- code cleaned up
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Interface of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef IKE_SA_H_
24 #define IKE_SA_H_
25
26 #include <types.h>
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <config/configuration_manager.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
37
38 /**
39 * Nonce size in bytes for nonces sending to other peer.
40 *
41 * @warning Nonce size MUST be between 16 and 256 bytes.
42 *
43 * @ingroup sa
44 */
45 #define NONCE_SIZE 16
46
47
48 typedef struct ike_sa_t ike_sa_t;
49
50 /**
51 * @brief Class ike_sa_t representing an IKE_SA.
52 *
53 * An object of this type is managed by an ike_sa_manager_t object
54 * and represents an IKE_SA. Message processing is split up in different states.
55 * They will handle all related things for the state they represent.
56 *
57 * @b Constructors:
58 * - ike_sa_create()
59 *
60 * @ingroup sa
61 */
62 struct ike_sa_t {
63
64 /**
65 * @brief Processes a incoming IKEv2-Message of type message_t.
66 *
67 * @param this ike_sa_t object object
68 * @param[in] message message_t object to process
69 * @return
70 * - SUCCESS
71 * - FAILED
72 * - DELETE_ME if this IKE_SA MUST be deleted
73 */
74 status_t (*process_message) (ike_sa_t *this,message_t *message);
75
76 /**
77 * @brief Initiate a new connection with given configuration name.
78 *
79 * @param this calling object
80 * @param name name of the configuration
81 * @return
82 * - SUCCESS if initialization started
83 * - FAILED if in wrong state
84 * - DELETE_ME if initialization failed and IKE_SA MUST be deleted
85 */
86 status_t (*initialize_connection) (ike_sa_t *this, char *name);
87
88 /**
89 * @brief Retransmits a request.
90 *
91 * @param this calling object
92 * @param message_id ID of the request to retransmit
93 * @return
94 * - SUCCESS
95 * - NOT_FOUND if request doesn't have to be retransmited
96 */
97 status_t (*retransmit_request) (ike_sa_t *this, u_int32_t message_id);
98
99 /**
100 * @brief Get the id of the SA.
101 *
102 * Returned ike_sa_id_t object is not getting cloned!
103 *
104 * @param this calling object
105 * @return ike_sa's ike_sa_id_t
106 */
107 ike_sa_id_t* (*get_id) (ike_sa_t *this);
108
109 /**
110 * @brief Get the state of type of associated state object.
111 *
112 * @param this calling object
113 * @return state of IKE_SA
114 */
115 ike_sa_state_t (*get_state) (ike_sa_t *this);
116
117 /**
118 * @brief Destroys a ike_sa_t object.
119 *
120 * @param this calling object
121 */
122 void (*destroy) (ike_sa_t *this);
123 };
124
125
126 typedef struct protected_ike_sa_t protected_ike_sa_t;
127
128 /**
129 * @brief Protected functions of an ike_sa_t object.
130 *
131 * This members are only accessed out from
132 * the various state_t implementations.
133 *
134 * @ingroup sa
135 */
136 struct protected_ike_sa_t {
137
138 /**
139 * Public interface of an ike_sa_t object.
140 */
141 ike_sa_t public;
142
143 /**
144 * @brief Build an empty IKEv2-Message and fills in default informations.
145 *
146 * Depending on the type of message (request or response), the message id is
147 * either message_id_out or message_id_in.
148 *
149 * Used in state_t Implementation to build an empty IKEv2-Message.
150 *
151 * @param this calling object
152 * @param type exchange type of new message
153 * @param request TRUE, if message has to be a request
154 * @param message new message is stored at this location
155 */
156 void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
157
158 /**
159 * @brief Compute the shared secrets needed for encryption, signing, etc.
160 *
161 * Preconditions:
162 * - Call of function protected_ike_sa_t.create_transforms_from_proposal
163 *
164 * @param this calling object
165 * @param dh_shared_secret shared secret of diffie hellman exchange
166 * @param initiator_nonce nonce of initiator
167 * @param responder_nonce nonce of responder
168 */
169 void (*compute_secrets) (protected_ike_sa_t *this,
170 chunk_t dh_shared_secret,
171 chunk_t initiator_nonce,
172 chunk_t responder_nonce);
173
174 /**
175 * @brief Get the internal stored logger_t object for given ike_sa_t object.
176 *
177 * @warning Returned logger_t object is original one and managed by this object.
178 *
179 * @param this calling object
180 * @return pointer to the internal stored logger_t object
181 */
182 logger_t *(*get_logger) (protected_ike_sa_t *this);
183
184 /**
185 * @brief Get the internal stored init_config_t object.
186 *
187 * @param this calling object
188 * @return pointer to the internal stored init_config_t object
189 */
190 init_config_t *(*get_init_config) (protected_ike_sa_t *this);
191
192 /**
193 * @brief Set the internal init_config_t object.
194 *
195 * @param this calling object
196 * @param init_config object of type init_config_t
197 */
198 void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
199
200 /**
201 * @brief Get the internal stored sa_config_t object.
202 *
203 * @param this calling object
204 * @return pointer to the internal stored sa_config_t object
205 */
206 sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
207
208 /**
209 * @brief Set the internal sa_config_t object.
210 *
211 * @param this calling object
212 * @param sa_config object of type sa_config_t
213 */
214 void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
215
216 /**
217 * @brief Get the internal stored host_t object for my host.
