- changed build order to fix build error after distclean
[strongswan.git] / src / charon / config / connections / connection.h
1 /**
2 * @file connection.h
3 *
4 * @brief Interface of connection_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef CONNECTION_H_
24 #define CONNECTION_H_
25
26 #include <types.h>
27 #include <utils/host.h>
28 #include <utils/linked_list.h>
29 #include <utils/identification.h>
30 #include <config/proposal.h>
31 #include <crypto/diffie_hellman.h>
32
33
34 typedef enum auth_method_t auth_method_t;
35
36 /**
37 * AUTH Method to use.
38 *
39 * @ingroup config
40 */
41 enum auth_method_t {
42 /**
43 * Computed as specified in section 2.15 of RFC using
44 * an RSA private key over a PKCS#1 padded hash.
45 */
46 RSA_DIGITAL_SIGNATURE = 1,
47
48 /**
49 * Computed as specified in section 2.15 of RFC using the
50 * shared key associated with the identity in the ID payload
51 * and the negotiated prf function
52 */
53 SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
54
55 /**
56 * Computed as specified in section 2.15 of RFC using a
57 * DSS private key over a SHA-1 hash.
58 */
59 DSS_DIGITAL_SIGNATURE = 3,
60 };
61
62 /**
63 * string mappings for auth method.
64 *
65 * @ingroup config
66 */
67 extern mapping_t auth_method_m[];
68
69
70 typedef struct connection_t connection_t;
71
72 /**
73 * @brief A connection_t defines the rules to set up an IKE_SA.
74 *
75 *
76 * @b Constructors:
77 * - connection_create()
78 *
79 * @ingroup config
80 */
81 struct connection_t {
82
83 /**
84 * @brief Get my ID for this connection.
85 *
86 * Object is NOT getting cloned.
87 *
88 * @param this calling object
89 * @return host information as identification_t object
90 */
91 identification_t *(*get_my_id) (connection_t *this);
92
93 /**
94 * @brief Get others ID for this connection.
95 *
96 * Object is NOT getting cloned.
97 *
98 * @param this calling object
99 * @return host information as identification_t object
100 */
101 identification_t *(*get_other_id) (connection_t *this);
102
103 /**
104 * @brief Get my address as host_t object.
105 *
106 * Object is NOT getting cloned.
107 *
108 * @param this calling object
109 * @return host information as host_t object
110 */
111 host_t *(*get_my_host) (connection_t *this);
112
113 /**
114 * @brief Get others address as host_t object.
115 *
116 * Object is NOT getting cloned.
117 *
118 * @param this calling object
119 * @return host information as host_t object
120 */
121 host_t *(*get_other_host) (connection_t *this);
122
123 /**
124 * @brief Update address of my host.
125 *
126 * It may be necessary to uptdate own address, as it
127 * is set to the default route (0.0.0.0) in some cases.
128 * Old host is destroyed, new one NOT cloned.
129 *
130 * @param this calling object
131 * @param my_host new host to set as my_host
132 */
133 void (*update_my_host) (connection_t *this, host_t *my_host);
134
135 /**
136 * @brief Update address of remote host.
137 *
138 * It may be necessary to uptdate remote address, as a
139 * connection may define %any (0.0.0.0) or a subnet.
140 * Old host is destroyed, new one NOT cloned.
141 *
142 * @param this calling object
143 * @param my_host new host to set as other_host
144 */
145 void (*update_other_host) (connection_t *this, host_t *other_host);
146
147 /**
148 * @brief Update own ID.
149 *
150 * It may be necessary to uptdate own ID, as it
151 * is set to %any or to e.g. *@strongswan.org in
152 * some cases.
153 * Old ID is destroyed, new one NOT cloned.
154 *
155 * @param this calling object
156 * @param my_id new ID to set as my_id
157 */
158 void (*update_my_id) (connection_t *this, identification_t *my_id);
159
160 /**
161 * @brief Update others ID.
162 *
163 * It may be necessary to uptdate others ID, as it
164 * is set to %any or to e.g. *@strongswan.org in
165 * some cases.
166 * Old ID is destroyed, new one NOT cloned.
167 *
168 * @param this calling object
169 * @param other_id new ID to set as other_id
170 */
171 void (*update_other_id) (connection_t *this, identification_t *other_id);
172
173 /**
174 * @brief Returns a list of all supported proposals.
175 *
176 * Returned list is still owned by connection and MUST NOT
177 * modified or destroyed.
178 *
179 * @param this calling object
180 * @return list containing all the proposals
181 */
182 linked_list_t *(*get_proposals) (connection_t *this);
183
184 /**
185 * @brief Adds a proposal to the list.
186 *
187 * The first added proposal has the highest priority, the last
188 * added the lowest.
189 *
190 * @param this calling object
191 * @param proposal proposal to add
192 */
193 void (*add_proposal) (connection_t *this, proposal_t *proposal);
194
195 /**
196 * @brief Select a proposed from suggested proposals.
197 *
198 * Returned proposal must be destroyed after usage.
199 *
200 * @param this calling object
201 * @param proposals list of proposals to select from
202 * @return selected proposal, or NULL if none matches.
203 */
204 proposal_t *(*select_proposal) (connection_t *this, linked_list_t *proposals);
205
206 /**
207 * @brief Get the authentication method to use
208 *
209 * @param this calling object
210 * @return authentication method
211 */
212 auth_method_t (*get_auth_method) (connection_t *this);
213
214 /**
215 * @brief Get the connection name.
216 *
217 * Name must not be freed, since it points to
218 * internal data.
219 *
220 * @param this calling object
221 * @return name of the connection
222 */
223 char* (*get_name) (connection_t *this);
224
225 /**
226 * @brief Get the DH group to use for connection initialization.
227 *
228 * @param this calling object
229 * @return dh group to use for initialization
230 */
231 diffie_hellman_group_t (*get_dh_group) (connection_t *this);
232
233 /**
234 * @brief Check if a suggested dh group is acceptable.
235 *
236 * If we guess a wrong DH group for IKE_SA_INIT, the other
237 * peer will send us a offer. But is this acceptable for us?
238 *
239 * @param this calling object
240 * @return TRUE if group acceptable
241 */
242 bool (*check_dh_group) (connection_t *this, diffie_hellman_group_t dh_group);
243
244 /**
245 * @brief Clone a connection_t object.
246 *
247 * @param this connection to clone
248 * @return clone of it
249 */
250 connection_t *(*clone) (connection_t *this);
251
252 /**
253 * @brief Destroys a connection_t object.
254 *
255 * @param this calling object
256 */
257 void (*destroy) (connection_t *this);
258 };
259
260 /**
261 * @brief Creates a connection_t object.
262 *
263 * Supplied hosts/IDs become owned by connection, so
264 * do not modify or destroy them after a call to
265 * connection_create(). Name gets cloned internally.
266 *
267 * @param name connection identifier
268 * @param my_host host_t representing local address
269 * @param other_host host_t representing remote address
270 * @param my_id identification_t for me
271 * @param other_id identification_t for other
272 * @param auth_method Authentication method to use for our(!) auth data
273 * @return connection_t object.
274 *
275 * @ingroup config
276 */
277 connection_t * connection_create(char *name,
278 host_t *my_host, host_t *other_host,
279 identification_t *my_id,
280 identification_t *other_id,
281 auth_method_t auth_method);
282
283 #endif /* CONNECTION_H_ */