aa6c0d50fe0f23f7ba5f8bffef92355d63d2875c
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Class ike_sa_t. An object of this type is managed by an
5 * ike_sa_manager_t object and represents an IKE_SA
6 *
7 */
8
9 /*
10 * Copyright (C) 2005 Jan Hutter, Martin Willi
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef IKE_SA_H_
25 #define IKE_SA_H_
26
27 #include <types.h>
28 #include <encoding/message.h>
29 #include <sa/ike_sa_id.h>
30 #include <utils/logger.h>
31 #include <utils/randomizer.h>
32 #include <sa/states/state.h>
33 #include <transforms/prfs/prf.h>
34 #include <transforms/crypters/crypter.h>
35 #include <transforms/signers/signer.h>
36
37
38
39 /**
40 * Nonce size in bytes of all sent nonces
41 */
42 #define NONCE_SIZE 16
43
44 typedef struct ike_sa_t ike_sa_t;
45
46 /**
47 * @brief This class is used to represent an IKE_SA
48 *
49 */
50 struct ike_sa_t {
51
52 /**
53 * @brief Processes a incoming IKEv2-Message of type message_t
54 *
55 * @param this ike_sa_t object object
56 * @param[in] message message_t object to process
57 * @return SUCCESSFUL if succeeded, FAILED otherwise
58 */
59 status_t (*process_message) (ike_sa_t *this,message_t *message);
60
61 /**
62 * Initiate a new connection with given configuration name
63 *
64 * @param this calling object
65 * @param name name of the configuration
66 * @return TODO
67 */
68 status_t (*initialize_connection) (ike_sa_t *this, char *name);
69
70 /**
71 * @brief Get the id of the SA
72 *
73 * @param this ike_sa_t-message_t object object
74 * @return ike_sa's ike_sa_id_t
75 */
76 ike_sa_id_t* (*get_id) (ike_sa_t *this);
77
78 /**
79 * @brief Destroys a ike_sa_t object
80 *
81 * @param this ike_sa_t object
82 * @return SUCCESSFUL if succeeded, FAILED otherwise
83 */
84 status_t (*destroy) (ike_sa_t *this);
85 };
86
87 typedef struct protected_ike_sa_t protected_ike_sa_t;
88
89 /**
90 * Protected data of an ike_sa_t object
91 */
92 struct protected_ike_sa_t {
93
94 /**
95 * Public part of a ike_sa_t object
96 */
97 ike_sa_t public;
98
99 /**
100 * Builds an empty IKEv2-Message and fills in default informations.
101 *
102 * Depending on the type of message (request or response), the message id is
103 * either message_id_out or message_id_in.
104 *
105 * Used in every state.
106 *
107 * @param this calling object
108 * @param type exchange type of new message
109 * @param request TRUE, if message has to be a request
110 * @param message new message is stored at this location
111 * @return
112 * - SUCCESS
113 * - OUT_OF_RES
114 */
115 status_t (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
116
117 /**
118 * Initiate a new connection with given configuration name
119 *
120 * @param this calling object
121 * @param dh_shared_secret shared secret of diffie hellman exchange
122 * @param initiator_nonce nonce of initiator
123 * @param responder_nonce nonce of responder
124 * @return TODO
125 */
126 status_t (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
127
128 /**
129 * Gets the internal stored logger_t object for given ike_sa_t object.
130 *
131 * @param this calling object
132 * @return pointer to the internal stored logger_t object
133 */
134 logger_t *(*get_logger) (protected_ike_sa_t *this);
135
136
137 /**
138 * Gets the internal stored host_t object for my host.
139 *
140 * @param this calling object
141 * @return pointer to the internal stored host_t object
142 */
143 host_t *(*get_my_host) (protected_ike_sa_t *this);
144
145 /**
146 * Gets the internal stored host_t object for other host.
147 *
148 * @param this calling object
149 * @return pointer to the internal stored host_t object
150 */
151 host_t *(*get_other_host) (protected_ike_sa_t *this);
152
153 /**
154 * Sets the internal stored host_t object for my host.
155 *
156 * Allready existing object gets destroyed. object gets not cloned!
157 *
158 * @param this calling object
159 * @param my_host pointer to the new host_t object
160 */
161 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
162
163 /**
164 * Sets the internal stored host_t object for other host.
165 *
166 * Allready existing object gets destroyed. object gets not cloned!
167 *
168 * @param this calling object
169 * @param other_host pointer to the new host_t object
170 */
171 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
172
173 /**
174 * Sets the internal stored prf_t object.
175 *
176 * Allready existing object gets destroyed. object gets not cloned!
177 *
178 * @param this calling object
179 * @param prf pointer to the new prf_t object
180 */
181 void (*set_prf) (protected_ike_sa_t *this,prf_t *prf);
182
183 /**
184 * Sets the last requested message.
185 *
186 * Allready set last requested message gets destroyed. object gets not cloned!
187 *
188 * @param this calling object
189 * @param message pointer to the new last requested message
190 * @return
191 * - SUCCESS
192 * - FAILED if message id is not next expected one
193 */
194 status_t (*set_last_requested_message) (protected_ike_sa_t *this,message_t * message);
195
196 /**
197 * Sets the last responded message.
198 *
199 * Allready set last requested message gets destroyed. object gets not cloned!
200 *
201 * @param this calling object
202 * @param message pointer to the new last responded message
203 * return
204 * - SUCCESS
205 * - FAILED if message id is not next expected one
206 */
207 status_t (*set_last_responded_message) (protected_ike_sa_t *this,message_t * message);
208
209 /**
210 * Gets the internal stored randomizer_t object.
211 *
212 * @param this calling object
213 * @return pointer to the internal randomizer_t object
214 */
215 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
216
217 /**
218 * Sets the new state_t object of the IKE_SA object.
219 *
220 * The old state_t object gets not destroyed. It's the callers duty to
221 * make sure old state is destroyed (Normally the old state is the caller ).
222 *
223 * @param this calling object
224 * @param state pointer to the new state_t object
225 */
226 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
227 };
228
229
230
231 /**
232 * Creates an ike_sa_t object with a specific ike_sa_id_t object
233 *
234 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
235 * The object is internal getting cloned
236 * and so has to be destroyed by the caller.
237 *
238 * @warning the Content of internal ike_sa_id_t object can change over time
239 * e.g. when a IKE_SA_INIT has been finished
240 *
241 * @return created ike_sa_t object
242 */
243 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
244
245 #endif /*IKE_SA_H_*/