af3be504f028966ab747f4959c1e271252679dd5
[strongswan.git] / Source / charon / sa / ike_sa.h
1 /**
2 * @file ike_sa.h
3 *
4 * @brief Interface of ike_sa_id_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef IKE_SA_H_
24 #define IKE_SA_H_
25
26 #include <types.h>
27 #include <encoding/message.h>
28 #include <encoding/payloads/proposal_substructure.h>
29 #include <sa/ike_sa_id.h>
30 #include <config/configuration_manager.h>
31 #include <utils/logger.h>
32 #include <utils/randomizer.h>
33 #include <sa/states/state.h>
34 #include <transforms/prfs/prf.h>
35 #include <transforms/crypters/crypter.h>
36 #include <transforms/signers/signer.h>
37
38 /**
39 * Nonce size in bytes of all sent nonces
40 *
41 * @ingroup sa
42 */
43 #define NONCE_SIZE 16
44
45 typedef struct ike_sa_t ike_sa_t;
46
47 /**
48 * @brief Class ike_sa_t. An object of this type is managed by an
49 * ike_sa_manager_t object and represents an IKE_SA.
50 *
51 * @ingroup sa
52 */
53 struct ike_sa_t {
54
55 /**
56 * @brief Processes a incoming IKEv2-Message of type message_t
57 *
58 * @param this ike_sa_t object object
59 * @param[in] message message_t object to process
60 * @return SUCCESSFUL if succeeded, FAILED otherwise
61 */
62 status_t (*process_message) (ike_sa_t *this,message_t *message);
63
64 /**
65 * @brief Initiate a new connection with given configuration name.
66 *
67 * @param this calling object
68 * @param name name of the configuration
69 * @return TODO
70 */
71 status_t (*initialize_connection) (ike_sa_t *this, char *name);
72
73 /**
74 * @brief Retransmits a request.
75 *
76 * @param this calling object
77 * @param message_id ID of the request to retransmit
78 * @return
79 * - SUCCESS
80 * - NOT_FOUND if request doesn't have to be retransmited
81 */
82 status_t (*retransmit_request) (ike_sa_t *this, u_int32_t message_id);
83
84 /**
85 * @brief Get the id of the SA.
86 *
87 * @param this ike_sa_t object object
88 * @return ike_sa's ike_sa_id_t
89 */
90 ike_sa_id_t* (*get_id) (ike_sa_t *this);
91
92 /**
93 * @brief Get the state of type of associated state object.
94 *
95 * @param this ike_sa_t object object
96 * @return state of IKE_SA
97 */
98 ike_sa_state_t (*get_state) (ike_sa_t *this);
99
100 /**
101 * @brief Destroys a ike_sa_t object.
102 *
103 * @param this ike_sa_t object
104 */
105 void (*destroy) (ike_sa_t *this);
106 };
107
108 typedef struct protected_ike_sa_t protected_ike_sa_t;
109
110
111
112 /**
113 * @brief Protected data of an ike_sa_t object.
114 *
115 * This members should only be accessed from
116 * the varius state classes.
117 *
118 * @ingroup sa
119 */
120 struct protected_ike_sa_t {
121
122 /**
123 * Public part of a ike_sa_t object
124 */
125 ike_sa_t public;
126
127 /**
128 * Builds an empty IKEv2-Message and fills in default informations.
129 *
130 * Depending on the type of message (request or response), the message id is
131 * either message_id_out or message_id_in.
132 *
133 * Used in every state.
134 *
135 * @param this calling object
136 * @param type exchange type of new message
137 * @param request TRUE, if message has to be a request
138 * @param message new message is stored at this location
139 */
140 void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
141
142 /**
143 * Initiate a new connection with given configuration name
144 *
145 * @param this calling object
146 * @param dh_shared_secret shared secret of diffie hellman exchange
147 * @param initiator_nonce nonce of initiator
148 * @param responder_nonce nonce of responder
149 */
150 void (*compute_secrets) (protected_ike_sa_t *this,chunk_t dh_shared_secret,chunk_t initiator_nonce, chunk_t responder_nonce);
151
152 /**
153 * Gets the internal stored logger_t object for given ike_sa_t object.
154 *
155 * @param this calling object
156 * @return pointer to the internal stored logger_t object
157 */
158 logger_t *(*get_logger) (protected_ike_sa_t *this);
159
160 /**
161 * Gets the internal stored init_config_t object.
162 *
163 * Returned value has to get checked for NULL value!
164 *
165 * @param this calling object
166 * @return pointer to the internal stored init_config_t object
167 */
168 init_config_t *(*get_init_config) (protected_ike_sa_t *this);
169
170 /**
171 * Sets the internal init_config_t object.
172 *
173 * @param this calling object
174 * @param init_config object of type init_config_t
175 */
176 void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
177
178 /**
179 * Gets the internal stored sa_config_t object.
180 *
181 * Returned value has to get checked for NULL value!
182 *
183 * @param this calling object
184 * @return pointer to the internal stored sa_config_t object
185 */
186 sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
187
188 /**
189 * Sets the internal sa_config_t object.
190 *
191 * @param this calling object
192 * @param sa_config object of type sa_config_t
193 */
194 void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
195
196 /**
197 * Gets the internal stored host_t object for my host.
198 *
199 * @param this calling object
200 * @return pointer to the internal stored host_t object
201 */
202 host_t *(*get_my_host) (protected_ike_sa_t *this);
203
204 /**
205 * Gets the internal stored host_t object for other host.
206 *
207 * @param this calling object
208 * @return pointer to the internal stored host_t object
209 */
210 host_t *(*get_other_host) (protected_ike_sa_t *this);
211
212 /**
213 * Sets the internal stored host_t object for my host.
