af91590765b0bd152e2642c80ff62a950fbdd51f
[strongswan.git] / Source / charon / config / sa_config.h
1 /**
2 * @file sa_config.h
3 *
4 * @brief Interface of sa_config_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef _SA_CONFIG_H_
24 #define _SA_CONFIG_H_
25
26 #include <types.h>
27 #include <utils/identification.h>
28 #include <encoding/payloads/auth_payload.h>
29 #include <encoding/payloads/transform_substructure.h>
30 #include <network/host.h>
31 #include <transforms/crypters/crypter.h>
32 #include <transforms/signers/signer.h>
33 #include <transforms/diffie_hellman.h>
34 #include <config/traffic_selector.h>
35
36
37 typedef struct child_proposal_t child_proposal_t;
38
39 /**
40 * @brief Storage structure for a proposal for a child sa.
41 *
42 * A proposal for a child sa contains data for
43 * AH, ESP, or both.
44 *
45 * @ingroup config
46 */
47 struct child_proposal_t {
48
49 /**
50 * Data for AH, if set.
51 */
52 struct {
53 bool is_set;
54 integrity_algorithm_t integrity_algorithm;
55 size_t integrity_algorithm_key_size;
56 diffie_hellman_group_t diffie_hellman_group;
57 extended_sequence_numbers_t extended_sequence_numbers;
58 u_int8_t spi[4];
59 } ah;
60
61 /**
62 * Data for ESP, if set.
63 */
64 struct {
65 bool is_set;
66 encryption_algorithm_t encryption_algorithm;
67 size_t encryption_algorithm_key_size;
68 integrity_algorithm_t integrity_algorithm;
69 size_t integrity_algorithm_key_size;
70 diffie_hellman_group_t diffie_hellman_group;
71 extended_sequence_numbers_t extended_sequence_numbers;
72 u_int8_t spi[4];
73 } esp;
74 };
75
76
77 typedef struct sa_config_t sa_config_t;
78
79 /**
80 * @brief Stores configuration of an initialized connection.
81 *
82 * During the IKE_AUTH phase, we have enough data to specify a
83 * configuration.
84 *
85 * @warning This config is not thread save.
86 *
87 * @b Constructors:
88 * - sa_config_create()
89 *
90 * @ingroup config
91 */
92 struct sa_config_t {
93
94 /**
95 * @brief Get own id to use for identification.
96 *
97 * Returned object is not getting cloned.
98 *
99 * @param this calling object
100 * @return own id
101 */
102 identification_t *(*get_my_id) (sa_config_t *this);
103
104 /**
105 * @brief Get id of communication partner.
106 *
107 * Returned object is not getting cloned.
108 *
109 * @param this calling object
110 * @return other id
111 */
112 identification_t *(*get_other_id) (sa_config_t *this);
113
114 /**
115 * @brief Get authentication method to use for IKE_AUTH.
116 *
117 * @param this calling object
118 * @return authentication methood
119 */
120 auth_method_t (*get_auth_method) (sa_config_t *this);
121
122 /**
123 * @brief Get lifetime of IKE_SA in milliseconds.
124 *
125 * @return IKE_SA lifetime in milliseconds.
126 */
127 u_int32_t (*get_ike_sa_lifetime) (sa_config_t *this);
128
129 /**
130 * @brief Get configured traffic selectors for initiator site.
131 *
132 * Returns a pointer to an allocated array, in which
133 * pointers to traffic selectors are stored.
134 *
135 * @warning Resulting pointer array must be freed!
136 * @warning Traffic selectors in array must be destroyed!
137 *
138 * @param this calling object
139 * @param[out]traffic_selectors pointer where traffic selectors will be allocated
140 * @return number of returned traffic selectors
141 */
142 size_t (*get_traffic_selectors_initiator) (sa_config_t *this, traffic_selector_t **traffic_selectors[]);
143
144
145 /**
146 * @brief Get configured traffic selectors for responder site.
147 *
148 * Returns a pointer to an allocated array, in which
149 * pointers to traffic selectors are stored.
150 *
151 * @warning Resulting pointer array must be freed!
152 * @warning Traffic selectors in array must be destroyed!
