xref: /illumos-gate/usr/src/lib/libipsecutil/common/ikedoor.h (revision 7c478bd95313f5f23a4c958a745db2134aa03244)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2000-2003 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef	_IKEDOOR_H
#define	_IKEDOOR_H

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#ifdef	__cplusplus
extern "C" {
#endif

#include <limits.h>
#include <sys/sysmacros.h>
#include <net/pfkeyv2.h>
#include <door.h>

#define	DOORNM	"/var/run/ike_door"


typedef enum {
	IKE_SVC_GET_DBG,
	IKE_SVC_SET_DBG,

	IKE_SVC_GET_PRIV,
	IKE_SVC_SET_PRIV,

	IKE_SVC_GET_STATS,

	IKE_SVC_GET_P1,
	IKE_SVC_DEL_P1,
	IKE_SVC_DUMP_P1S,
	IKE_SVC_FLUSH_P1S,

	IKE_SVC_GET_RULE,
	IKE_SVC_NEW_RULE,
	IKE_SVC_DEL_RULE,
	IKE_SVC_DUMP_RULES,
	IKE_SVC_READ_RULES,
	IKE_SVC_WRITE_RULES,

	IKE_SVC_GET_PS,
	IKE_SVC_NEW_PS,
	IKE_SVC_DEL_PS,
	IKE_SVC_DUMP_PS,
	IKE_SVC_READ_PS,
	IKE_SVC_WRITE_PS,

	IKE_SVC_DBG_RBDUMP,

	IKE_SVC_ERROR
} ike_svccmd_t;

#define	IKE_SVC_MAX	IKE_SVC_ERROR


/*
 * Support structures/defines
 */

#define	IKEDOORROUNDUP(i)   P2ROUNDUP((i), sizeof (uint64_t))

/*
 * Debug categories.  The debug level is a bitmask made up of
 * flags indicating the desired categories; only 31 bits are
 * available, as the highest-order bit designates an invalid
 * setting.
 */
#define	D_INVALID	0x80000000

#define	D_CERT		0x00000001	/* certificate management */
#define	D_KEY		0x00000002	/* key management */
#define	D_OP		0x00000004	/* operational: config, init, mem */
#define	D_P1		0x00000008	/* phase 1 negotiation */
#define	D_P2		0x00000010	/* phase 2 negotiation */
#define	D_PFKEY		0x00000020	/* pf key interface */
#define	D_POL		0x00000040	/* policy management */
#define	D_PROP		0x00000080	/* proposal construction */
#define	D_DOOR		0x00000100	/* door server */
#define	D_CONFIG	0x00000200	/* config file processing */

#define	D_HIGHBIT	0x00000200
#define	D_ALL		0x000003ff

/*
 * Access privilege levels: define level of access to keying information.
 * The privileges granted at each level is a superset of the privileges
 * granted at all lower levels.
 *
 * The door operations which require special privileges are:
 *
 *	- receiving keying material for SAs and preshared key entries
 *	  IKE_PRIV_KEYMAT must be set for this.
 *
 *	- get/dump/new/delete/read/write preshared keys
 *	  IKE_PRIV_KEYMAT or IKE_PRIV_MODKEYS must be set to do this.
 *	  If IKE_PRIV_MODKEYS is set, the information returned for a
 *	  get/dump request will not include the actual key; in order
 *	  to get the key itself, IKE_PRIV_KEYMAT must be set.
 *
 *	- modifying the privilege level: the daemon's privilege level
 *	  is set when the daemon is started; the level may only be
 *	  lowered via the door interface.
 *
 * All other operations are allowed at any privilege level.
 */
#define	IKE_PRIV_MINIMUM	0
#define	IKE_PRIV_MODKEYS	1
#define	IKE_PRIV_KEYMAT		2
#define	IKE_PRIV_MAXIMUM	2

/* global ike stats formatting structure */
typedef struct {
	uint32_t	st_init_p1_current;
	uint32_t	st_resp_p1_current;
	uint32_t	st_init_p1_total;
	uint32_t	st_resp_p1_total;
	uint32_t	st_init_p1_attempts;
	uint32_t	st_resp_p1_attempts;
	uint32_t	st_init_p1_noresp;   /* failed; no response from peer */
	uint32_t	st_init_p1_respfail; /* failed, but peer responded */
	uint32_t	st_resp_p1_fail;
	uint32_t	st_reserved;
	char		st_pkcs11_libname[PATH_MAX];
} ike_stats_t;


