IKEV1 | IKE_STATE_FLAG_VALUE_PHASE2| IKE_STATE_FLAG_VALUE_EXPIRED) 142 143 // PHASE 1 INFO 144#define IKEV1_STATE_INFO (IKE_STATE_FLAG_VALUE_IKEV1 | IKEV1_STATE_FLAG_VALUE_INFO | 0x3F) 145 146 // IDENT MODE 147#define IKEV1_STATE_IDENT_I_START (IKEV1_STATE_INITIATOR_IDENT) 148#define IKEV1_STATE_IDENT_I_MSG1SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 1) 149#define IKEV1_STATE_IDENT_I_MSG2RCVD (IKEV1_STATE_INITIATOR_IDENT | 2) 150#define IKEV1_STATE_IDENT_I_MSG3SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 3) 151#define IKEV1_STATE_IDENT_I_MSG4RCVD (IKEV1_STATE_INITIATOR_IDENT | 4) 152#define IKEV1_STATE_IDENT_I_MSG5SENT (IKEV1_STATE_INITIATOR_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 5) 153#define IKEV1_STATE_IDENT_I_MSG6RCVD (IKEV1_STATE_INITIATOR_IDENT | 6) 154 155#define IKEV1_STATE_IDENT_R_START (IKEV1_STATE_RESPONDER_IDENT) 156#define IKEV1_STATE_IDENT_R_MSG1RCVD (IKEV1_STATE_RESPONDER_IDENT | 1) 157#define IKEV1_STATE_IDENT_R_MSG2SENT (IKEV1_STATE_RESPONDER_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 2) 158#define IKEV1_STATE_IDENT_R_MSG3RCVD (IKEV1_STATE_RESPONDER_IDENT | 3) 159#define IKEV1_STATE_IDENT_R_MSG4SENT (IKEV1_STATE_RESPONDER_IDENT | IKEV1_STATE_FLAG_VALUE_SENT | 4) 160#define IKEV1_STATE_IDENT_R_MSG5RCVD (IKEV1_STATE_RESPONDER_IDENT | 5) 161 // AGG MODE 162#define IKEV1_STATE_AGG_I_START (IKEV1_STATE_INITIATOR_AGG) 163#define IKEV1_STATE_AGG_I_MSG1SENT (IKEV1_STATE_INITIATOR_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 1) 164#define IKEV1_STATE_AGG_I_MSG2RCVD (IKEV1_STATE_INITIATOR_AGG | 2) 165#define IKEV1_STATE_AGG_I_MSG3SENT (IKEV1_STATE_INITIATOR_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 3) 166#define IKEV1_STATE_AGG_R_START (IKEV1_STATE_RESPONDER_AGG) 167#define IKEV1_STATE_AGG_R_MSG1RCVD (IKEV1_STATE_RESPONDER_AGG | 1) 168#define IKEV1_STATE_AGG_R_MSG2SENT (IKEV1_STATE_RESPONDER_AGG | IKEV1_STATE_FLAG_VALUE_SENT | 2) 169#define IKEV1_STATE_AGG_R_MSG3RCVD (IKEV1_STATE_RESPONDER_AGG | 3) 170 // QUICK MODE 171#define IKEV1_STATE_QUICK_I_START (IKEV1_STATE_INITIATOR_QUICK) 172#define IKEV1_STATE_QUICK_I_GETSPISENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | IKEV1_STATE_FLAG_VALUE_SPI) 173#define IKEV1_STATE_QUICK_I_GETSPIDONE (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SPI) 174#define IKEV1_STATE_QUICK_I_MSG1SENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 1) 175#define IKEV1_STATE_QUICK_I_MSG2RCVD (IKEV1_STATE_INITIATOR_QUICK | 2) 176#define IKEV1_STATE_QUICK_I_MSG3SENT (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 3) 177#define IKEV1_STATE_QUICK_I_ADDSA (IKEV1_STATE_INITIATOR_QUICK | IKEV1_STATE_FLAG_VALUE_ADDSA) 178#define IKEV1_STATE_QUICK_R_START (IKEV1_STATE_RESPONDER_QUICK) 179#define IKEV1_STATE_QUICK_R_MSG1RCVD (IKEV1_STATE_RESPONDER_QUICK | 1) 180#define IKEV1_STATE_QUICK_R_GETSPISENT (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | IKEV1_STATE_FLAG_VALUE_SPI) 181#define IKEV1_STATE_QUICK_R_GETSPIDONE (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SPI) 182#define IKEV1_STATE_QUICK_R_MSG2SENT (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_SENT | 2) 183#define IKEV1_STATE_QUICK_R_MSG3RCVD (IKEV1_STATE_RESPONDER_QUICK | 3) 184#define IKEV1_STATE_QUICK_R_COMMIT (IKEV1_STATE_RESPONDER_QUICK | 4) 185#define IKEV1_STATE_QUICK_R_ADDSA (IKEV1_STATE_RESPONDER_QUICK | IKEV1_STATE_FLAG_VALUE_ADDSA) 186 187 188extern void fsm_set_state(int *var, int state); 189//================================ 190// Version Agnostic Events 191//================================ 192extern void fsm_api_handle_connect (struct sockaddr_storage *remote, const int connect_mode); 193extern void fsm_api_handle_disconnect (struct sockaddr_storage *remote, const char *reason); 194 195extern void fsm_pfkey_handle_acquire (phase2_handle_t *iph2); 196extern void fsm_pfkey_getspi_complete (phase2_handle_t *iph2); 197 198extern void fsm_isakmp_initial_pkt (vchar_t *msg, struct sockaddr_storage *local, struct sockaddr_storage *remote); 199 200//================================ 201// IKEv1 Events 202//================================ 203 204extern int fsm_ikev1_phase1_process_payloads (phase1_handle_t *iph1, vchar_t *msg); 205extern int fsm_ikev1_phase2_process_payloads (phase2_handle_t *iph2, vchar_t *msg); 206extern int fsm_ikev1_phase1_send_response(phase1_handle_t *iph1, vchar_t *msg); 207extern int fsm_ikev1_phase2_send_response(phase2_handle_t *iph2, vchar_t *msg); 208 209 210#endif /* _FSM_H */ 211