Add AUTH signature info data structure
[strongswan.git] / src / charon-tkm / src / tkm / tkm_types.h
1 /*
2 * Copyright (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #ifndef TKM_TYPES_H_
18 #define TKM_TYPES_H_
19
20 #include <tkm/types.h>
21 #include <utils/chunk.h>
22
23 typedef struct esa_info_t esa_info_t;
24
25 /**
26 * ESP SA info data structure.
27 *
28 * This type is used to transfer ESA information from the keymat
29 * derive_child_keys to the kernel IPsec interface add_sa operation. This is
30 * necessary because the CHILD SA key derivation and installation is handled
31 * by a single exchange with the TKM (esa_create*) in add_sa.
32 * For this purpose the out parameters encr_i and encr_r of the
33 * derive_child_keys function are (ab)used and the data is stored in these
34 * data chunks. This is possible since the child SA keys are treated as opaque
35 * values and handed to the add_sa procedure of the kernel interface as-is
36 * without any processing.
37 */
38 struct esa_info_t {
39
40 /**
41 * ISA context id.
42 */
43 isa_id_type isa_id;
44
45 /**
46 * Responder SPI of child SA.
47 */
48 esp_spi_type spi_r;
49
50 /**
51 * Initiator nonce.
52 */
53 chunk_t nonce_i;
54
55 /**
56 * Responder nonce.
57 */
58 chunk_t nonce_r;
59
60 /**
61 * Flag specifying if this esa info struct is contained in encr_r.
62 * It is set to TRUE for encr_r and FALSE for encr_i.
63 */
64 bool is_encr_r;
65
66 /**
67 * Diffie-Hellman context id.
68 */
69 dh_id_type dh_id;
70
71 };
72
73 typedef struct isa_info_t isa_info_t;
74
75 /**
76 * IKE SA info data structure.
77 *
78 * This type is used to transfer ISA information from the keymat of the parent
79 * SA to the keymat of the new IKE SA. For this purpose the skd data chunk is
80 * (ab)used. This is possible since the sk_d chunk is treated as an opaque value
81 * and handed to the derive_ike_keys procedure of the new keymat as-is without
82 * any processing.
83 */
84 struct isa_info_t {
85
86 /**
87 * Parent isa context id.
88 */
89 isa_id_type parent_isa_id;
90
91 /**
92 * Authenticated endpoint context id.
93 */
94 ae_id_type ae_id;
95
96 };
97
98 typedef struct sign_info_t sign_info_t;
99
100 /**
101 * AUTH signature info data structure.
102 *
103 * This type is used to transfer an ISA context id and the initial message
104 * from the keymat to the TKM private key sign operation. For this purpose the
105 * auth octets chunk is (ab)used and the data is stored in this chunk.
106 * This is possible since the auth octets are treated as opaque value and handed
107 * to the private key sign function as-is without any processing.
108 */
109 struct sign_info_t {
110
111 /**
112 * ISA context id.
113 */
114 isa_id_type isa_id;
115
116 /**
117 * Init message.
118 */
119 chunk_t init_message;
120
121 };
122
123 #endif /** TKM_TYPES_H_ */