/* data formatting structures for P1 SA dumps */
typedef struct {
	struct sockaddr_storage	loc_addr;
	struct sockaddr_storage	rem_addr;
#define	beg_iprange	loc_addr
#define	end_iprange	rem_addr
} ike_addr_pr_t;

typedef struct {
	uint64_t	cky_i;
	uint64_t	cky_r;
} ike_cky_pr_t;

typedef struct {
	ike_cky_pr_t	p1hdr_cookies;
	uint8_t		p1hdr_major;
	uint8_t		p1hdr_minor;
	uint8_t		p1hdr_xchg;
	uint8_t		p1hdr_isinit;
	uint32_t	p1hdr_state;
} ike_p1_hdr_t;

/* values for p1hdr_xchg (aligned with RFC2408, section 3.1) */
#define	IKE_XCHG_NONE			0
#define	IKE_XCHG_BASE			1
#define	IKE_XCHG_IDENTITY_PROTECT	2
#define	IKE_XCHG_AUTH_ONLY		3
#define	IKE_XCHG_AGGRESSIVE		4
/* following not from RFC; used only for preshared key definitions */
#define	IKE_XCHG_IP_AND_AGGR		240
/* also not from RFC; used as wildcard */
#define	IKE_XCHG_ANY			256

/* values for p1hdr_state */
#define	IKE_SA_STATE_INVALID	0
#define	IKE_SA_STATE_INIT	1
#define	IKE_SA_STATE_SENT_SA	2
#define	IKE_SA_STATE_SENT_KE	3
#define	IKE_SA_STATE_SENT_LAST	4
#define	IKE_SA_STATE_DONE	5
#define	IKE_SA_STATE_DELETED	6

typedef struct {
	uint16_t	p1xf_dh_group;
	uint16_t	p1xf_encr_alg;
	uint16_t	p1xf_auth_alg;
	uint16_t	p1xf_auth_meth;
	uint16_t	p1xf_prf;
	uint16_t	p1xf_pfs;
	uint32_t	p1xf_max_secs;
	uint32_t	p1xf_max_kbytes;
	uint32_t	p1xf_max_keyuses;
} ike_p1_xform_t;

/* values for p1xf_dh_group (aligned with RFC2409, Appendix A) */
#define	IKE_GRP_DESC_MODP_768	1
#define	IKE_GRP_DESC_MODP_1024	2
#define	IKE_GRP_DESC_EC2N_155	3
#define	IKE_GRP_DESC_EC2N_185	4
#define	IKE_GRP_DESC_MODP_1536	5

/* values for p1xf_auth_meth (aligned with RFC2409, Appendix A) */
#define	IKE_AUTH_METH_PRE_SHARED_KEY	1
#define	IKE_AUTH_METH_DSS_SIG		2
#define	IKE_AUTH_METH_RSA_SIG		3
#define	IKE_AUTH_METH_RSA_ENCR		4
#define	IKE_AUTH_METH_RSA_ENCR_REVISED	5

/* values for p1xf_prf */
#define	IKE_PRF_NONE		0
#define	IKE_PRF_HMAC_MD5	1
#define	IKE_PRF_HMAC_SHA1	2

typedef struct {
	/*
	 * NOTE: the new and del counters count the actual number of SAs,
	 * not the number of "suites", as defined in the ike monitoring
	 * mib draft; we do this because we don't have a good way of
	 * tracking the deletion of entire suites (we're notified of
	 * deleted qm sas individually).
	 */
	uint32_t	p1stat_new_qm_sas;
	uint32_t	p1stat_del_qm_sas;
	uint64_t	p1stat_start;
	uint32_t	p1stat_kbytes;
	uint32_t	p1stat_keyuses;
} ike_p1_stats_t;

typedef struct {
	uint32_t	p1err_decrypt;
	uint32_t	p1err_hash;
	uint32_t	p1err_otherrx;
	uint32_t	p1err_tx;
} ike_p1_errors_t;

typedef struct {
	uint32_t	p1key_type;
	uint32_t	p1key_len;
	/*
	 * followed by (len - sizeof (ike_p1_key_t)) bytes of hex data,
	 * 64-bit aligned (pad bytes are added at the end, if necessary,
	 * and NOT INCLUDED in the len value, which reflects the actual
	 * key size).
	 */
} ike_p1_key_t;

