- cleanup of states ike_auth_requested and ike_sa_init_responded
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Interface of ike_sa_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef IKE_SA_H_
24 #define IKE_SA_H_
25
26 #include <types.h>
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <config/configuration_manager.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
37
38 /**
39 * Nonce size in bytes for nonces sending to other peer.
40 *
41 * @warning Nonce size MUST be between 16 and 256 bytes.
42 *
43 * @ingroup sa
44 */
45 #define NONCE_SIZE 16
46
47
48 typedef struct ike_sa_t ike_sa_t;
49
50 /**
51 * @brief Class ike_sa_t representing an IKE_SA.
52 *
53 * An object of this type is managed by an ike_sa_manager_t object
54 * and represents an IKE_SA. Message processing is split up in different states.
55 * They will handle all related things for the state they represent.
56 *
57 * @b Constructors:
58 * - ike_sa_create()
59 *
60 * @ingroup sa
61 */
62 struct ike_sa_t {
63
64 /**
65 * @brief Processes a incoming IKEv2-Message of type message_t.
66 *
67 * @param this ike_sa_t object object
68 * @param[in] message message_t object to process
69 * @return
70 * - SUCCESS
71 * - FAILED
72 * - DELETE_ME if this IKE_SA MUST be deleted
73 */
74 status_t (*process_message) (ike_sa_t *this,message_t *message);
75
76 /**
77 * @brief Initiate a new connection with given configuration name.
78 *
79 * @param this calling object
80 * @param name name of the configuration
81 * @return
82 * - SUCCESS if initialization started
83 * - FAILED if in wrong state
84 * - DELETE_ME if initialization failed and IKE_SA MUST be deleted
85 */
86 status_t (*initialize_connection) (ike_sa_t *this, char *name);
87
88 /**
89 * @brief Retransmits a request.
90 *
91 * @param this calling object
92 * @param message_id ID of the request to retransmit
93 * @return
94 * - SUCCESS
95 * - NOT_FOUND if request doesn't have to be retransmited
96 */
97 status_t (*retransmit_request) (ike_sa_t *this, u_int32_t message_id);
98
99 /**
100 * @brief Get the id of the SA.
101 *
102 * Returned ike_sa_id_t object is not getting cloned!
103 *
104 * @param this calling object
105 * @return ike_sa's ike_sa_id_t
106 */
107 ike_sa_id_t* (*get_id) (ike_sa_t *this);
108
109 /**
110 * @brief Get the state of type of associated state object.
111 *
112 * @param this calling object
113 * @return state of IKE_SA
114 */
115 ike_sa_state_t (*get_state) (ike_sa_t *this);
116
117 /**
118 * @brief Destroys a ike_sa_t object.
119 *
120 * @param this calling object
121 */
122 void (*destroy) (ike_sa_t *this);
123 };
124
125
126 typedef struct protected_ike_sa_t protected_ike_sa_t;
127
128 /**
129 * @brief Protected functions of an ike_sa_t object.
130 *
131 * This members are only accessed out from
132 * the various state_t implementations.
133 *
134 * @ingroup sa
135 */
136 struct protected_ike_sa_t {
137
138 /**
139 * Public interface of an ike_sa_t object.
140 */
141 ike_sa_t public;
142
143 /**
144 * @brief Build an empty IKEv2-Message and fills in default informations.
145 *
146 * Depending on the type of message (request or response), the message id is
147 * either message_id_out or message_id_in.
148 *
149 * Used in state_t Implementation to build an empty IKEv2-Message.
150 *
151 * @param this calling object
152 * @param type exchange type of new message
153 * @param request TRUE, if message has to be a request
154 * @param message new message is stored at this location
155 */
156 void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
157
158 /**
159 * @brief Compute the shared secrets needed for encryption, signing, etc.
160 *
161 * Preconditions:
162 * - Call of function protected_ike_sa_t.create_transforms_from_proposal
163 *
164 * @param this calling object
165 * @param dh_shared_secret shared secret of diffie hellman exchange
166 * @param initiator_nonce nonce of initiator
167 * @param responder_nonce nonce of responder
168 */
169 void (*compute_secrets) (protected_ike_sa_t *this,
170 chunk_t dh_shared_secret,
171 chunk_t initiator_nonce,
172 chunk_t responder_nonce);
173
174 /**
175 * @brief Get the internal stored logger_t object for given ike_sa_t object.
176 *
177 * @warning Returned logger_t object is original one and managed by this object.
178 *
179 * @param this calling object
180 * @return pointer to the internal stored logger_t object
181 */
182 logger_t *(*get_logger) (protected_ike_sa_t *this);
183
184 /**
185 * @brief Get the internal stored init_config_t object.
186 *
187 * @param this calling object
188 * @return pointer to the internal stored init_config_t object
189 */
190 init_config_t *(*get_init_config) (protected_ike_sa_t *this);
191
192 /**
193 * @brief Set the internal init_config_t object.
194 *
195 * @param this calling object
196 * @param init_config object of type init_config_t
197 */
198 void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
199
200 /**
201 * @brief Get the internal stored sa_config_t object.
202 *
203 * @param this calling object
204 * @return pointer to the internal stored sa_config_t object
205 */
206 sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
207
208 /**
209 * @brief Set the internal sa_config_t object.
210 *
211 * @param this calling object
212 * @param sa_config object of type sa_config_t
213 */
214 void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
215
216 /**
217 * @brief Get the internal stored host_t object for my host.
218 *
219 * @param this calling object
220 * @return pointer to the internal stored host_t object
221 */
222 host_t *(*get_my_host) (protected_ike_sa_t *this);
223
224 /**
225 * @brief Get the internal stored host_t object for other host.
