pgpike.h

vc环境下的pgp源码

	PGPipsecESPTransform	esp;
	
	PGPBoolean				useAH;
	PGPipsecAHTransform		ah;
	
	PGPBoolean				useIPCOMP;
	PGPipsecIPCOMPTransform	ipcomp;
	
	PGPikeGroupID			groupID;
} PGPipsecTransform;

typedef struct PGPipsecDOIParams
{
	PGPipsecSPI				inSPI;
	PGPipsecSPI				outSPI;
	PGPipsecProtocol		protocol;

	union
	{
		struct
		{
			PGPipsecAHTransform		t;
			PGPByte					inAuthKey[kPGPike_AuthMaximumKeySize];
			PGPByte					outAuthKey[kPGPike_AuthMaximumKeySize];
		} ah;
		
		struct
		{
			PGPipsecESPTransform	t;
			PGPByte					inESPKey[kPGPike_ESPMaximumKeySize];
			PGPByte					outESPKey[kPGPike_ESPMaximumKeySize];
			PGPByte					inAuthKey[kPGPike_AuthMaximumKeySize];
			PGPByte					outAuthKey[kPGPike_AuthMaximumKeySize];
			PGPByte					explicitIV[kPGPike_MaxExplicitIVSize];
		} esp;
		
		struct
		{
			PGPipsecIPCOMPTransform	t;
		} ipcomp;
	} u;	
} PGPipsecDOIParams;

typedef union PGPikeDOIParams
{
	union
	{
		PGPipsecDOIParams		ipsec;
	} u;
} PGPikeDOIParams;

typedef struct PGPikeSA
{
	struct PGPikeSA *		nextSA;		/* INTERNAL USE ONLY */
	struct PGPikeSA *		prevSA;		/* INTERNAL USE ONLY */
	PGPUInt32				ipAddress;
	PGPBoolean				destIsRange;/* dest is IP range */
	PGPUInt32				ipAddrStart;/* IP address */
	PGPUInt32				ipMaskEnd;	/* mask or end range IP address */
	PGPBoolean				activeIn;	/* use for inbound data */
	PGPBoolean				activeOut;	/* use for outbound data */
	PGPUInt32				kbLifeTime;	/* max KB to be sent on this SA */
	PGPUInt32				secLifeTime;/* max seconds this SA will live */
										/* 0 means no limit for either */
	PGPTime					birthTime;
	
	PGPikeDOI				doi;

	PGPUInt16				numTransforms;
	PGPikeDOIParams			transform[kPGPike_MaxTransforms];
	
	PGPTime					termSchedule;	/* SA will be terminated, private */
	PGPByte					userData[kPGPike_UserDataSize];/* for your use */
} PGPikeSA;

typedef struct PGPipsecDOIOptions
{
	PGPipsecEncapsulation	packetMode;
	
	PGPipsecIdentity		idType;		/* only needed for shared key mode */
	PGPByte *				idData;		/* data will be copied */
	PGPSize					idDataSize;	/* this is the Phase 1 ID */
	
	/*	The following is used only for packetMode = kPGPike_PM_Tunnel.
		You may ignore these in all other cases.  For tunnel mode,
		you must pass the destination IP, subnet, or IP range with
		which you wish to communicate.  The SA will be negotiated with
		the gateway using this, and to communicate with anything else
		behind the gateway will require establishment of another SA.
		
	IP address:destIsRange = FALSE, ipAddrStart = IP, ipMaskEnd = FFFFFFFF
	IP subnet: destIsRange = FALSE, ipAddrStart = IP, ipMaskEnd = mask
	IP range:  destIsRange = TRUE,  ipAddrStart = start, ipMaskEnd = end */
	
	PGPBoolean				destIsRange;
	PGPUInt32				ipAddrStart;
	PGPUInt32				ipMaskEnd;
} PGPipsecDOIOptions;

/*	When sent a kPGPike_MT_SARequest, pgpIKE will expect that
	all fields below will be filled in.  The approved member is
	irrelevant in that case.
	