/* key info types for ike_p1_key_t struct */
#define	IKE_KEY_PRESHARED	1
#define	IKE_KEY_SKEYID		2
#define	IKE_KEY_SKEYID_D	3
#define	IKE_KEY_SKEYID_A	4
#define	IKE_KEY_SKEYID_E	5
#define	IKE_KEY_ENCR		6
#define	IKE_KEY_IV		7

typedef struct {
	ike_p1_hdr_t	p1sa_hdr;
	ike_p1_xform_t	p1sa_xform;
	ike_addr_pr_t	p1sa_ipaddrs;
	uint16_t	p1sa_stat_off;
	uint16_t	p1sa_stat_len;
	uint16_t	p1sa_error_off;
	uint16_t	p1sa_error_len;
	uint16_t	p1sa_localid_off;
	uint16_t	p1sa_localid_len;
	uint16_t	p1sa_remoteid_off;
	uint16_t	p1sa_remoteid_len;
	uint16_t	p1sa_key_off;
	uint16_t	p1sa_key_len;
	uint32_t	p1sa_reserved;
	/*
	 * variable-length structures will be included here, as
	 * indicated by offset/length fields.
	 * stats and errors will be formatted as ike_p1_stats_t and
	 * ike_p1_errors_t, respectively.
	 * key info will be formatted as a series of p1_key_t structs.
	 * local/remote ids will be formatted as sadb_ident_t structs.
	 */
} ike_p1_sa_t;


#define	MAX_LABEL_LEN	256


/* data formatting structure for policy (rule) dumps */

typedef struct {
	char		rule_label[MAX_LABEL_LEN];
	uint32_t	rule_kmcookie;
	uint16_t	rule_ike_mode;
	uint16_t	rule_local_idtype;	/* SADB_IDENTTYPE_* value */
	uint32_t	rule_p1_nonce_len;
	uint32_t	rule_p2_nonce_len;
	uint32_t	rule_p2_pfs;
	uint32_t	rule_p2_lifetime;
	uint16_t	rule_xform_cnt;
	uint16_t	rule_xform_off;
	uint16_t	rule_locip_cnt;
	uint16_t	rule_locip_off;
	uint16_t	rule_remip_cnt;
	uint16_t	rule_remip_off;
	uint16_t	rule_locid_inclcnt;
	uint16_t	rule_locid_exclcnt;
	uint16_t	rule_locid_off;
	uint16_t	rule_remid_inclcnt;
	uint16_t	rule_remid_exclcnt;
	uint16_t	rule_remid_off;
	/*
	 * Followed by several lists of variable-length structures, described
	 * by counts and offsets:
	 *	transforms			ike_p1_xform_t structs
	 *	ranges of local ip addrs	ike_addr_pr_t structs
	 *	ranges of remote ip addrs	ike_addr_pr_t structs
	 *	local identification strings	null-terminated ascii strings
	 *	remote identification strings	null-terminated ascii strings
	 */
} ike_rule_t;


/*
 * data formatting structure for preshared keys
 * ps_ike_mode field uses the IKE_XCHG_* defs
 */
typedef struct {
	ike_addr_pr_t	ps_ipaddrs;
	uint16_t	ps_ike_mode;
	uint16_t	ps_localid_off;
	uint16_t	ps_localid_len;
	uint16_t	ps_remoteid_off;
	uint16_t	ps_remoteid_len;
	uint16_t	ps_key_off;
	uint16_t	ps_key_len;
	uint16_t	ps_key_bits;
	/*
	 * followed by variable-length structures, as indicated by
	 * offset/length fields.
	 * key info will be formatted as an array of bytes.
	 * local/remote ids will be formatted as sadb_ident_t structs.
	 */
} ike_ps_t;


/* identification types */
#define	IKE_ID_IDENT_PAIR	1
#define	IKE_ID_ADDR_PAIR	2
#define	IKE_ID_CKY_PAIR		3
#define	IKE_ID_LABEL		4


/* locations for read/write requests */
#define	IKE_RW_LOC_DEFAULT	1
#define	IKE_RW_LOC_USER_SPEC	2


/* door interface error codes */
#define	IKE_ERR_NO_OBJ		1	/* nothing found to match the request */
#define	IKE_ERR_NO_DESC		2	/* fd was required with this request */
#define	IKE_ERR_ID_INVALID	3	/* invalid id info was provided */
#define	IKE_ERR_LOC_INVALID	4	/* invalid location info was provided */
#define	IKE_ERR_CMD_INVALID	5	/* invalid command was provided */
#define	IKE_ERR_DATA_INVALID	6	/* invalid data was provided */
#define	IKE_ERR_CMD_NOTSUP	7	/* unsupported command */
#define	IKE_ERR_REQ_INVALID	8	/* badly formatted request */
#define	IKE_ERR_NO_PRIV		9	/* privilege level not high enough */
#define	IKE_ERR_SYS_ERR		10	/* syserr occurred while processing */


