src/libcharon/sa/task.h - manifest_repos/strongswan - Git at Google

 /*
  * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */

 /**
  * @defgroup task task
  * @{ @ingroup sa
  */

 #ifndef TASK_H_
 #define TASK_H_

 #include <utils/utils.h>

 typedef enum task_type_t task_type_t;
 typedef struct task_t task_t;

 #include <library.h>
 #include <sa/ike_sa.h>
 #include <encoding/message.h>

 /**
  * Different kinds of tasks.
  */
 enum task_type_t {
 	/** establish an unauthenticated IKE_SA */
 	TASK_IKE_INIT,
 	/** detect NAT situation */
 	TASK_IKE_NATD,
 	/** handle MOBIKE stuff */
 	TASK_IKE_MOBIKE,
 	/** authenticate the initiated IKE_SA */
 	TASK_IKE_AUTH,
 	/** AUTH_LIFETIME negotiation, RFC4478 */
 	TASK_IKE_AUTH_LIFETIME,
 	/** certificate processing before authentication (certreqs, cert parsing) */
 	TASK_IKE_CERT_PRE,
 	/** certificate processing after authentication (certs payload generation) */
 	TASK_IKE_CERT_POST,
 	/** Configuration payloads, virtual IP and such */
 	TASK_IKE_CONFIG,
 	/** rekey an IKE_SA */
 	TASK_IKE_REKEY,
 	/** reestablish a complete IKE_SA, break-before-make */
 	TASK_IKE_REAUTH,
 	/** completion task for make-before-break IKE_SA re-authentication */
 	TASK_IKE_REAUTH_COMPLETE,
 	/** redirect an active IKE_SA */
 	TASK_IKE_REDIRECT,
 	/** verify a peer's certificate */
 	TASK_IKE_VERIFY_PEER_CERT,
 	/** synchronize message IDs, RFC6311 */
 	TASK_IKE_MID_SYNC,
 	/** delete an IKE_SA */
 	TASK_IKE_DELETE,
 	/** liveness check */
 	TASK_IKE_DPD,
 	/** Vendor ID processing */
 	TASK_IKE_VENDOR,
 #ifdef ME
 	/** handle ME stuff */
 	TASK_IKE_ME,
 #endif /* ME */
 	/** establish a CHILD_SA within an IKE_SA */
 	TASK_CHILD_CREATE,
 	/** delete an established CHILD_SA */
 	TASK_CHILD_DELETE,
 	/** rekey a CHILD_SA */
 	TASK_CHILD_REKEY,
 	/** IKEv1 main mode */
 	TASK_MAIN_MODE,
 	/** IKEv1 aggressive mode */
 	TASK_AGGRESSIVE_MODE,
 	/** IKEv1 informational exchange */
 	TASK_INFORMATIONAL,
 	/** IKEv1 delete using an informational */
 	TASK_ISAKMP_DELETE,
 	/** IKEv1 XAUTH authentication */
 	TASK_XAUTH,
 	/** IKEv1 Mode Config */
 	TASK_MODE_CONFIG,
 	/** IKEv1 quick mode */
 	TASK_QUICK_MODE,
 	/** IKEv1 delete of a quick mode SA */
 	TASK_QUICK_DELETE,
 	/** IKEv1 vendor ID payload handling */
 	TASK_ISAKMP_VENDOR,
 	/** IKEv1 NAT detection */
 	TASK_ISAKMP_NATD,
 	/** IKEv1 DPD */
 	TASK_ISAKMP_DPD,
 	/** IKEv1 pre-authentication certificate handling */
 	TASK_ISAKMP_CERT_PRE,
 	/** IKEv1 post-authentication certificate handling */
 	TASK_ISAKMP_CERT_POST,
 };

 /**
  * enum names for task_type_t.
  */
 extern enum_name_t *task_type_names;

 /**
  * Interface for a task, an operation handled within exchanges.
  *
  * A task is an elementary operation. It may be handled by a single or by
  * multiple exchanges. An exchange may even complete multiple tasks.
  * A task has a build() and an process() operation. The build() operation
  * creates payloads and adds it to the message. The process() operation
  * inspects a message and handles its payloads. An initiator of an exchange
  * first calls build() to build the request, and processes the response message
  * with the process() method.
  * A responder does the opposite; it calls process() first to handle an incoming
  * request and secondly calls build() to build an appropriate response.
  * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
  * that the task completed, even when the task completed unsuccessfully. The
  * manager then removes the task from the list. A NEED_MORE is returned when
  * the task needs further build()/process() calls to complete, the manager
  * leaves the task in the queue. A returned FAILED indicates a critical failure.
  * The manager closes the IKE_SA whenever a task returns FAILED.
  */
 struct task_t {