	When you are called with kPGPike_MT_PolicyCheck, pgpIKE will
	set everything to 0 except the IP address.  You are expected
	to fill in the other fields with local policy.  The PolicyCheck
	is used for remote-initiated SA negotiation.  Since you cannot
	predict which remote network might be trying to communicate
	with us, you should leave the destIsRange/ipAddrStart/ipMaskEnd
	fields set to 0 for this message.
*/
typedef struct PGPikeMTSASetup
{
	PGPBoolean				approved;		/* >  */
	
	PGPUInt32				ipAddress;		/* destination */
	PGPUInt32				localIPAddress;	/* source */
	PGPikeDOI				doi;
	PGPByte *				sharedKey;	/* null if none, data will be copied */
	PGPSize					sharedKeySize; /* w/o NULL-terminate */
	
	union
	{
		PGPipsecDOIOptions	ipsec;
	} u;
} PGPikeMTSASetup;

/*	
	When you are called with a kPGPike_MT_ClientIDCheck, all fields
	will be set appropriately.  If the destIsRange/ipAddrStart/ipMaskEnd
	triad is permitted to be represented by the IP address, set
	the approved field to true.  This message is only sent in the case
	where the remote side is the initiator and you have already been
	called with a kPGPike_MT_PolicyCheck message.
*/
typedef struct PGPikeMTClientIDCheck
{
	PGPBoolean				approved;		/* >  */
	
	PGPUInt32				ipAddress;
	
	PGPBoolean				destIsRange;
	PGPUInt32				ipAddrStart;
	PGPUInt32				ipMaskEnd;
} PGPikeMTClientIDCheck;

typedef struct PGPikeMTSAFailed
{
	PGPUInt32				ipAddress;		/* destination */
	PGPikeDOI				doi;
	
	union
	{
		PGPipsecDOIOptions	ipsec;
	} u;
} PGPikeMTSAFailed;

typedef struct PGPikeMTCert
{
	PGPUInt32				ipAddress;		/*  < */
	PGPKeySetRef			baseKeySet;		/* >  */
	PGPKeyRef				authKey;		/* >  ignored for X.509 */
	PGPSigRef				authCert;		/* >  used only for X.509 */
	PGPKeySetRef			authCertChain;	/* >  used only for X.509 */
	
	PGPBoolean				isPassKey;		/* >  */
	void *					pass;			/* >  null-term if passphrase, copied */
	PGPSize					passLength;		/* >  */
} PGPikeMTCert;

typedef struct PGPikeMTRemoteCert
{
	PGPBoolean				approved;		/* >  */
	PGPUInt32				ipAddress;		/*  < */
	PGPKeyRef				remoteKey;		/*  < */
	
	PGPSigRef				remoteCert;		/*  < if non-NULL, X.509 used */
	PGPKeySetRef			remoteCertChain;/*  < may be NULL */
} PGPikeMTRemoteCert;

typedef struct PGPikeMTPacket
{
	PGPUInt32				ipAddress;	/* source or destination */
	PGPSize					packetSize;
	PGPByte *				packet;		/* msg *sender* must free this */
} PGPikeMTPacket;

typedef struct PGPikeMTAlert
{
	PGPikeAlert				alert;
	PGPUInt32				ipAddress;
	PGPikeInternalAlert		value;	/* used if alert is kPGPike_AL_None */
	PGPBoolean				remoteGenerated;
} PGPikeMTAlert;

typedef struct PGPikeAllowedAlgorithms
{
	PGPBoolean				cast5;
	PGPBoolean				tripleDES;
	PGPBoolean				singleDES;
	PGPBoolean				espNULL;
	
	PGPBoolean				sha1;
	PGPBoolean				md5;
	PGPBoolean				noAuth;
		
	PGPBoolean				lzs;
	PGPBoolean				deflate;
	
