- added compution of all needed keys and also creation of needed
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Class ike_sa_t. An object of this type is managed by an
5 * ike_sa_manager_t object and represents an IKE_SA
6 *
7 */
8
9 /*
10 * Copyright (C) 2005 Jan Hutter, Martin Willi
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef IKE_SA_H_
25 #define IKE_SA_H_
26
27 #include <types.h>
28 #include <encoding/message.h>
29 #include <encoding/payloads/proposal_substructure.h>
30 #include <sa/ike_sa_id.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
37
38
39
40 /**
41 * Nonce size in bytes of all sent nonces
42 */
43 #define NONCE_SIZE 16
44
45 typedef struct ike_sa_t ike_sa_t;
46
47 /**
48 * @brief This class is used to represent an IKE_SA
49 *
50 */
51 struct ike_sa_t {
52
53 /**
54 * @brief Processes a incoming IKEv2-Message of type message_t
55 *
56 * @param this ike_sa_t object object
57 * @param[in] message message_t object to process
58 * @return SUCCESSFUL if succeeded, FAILED otherwise
59 */
60 status_t (*process_message) (ike_sa_t *this,message_t *message);
61
62 /**
63 * Initiate a new connection with given configuration name
64 *
65 * @param this calling object
66 * @param name name of the configuration
67 * @return TODO
68 */
69 status_t (*initialize_connection) (ike_sa_t *this, char *name);
70
71 /**
72 * @brief Get the id of the SA
73 *
74 * @param this ike_sa_t-message_t object object
75 * @return ike_sa's ike_sa_id_t
76 */
77 ike_sa_id_t* (*get_id) (ike_sa_t *this);
78
79 /**
80 * @brief Destroys a ike_sa_t object
81 *
82 * @param this ike_sa_t object
83 * @return SUCCESSFUL if succeeded, FAILED otherwise
84 */
85 status_t (*destroy) (ike_sa_t *this);
86 };
87
88 typedef struct protected_ike_sa_t protected_ike_sa_t;
89
90 /**
91 * Protected data of an ike_sa_t object
92 */
93 struct protected_ike_sa_t {
94
95 /**
96 * Public part of a ike_sa_t object
97 */
98 ike_sa_t public;
99
100 /**
101 * Builds an empty IKEv2-Message and fills in default informations.
102 *
103 * Depending on the type of message (request or response), the message id is
104 * either message_id_out or message_id_in.
105 *
106 * Used in every state.
107 *
108 * @param this calling object
109 * @param type exchange type of new message
110 * @param request TRUE, if message has to be a request
111 * @param message new message is stored at this location
112 * @return
113 * - SUCCESS
114 * - OUT_OF_RES
115 */
116 status_t (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
117
118 /**
119 * Initiate a new connection with given configuration name
120 *
121 * @param this calling object
122 * @param dh_shared_secret shared secret of diffie hellman exchange
123 * @param initiator_nonce nonce of initiator
124 * @param responder_nonce nonce of responder
125 * @return TODO
126 */
127 status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
128
129 /**
130 * Gets the internal stored logger_t object for given ike_sa_t object.
131 *
132 * @param this calling object
133 * @return pointer to the internal stored logger_t object
134 */
135 logger_t *(*get_logger) (protected_ike_sa_t *this);
136
137
138 /**
139 * Gets the internal stored host_t object for my host.
140 *
141 * @param this calling object
142 * @return pointer to the internal stored host_t object
143 */
144 host_t *(*get_my_host) (protected_ike_sa_t *this);
145
146 /**
147 * Gets the internal stored host_t object for other host.
148 *
149 * @param this calling object
150 * @return pointer to the internal stored host_t object
151 */
152 host_t *(*get_other_host) (protected_ike_sa_t *this);
153
154 /**
155 * Sets the internal stored host_t object for my host.
156 *
157 * Allready existing object gets destroyed. object gets not cloned!
158 *
159 * @param this calling object
160 * @param my_host pointer to the new host_t object
161 */
162 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
163
164 /**
165 * Sets the internal stored host_t object for other host.
166 *
167 * Allready existing object gets destroyed. object gets not cloned!
168 *
169 * @param this calling object
170 * @param other_host pointer to the new host_t object
171 */
172 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
173
174 /**
175 * Creates all needed transform objects for given ike_sa_t using
176 * the informations stored in a proposal_substructure_t object
177 *
178 * Allready existing objects get destroyed.
179 *
180 * @param this calling object
181 * @param proposal proposal used to get informations for transform
182 * objects (algorithms, key lengths, etc.)
183 */
184 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,proposal_substructure_t *proposal);
185
186 /**
187 * Sets the last requested message.
188 *
189 * Allready set last requested message gets destroyed. object gets not cloned!
190 *
191 * @param this calling object
192 * @param message pointer to the new last requested message
193 * @return
194 * - SUCCESS
195 * - FAILED if message id is not next expected one
196 */
197 status_t (*set_last_requested_message) (protected_ike_sa_t *this,message_t * message);
198
199 /**
200 * Sets the last responded message.
201 *
202 * Allready set last requested message gets destroyed. object gets not cloned!
203 *
204 * @param this calling object
205 * @param message pointer to the new last responded message
206 * return
207 * - SUCCESS
208 * - FAILED if message id is not next expected one
209 */
210 status_t (*set_last_responded_message) (protected_ike_sa_t *this,message_t * message);
211
212 /**
213 * Gets the internal stored randomizer_t object.
214 *
215 * @param this calling object
216 * @return pointer to the internal randomizer_t object
217 */
218 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
219
220 /**
221 * Sets the new state_t object of the IKE_SA object.
222 *
223 * The old state_t object gets not destroyed. It's the callers duty to
224 * make sure old state is destroyed (Normally the old state is the caller ).
225 *
226 * @param this calling object
227 * @param state pointer to the new state_t object
228 */
229 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
230 };
231
232
233
234 /**
235 * Creates an ike_sa_t object with a specific ike_sa_id_t object
236 *
237 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
238 * The object is internal getting cloned
239 * and so has to be destroyed by the caller.
240 *
241 * @warning the Content of internal ike_sa_id_t object can change over time
242 * e.g. when a IKE_SA_INIT has been finished
243 *
244 * @return created ike_sa_t object
245 */
246 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
247
248 #endif /*IKE_SA_H_*/