6a12aaf8d7f1378c23ac1d77d128c17dffa8bac8
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Interface of ike_sa_id_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef IKE_SA_H_
24 #define IKE_SA_H_
25
26 #include <types.h>
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <config/configuration_manager.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
37
38
39
40 /**
41 * Nonce size in bytes of all sent nonces
42 *
43 * @ingroup sa
44 */
45 #define NONCE_SIZE 16
46
47 typedef struct ike_sa_t ike_sa_t;
48
49 /**
50 * @brief Class ike_sa_t. An object of this type is managed by an
51 * ike_sa_manager_t object and represents an IKE_SA.
52 *
53 * @ingroup sa
54 */
55 struct ike_sa_t {
56
57 /**
58 * @brief Processes a incoming IKEv2-Message of type message_t
59 *
60 * @param this ike_sa_t object object
61 * @param[in] message message_t object to process
62 * @return SUCCESSFUL if succeeded, FAILED otherwise
63 */
64 status_t (*process_message) (ike_sa_t *this,message_t *message);
65
66 /**
67 * @brief Initiate a new connection with given configuration name.
68 *
69 * @param this calling object
70 * @param name name of the configuration
71 * @return TODO
72 */
73 status_t (*initialize_connection) (ike_sa_t *this, char *name);
74
75 /**
76 * @brief Retransmits a request.
77 *
78 * @param this calling object
79 * @param message_id ID of the request to retransmit
80 * @return
81 * - SUCCESS
82 * - NOT_FOUND if request doesn't have to be retransmited
83 */
84 status_t (*retransmit_request) (ike_sa_t *this, u_int32_t message_id);
85
86 /**
87 * @brief Get the id of the SA.
88 *
89 * @param this ike_sa_t object object
90 * @return ike_sa's ike_sa_id_t
91 */
92 ike_sa_id_t* (*get_id) (ike_sa_t *this);
93
94 /**
95 * @brief Destroys a ike_sa_t object.
96 *
97 * @param this ike_sa_t object
98 */
99 void (*destroy) (ike_sa_t *this);
100 };
101
102 typedef struct protected_ike_sa_t protected_ike_sa_t;
103
104 /**
105 * @brief Protected data of an ike_sa_t object.
106 *
107 * This members should only be accessed from
108 * the varius state classes.
109 *
110 * @ingroup sa
111 */
112 struct protected_ike_sa_t {
113
114 /**
115 * Public part of a ike_sa_t object
116 */
117 ike_sa_t public;
118
119 /**
120 * Builds an empty IKEv2-Message and fills in default informations.
121 *
122 * Depending on the type of message (request or response), the message id is
123 * either message_id_out or message_id_in.
124 *
125 * Used in every state.
126 *
127 * @param this calling object
128 * @param type exchange type of new message
129 * @param request TRUE, if message has to be a request
130 * @param message new message is stored at this location
131 */
132 void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
133
134 /**
135 * Initiate a new connection with given configuration name
136 *
137 * @param this calling object
138 * @param dh_shared_secret shared secret of diffie hellman exchange
139 * @param initiator_nonce nonce of initiator
140 * @param responder_nonce nonce of responder
141 */
142 void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
143
144 /**
145 * Gets the internal stored logger_t object for given ike_sa_t object.
146 *
147 * @param this calling object
148 * @return pointer to the internal stored logger_t object
149 */
150 logger_t *(*get_logger) (protected_ike_sa_t *this);
151
152 /**
153 * Gets the internal stored init_config_t object.
154 *
155 * Returned value has to get checked for NULL value!
156 *
157 * @param this calling object
158 * @return pointer to the internal stored init_config_t object
159 */
160 init_config_t *(*get_init_config) (protected_ike_sa_t *this);
161
162 /**
163 * Sets the internal init_config_t object.
164 *
165 * @param this calling object
166 * @param init_config object of type init_config_t
167 */
168 void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
169
170 /**
171 * Gets the internal stored sa_config_t object.
172 *
173 * Returned value has to get checked for NULL value!
