1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright (c) 2017, Joyent, Inc.
26 */
27
28 #ifndef _PRESHARED_H
29 #define _PRESHARED_H
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #include <sys/types.h>
36 #include <sys/atomic.h>
37 #include <netinet/in.h>
38 #include <net/pfkeyv2.h>
39
40 #define PRESHARED_KEY_FILE "/etc/inet/secret/ike.preshared"
41
42 typedef struct preshared_entry_s {
43 struct preshared_entry_s *pe_next;
44 int pe_flds_mask;
45 int pe_locidtype;
46 char *pe_locid;
47 int pe_remidtype;
48 char *pe_remid;
49 int pe_ike_mode;
50 uint8_t *pe_keybuf;
51 uint_t pe_keybuf_bytes;
52 uint_t pe_keybuf_lbits;
53 struct sockaddr_storage pe_locid_sa;
54 struct sockaddr_storage pe_remid_sa;
55 int pe_locid_plen;
56 int pe_remid_plen;
57 volatile uint32_t pe_refcnt;
58 } preshared_entry_t;
59
60 #define PE_REFHOLD(pe) atomic_inc_32(&(pe)->pe_refcnt)
61
62 /* Stupid C tricks stolen from <assert.h>. */
63 #define PE_REFRELE(pe) \
64 (void) ((atomic_dec_32_nv(&(pe)->pe_refcnt) != 0) || \
65 (free_preshared(pe), 0))
66
67 /*
68 * Types of Fields
69 * Note: used in pe_flds_mask; values bitwise distinct, not just unique
70 */
71 #define PS_FLD_COMMENT 0x01
72 #define PS_FLD_LOCID 0x02
73 #define PS_FLD_LOCID_TYPE 0x04
74 #define PS_FLD_REMID 0x08
75 #define PS_FLD_REMID_TYPE 0x10
76 #define PS_FLD_IKE_MODE 0x20
77 #define PS_FLD_KEY 0x40
78
79 /*
80 * Type of Remote/Local Ids
81 * Note: used in pe_locidtype and pe_remidtype fields.
82 */
83 #define PS_ID_IP 1
84 #define PS_ID_IP4 2
85 #define PS_ID_IP6 3
86 #define PS_ID_SUBNET 4
87 #define PS_ID_SUBNET4 5
88 #define PS_ID_SUBNET6 6
89 #define PS_ID_RANGE4 7
90 #define PS_ID_RANGE6 8
91 #define PS_ID_ASN1DN 9
92 #define PS_ID_ASN1GN 10
93 #define PS_ID_KEYID 11
94 #define PS_ID_FQDN 12
95 #define PS_ID_USER_FQDN 13
96 #define PS_ID_RANGE 14
97
98
99 /*
100 * Types of IKE Modes
101 * Note: used in pe_ike_mode field.
102 */
103 #define PS_IKM_MAIN 1
104 #define PS_IKM_AGGRESSIVE 2
105 #define PS_IKM_BOTH 3
106
107 /*
108 * Prefix length "special values"
109 * Note: used in pe_locid_plen and pe_remid_plen fields
110 */
111 #define PS_PLEN_BAD_ADDR -1 /* prefix is invalid */
112 #define PS_PLEN_NO_PREFIX -2 /* no prefix was found */
113
114 /*
115 * Interface function prototypes
116 *
117 */
118
119 /*
120 * char *preshared_load()
121 * args : char *ps_filename: config file name
122 * args : int fd: config file descriptor; will
123 * be used if ps_filename is NULL.
124 * args : boolean_t replace: true => replace existing list;
125 * false => append to existing list
126 * Return value
127 * - NULL on success; pointer to error string on error.
128 *
129 * Also on error, globals err_line_number/err_entry_number point
130 * to approximate location of error.
131 */
132 extern char *preshared_load(const char *, int, boolean_t);
133
134 /*
135 * Append the given preshared_entry_t to the global list.
136 * Will NOT increase refcnt - the caller must refhold and let the list
137 * take over the reference.
138 */
139 extern boolean_t append_preshared_entry(preshared_entry_t *);
140
141 /*
142 * Actual freeing function. Almost always called by the REFRELE macro.
143 */
144 extern void free_preshared(preshared_entry_t *);
145
146 /*
147 * psid2sadb(): convert PS_ID_* types to SADB_[X_]IDENTTYPE_* types
148 */
149 extern int psid2sadb(int);
150
151 /*
152 * Look up preshared entries by in_addr (IPv4)
153 * - first arg localid
154 * - second arg remoteid
155 *
156 * Returns a reference-held entry.
157 */
158 extern preshared_entry_t *lookup_ps_by_in_addr(struct in_addr *,
159 struct in_addr *);
160
161 /*
162 * Look up preshared entries by in_addr (IPv6)
163 * - first arg localid
164 * - second arg remoteid
165 *
166 * Returns a reference-held entry.
167 */
168 extern preshared_entry_t *lookup_ps_by_in6_addr(struct in6_addr *,
169 struct in6_addr *);
170
171 /*
172 * Look up preshared entries by identity
173 * - first arg localid
174 * - second arg remoteid
175 *
176 * Returns a reference-held entry.
177 */
178 extern preshared_entry_t *lookup_ps_by_ident(sadb_ident_t *, sadb_ident_t *);
179
180 /*
181 * Look up the nth preshared entry in our list
182 * - first arg n
183 *
184 * Returns a reference-held entry.
185 */
186 extern preshared_entry_t *lookup_nth_ps(int);
187
188 /*
189 * Delete an entry from the list of preshareds.
190 * - first arg points to the entry to be deleted
191 * - returns 1 if entry successfully deleted; 0 if entry not found
192 */
193 extern int delete_ps(preshared_entry_t *);
194
195 /*
196 * Write the preshared entries out to a specified file
197 * args : int fd: config file descriptor
198 * args : char **errmp: errpr message string
199 * Return value
200 * - if the list was written successfully, returns the number
201 * of entries that were written; returns -1 on error.
202 * Also on error, errmp contains pointer to error message
203 * string and globals err_line_number/err_entry_number point
204 * to approximate location of error.
205 */
206 extern int write_preshared(int, char **);
207
208 #ifdef __cplusplus
209 }
210 #endif
211
212 #endif /* _PRESHARED_H */