226 *
227 * @param this calling object
228 * @return pointer to the internal stored host_t object
229 */
230 host_t *(*get_other_host) (protected_ike_sa_t *this);
231
232 /**
233 * @brief Set the internal stored host_t object for my host.
234 *
235 * Allready existing object gets destroyed. object gets not cloned!
236 *
237 * @param this calling object
238 * @param my_host pointer to the new host_t object
239 */
240 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
241
242 /**
243 * @brief Set the internal stored host_t object for other host.
244 *
245 * Allready existing object gets destroyed. object gets not cloned!
246 *
247 * @param this calling object
248 * @param other_host pointer to the new host_t object
249 */
250 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
251
252 /**
253 * @brief Create all needed transform objects for this IKE_SA using
254 * the informations stored in a ike_proposal_t object.
255 *
256 * Allready existing objects get destroyed.
257 *
258 * @param this calling object
259 * @param proposal proposal used to get informations for transform
260 * objects (algorithms, key lengths, etc.)
261 */
262 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
263
264 /**
265 * @brief Send the next request message.
266 *
267 * Also the first retransmit job is created.
268 *
269 * Last stored requested message gets destroyed. Object gets not cloned!
270 *
271 * @param this calling object
272 * @param message pointer to the message which should be sent
273 * @return
274 * - SUCCESS
275 * - FAILED if message id is not next expected one
276 */
277 status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
278
279 /**
280 * @brief Send the next response message.
281 *
282 * Last stored responded message gets destroyed. Object gets not cloned!
283 *
284 * @param this calling object
285 * @param message pointer to the message which should be sent
286 * return
287 * - SUCCESS
288 * - FAILED if message id is not next expected one
289 */
290 status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
291
292 /**
293 * @brief Send a notify reply message.
294 *
295 * @param this calling object
296 * @param exchange_type type of exchange in which the notify should be wrapped
297 * @param type type of the notify message to send
298 * @param data notification data
299 */
300 void (*send_notify) (protected_ike_sa_t *this, exchange_type_t exchange_type, notify_message_type_t type, chunk_t data);
301
302 /**
303 * @brief Get the internal stored randomizer_t object.
304 *
305 * @param this calling object
306 * @return pointer to the internal randomizer_t object
307 */
308 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
309
310 /**
311 * @brief Set the new state_t object of the IKE_SA object.
312 *
313 * The old state_t object gets not destroyed. It's the callers duty to
314 * make sure old state is destroyed (Normally the old state is the caller).
315 *
316 * @param this calling object
317 * @param state pointer to the new state_t object
318 */
319 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
320
321 /**
322 * @brief Set the last replied message id.
323 *
324 * @param this calling object
325 * @param message_id message id
326 */
327 void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
328
329 /**
330 * @brief Get the internal stored initiator crypter_t object.
331 *
332 * @param this calling object
333 * @return pointer to crypter_t object
334 */
335 crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
336
337 /**
338 * @brief Get the internal stored initiator signer_t object.
339 *
340 * @param this calling object
341 * @return pointer to signer_t object
342 */
343 signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
344
345 /**
346 * @brief Get the internal stored responder crypter_t object.
347 *
348 * @param this calling object
349 * @return pointer to crypter_t object
350 */
351 crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
352
353 /**
354 * @brief Get the internal stored responder signer object.
355 *
356 * @param this calling object
357 * @return pointer to signer_t object
358 */
359 signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
360
361 /**
362 * @brief Get the internal stored prf_t object.
363 *
364 * @param this calling object
365 * @return pointer to prf_t object
366 */
367 prf_t *(*get_prf) (protected_ike_sa_t *this);
368
369 /**
370 * @brief Get the last responded message.
371 *
372 * @param this calling object
373 * @return
374 * - last received as message_t object
375 * - NULL if no last request available
376 */
377 message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
378
379 /**
380 * @brief Get the last requested message.
381 *
382 * @param this calling object
383 * @return
384 * - last sent as message_t object
385 * - NULL if no last request available
386 */
387 message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
388
389 /**
390 * @brief Get the Shared key SK_pr.
391 *
392 * Returned value is not cloned!
393 *
394 * @param this calling object
395 * @return SK_pr key
396 */
397 chunk_t (*get_key_pr) (protected_ike_sa_t *this);
398
399 /**
400 * @brief Get the Shared key SK_pi.
401 *
402 * Returned value is not cloned!
403 *
404 * @param this calling object
405 * @return SK_pi key
406 */
407 chunk_t (*get_key_pi) (protected_ike_sa_t *this);
408
409 /**
410 * @brief Resets message counters and does destroy stored received and sent messages.
411 *
412 * @param this calling object
413 */
414 void (*reset_message_buffers) (protected_ike_sa_t *this);
415
416 /**
417 * @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
418 *
419 * @param this calling object
420 * @param timeout timeout after the IKE_SA gets deleted
421 *
422 */
423 void (*create_delete_established_ike_sa_job) (protected_ike_sa_t *this,u_int32_t timeout);
424 };
425
426
427 /**
428 * @brief Creates an ike_sa_t object with a specific ID.
429 *
430 * @warning the Content of internal ike_sa_id_t object can change over time
431 * e.g. when a IKE_SA_INIT has been finished.
432 *
433 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
434 * The object is internal getting cloned
435 * and so has to be destroyed by the caller.
436 * @return ike_sa_t object
437 *
438 * @ingroup sa
439 */
440 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
441
442 #endif /*IKE_SA_H_*/