4 * @brief Interface of ike_sa_id_t.
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <config/configuration_manager.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
41 * Nonce size in bytes of all sent nonces
47 typedef struct ike_sa_t ike_sa_t
;
50 * @brief Class ike_sa_t. An object of this type is managed by an
51 * ike_sa_manager_t object and represents an IKE_SA.
58 * @brief Processes a incoming IKEv2-Message of type message_t
60 * @param this ike_sa_t object object
61 * @param[in] message message_t object to process
62 * @return SUCCESSFUL if succeeded, FAILED otherwise
64 status_t (*process_message
) (ike_sa_t
*this,message_t
*message
);
67 * @brief Initiate a new connection with given configuration name.
69 * @param this calling object
70 * @param name name of the configuration
73 status_t (*initialize_connection
) (ike_sa_t
*this, char *name
);
76 * @brief Get the id of the SA.
78 * @param this ike_sa_t object object
79 * @return ike_sa's ike_sa_id_t
81 ike_sa_id_t
* (*get_id
) (ike_sa_t
*this);
84 * @brief Destroys a ike_sa_t object.
86 * @param this ike_sa_t object
88 void (*destroy
) (ike_sa_t
*this);
91 typedef struct protected_ike_sa_t protected_ike_sa_t
;
94 * @brief Protected data of an ike_sa_t object.
96 * This members should only be accessed from
97 * the varius state classes.
101 struct protected_ike_sa_t
{
104 * Public part of a ike_sa_t object
109 * Builds an empty IKEv2-Message and fills in default informations.
111 * Depending on the type of message (request or response), the message id is
112 * either message_id_out or message_id_in.
114 * Used in every state.
116 * @param this calling object
117 * @param type exchange type of new message
118 * @param request TRUE, if message has to be a request
119 * @param message new message is stored at this location
121 void (*build_message
) (protected_ike_sa_t
*this, exchange_type_t type
, bool request
, message_t
**message
);
124 * Initiate a new connection with given configuration name
126 * @param this calling object
127 * @param dh_shared_secret shared secret of diffie hellman exchange
128 * @param initiator_nonce nonce of initiator
129 * @param responder_nonce nonce of responder
131 void (*compute_secrets
) (protected_ike_sa_t
*this,chunk_t dh_shared_secret
,chunk_t initiator_nonce
, chunk_t responder_nonce
);
134 * Gets the internal stored logger_t object for given ike_sa_t object.
136 * @param this calling object
137 * @return pointer to the internal stored logger_t object
139 logger_t
*(*get_logger
) (protected_ike_sa_t
*this);
142 * Gets the internal stored init_config_t object.
144 * Returned value has to get checked for NULL value!
146 * @param this calling object
147 * @return pointer to the internal stored init_config_t object
149 init_config_t
*(*get_init_config
) (protected_ike_sa_t
*this);
152 * Sets the internal init_config_t object.
154 * @param this calling object
155 * @param init_config object of type init_config_t
157 void (*set_init_config
) (protected_ike_sa_t
*this,init_config_t
*init_config
);
160 * Gets the internal stored sa_config_t object.
162 * Returned value has to get checked for NULL value!
164 * @param this calling object
165 * @return pointer to the internal stored sa_config_t object
167 sa_config_t
*(*get_sa_config
) (protected_ike_sa_t
*this);
170 * Sets the internal sa_config_t object.
172 * @param this calling object
173 * @param sa_config object of type sa_config_t
175 void (*set_sa_config
) (protected_ike_sa_t
*this,sa_config_t
*sa_config
);
178 * Gets the internal stored host_t object for my host.
180 * @param this calling object
181 * @return pointer to the internal stored host_t object
183 host_t
*(*get_my_host
) (protected_ike_sa_t
*this);
186 * Gets the internal stored host_t object for other host.
188 * @param this calling object
189 * @return pointer to the internal stored host_t object
191 host_t
*(*get_other_host
) (protected_ike_sa_t
*this);
194 * Sets the internal stored host_t object for my host.
196 * Allready existing object gets destroyed. object gets not cloned!
198 * @param this calling object
199 * @param my_host pointer to the new host_t object
201 void (*set_my_host
) (protected_ike_sa_t
*this,host_t
* my_host
);
204 * Sets the internal stored host_t object for other host.
206 * Allready existing object gets destroyed. object gets not cloned!
208 * @param this calling object
209 * @param other_host pointer to the new host_t object
211 void (*set_other_host
) (protected_ike_sa_t
*this,host_t
*other_host
);
214 * Creates all needed transform objects for given ike_sa_t using
215 * the informations stored in a ike_proposal_t object
217 * Allready existing objects get destroyed.
219 * @param this calling object
220 * @param proposal proposal used to get informations for transform
221 * objects (algorithms, key lengths, etc.)
223 status_t (*create_transforms_from_proposal
) (protected_ike_sa_t
*this,ike_proposal_t
* proposal
);
226 * Sets the last requested message.
228 * Allready set last requested message gets destroyed. object gets not cloned!
230 * @param this calling object
231 * @param message pointer to the new last requested message
234 * - FAILED if message id is not next expected one
236 status_t (*set_last_requested_message
) (protected_ike_sa_t
*this,message_t
* message
);
239 * Sets the last responded message.
241 * Allready set last requested message gets destroyed. object gets not cloned!
243 * @param this calling object
244 * @param message pointer to the new last responded message
247 * - FAILED if message id is not next expected one
249 status_t (*set_last_responded_message
) (protected_ike_sa_t
*this,message_t
* message
);
252 * Gets the internal stored randomizer_t object.
254 * @param this calling object
255 * @return pointer to the internal randomizer_t object
257 randomizer_t
*(*get_randomizer
) (protected_ike_sa_t
*this);
260 * Sets the new state_t object of the IKE_SA object.
262 * The old state_t object gets not destroyed. It's the callers duty to
263 * make sure old state is destroyed (Normally the old state is the caller ).
265 * @param this calling object
266 * @param state pointer to the new state_t object
268 void (*set_new_state
) (protected_ike_sa_t
*this,state_t
*state
);
271 * Gets the internal stored initiator crypter_t object.
273 * @param this calling object
274 * @return pointer to crypter_t object
276 crypter_t
*(*get_crypter_initiator
) (protected_ike_sa_t
*this);
279 * Gets the internal stored initiator signer object.
281 * @param this calling object
282 * @return pointer to signer_t object
284 signer_t
*(*get_signer_initiator
) (protected_ike_sa_t
*this);
287 * Resets message id counters and does destroy stored received and sent messages.
289 * @param this calling object
291 void (*reset_message_buffers
) (protected_ike_sa_t
*this);
297 * Creates an ike_sa_t object with a specific ike_sa_id_t object
299 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
300 * The object is internal getting cloned
301 * and so has to be destroyed by the caller.
303 * @warning the Content of internal ike_sa_id_t object can change over time
304 * e.g. when a IKE_SA_INIT has been finished.
306 * @return created ike_sa_t object
310 ike_sa_t
* ike_sa_create(ike_sa_id_t
*ike_sa_id
);