214 *
215 * Allready existing object gets destroyed. object gets not cloned!
216 *
217 * @param this calling object
218 * @param my_host pointer to the new host_t object
219 */
220 void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host);
221
222 /**
223 * Sets the internal stored host_t object for other host.
224 *
225 * Allready existing object gets destroyed. object gets not cloned!
226 *
227 * @param this calling object
228 * @param other_host pointer to the new host_t object
229 */
230 void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host);
231
232 /**
233 * Creates all needed transform objects for given ike_sa_t using
234 * the informations stored in a ike_proposal_t object
235 *
236 * Allready existing objects get destroyed.
237 *
238 * @param this calling object
239 * @param proposal proposal used to get informations for transform
240 * objects (algorithms, key lengths, etc.)
241 */
242 status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
243
244 /**
245 * Sends the next request message.
246 *
247 * Also the first retransmit job is created.
248 *
249 * Stored requested message gets destroyed. object gets not cloned!
250 *
251 * @param this calling object
252 * @param message pointer to the message which should be sent
253 * @return
254 * - SUCCESS
255 * - FAILED if message id is not next expected one
256 */
257 status_t (*send_request) (protected_ike_sa_t *this,message_t * message);
258
259 /**
260 * Sends the next response message.
261 *
262 * Stored responded message gets destroyed. object gets not cloned!
263 *
264 * @param this calling object
265 * @param message pointer to the message which should be sent
266 * return
267 * - SUCCESS
268 * - FAILED if message id is not next expected one
269 */
270 status_t (*send_response) (protected_ike_sa_t *this,message_t * message);
271
272 /**
273 * Gets the internal stored randomizer_t object.
274 *
275 * @param this calling object
276 * @return pointer to the internal randomizer_t object
277 */
278 randomizer_t *(*get_randomizer) (protected_ike_sa_t *this);
279
280 /**
281 * Sets the new state_t object of the IKE_SA object.
282 *
283 * The old state_t object gets not destroyed. It's the callers duty to
284 * make sure old state is destroyed (Normally the old state is the caller ).
285 *
286 * @param this calling object
287 * @param state pointer to the new state_t object
288 */
289 void (*set_new_state) (protected_ike_sa_t *this,state_t *state);
290
291 /**
292 * Sets the last replied message id.
293 *
294 * @param this calling object
295 * @param message_id message id
296 */
297 void (*set_last_replied_message_id) (protected_ike_sa_t *this,u_int32_t message_id);
298
299 /**
300 * Gets the internal stored initiator crypter_t object.
301 *
302 * @param this calling object
303 * @return pointer to crypter_t object
304 */
305 crypter_t *(*get_crypter_initiator) (protected_ike_sa_t *this);
306
307 /**
308 * Gets the internal stored initiator signer object.
309 *
310 * @param this calling object
311 * @return pointer to signer_t object
312 */
313 signer_t *(*get_signer_initiator) (protected_ike_sa_t *this);
314
315 /**
316 * Gets the internal stored responder crypter_t object.
317 *
318 * @param this calling object
319 * @return pointer to crypter_t object
320 */
321 crypter_t *(*get_crypter_responder) (protected_ike_sa_t *this);
322
323 /**
324 * Gets the internal stored responder signer object.
325 *
326 * @param this calling object
327 * @return pointer to signer_t object
328 */
329 signer_t *(*get_signer_responder) (protected_ike_sa_t *this);
330
331 /**
332 * Gets the internal stored prf_t object.
333 *
334 * @param this calling object
335 * @return pointer to prf_t object
336 */
337 prf_t *(*get_prf) (protected_ike_sa_t *this);
338
339 /**
340 * Gets the last responded message.
341 *
342 * @param this calling object
343 * @return
344 * - last received as message_t object
345 * - NULL if no last request available
346 */
347 message_t *(*get_last_responded_message) (protected_ike_sa_t *this);
348
349 /**
350 * Gets the last requested message.
351 *
352 * @param this calling object
353 * @return
354 * - last sent as message_t object
355 * - NULL if no last request available
356 */
357 message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
358
359
360 /**
361 * Gets the Shared key SK_pr.
362 *
363 * Returned value is not cloned!
364 *
365 * @param this calling object
366 * @return SK_pr key
367 */
368 chunk_t (*get_key_pr) (protected_ike_sa_t *this);
369
370 /**
371 * Gets the Shared key SK_pi.
372 *
373 * Returned value is not cloned!
374 *
375 * @param this calling object
376 * @return SK_pr key
377 */
378 chunk_t (*get_key_pi) (protected_ike_sa_t *this);
379
380 /**
381 * Resets message id counters and does destroy stored received and sent messages.
382 *
383 * @param this calling object
384 */
385 void (*reset_message_buffers) (protected_ike_sa_t *this);
386
387 /**
388 * Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA.
389 *
390 *
391 * @param this calling object
392 * @param timeout timeout after the IKE_SA gets deleted
393 *
394 */
395 void (*create_delete_established_ike_sa_job) (protected_ike_sa_t *this,u_int32_t timeout);
396 };
397
398
399
400 /**
401 * Creates an ike_sa_t object with a specific ike_sa_id_t object
402 *
403 * @param[in] ike_sa_id ike_sa_id_t object to associate with new IKE_SA.
404 * The object is internal getting cloned
405 * and so has to be destroyed by the caller.
406 *
407 * @warning the Content of internal ike_sa_id_t object can change over time
408 * e.g. when a IKE_SA_INIT has been finished.
409 *
410 * @return created ike_sa_t object
411 *
412 * @ingroup sa
413 */
414 ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id);
415
416 #endif /*IKE_SA_H_*/