nonceg: Insert id mapping when allocating nonce
[strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.h
1 /*
2 * Copyright (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #ifndef TKM_KEYMAT_H_
18 #define TKM_KEYMAT_H_
19
20 #include <sa/keymat.h>
21
22 typedef struct tkm_keymat_t tkm_keymat_t;
23
24 /**
25 * Derivation and management of sensitive keying material, TKM variant.
26 */
27 struct tkm_keymat_t {
28
29 /**
30 * Implements keymat_t.
31 */
32 keymat_t keymat;
33
34 /**
35 * Use TKM to derive IKE key material.
36 *
37 * @param proposal selected algorithms
38 * @param dh diffie hellman key allocated by create_dh()
39 * @param nonce_i initiators nonce value
40 * @param nonce_r responders nonce value
41 * @param id IKE_SA identifier
42 * @param rekey_prf PRF of old SA if rekeying, PRF_UNDEFINED otherwise
43 * @param rekey_skd SKd of old SA if rekeying
44 * @return TRUE on success
45 */
46 bool (*derive_ike_keys)(tkm_keymat_t *this, proposal_t *proposal,
47 diffie_hellman_t *dh, chunk_t nonce_i,
48 chunk_t nonce_r, ike_sa_id_t *id,
49 pseudo_random_function_t rekey_function,
50 chunk_t rekey_skd);
51
52 /**
53 * Use TKM to derive child key material.
54 *
55 * @param proposal selected algorithms
56 * @param dh diffie hellman key allocated by create_dh(), or NULL
57 * @param nonce_i initiators nonce value
58 * @param nonce_r responders nonce value
59 * @param encr_i handle to initiators encryption key
60 * @param integ_i handle to initiators integrity key
61 * @param encr_r handle to responders encryption key
62 * @param integ_r handle to responders integrity key
63 * @return TRUE on success
64 */
65 bool (*derive_child_keys)(tkm_keymat_t *this,
66 proposal_t *proposal, diffie_hellman_t *dh,
67 chunk_t nonce_i, chunk_t nonce_r,
68 chunk_t *encr_i, chunk_t *integ_i,
69 chunk_t *encr_r, chunk_t *integ_r);
70
71 /**
72 * Use TKM to generate auth octets.
73 *
74 * @param verify TRUE to create for verfification, FALSE to sign
75 * @param ike_sa_init encoded ike_sa_init message
76 * @param nonce nonce value
77 * @param id identity
78 * @param reserved reserved bytes of id_payload
79 * @param octests chunk receiving allocated auth octets
80 * @return TRUE if octets created successfully
81 */
82 bool (*get_auth_octets)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
83 chunk_t nonce, identification_t *id,
84 char reserved[3], chunk_t *octets);
85
86 /**
87 * Get SKd and PRF to derive keymat.
88 *
89 * @param skd chunk to write SKd to (internal data)
90 * @return PRF function to derive keymat
91 */
92 pseudo_random_function_t (*get_skd)(tkm_keymat_t *this, chunk_t *skd);
93
94 /**
95 * Build the shared secret signature used for PSK and EAP authentication.
96 *
97 * @param verify TRUE to create for verfification, FALSE to sign
98 * @param ike_sa_init encoded ike_sa_init message
99 * @param nonce nonce value
100 * @param secret optional secret to include into signature
101 * @param id identity
102 * @param reserved reserved bytes of id_payload
103 * @param sign chunk receiving allocated signature octets
104 * @return TRUE if signature created successfully
105 */
106 bool (*get_psk_sig)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
107 chunk_t nonce, chunk_t secret,
108 identification_t *id, char reserved[3], chunk_t *sig);
109 };
110
111 /**
112 * Create TKM keymat instance.
113 *
114 * @param initiator TRUE if we are the initiator
115 * @return keymat instance
116 */
117 tkm_keymat_t *tkm_keymat_create(bool initiator);
118
119 #endif /** KEYMAT_TKM_H_ */