153 *
154 * @param this calling object
155 * @param[out]traffic_selectors pointer where traffic selectors will be allocated
156 * @return number of returned traffic selectors
157 */
158 size_t (*get_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t **traffic_selectors[]);
159
160 /**
161 * @brief Select traffic selectors from a supplied list for initiator.
162 *
163 * Returns a pointer to an allocated array, in which
164 * pointers to traffic selectors are stored.
165 *
166 * @warning Resulting pointer array must be freed!
167 * @warning Traffic selectors in array must be destroyed!
168 *
169 * @param this calling object
170 * @param supplied pointer to an array of ts to select from.
171 * @param count number of ts stored at supplied
172 * @param[out]traffic_selectors pointer where selected traffic selectors will be allocated
173 * @return number of selected traffic selectors
174 */
175 size_t (*select_traffic_selectors_initiator) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
176
177 /**
178 * @brief Select traffic selectors from a supplied list for responder.
179 *
180 * Returns a pointer to an allocated array, in which
181 * pointers to traffic selectors are stored.
182 *
183 * @warning Resulting pointer array must be freed!
184 * @warning Traffic selectors in array must be destroyed!
185 *
186 * @param this calling object
187 * @param supplied pointer to an array of ts to select from.
188 * @param count number of ts stored at supplied
189 * @param[out]traffic_selectors pointer where selected traffic selectors will be allocated
190 * @return number of selected traffic selectors
191 */
192 size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
193
194 /**
195 * @brief Get the list of proposals for this config.
196 *
197 * @warning Resulting array must be freed!
198 *
199 * @param this calling object
200 * @param[out]traffic_selectors pointer where proposals will be allocated
201 * @return number of allocated proposals
202 */
203 size_t (*get_proposals) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *proposals[]);
204
205 /**
206 * @brief Select a proposal from a supplied list
207 *
208 * @warning Resulting array must be freed!
209 *
210 * @param this calling object
211 * @param supplied pointer to an array of proposals to select from.
212 * @param count number of proposals stored at supplied
213 * @return the selected proposal
214 */
215 child_proposal_t* (*select_proposal) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count);
216
217 /**
218 * @brief Add a traffic selector to the list for initiator.
219 *
220 * Added proposal will be cloned.
221 *
222 * @warning Do not add while other threads are reading.
223 *
224 * @param this calling object
225 * @param traffic_selector traffic_selector to add
226 */
227 void (*add_traffic_selector_initiator) (sa_config_t *this, traffic_selector_t *traffic_selector);
228
229 /**
230 * @brief Add a traffic selector to the list for responder.
231 *
232 * Added proposal will be cloned.
233 *
234 * @warning Do not add while other threads are reading.
235 *
236 * @param this calling object
237 * @param traffic_selector traffic_selector to add
238 */
239 void (*add_traffic_selector_responder) (sa_config_t *this, traffic_selector_t *traffic_selector);
240
241 /**
242 * @brief Add a proposal to the list.
243 *
244 * The proposals are stored by priority, first added
245 * is the most prefered.
246 * Added proposal will be cloned.
247 *
248 * @warning Do not add while other threads are reading.
249 *
250 * @param this calling object
251 * @param proposal proposal to add
252 */
253 void (*add_proposal) (sa_config_t *this, child_proposal_t *proposal);
254
255 /**
256 * @brief Destroys the config object
257 *
258 * @param this calling object
259 */
260 void (*destroy) (sa_config_t *this);
261 };
262
263 /**
264 * @brief Create a configuration object for IKE_AUTH and later.
265 *
266 * @param my_id_type type of my identification
267 * @param my_id my identification as string
268 * @param other_id_type type of other identification
269 * @param other_id other identification as string
270 * @param auth_method Method of authentication
271 * @param ike_sa_lifetime lifetime of this IKE_SA in milliseconds. IKE_SA will be deleted
272 * after this lifetime!
273 * @return sa_config_t object
274 *
275 * @ingroup config
276 */
277 sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other_id_type, char *other_id, auth_method_t auth_method, u_int32_t ike_sa_lifetime);
278
279 #endif //_SA_CONFIG_H_