28c4d9948b21d63b79aa7f2d8363c384d05cbe2e
[strongswan.git] / src / charon-tkm / src / tkm / tkm_types.h
1 /*
2 * Copyright (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #ifndef TKM_TYPES_H_
18 #define TKM_TYPES_H_
19
20 #include <tkm/types.h>
21 #include <utils/chunk.h>
22
23 typedef struct esa_info_t esa_info_t;
24
25 /**
26 * ESP SA info data structure.
27 *
28 * This type is used to transfer ESA information from the keymat
29 * derive_child_keys to the kernel IPsec interface add_sa operation. This is
30 * necessary because the CHILD SA key derivation and installation is handled
31 * by a single exchange with the TKM (esa_create*) in add_sa.
32 * For this purpose the out parameters encr_i and encr_r of the
33 * derive_child_keys function are (ab)used and the data is stored in these
34 * data chunks. This is possible since the child SA keys are treated as opaque
35 * values and handed to the add_sa procedure of the kernel interface as-is
36 * without any processing.
37 */
38 struct esa_info_t {
39
40 /**
41 * ISA context id.
42 */
43 isa_id_type isa_id;
44
45 /**
46 * Responder SPI of child SA.
47 */
48 esp_spi_type spi_r;
49
50 /**
51 * Initiator nonce.
52 */
53 chunk_t nonce_i;
54
55 /**
56 * Responder nonce.
57 */
58 chunk_t nonce_r;
59
60 /**
61 * Flag specifying if this esa info struct is contained in encr_r.
62 * It is set to TRUE for encr_r and FALSE for encr_i.
63 */
64 bool is_encr_r;
65
66 /**
67 * Diffie-Hellman context id.
68 */
69 dh_id_type dh_id;
70
71 };
72
73 typedef struct isa_info_t isa_info_t;
74
75 /**
76 * IKE SA info data structure.
77 * This type is used to transfer ISA information from the keymat of the parent
78 * SA to the keymat of the new IKE SA. For this purpose the skd data chunk is
79 * (ab)used. This is possible since the sk_d chunk is treated as an opaque value
80 * and handed to the derive_ike_keys procedure of the new keymat as-is without
81 * any processing.
82 */
83 struct isa_info_t {
84
85 /**
86 * Parent isa context id.
87 */
88 isa_id_type parent_isa_id;
89
90 /**
91 * Authenticated endpoint context id.
92 */
93 ae_id_type ae_id;
94
95 };
96
97 #endif /** TKM_TYPES_H_ */