218 *
219 * @param this calling object
220 * @return pointer to the internal stored host_t object
221 */
222 host_t *(*get_my_host) (protected_ike_sa_t *this);
223
224 /**
225 * @brief Get the internal stored host_t object for other host.
226 *
227 * @param this calling object
228 * @return pointer to the internal stored host_t object
229 */
230 host_t *(*get_other_host) (protected_ike_sa_t *this);
231
232 /**
233 * @brief Set the internal stored host_t object for my host.
234 *
235 * Allready existing object gets destroyed. object gets not cloned!
236 *
237 * @param this calling object
238 * @param my_host pointer to the new host_t object
239 */
240 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
241
242 /**
243 * @brief Set the internal stored host_t object for other host.
244 *
245 * Allready existing object gets destroyed. object gets not cloned!
246 *
247 * @param this calling object
248 * @param other_host pointer to the new host_t object
249 */
250 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
251
252 /**
253 * @brief Create all needed transform objects for this IKE_SA using
254 * the informations stored in a ike_proposal_t object.
255 *
256 * Allready existing objects get destroyed.
257 *
258 * @param this calling object
259 * @param proposal proposal used to get informations for transform
260 * objects (algorithms, key lengths, etc.)
261 */
262 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
263
264 /**
265 * @brief Send the next request message.
266 *
267 * Also the first retransmit job is created.
268 *
269 * Last stored requested message gets destroyed. Object gets not cloned!
270 *
271 * @param this calling object
272 * @param message pointer to the message which should be sent
273 * @return
274 * - SUCCESS
275 * - FAILED if message id is not next expected one
276 */
277 status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
278
279 /**
280 * @brief Send the next response message.
281 *
282 * Last stored responded message gets destroyed. Object gets not cloned!
283 *
284 * @param this calling object
285 * @param message pointer to the message which should be sent
286 * return
287 * - SUCCESS
288 * - FAILED if message id is not next expected one
289 */
290 status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
291
292 /**
293 * @brief Get the internal stored randomizer_t object.
294 *
295 * @param this calling object
296 * @return pointer to the internal randomizer_t object
297 */
298 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
299
300 /**
301 * @brief Set the new state_t object of the IKE_SA object.
302 *
303 * The old state_t object gets not destroyed. It's the callers duty to
304 * make sure old state is destroyed (Normally the old state is the caller).
305 *
306 * @param this calling object
307 * @param state pointer to the new state_t object
308 */
309 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
310
311 /**
312 * @brief Set the last replied message id.
313 *
314 * @param this calling object
315 * @param message_id message id
316 */
317 void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
318
319 /**
320 * @brief Get the internal stored initiator crypter_t object.
321 *
322 * @param this calling object
323 * @return pointer to crypter_t object
324 */
325 crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
326
327 /**
328 * @brief Get the internal stored initiator signer_t object.
329 *
330 * @param this calling object
331 * @return pointer to signer_t object
332 */
333 signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
334
335 /**
336 * @brief Get the internal stored responder crypter_t object.
337 *
338 * @param this calling object
339 * @return pointer to crypter_t object
340 */
341 crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
342
343 /**
344 * @brief Get the internal stored responder signer object.
345 *
346 * @param this calling object
347 * @return pointer to signer_t object
348 */
349 signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
350
351 /**
352 * @brief Get the internal stored prf_t object.
353 *
354 * @param this calling object
355 * @return pointer to prf_t object
356 */
357 prf_t *(*get_prf) (protected_ike_sa_t *this);
358
359 /**
360 * @brief Get the last responded message.
361 *
362 * @param this calling object
363 * @return
364 * - last received as message_t object
365 * - NULL if no last request available
366 */
367 message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
368
369 /**
370 * @brief Get the last requested message.
371 *
372 * @param this calling object
373 * @return
374 * - last sent as message_t object
375 * - NULL if no last request available
376 */
377 message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
378
379 /**
380 * @brief Get the Shared key SK_pr.
381 *
382 * Returned value is not cloned!
383 *
384 * @param this calling object
385 * @return SK_pr key
386 */
387 chunk_t (*get_key_pr) (protected_ike_sa_t *this);
388
389 /**
390 * @brief Get the Shared key SK_pi.
391 *
392 * Returned value is not cloned!
393 *
394 * @param this calling object
395 * @return SK_pi key
396 */
397 chunk_t (*get_key_pi) (protected_ike_sa_t *this);
398
399 /**
400 * @brief Resets message counters and does destroy stored received and sent messages.
401 *
402 * @param this calling object
403 */
404 void (*reset_message_buffers) (protected_ike_sa_t *this);
405
406 /**
407 * @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
408 *
409 * @param this calling object
410 * @param timeout timeout after the IKE_SA gets deleted
411 *
412 */
413 void (*create_delete_established_ike_sa_job) (protected_ike_sa_t *this,u_int32_t timeout);
414 };
415
416
417 /**
418 * @brief Creates an ike_sa_t object with a specific ID.
419 *
420 * @warning the Content of internal ike_sa_id_t object can change over time
421 * e.g. when a IKE_SA_INIT has been finished.
422 *
423 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
424 * The object is internal getting cloned
425 * and so has to be destroyed by the caller.
426 * @return ike_sa_t object
427 *
428 * @ingroup sa
429 */
430 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
431
432 #endif /*IKE_SA_H_*/