- code cleaned up
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Interface of ike_sa_id_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef IKE_SA_H_
24 #define IKE_SA_H_
25
26 #include <types.h>
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <config/configuration_manager.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
37
38 /**
39 * Nonce size in bytes of all sent nonces
40 *
41 * @ingroup sa
42 */
43 #define NONCE_SIZE 16
44
45 typedef struct ike_sa_t ike_sa_t;
46
47 /**
48 * @brief Class ike_sa_t. An object of this type is managed by an
49 * ike_sa_manager_t object and represents an IKE_SA. Message processing
50 * is split up in different states. They will handle all related things
51 * for their state.
52 *
53 * @b Constructors:
54 * - ike_sa_create()
55 *
56 * @ingroup sa
57 */
58 struct ike_sa_t {
59
60 /**
61 * @brief Processes a incoming IKEv2-Message of type message_t
62 *
63 * @param this ike_sa_t object object
64 * @param[in] message message_t object to process
65 * @return SUCCESSFUL if succeeded, FAILED otherwise
66 */
67 status_t (*process_message) (ike_sa_t *this,message_t *message);
68
69 /**
70 * @brief Initiate a new connection with given configuration name.
71 *
72 * @param this calling object
73 * @param name name of the configuration
74 * @return
75 * - SUCCESS if initialization started
76 * - FAILED if in wrong state
77 * - DELETE_ME if initialization faild and SA should be deleted
78 */
79 status_t (*initialize_connection) (ike_sa_t *this, char *name);
80
81 /**
82 * @brief Retransmits a request.
83 *
84 * @param this calling object
85 * @param message_id ID of the request to retransmit
86 * @return
87 * - SUCCESS
88 * - NOT_FOUND if request doesn't have to be retransmited
89 */
90 status_t (*retransmit_request) (ike_sa_t *this, u_int32_t message_id);
91
92 /**
93 * @brief Get the id of the SA.
94 *
95 * @param this ike_sa_t object object
96 * @return ike_sa's ike_sa_id_t
97 */
98 ike_sa_id_t* (*get_id) (ike_sa_t *this);
99
100 /**
101 * @brief Get the state of type of associated state object.
102 *
103 * @param this ike_sa_t object object
104 * @return state of IKE_SA
105 */
106 ike_sa_state_t (*get_state) (ike_sa_t *this);
107
108 /**
109 * @brief Destroys a ike_sa_t object.
110 *
111 * @param this ike_sa_t object
112 */
113 void (*destroy) (ike_sa_t *this);
114 };
115
116
117 typedef struct protected_ike_sa_t protected_ike_sa_t;
118
119 /**
120 * @brief Protected data of an ike_sa_t object.
121 *
122 * This members should only be accessed from
123 * the varius state classes.
124 *
125 * @ingroup sa
126 */
127 struct protected_ike_sa_t {
128
129 /**
130 * Public part of a ike_sa_t object
131 */
132 ike_sa_t public;
133
134 /**
135 * Builds an empty IKEv2-Message and fills in default informations.
136 *
137 * Depending on the type of message (request or response), the message id is
138 * either message_id_out or message_id_in.
139 *
140 * Used in every state.
141 *
142 * @param this calling object
143 * @param type exchange type of new message
144 * @param request TRUE, if message has to be a request
145 * @param message new message is stored at this location
146 */
147 void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
148
149 /**
150 * Initiate a new connection with given configuration name
151 *
152 * @param this calling object
153 * @param dh_shared_secret shared secret of diffie hellman exchange
154 * @param initiator_nonce nonce of initiator
155 * @param responder_nonce nonce of responder
156 */
157 void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
158
159 /**
160 * Gets the internal stored logger_t object for given ike_sa_t object.
161 *
162 * @param this calling object
163 * @return pointer to the internal stored logger_t object
164 */
165 logger_t *(*get_logger) (protected_ike_sa_t *this);
166
167 /**
168 * Gets the internal stored init_config_t object.
169 *
170 * Returned value has to get checked for NULL value!
171 *
172 * @param this calling object
173 * @return pointer to the internal stored init_config_t object
174 */
175 init_config_t *(*get_init_config) (protected_ike_sa_t *this);
176
177 /**
178 * Sets the internal init_config_t object.
179 *
180 * @param this calling object
181 * @param init_config object of type init_config_t
182 */
183 void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
184
185 /**
186 * Gets the internal stored sa_config_t object.
187 *
188 * Returned value has to get checked for NULL value!
189 *
190 * @param this calling object
191 * @return pointer to the internal stored sa_config_t object
192 */
193 sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
194
195 /**
196 * Sets the internal sa_config_t object.
197 *
198 * @param this calling object
199 * @param sa_config object of type sa_config_t
200 */
201 void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
202
203 /**
204 * Gets the internal stored host_t object for my host.
205 *
206 * @param this calling object
207 * @return pointer to the internal stored host_t object
208 */
209 host_t *(*get_my_host) (protected_ike_sa_t *this);
210
211 /**
212 * Gets the internal stored host_t object for other host.
