- added spis
[strongswan.git] / Source / charon / config / sa_config.h
1 /**
2 * @file sa_config.h
3 *
4 * @brief Interface of sa_config_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef _SA_CONFIG_H_
24 #define _SA_CONFIG_H_
25
26 #include <types.h>
27 #include <utils/identification.h>
28 #include <encoding/payloads/auth_payload.h>
29 #include <encoding/payloads/transform_substructure.h>
30 #include <network/host.h>
31 #include <transforms/crypters/crypter.h>
32 #include <transforms/signers/signer.h>
33 #include <transforms/diffie_hellman.h>
34
35
36 typedef struct child_proposal_t child_proposal_t;
37
38 /**
39 * @brief Storage structure for a proposal for a child sa.
40 *
41 * A proposal for a child sa contains data for
42 * AH, ESP, or both.
43 *
44 * @ingroup config
45 */
46 struct child_proposal_t {
47
48 /**
49 * Data for AH, if set
50 */
51 struct {
52 bool is_set;
53 integrity_algorithm_t integrity_algorithm;
54 size_t integrity_algorithm_key_size;
55 diffie_hellman_group_t diffie_hellman_group;
56 extended_sequence_numbers_t extended_sequence_numbers;
57 u_int8_t spi[4];
58 } ah;
59
60 /**
61 * data for ESP, if set
62 */
63 struct {
64 bool is_set;
65 encryption_algorithm_t encryption_algorithm;
66 size_t encryption_algorithm_key_size;
67 integrity_algorithm_t integrity_algorithm;
68 size_t integrity_algorithm_key_size;
69 diffie_hellman_group_t diffie_hellman_group;
70 extended_sequence_numbers_t extended_sequence_numbers;
71 u_int8_t spi[4];
72 } esp;
73 };
74
75
76 typedef struct traffic_selector_t traffic_selector_t;
77
78 /**
79 * @brief Storage structure for a traffic selection.
80 *
81 * Specifies a protocol and a valid IP and port range.
82 *
83 * @ingroup config
84 */
85 struct traffic_selector_t {
86 /**
87 * Protocol for which this ts applies (TCP/UDP/ICMP)
88 */
89 u_int8_t protocol;
90
91 union {
92 struct {
93
94
95 } ipv4;
96 struct {
97 /* ipv6 support */
98 } ipv6;
99
100 };
101
102 /**
103 * Start address and port for allowed range
104 */
105 host_t *begin;
106 /**
107 * End address and port for allowed range
108 */
109 host_t *end;
110 };
111
112
113 typedef struct sa_config_t sa_config_t;
114
115 /**
116 * @brief Stores configuration of an initialized connection.
117 *
118 * During the IKE_AUTH phase, we have enought data to specify a
119 * configuration.
120 *
121 * @warning This config is not thread save.
122 *
123 * @ingroup config
124 */
125 struct sa_config_t {
126
127 /**
128 * @brief Get own id to use for identification.
129 *
130 * @param this calling object
131 * @return own id
132 */
133 identification_t (*get_my_id) (sa_config_t *this);
134
135 /**
136 * @brief Get id of communication partner..
137 *
138 * @param this calling object
139 * @return other id
140 */
141 identification_t (*get_other_id) (sa_config_t *this);
142
143 /**
144 * @brief Get authentication method to use for IKE_AUTH.
145 *
146 * @param this calling object
147 * @return authentication methood
148 */
149 auth_method_t (*get_auth_method) (sa_config_t *this);
150
151 /**
152 * @brief Get configured traffic selectors.
153 *
154 * @warning Resulting array must be freed!
155 *
156 * @param this calling object
157 * @param[out]traffic_selectors pointer where traffic selectors will be allocated
158 * @return number of returned traffic selectors
159 */
160 size_t (*get_traffic_selectors) (sa_config_t *this, traffic_selector_t **traffic_selectors);
161
162 /**
163 * @brief Select traffic selectors from a supplied list.
164 *
165 * @warning Resulting array must be freed!
166 *
167 * @param this calling object
168 * @param supplied pointer to an array of ts to select from.
169 * @param count number of ts stored at supplied
170 * @param[out]traffic_selectors pointer where selected traffic selectors will be allocated
171 * @return number of selected traffic selectors
172 */
173 size_t (*select_traffic_selectors) (sa_config_t *this, traffic_selector_t *supplied, size_t count, traffic_selector_t **selected);
174
175 /**
176 * @brief Get the list of proposals for this config.
177 *
178 * @warning Resulting array must be freed!
179 *
180 * @param this calling object
181 * @param[out]traffic_selectors pointer where proposals will be allocated
182 * @return number of allocated proposals
183 */
184 size_t (*get_proposals) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t **proposals);
185
186 /**
187 * @brief Select a proposal from a supplied list
188 *
189 * @warning Resulting array must be freed!
190 *
191 * @param this calling object
192 * @param supplied pointer to an array of proposals to select from.
193 * @param count number of proposals stored at supplied
194 * @return the selected proposal
195 */
196 child_proposal_t* (*select_proposal) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count);
197
198 /**
199 * @brief Add a traffic selector to the list.
200 *
201 * Added proposal will be cloned.
202 *
203 * @warning Do not add while other threads are reading.
204 *
205 * @param this calling object
206 * @param traffic_selector traffic_selector to add
207 */
208 void (*add_traffic_selector) (sa_config_t *this, traffic_selector_t *traffic_selector);
209
210 /**
211 * @brief Add a proposal to the list.
212 *
213 * The proposals are stored by priority, first added
214 * is the most prefered.
215 * Added proposal will be cloned.
216 *
217 * @warning Do not add while other threads are reading.
218 *
219 * @param this calling object
220 * @param proposal proposal to add
221 */
222 void (*add_proposal) (sa_config_t *this, child_proposal_t *proposal);
223
224 /**
225 * @brief Destroys the config object
226 *
227 *
228 * @param this calling object
229 */
230 void (*destroy) (sa_config_t *this);
231 };
232
233 /**
234 * @brief Create a configuration object for IKE_AUTH and later.
235 *
236 * @return created sa_config_t
237 *
238 * @ingroup config
239 */
240 sa_config_t *sa_config_create();
241
242 #endif //_SA_CONFIG_H_