xref: /titanic_52/usr/src/lib/libipsecutil/common/ipsec_util.h (revision f498645a3eecf2ddd304b4ea9c7f1b4c155ff79e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_IPSEC_UTIL_H
27 #define	_IPSEC_UTIL_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 /*
32  * Headers and definitions for support functions that are shared by
33  * the ipsec utilities ipseckey and ikeadm.
34  */
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <setjmp.h>
43 #include <stdio.h>
44 #include <err.h>
45 #include <net/pfpolicy.h>
46 
47 #ifndef A_CNT
48 /* macros for array manipulation */
49 #define	A_CNT(arr)	(sizeof (arr)/sizeof (arr[0]))
50 #define	A_END(arr)	(&arr[A_CNT(arr)])
51 #endif
52 
53 /* used for file parsing */
54 #define	NBUF_SIZE	16
55 #define	IBUF_SIZE	512
56 #define	COMMENT_CHAR	'#'
57 #define	CONT_CHAR	'\\'
58 #define	QUOTE_CHAR	'"'
59 
60 /* used for command-line parsing */
61 #define	START_ARG	8
62 #define	TOO_MANY_ARGS	(START_ARG << 9)
63 
64 /* Return codes for argv/argc vector creation */
65 #define	TOO_MANY_TOKENS		-3
66 #define	MEMORY_ALLOCATION	-2
67 #define	COMMENT_LINE		1
68 #define	SUCCESS			0
69 
70 /*
71  * Time printing defines...
72  *
73  * TBUF_SIZE is pretty arbitrary.  Perhaps it shouldn't be.
74  */
75 #define	TBUF_SIZE	50
76 #define	TIME_MAX	LONG_MAX
77 
78 /* For keyword-lookup tables */
79 typedef struct keywdtab {
80 	uint_t	kw_tag;
81 	char	*kw_str;
82 } keywdtab_t;
83 
84 
85 /*
86  * Function Prototypes
87  */
88 
89 /*
90  * Print errno and if cmdline or readfile, exit; if interactive reset state
91  */
92 extern void bail(char *);
93 
94 /*
95  * Localization macro...
96  */
97 #define	Bail(s)	bail(gettext(s))
98 
99 /*
100  * Print caller-supplied, variable-arg error message, then exit if cmdline
101  * or readfile, or reset state if interactive.
102  */
103 extern void bail_msg(char *, ...);
104 
105 /*
106  * dump_XXX functions produce ASCII output from the passed in data.
107  *
108  * Because certain errors need to do this stderr, dump_XXX functions
109  * take a FILE pointer.
110  */
111 
112 extern int dump_sockaddr(struct sockaddr *, boolean_t, FILE *);
113 
114 extern int dump_key(uint8_t *, uint_t, FILE *);
115 
116 extern int dump_aalg(uint8_t, FILE *);
117 
118 extern int dump_ealg(uint8_t, FILE *);
119 
120 /* return true if sadb string is printable (based on type), false otherwise */
121 extern boolean_t dump_sadb_idtype(uint8_t, FILE *, int *);
122 
123 /*
124  * do_interactive: Enter a mode where commands are read from a file;
125  * treat stdin special.  infile is the file cmds are read from;
126  * promptstring is the string printed to stdout (if the cmds are
127  * being read from stdin) to prompt for a new command; parseit is
128  * the function to be called to process the command line once it's
129  * been read in and broken up into an argv/argc vector.
130  */
131 
132 /* callback function passed in to do_interactive() */
133 typedef void (*parse_cmdln_fn)(int, char **);
134 
135 extern void do_interactive(FILE *, char *, parse_cmdln_fn);
136 
137 /* convert a string to an IKE_PRIV_* constant */
138 extern int privstr2num(char *);
139 
140 /* convert a string to a D_* debug flag */
141 extern int dbgstr2num(char *);
142 
143 /* convert a string of debug strings with +|- delimiters to a debug level */
144 extern int parsedbgopts(char *);
145 
146 
147 /*
148  * functions to manipulate the kmcookie-label mapping file
149  */
150 
151 #define	KMCFILE		"/var/run/ipsec_kmc_map"
152 
153 /*
154  * Insert a mapping into the file (if it's not already there), given the
155  * new label.  Return the assigned cookie, or -1 on error.
156  */
157 extern int kmc_insert_mapping(char *);
158 
159 /*
160  * Lookup the given cookie and return its corresponding label.  Return
161  * a pointer to the label on success, NULL on error (or if the label is
162  * not found).
163  */
164 extern char *kmc_lookup_by_cookie(int);
165 
166 /*
167  * These globals are declared for us in ipsec_util.c, since it needs to
168  * refer to them also...
169  */
170 extern boolean_t nflag;	/* Avoid nameservice? */
171 extern boolean_t pflag;	/* Paranoid w.r.t. printing keying material? */
172 extern boolean_t interactive;
173 extern boolean_t readfile;
174 extern uint_t lineno;
175 
176 /* For error recovery in interactive or read-file mode. */
177 extern jmp_buf env;
178 
179 /*
180  * Back-end stuff for getalgby*().
181  */
182 
183 #define	INET_IPSECALGSPATH	"/etc/inet/"
184 #define	INET_IPSECALGSFILE	(INET_IPSECALGSPATH "ipsecalgs")
185 
186 /* To preserve packages delimiters in /etc/inet/ipsecalgs */
187 typedef struct ipsecalgs_pkg {
188 	int alg_num;
189 	char *pkg_name;
190 } ipsecalgs_pkg_t;
191 
192 /*
193  * The cached representation of /etc/inet/ipsecalgs is represented by:
194  * - A dynamically-grown (optionally sorted) array of IPsec protocols
195  * - Each protocol has an array (again, dynamically grown and sorted)
196  *   of algorithms, each a full-fledged struct ipsecalgent.