/*
 * IKE_SVC_GET_DBG
 * Used to request the current debug level.
 *
 * Upon request, dbg_level is 0 (don't care).
 *
 * Upon return, dbg_level contains the current value.
 *
 *
 * IKE_SVC_SET_DBG
 * Used to request modification of the debug level.
 *
 * Upon request, dbg_level contains desired level.  If debug output is
 * to be directed to a different file, the fd should be passed in the
 * door_desc_t field of the door_arg_t param.  NOTE: if the daemon is
 * currently running in the background with no debug set, an output
 * file MUST be given.
 *
 * Upon return, dbg_level contains the old debug level, and acknowledges
 * successful completion of the request.  If an error is encountered,
 * ike_err_t is returned instead, with appropriate error value and cmd
 * IKE_SVC_ERROR.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	dbg_level;
} ike_dbg_t;

/*
 * IKE_SVC_GET_PRIV
 * Used to request the current privilege level.
 *
 * Upon request, priv_level is 0 (don't care).
 *
 * Upon return, priv_level contains the current value.
 *
 *
 * IKE_SVC_SET_PRIV
 * Used to request modification of the privilege level.
 *
 * Upon request, priv_level contains the desired level.  The level may
 * only be lowered via the door interface; it cannot be raised.  Thus,
 * if in.iked is started at the lowest level, it cannot be changed.
 *
 * Upon return, priv_level contains the old privilege level, and
 * acknowledges successful completion of the request.  If an error is
 * encountered, ike_err_t is returned instead, with appropriate error
 * value and cmd IKE_SVC_ERROR.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	priv_level;
} ike_priv_t;


/*
 * IKE_SVC_GET_STATS
 * Used to request current statistics on Phase 1 SA creation and
 * failures.  The statistics represent all activity in in.iked.
 *
 * Upon request, cmd is set, and stat_len does not matter.
 *
 * Upon successful return, stat_len contains the total size of the
 * returned buffer, which contains first the ike_statreq_t struct,
 * followed by the stat data in the ike_stats_t structure. In case
 * of an error in processing the request, ike_err_t is returned with
 * IKE_SVC_ERROR command and appropriate error code.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	stat_len;
} ike_statreq_t;


/*
 * IKE_SVC_DUMP_{P1S|RULES|PS}
 * Used to request a table dump, and to return info for a single table
 * item.  The expectation is that all of the table data will be passed
 * through the door, one entry at a time; an individual request must be
 * sent for each entry, however (the door server can't send unrequested
 * data).
 *
 * Upon request: cmd is set, and dump_next contains the item number
 * requested (0 for first request).  dump_len is 0; no data follows.
 *
 * Upon return: cmd is set, and dump_next contains the item number of
 * the *next* item in the table (to be used in the subsequent request).
 * dump_next = 0 indicates that this is the last item in the table.
 * dump_len is the total length (data + struct) returned.  Data is
 * formatted as indicated by the cmd type:
 *   IKE_SVC_DUMP_P1S:		ike_p1_sa_t
 *   IKE_SVC_DUMP_RULES:	ike_rule_t
 *   IKE_SVC_DUMP_PS:		ike_ps_t
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	dump_len;
	union {
		struct {
			uint32_t	dump_unext;
			uint32_t	dump_ureserved;
		} dump_actual;
		uint64_t dump_alignment;
	} dump_u;
#define	dump_next dump_u.dump_actual.dump_unext
#define	dump_reserved dump_u.dump_actual.dump_ureserved
	/* dump_len - sizeof (ike_dump_t) bytes of data included here */
} ike_dump_t;


/*
 * IKE_SVC_GET_{P1|RULE|PS}
 * Used to request and return individual table items.
 *
 * Upon request: get_len is the total msg length (struct + id data);
 * get_idtype indicates the type of identification being used.
 *   IKE_SVC_GET_P1:		ike_addr_pr_t or ike_cky_pr_t
 *   IKE_SVC_GET_RULE:		char string (label)
 *   IKE_SVC_GET_PS:		ike_addr_pr_t or pair of sadb_ident_t
 *
 * Upon return: get_len is the total size (struct + data), get_idtype
 * is unused, and the data that follows is formatted according to cmd:
 *   IKE_SVC_GET_P1:		ike_p1_sa_t
 *   IKE_SVC_GET_RULE:		ike_rule_t
 *   IKE_SVC_GET_PS:		ike_ps_t
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	get_len;
	union {
		struct {
			uint32_t	getu_idtype;
			uint32_t	getu_reserved;
		} get_actual;
		uint64_t get_alignment;
	} get_u;
#define	get_idtype get_u.get_actual.getu_idtype
#define	get_reserved get_u.get_actual.getu_reserved
	/* get_len - sizeof (ike_get_t) bytes of data included here */
} ike_get_t;