	PGPBoolean				modpOne768;
	PGPBoolean				modpTwo1024;
	PGPBoolean				modpFive1536;
} PGPikeAllowedAlgorithms;

typedef struct PGPikeMTPref
{
	PGPikePref					pref;
	
	union
	{
		struct
		{
			PGPUInt32			kbLifeTimeIKE;
			PGPUInt32			secLifeTimeIKE;
			PGPUInt32			kbLifeTimeIPSEC;
			PGPUInt32			secLifeTimeIPSEC;
		} expiration;			/* kPGPike_PF_Expiration */
		
		struct
		{
			PGPUInt32			numTransforms;
			PGPikeTransform *	t;
		} ikeProposals;			/* kPGPike_PF_IKEProposals */

		
		struct
		{
			PGPUInt32			numTransforms;
			PGPipsecTransform *	t;
		} ipsecProposals;		/* kPGPike_PF_IPSECProposals */
		
		PGPikeAllowedAlgorithms	allowedAlgorithms;
			/*kPGPike_PF_AllowedAlgorithms*/
	} u;
} PGPikeMTPref;

enum PGPikeMessageType_
{
	/*
		Message types followed by ">" may be sent to PGPike
		Message typed followed by "<" may be sent by PGPike
	*/
	kPGPike_MT_Idle			= 0,	/* >  call this often		*/
	kPGPike_MT_SARequest,			/* >  PGPikeMTSASetup		*/
	kPGPike_MT_SARequestFailed,		/*  < PGPikeMTSAFailed		*/
	kPGPike_MT_SAEstablished,		/*  < PGPikeSA				*/
	kPGPike_MT_SARekey,				/* >  PGPikeSA				*/
	kPGPike_MT_SADied,				/* >< PGPikeSA				*/
	kPGPike_MT_SAUpdate,			/*  < PGPikeSA				*/
	kPGPike_MT_SAKillAll,			/* >  none					*/
	
	kPGPike_MT_PolicyCheck,			/*  < PGPikeMTSASetup		*/
	kPGPike_MT_ClientIDCheck,		/*  < PGPikeMTClientIDCheck	*/
	kPGPike_MT_LocalPGPCert,		/*  < PGPikeMTCert			*/
	kPGPike_MT_LocalX509Cert,		/*  < PGPikeMTCert			*/
	kPGPike_MT_RemoteCert,			/*  < PGPikeMTRemoteCert	*/
	
	kPGPike_MT_Packet,				/* >< PGPikeMTPacket		*/
	kPGPike_MT_Alert,				/*  < PGPikeMTAlert			*/
	
	kPGPike_MT_Pref,				/* >  PGPikeMTPref			*/
	
	kPGPike_MT_DebugLog,			/*  < char *				*/

	PGP_ENUM_FORCE( PGPikeMessageType_ )
};
PGPENUM_TYPEDEF( PGPikeMessageType_, PGPikeMessageType );

typedef PGPError (* PGPikeMessageProcPtr)(
								PGPikeContextRef	ike,
								void *				inUserData,
								PGPikeMessageType	msg,
								void *				data );

PGPError 	PGPNewIKEContext( PGPContextRef	context,
					PGPikeMessageProcPtr	ikeMessageProc,
					void *					inUserData,
					PGPikeContextRef *		outRef );

PGPError 	PGPFreeIKEContext( PGPikeContextRef ref );

/*	Any error from PGPikeProcessMessage is fatal.  Non-fatal
	errors are sent through the kPGPike_MT_Alert message.  */

PGPError	PGPikeProcessMessage( PGPikeContextRef ref,
							PGPikeMessageType	msg,
							void *				data );


#if PRAGMA_IMPORT_SUPPORTED
#pragma import reset
#endif
PGP_END_C_DECLARATIONS

#endif /* ] Included_PGPike_h */


/*__Editor_settings____

	Local Variables:
	tab-width: 4
	End:
	vi: ts=4 sw=4
	vim: si
_____________________*/