174 *
175 * @param this calling object
176 * @return pointer to the internal stored sa_config_t object
177 */
178 sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
179
180 /**
181 * Sets the internal sa_config_t object.
182 *
183 * @param this calling object
184 * @param sa_config object of type sa_config_t
185 */
186 void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
187
188 /**
189 * Gets the internal stored host_t object for my host.
190 *
191 * @param this calling object
192 * @return pointer to the internal stored host_t object
193 */
194 host_t *(*get_my_host) (protected_ike_sa_t *this);
195
196 /**
197 * Gets the internal stored host_t object for other host.
198 *
199 * @param this calling object
200 * @return pointer to the internal stored host_t object
201 */
202 host_t *(*get_other_host) (protected_ike_sa_t *this);
203
204 /**
205 * Sets the internal stored host_t object for my host.
206 *
207 * Allready existing object gets destroyed. object gets not cloned!
208 *
209 * @param this calling object
210 * @param my_host pointer to the new host_t object
211 */
212 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
213
214 /**
215 * Sets the internal stored host_t object for other host.
216 *
217 * Allready existing object gets destroyed. object gets not cloned!
218 *
219 * @param this calling object
220 * @param other_host pointer to the new host_t object
221 */
222 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
223
224 /**
225 * Creates all needed transform objects for given ike_sa_t using
226 * the informations stored in a ike_proposal_t object
227 *
228 * Allready existing objects get destroyed.
229 *
230 * @param this calling object
231 * @param proposal proposal used to get informations for transform
232 * objects (algorithms, key lengths, etc.)
233 */
234 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
235
236 /**
237 * Sends the next request message.
238 *
239 * Also the first retransmit job is created.
240 *
241 * Stored requested message gets destroyed. object gets not cloned!
242 *
243 * @param this calling object
244 * @param message pointer to the message which should be sent
245 * @return
246 * - SUCCESS
247 * - FAILED if message id is not next expected one
248 */
249 status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
250
251 /**
252 * Sends the next response message.
253 *
254 * Stored responded message gets destroyed. object gets not cloned!
255 *
256 * @param this calling object
257 * @param message pointer to the message which should be sent
258 * return
259 * - SUCCESS
260 * - FAILED if message id is not next expected one
261 */
262 status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
263
264 /**
265 * Gets the internal stored randomizer_t object.
266 *
267 * @param this calling object
268 * @return pointer to the internal randomizer_t object
269 */
270 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
271
272 /**
273 * Sets the new state_t object of the IKE_SA object.
274 *
275 * The old state_t object gets not destroyed. It's the callers duty to
276 * make sure old state is destroyed (Normally the old state is the caller ).
277 *
278 * @param this calling object
279 * @param state pointer to the new state_t object
280 */
281 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
282
283 /**
284 * Gets the internal stored initiator crypter_t object.
285 *
286 * @param this calling object
287 * @return pointer to crypter_t object
288 */
289 crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
290
291 /**
292 * Gets the internal stored initiator signer object.
293 *
294 * @param this calling object
295 * @return pointer to signer_t object
296 */
297 signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
298
299 /**
300 * Gets the internal stored responder crypter_t object.
301 *
302 * @param this calling object
303 * @return pointer to crypter_t object
304 */
305 crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
306
307 /**
308 * Gets the internal stored responder signer object.
309 *
310 * @param this calling object
311 * @return pointer to signer_t object
312 */
313 signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
314
315 /**
316 * Resets message id counters and does destroy stored received and sent messages.
317 *
318 * @param this calling object
319 */
320 void (*reset_message_buffers) (protected_ike_sa_t *this);
321 };
322
323
324
325 /**
326 * Creates an ike_sa_t object with a specific ike_sa_id_t object
327 *
328 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
329 * The object is internal getting cloned
330 * and so has to be destroyed by the caller.
331 *
332 * @warning the Content of internal ike_sa_id_t object can change over time
333 * e.g. when a IKE_SA_INIT has been finished.
334 *
335 * @return created ike_sa_t object
336 *
337 * @ingroup sa
338 */
339 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
340
341 #endif /*IKE_SA_H_*/