/*
 * IKE_SVC_NEW_{RULE|PS}
 * Used to request and acknowledge insertion of a table item.
 *
 * Upon request: new_len is the total (data + struct) size passed, or 0.
 * new_len = 0 => a door_desc_t is also included with a file descriptor
 * for a file containing the data to be added.  The file should include
 * a single item: a rule, or a pre-shared key.  For new_len != 0, the
 * data is formatted according to the cmd type:
 *   IKE_SVC_NEW_RULE:		ike_rule_t
 *   IKE_SVC_NEW_PS:		ike_ps_t
 *
 * Upon return: new_len is 0; simply acknowledges successful insertion
 * of the requested item.  If insertion is not successful, ike_err_t is
 * returned instead with appropriate error value.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	new_len;
	/* new_len - sizeof (ike_new_t) bytes included here */
	uint64_t	new_align;	/* Padding for 64-bit alignment. */
} ike_new_t;


/*
 * IKE_SVC_DEL_{P1|RULE|PS}
 * Used to request and acknowledge the deletion of an individual table
 * item.
 *
 * Upon request: del_len is the total msg length (struct + id data);
 * del_idtype indicates the type of identification being used.
 *   IKE_SVC_DEL_P1:		ike_addr_pr_t or ike_cky_pr_t
 *   IKE_SVC_DEL_RULE:		char string (label)
 *   IKE_SVC_DEL_PS:		ike_addr_pr_t or pair of sadb_ident_t
 *
 * Upon return: acknowledges deletion of the requested item; del_len and
 * del_idtype are unspecified.  If deletion is not successful, ike_err_t
 * is returned instead with appropriate error value.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	del_len;
	uint32_t	del_idtype;
	uint32_t	del_reserved;
	/* del_len - sizeof (ike_del_t) bytes of data included here. */
} ike_del_t;


/*
 * IKE_SVC_READ_{RULES|PS}
 * Used to ask daemon to re-read particular configuration info.
 *
 * Upon request: rw_loc indicates where the info should be read from:
 * either from a user-supplied file descriptor(s), or from the default
 * location(s).  If rw_loc indicates user-supplied location, the file
 * descriptor(s) should be passed in the door_desc_t struct.  For the
 * IKE_SVC_READ_RULES cmd, two file descriptors should be specified:
 * first, one for the config file which contains the data to be read,
 * and second, one for the cookie file which will be written to as
 * in.iked process the config file.
 *
 * Upon return: rw_loc is unspecified; the message simply acknowledges
 * successful completion of the request.  If an error occurred,
 * ike_err_t is returned instead with appropriate error value.
 *
 *
 * IKE_SVC_WRITE_{RULES|PS}
 * Used to ask daemon to write its current config info to files.
 *
 * Request and return are handled the same as for the IKE_SVC_READ_*
 * cmds; however, the rw_loc MUST be a user-supplied location.  Also,
 * for the IKE_SVC_WRITE_RULES cmd, the cookie file fd is not required;
 * only a single fd, for the file to which the config info should be
 * written, should be passed in.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	rw_loc;
} ike_rw_t;


/*
 * IKE_SVC_FLUSH_P1S
 * Used to request and acknowledge tear-down of all P1 SAs.
 */
typedef struct {
	ike_svccmd_t	cmd;
} ike_flush_t;


/*
 * IKE_SVC_ERROR
 * Used on return if server encountered an error while processing
 * the request.  An appropriate error code is included (as defined
 * in this header file); in the case of IKE_ERR_SYS_ERR, a value
 * from the UNIX errno space is included in the ike_err_unix field.
 */
typedef struct {
	ike_svccmd_t	cmd;
	uint32_t	ike_err;
	uint32_t	ike_err_unix;
	uint32_t	ike_err_reserved;
} ike_err_t;


/*
 * Generic type for use when the request/reply type is unknown
 */
typedef struct {
	ike_svccmd_t	cmd;
} ike_cmd_t;


/*
 * Union containing all possible request/retrun structures.
 */
typedef union {
	ike_cmd_t	svc_cmd;
	ike_dbg_t	svc_dbg;
	ike_priv_t	svc_priv;
	ike_statreq_t	svc_stats;
	ike_dump_t	svc_dump;
	ike_get_t	svc_get;
	ike_new_t	svc_new;
	ike_del_t	svc_del;
	ike_rw_t	svc_rw;
	ike_flush_t	svc_flush;
	ike_err_t	svc_err;
} ike_service_t;

#ifdef	__cplusplus
}
#endif

#endif	/* _IKEDOOR_H */