projects / strongswan.git / blob
? search:


51d8be4e01c324fb8345ffacbaf86b93ee77fb1b
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Interface of ike_sa_id_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef IKE_SA_H_
24 #define IKE_SA_H_
25
26 #include <types.h>
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <utils/logger.h>
31 #include <utils/randomizer.h>
32 #include <sa/states/state.h>
33 #include <transforms/prfs/prf.h>
34 #include <transforms/crypters/crypter.h>
35 #include <transforms/signers/signer.h>
36
37
38
39 /**
40 * Nonce size in bytes of all sent nonces
41 *
42 * @ingroup sa
43 */
44 #define NONCE_SIZE 16
45
46 typedef struct ike_sa_t ike_sa_t;
47
48 /**
49 * @brief Class ike_sa_t. An object of this type is managed by an
50 * ike_sa_manager_t object and represents an IKE_SA.
51 *
52 * @ingroup sa
53 */
54 struct ike_sa_t {
55
56 /**
57 * @brief Processes a incoming IKEv2-Message of type message_t
58 *
59 * @param this ike_sa_t object object
60 * @param[in] message message_t object to process
61 * @return SUCCESSFUL if succeeded, FAILED otherwise
62 */
63 status_t (*process_message) (ike_sa_t *this,message_t *message);
64
65 /**
66 * @brief Initiate a new connection with given configuration name.
67 *
68 * @param this calling object
69 * @param name name of the configuration
70 * @return TODO
71 */
72 status_t (*initialize_connection) (ike_sa_t *this, char *name);
73
74 /**
75 * @brief Get the id of the SA.
76 *
77 * @param this ike_sa_t object object
78 * @return ike_sa's ike_sa_id_t
79 */
80 ike_sa_id_t* (*get_id) (ike_sa_t *this);
81
82 /**
83 * @brief Destroys a ike_sa_t object.
84 *
85 * @param this ike_sa_t object
86 */
87 void (*destroy) (ike_sa_t *this);
88 };
89
90 typedef struct protected_ike_sa_t protected_ike_sa_t;
91
92 /**
93 * @brief Protected data of an ike_sa_t object.
94 *
95 * This members should only be accessed from
96 * the varius state classes.
97 *
98 * @ingroup sa
99 */
100 struct protected_ike_sa_t {
101
102 /**
103 * Public part of a ike_sa_t object
104 */
105 ike_sa_t public;
106
107 /**
108 * Builds an empty IKEv2-Message and fills in default informations.
109 *
110 * Depending on the type of message (request or response), the message id is
111 * either message_id_out or message_id_in.
112 *
113 * Used in every state.
114 *
115 * @param this calling object
116 * @param type exchange type of new message
117 * @param request TRUE, if message has to be a request
118 * @param message new message is stored at this location
119 */
120 void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
121
122 /**
123 * Initiate a new connection with given configuration name
124 *
125 * @param this calling object
126 * @param dh_shared_secret shared secret of diffie hellman exchange
127 * @param initiator_nonce nonce of initiator
128 * @param responder_nonce nonce of responder
129 */
130 void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
131
132 /**
133 * Gets the internal stored logger_t object for given ike_sa_t object.
134 *
135 * @param this calling object
136 * @return pointer to the internal stored logger_t object
137 */
138 logger_t *(*get_logger) (protected_ike_sa_t *this);
139
140
141 /**
142 * Gets the internal stored host_t object for my host.
143 *
144 * @param this calling object
145 * @return pointer to the internal stored host_t object
146 */
147 host_t *(*get_my_host) (protected_ike_sa_t *this);
148
149 /**
150 * Gets the internal stored host_t object for other host.
151 *
152 * @param this calling object
153 * @return pointer to the internal stored host_t object
154 */
155 host_t *(*get_other_host) (protected_ike_sa_t *this);
156
157 /**
158 * Sets the internal stored host_t object for my host.
159 *
160 * Allready existing object gets destroyed. object gets not cloned!
161 *
162 * @param this calling object
163 * @param my_host pointer to the new host_t object
164 */
165 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
166
167 /**
168 * Sets the internal stored host_t object for other host.
169 *
170 * Allready existing object gets destroyed. object gets not cloned!
171 *
172 * @param this calling object
173 * @param other_host pointer to the new host_t object
174 */
175 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
176
177 /**
178 * Creates all needed transform objects for given ike_sa_t using
179 * the informations stored in a proposal_substructure_t object
180 *
181 * Allready existing objects get destroyed.
182 *
183 * @param this calling object
184 * @param proposal proposal used to get informations for transform
185 * objects (algorithms, key lengths, etc.)
186 */
187 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,proposal_substructure_t *proposal);
188
189 /**
190 * Sets the last requested message.
191 *
192 * Allready set last requested message gets destroyed. object gets not cloned!
193 *
194 * @param this calling object
195 * @param message pointer to the new last requested message
196 * @return
197 * - SUCCESS
198 * - FAILED if message id is not next expected one
199 */
200 status_t (*set_last_requested_message) (protected_ike_sa_t *this,message_t * message);
201
202 /**
203 * Sets the last responded message.
204 *
205 * Allready set last requested message gets destroyed. object gets not cloned!
206 *
207 * @param this calling object
208 * @param message pointer to the new last responded message
209 * return
210 * - SUCCESS
211 * - FAILED if message id is not next expected one
212 */
213 status_t (*set_last_responded_message) (protected_ike_sa_t *this,message_t * message);
214
215 /**
216 * Gets the internal stored randomizer_t object.
217 *
218 * @param this calling object
219 * @return pointer to the internal randomizer_t object
220 */
221 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
222
223 /**
224 * Sets the new state_t object of the IKE_SA object.
225 *
226 * The old state_t object gets not destroyed. It's the callers duty to
227 * make sure old state is destroyed (Normally the old state is the caller ).
228 *
229 * @param this calling object
230 * @param state pointer to the new state_t object
231 */
232 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
233
234 /**
235 * Gets the internal stored initiator crypter_t object.
236 *
237 * @param this calling object
238 * @return pointer to crypter_t object
239 */
240 crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
241
242 /**
243 * Gets the internal stored initiator signer object.
244 *
245 * @param this calling object
246 * @return pointer to signer_t object
247 */
248 signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
249
250 };
251
252
253
254 /**
255 * Creates an ike_sa_t object with a specific ike_sa_id_t object
256 *
257 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
258 * The object is internal getting cloned
259 * and so has to be destroyed by the caller.
260 *
261 * @warning the Content of internal ike_sa_id_t object can change over time
262 * e.g. when a IKE_SA_INIT has been finished.
263 *
264 * @return created ike_sa_t object
265 *
266 * @ingroup sa
267 */
268 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
269
270 #endif /*IKE_SA_H_*/
strongSwan - IPsec VPN