vici: Fix refcount for CA certificates when reloading authority sections
[strongswan.git] / src / charon-tkm / src / tkm / tkm.h
1 /*
2 * Copyright (C) 2012-2014 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup tkm tkm
19 *
20 * @addtogroup tkm
21 * @{
22 *
23 * Untrusted IKEv2 component used with Trusted Key Manager for IKE
24 * disaggregation.
25 *
26 * The untrusted IKEv2 component used in conjunction with the Trusted Key
27 * Manager infrastructure is implemented as a separate charon instance located
28 * in its own directory below the strongSwan top-level source directory
29 * (src/charon-tkm). This has the advantage that the TKM code is contained and
30 * does not mix with other strongSwan files. The charon-tkm binary startup code
31 * is modeled after the charon-nm instance, a special charon daemon variant to
32 * be used with the GNOME NetworkManager project. The major difference is the
33 * registration of custom TKM plugins as the final step of the startup phase.
34 * The charon-tkm daemon does not rely on the dynamic plugin loading mechanism
35 * for its core plugins, they are statically registered before entering the main
36 * processing loop.
37 *
38 * The following diagram shows the main components of the system and how they
39 * communicate.
40 @verbatim
41
42 +------------+ +------------+ +------------+
43 | xfrm-proxy |<-[tkm-rpc->| charon-tkm |<-[tkm-rpc]->| TKM |
44 +------------+ +------------+ +------------+
45 ^ ^
46 [Netlink | XFRM] [XFRM | Netlink]
47 | v
48 +-----------------------------------------------------------------+
49 | Kernel |
50 +-----------------------------------------------------------------+
51
52 @endverbatim
53 * Since the charon-tkm code uses the tkm-rpc library written in Ada, the daemon
54 * has to be built using an Ada-aware toolchain. The integration of Ada code
55 * into the strongSwan codebase is explained in the TKM documentation, section
56 * 5.4.1: http://www.codelabs.ch/tkm#anchor-doc.
57 *
58 * The Trusted Key Manager (TKM) is a minimal Trusted Computing Base which
59 * implements security-critical functions of the IKEv2 protocol.
60 *
61 * The xfrm-proxy receives XFRM Acquire and Expiry events from the kernel and
62 * forwards them to the charon-tkm IKE daemon for further processing.
63 *
64 * The underlying concept of IKE disaggregation and the design of TKM and all
65 * related components, of which charon-tkm is one component, is presented in
66 * detail in the project documentation found at
67 * http://www.codelabs.ch/tkm#anchor-doc.
68 */
69
70 #ifndef TKM_H_
71 #define TKM_H_
72
73 #include "tkm_id_manager.h"
74 #include "tkm_chunk_map.h"
75 #include "tkm_kernel_sad.h"
76
77 typedef struct tkm_t tkm_t;
78
79 /**
80 * Trusted key manager context, contains tkm related globals.
81 */
82 struct tkm_t {
83
84 /**
85 * Context ID manager.
86 */
87 tkm_id_manager_t *idmgr;
88
89 /**
90 * Chunk-to-ID mappings.
91 */
92 tkm_chunk_map_t *chunk_map;
93
94 /**
95 * CHILD/ESP SA database.
96 */
97 tkm_kernel_sad_t *sad;
98
99 };
100
101 /**
102 * Initialize trusted key manager, creates "tkm" instance.
103 *
104 * @return FALSE if initialization error occurred
105 */
106 bool tkm_init();
107
108 /**
109 * Deinitialize trusted key manager, destroys "tkm" instance.
110 */
111 void tkm_deinit();
112
113 /**
114 * Trusted key manager instance, set after tkm_init() and before tkm_deinit()
115 * calls.
116 */
117 extern tkm_t *tkm;
118
119 #endif /** TKM_H_ @}*/