213 *
214 * @param this calling object
215 * @return pointer to the internal stored host_t object
216 */
217 host_t *(*get_other_host) (protected_ike_sa_t *this);
218
219 /**
220 * Sets the internal stored host_t object for my host.
221 *
222 * Allready existing object gets destroyed. object gets not cloned!
223 *
224 * @param this calling object
225 * @param my_host pointer to the new host_t object
226 */
227 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
228
229 /**
230 * Sets the internal stored host_t object for other host.
231 *
232 * Allready existing object gets destroyed. object gets not cloned!
233 *
234 * @param this calling object
235 * @param other_host pointer to the new host_t object
236 */
237 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
238
239 /**
240 * Creates all needed transform objects for given ike_sa_t using
241 * the informations stored in a ike_proposal_t object
242 *
243 * Allready existing objects get destroyed.
244 *
245 * @param this calling object
246 * @param proposal proposal used to get informations for transform
247 * objects (algorithms, key lengths, etc.)
248 */
249 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
250
251 /**
252 * Sends the next request message.
253 *
254 * Also the first retransmit job is created.
255 *
256 * Stored requested message gets destroyed. object gets not cloned!
257 *
258 * @param this calling object
259 * @param message pointer to the message which should be sent
260 * @return
261 * - SUCCESS
262 * - FAILED if message id is not next expected one
263 */
264 status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
265
266 /**
267 * Sends the next response message.
268 *
269 * Stored responded message gets destroyed. object gets not cloned!
270 *
271 * @param this calling object
272 * @param message pointer to the message which should be sent
273 * return
274 * - SUCCESS
275 * - FAILED if message id is not next expected one
276 */
277 status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
278
279 /**
280 * Gets the internal stored randomizer_t object.
281 *
282 * @param this calling object
283 * @return pointer to the internal randomizer_t object
284 */
285 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
286
287 /**
288 * Sets the new state_t object of the IKE_SA object.
289 *
290 * The old state_t object gets not destroyed. It's the callers duty to
291 * make sure old state is destroyed (Normally the old state is the caller ).
292 *
293 * @param this calling object
294 * @param state pointer to the new state_t object
295 */
296 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
297
298 /**
299 * Sets the last replied message id.
300 *
301 * @param this calling object
302 * @param message_id message id
303 */
304 void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
305
306 /**
307 * Gets the internal stored initiator crypter_t object.
308 *
309 * @param this calling object
310 * @return pointer to crypter_t object
311 */
312 crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
313
314 /**
315 * Gets the internal stored initiator signer object.
316 *
317 * @param this calling object
318 * @return pointer to signer_t object
319 */
320 signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
321
322 /**
323 * Gets the internal stored responder crypter_t object.
324 *
325 * @param this calling object
326 * @return pointer to crypter_t object
327 */
328 crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
329
330 /**
331 * Gets the internal stored responder signer object.
332 *
333 * @param this calling object
334 * @return pointer to signer_t object
335 */
336 signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
337
338 /**
339 * Gets the internal stored prf_t object.
340 *
341 * @param this calling object
342 * @return pointer to prf_t object
343 */
344 prf_t *(*get_prf) (protected_ike_sa_t *this);
345
346 /**
347 * Gets the last responded message.
348 *
349 * @param this calling object
350 * @return
351 * - last received as message_t object
352 * - NULL if no last request available
353 */
354 message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
355
356 /**
357 * Gets the last requested message.
358 *
359 * @param this calling object
360 * @return
361 * - last sent as message_t object
362 * - NULL if no last request available
363 */
364 message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
365
366 /**
367 * Gets the Shared key SK_pr.
368 *
369 * Returned value is not cloned!
370 *
371 * @param this calling object
372 * @return SK_pr key
373 */
374 chunk_t (*get_key_pr) (protected_ike_sa_t *this);
375
376 /**
377 * Gets the Shared key SK_pi.
378 *
379 * Returned value is not cloned!
380 *
381 * @param this calling object
382 * @return SK_pr key
383 */
384 chunk_t (*get_key_pi) (protected_ike_sa_t *this);
385
386 /**
387 * Resets message id counters and does destroy stored received and sent messages.
388 *
389 * @param this calling object
390 */
391 void (*reset_message_buffers) (protected_ike_sa_t *this);
392
393 /**
394 * Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
395 *
396 *
397 * @param this calling object
398 * @param timeout timeout after the IKE_SA gets deleted
399 *
400 */
401 void (*create_delete_established_ike_sa_job) (protected_ike_sa_t *this,u_int32_t timeout);
402 };
403
404
405
406 /**
407 * Creates an ike_sa_t object with a specific ike_sa_id_t object
408 *
409 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
410 * The object is internal getting cloned
411 * and so has to be destroyed by the caller.
412 *
413 * @warning the Content of internal ike_sa_id_t object can change over time
414 * e.g. when a IKE_SA_INIT has been finished.
415 *
416 * @return ike_sa_t object
417 *
418 * @ingroup sa
419 */
420 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
421
422 #endif /*IKE_SA_H_*/