 	/**
 	 * Build a request or response message for this task.
 	 *
 	 * @param message		message to add payloads to
 	 * @return
 	 *						- FAILED if a critical error occurred
 	 *						- DESTROY_ME if IKE_SA has been properly deleted
 	 *						- NEED_MORE if another call to build/process needed
 	 *						- ALREADY_DONE to cancel task processing
 	 *						- SUCCESS if task completed
 	 */
 	status_t (*build) (task_t *this, message_t *message);

 	/**
 	 * Process a request or response message for this task.
 	 *
 	 * @param message		message to read payloads from
 	 * @return
 	 *						- FAILED if a critical error occurred
 	 *						- DESTROY_ME if IKE_SA has been properly deleted
 	 *						- NEED_MORE if another call to build/process needed
 	 *						- ALREADY_DONE to cancel task processing
 	 *						- SUCCESS if task completed
 	 */
 	status_t (*process) (task_t *this, message_t *message);

 	/**
 	 * Verify a message before processing it (optional to implement by tasks).
 	 *
 	 * @param message		message to verify
 	 * @return
 	 *						- FAILED if verification is not successful, the
 	 *						  message will be silently discarded
 	 *						- DESTROY_ME if IKE_SA has to be destroyed
 	 *						- SUCCESS if verification is successful
 	 */
 	status_t (*pre_process) (task_t *this, message_t *message);

 	/**
 	 * Get the type of the task implementation.
 	 */
 	task_type_t (*get_type) (task_t *this);

 	/**
 	 * Migrate a task to a new IKE_SA.
 	 *
 	 * After migrating a task, it goes back to a state where it can be
 	 * used again to initiate an exchange. This is useful when a task
 	 * has to get migrated to a new IKE_SA.
 	 * A special usage is when a INVALID_KE_PAYLOAD is received. A call
 	 * to reset resets the task, but uses another DH group for the next
 	 * try.
 	 * The ike_sa is the new IKE_SA this task belongs to and operates on.
 	 *
 	 * @param ike_sa		new IKE_SA this task works for
 	 */
 	void (*migrate) (task_t *this, ike_sa_t *ike_sa);

 	/**
 	 * Destroys a task_t object.
 	 */
 	void (*destroy) (task_t *this);
 };

 #endif /** TASK_H_ @}*/
	/*
	* Copyright (C) 2007-2015 Tobias Brunner
	* Copyright (C) 2006 Martin Willi
	* HSR Hochschule fuer Technik Rapperswil
	*
	* This program is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License as published by the
	* Free Software Foundation; either version 2 of the License, or (at your
	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	*
	* This program is distributed in the hope that it will be useful, but
	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* for more details.
	*/

	/**
	* @defgroup task task
	* @{ @ingroup sa
	*/

	#ifndef TASK_H_
	#define TASK_H_

	#include <utils/utils.h>

	typedef enum task_type_t task_type_t;
	typedef struct task_t task_t;