197  * - The getipsecalg*() routines will search the list, then duplicate the
198  *   struct ipsecalgent and return it.
199  */
200 
201 typedef enum {
202 	LIBIPSEC_ALGS_EXEC_SYNC,
203 	LIBIPSEC_ALGS_EXEC_ASYNC
204 } ipsecalgs_exec_mode_t;
205 
206 typedef struct ipsec_proto {
207 	int proto_num;
208 	char *proto_name;
209 	char *proto_pkg;
210 	int proto_numalgs;
211 	struct ipsecalgent **proto_algs;
212 	ipsecalgs_pkg_t *proto_algs_pkgs;
213 	int proto_algs_npkgs;
214 	ipsecalgs_exec_mode_t proto_exec_mode;
215 } ipsec_proto_t;
216 
217 extern void _build_internal_algs(ipsec_proto_t **, int *);
218 extern int _str_to_ipsec_exec_mode(char *, ipsecalgs_exec_mode_t *);
219 
220 extern int addipsecalg(struct ipsecalgent *, uint_t);
221 extern int delipsecalgbyname(const char *, int);
222 extern int delipsecalgbynum(int, int);
223 extern int addipsecproto(const char *, int, ipsecalgs_exec_mode_t, uint_t);
224 extern int delipsecprotobyname(const char *);
225 extern int delipsecprotobynum(int);
226 extern int *getipsecprotos(int *);
227 extern int *getipsecalgs(int *, int);
228 extern int list_ints(FILE *, int *);
229 extern const char *ipsecalgs_diag(int);
230 extern int ipsecproto_get_exec_mode(int, ipsecalgs_exec_mode_t *);
231 extern int ipsecproto_set_exec_mode(int, ipsecalgs_exec_mode_t);
232 
233 /* Flags for add/delete routines. */
234 #define	LIBIPSEC_ALGS_ADD_FORCE 0x00000001
235 
236 /*
237  * Helper definitions for indices into array of key sizes when key sizes
238  * are defined by range.
239  */
240 #define	LIBIPSEC_ALGS_KEY_DEF_IDX	0	/* default key size */
241 #define	LIBIPSEC_ALGS_KEY_MIN_IDX	1	/* min key size */
242 #define	LIBIPSEC_ALGS_KEY_MAX_IDX	2	/* max key size */
243 #define	LIBIPSEC_ALGS_KEY_NUM_VAL	4	/* def, min, max, 0 */
244 
245 /* Error codes for IPsec algorithms management */
246 #define	LIBIPSEC_ALGS_DIAG_ALG_EXISTS		-1
247 #define	LIBIPSEC_ALGS_DIAG_PROTO_EXISTS		-2
248 #define	LIBIPSEC_ALGS_DIAG_UNKN_PROTO		-3
249 #define	LIBIPSEC_ALGS_DIAG_UNKN_ALG		-4
250 #define	LIBIPSEC_ALGS_DIAG_NOMEM		-5
251 #define	LIBIPSEC_ALGS_DIAG_ALGSFILEOPEN		-6
252 #define	LIBIPSEC_ALGS_DIAG_ALGSFILEFDOPEN	-7
253 #define	LIBIPSEC_ALGS_DIAG_ALGSFILELOCK		-8
254 #define	LIBIPSEC_ALGS_DIAG_ALGSFILERENAME	-9
255 #define	LIBIPSEC_ALGS_DIAG_ALGSFILEWRITE	-10
256 #define	LIBIPSEC_ALGS_DIAG_ALGSFILECHMOD	-11
257 #define	LIBIPSEC_ALGS_DIAG_ALGSFILECHOWN	-12
258 #define	LIBIPSEC_ALGS_DIAG_ALGSFILECLOSE	-13
259 
260 /* /etc/inet/ipsecalgs keywords and package sections delimiters */
261 #define	LIBIPSEC_ALGS_LINE_PROTO		"PROTO|"
262 #define	LIBIPSEC_ALGS_LINE_ALG			"ALG|"
263 #define	LIBIPSEC_ALGS_LINE_PKGSTART		"# Start "
264 #define	LIBIPSEC_ALGS_LINE_PKGEND		"# End "
265 
266 /* Put these in libnsl for and process caching testing. */
267 extern int *_real_getipsecprotos(int *);
268 extern int *_real_getipsecalgs(int *, int);
269 extern struct ipsecalgent *_duplicate_alg(struct ipsecalgent *);
270 extern void _clean_trash(ipsec_proto_t *, int);
271 
272 /* spdsock support functions */
273 
274 /* Return values for spdsock_get_ext(). */
275 #define	KGE_OK	0
276 #define	KGE_DUP	1
277 #define	KGE_UNK	2
278 #define	KGE_LEN	3
279 #define	KGE_CHK	4
280 
281 extern int spdsock_get_ext(spd_ext_t *[], spd_msg_t *, uint_t, char *, uint_t);
282 extern const char *spdsock_diag(int);
283 
284 /* PF_KEY (keysock) support functions */
285 extern const char *keysock_diag(int);
286 
287 #ifdef __cplusplus
288 }
289 #endif
290 
291 #endif	/* _IPSEC_UTIL_H */
292