	#include <library.h>
	#include <sa/ike_sa.h>
	#include <encoding/message.h>

	/**
	* Different kinds of tasks.
	*/
	enum task_type_t {
	/** establish an unauthenticated IKE_SA */
	TASK_IKE_INIT,
	/** detect NAT situation */
	TASK_IKE_NATD,
	/** handle MOBIKE stuff */
	TASK_IKE_MOBIKE,
	/** authenticate the initiated IKE_SA */
	TASK_IKE_AUTH,
	/** AUTH_LIFETIME negotiation, RFC4478 */
	TASK_IKE_AUTH_LIFETIME,
	/** certificate processing before authentication (certreqs, cert parsing) */
	TASK_IKE_CERT_PRE,
	/** certificate processing after authentication (certs payload generation) */
	TASK_IKE_CERT_POST,
	/** Configuration payloads, virtual IP and such */
	TASK_IKE_CONFIG,
	/** rekey an IKE_SA */
	TASK_IKE_REKEY,
	/** reestablish a complete IKE_SA, break-before-make */
	TASK_IKE_REAUTH,
	/** completion task for make-before-break IKE_SA re-authentication */
	TASK_IKE_REAUTH_COMPLETE,
	/** redirect an active IKE_SA */
	TASK_IKE_REDIRECT,
	/** verify a peer's certificate */
	TASK_IKE_VERIFY_PEER_CERT,
	/** synchronize message IDs, RFC6311 */
	TASK_IKE_MID_SYNC,
	/** delete an IKE_SA */
	TASK_IKE_DELETE,
	/** liveness check */
	TASK_IKE_DPD,
	/** Vendor ID processing */
	TASK_IKE_VENDOR,
	#ifdef ME
	/** handle ME stuff */
	TASK_IKE_ME,
	#endif /* ME */
	/** establish a CHILD_SA within an IKE_SA */
	TASK_CHILD_CREATE,
	/** delete an established CHILD_SA */
	TASK_CHILD_DELETE,
	/** rekey a CHILD_SA */
	TASK_CHILD_REKEY,
	/** IKEv1 main mode */
	TASK_MAIN_MODE,
	/** IKEv1 aggressive mode */
	TASK_AGGRESSIVE_MODE,
	/** IKEv1 informational exchange */
	TASK_INFORMATIONAL,
	/** IKEv1 delete using an informational */
	TASK_ISAKMP_DELETE,
	/** IKEv1 XAUTH authentication */
	TASK_XAUTH,
	/** IKEv1 Mode Config */
	TASK_MODE_CONFIG,
	/** IKEv1 quick mode */
	TASK_QUICK_MODE,
	/** IKEv1 delete of a quick mode SA */
	TASK_QUICK_DELETE,
	/** IKEv1 vendor ID payload handling */
	TASK_ISAKMP_VENDOR,
	/** IKEv1 NAT detection */
	TASK_ISAKMP_NATD,
	/** IKEv1 DPD */
	TASK_ISAKMP_DPD,
	/** IKEv1 pre-authentication certificate handling */
	TASK_ISAKMP_CERT_PRE,
	/** IKEv1 post-authentication certificate handling */
	TASK_ISAKMP_CERT_POST,
	};

	/**
	* enum names for task_type_t.
	*/
	extern enum_name_t *task_type_names;

	/**
	* Interface for a task, an operation handled within exchanges.
	*
	* A task is an elementary operation. It may be handled by a single or by
	* multiple exchanges. An exchange may even complete multiple tasks.
	* A task has a build() and an process() operation. The build() operation
	* creates payloads and adds it to the message. The process() operation
	* inspects a message and handles its payloads. An initiator of an exchange
	* first calls build() to build the request, and processes the response message
	* with the process() method.
	* A responder does the opposite; it calls process() first to handle an incoming
	* request and secondly calls build() to build an appropriate response.
	* Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
	* that the task completed, even when the task completed unsuccessfully. The
	* manager then removes the task from the list. A NEED_MORE is returned when
	* the task needs further build()/process() calls to complete, the manager
	* leaves the task in the queue. A returned FAILED indicates a critical failure.
	* The manager closes the IKE_SA whenever a task returns FAILED.
	*/
	struct task_t {

	/**
	* Build a request or response message for this task.
	*
	* @param message message to add payloads to
	* @return
	* - FAILED if a critical error occurred
	* - DESTROY_ME if IKE_SA has been properly deleted
	* - NEED_MORE if another call to build/process needed
	* - ALREADY_DONE to cancel task processing
	* - SUCCESS if task completed
	*/
	status_t (build) (task_t this, message_t *message);

	/**
	* Process a request or response message for this task.
	*
	* @param message message to read payloads from
	* @return
	* - FAILED if a critical error occurred
	* - DESTROY_ME if IKE_SA has been properly deleted
	* - NEED_MORE if another call to build/process needed
	* - ALREADY_DONE to cancel task processing
	* - SUCCESS if task completed
	*/
	status_t (process) (task_t this, message_t *message);

	/**
	* Verify a message before processing it (optional to implement by tasks).
	*
	* @param message message to verify
	* @return
	* - FAILED if verification is not successful, the
	* message will be silently discarded
	* - DESTROY_ME if IKE_SA has to be destroyed
	* - SUCCESS if verification is successful
	*/
	status_t (pre_process) (task_t this, message_t *message);

	/**
	* Get the type of the task implementation.
	*/
	task_type_t (get_type) (task_t this);

	/**
	* Migrate a task to a new IKE_SA.
	*
	* After migrating a task, it goes back to a state where it can be
	* used again to initiate an exchange. This is useful when a task
	* has to get migrated to a new IKE_SA.
	* A special usage is when a INVALID_KE_PAYLOAD is received. A call
	* to reset resets the task, but uses another DH group for the next
	* try.
	* The ike_sa is the new IKE_SA this task belongs to and operates on.
	*
	* @param ike_sa new IKE_SA this task works for
	*/
	void (migrate) (task_t this, ike_sa_t *ike_sa);

	/**
	* Destroys a task_t object.
	*/
	void (destroy) (task_t this);
	};

	#endif /** TASK_H_ @}*/