src/charon/config/connections/connection.h

   1 /**
   2  * @file connection.h
   3  *
   4  * @brief Interface of connection_t.
   5  *
   6  */
   7
   8 /*
   9  * Copyright (C) 2005 Jan Hutter, Martin Willi
  10  * Hochschule fuer Technik Rapperswil
  11  *
  12  * This program is free software; you can redistribute it and/or modify it
  13  * under the terms of the GNU General Public License as published by the
  14  * Free Software Foundation; either version 2 of the License, or (at your
  15  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  16  *
  17  * This program is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  19  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  20  * for more details.
  21  */
  22
  23 #ifndef CONNECTION_H_
  24 #define CONNECTION_H_
  25
  26 #include <types.h>
  27 #include <utils/host.h>
  28 #include <utils/linked_list.h>
  29 #include <utils/identification.h>
  30 #include <config/proposal.h>
  31 #include <crypto/diffie_hellman.h>
  32
  33
  34 typedef enum auth_method_t auth_method_t;
  35
  36 /**
  37  * AUTH Method to use.
  38  *
  39  * @ingroup config
  40  */
  41 enum auth_method_t {
  42         /**
  43          * Computed as specified in section 2.15 of RFC using
  44          * an RSA private key over a PKCS#1 padded hash.
  45          */
  46         RSA_DIGITAL_SIGNATURE = 1,
  47
  48         /**
  49          * Computed as specified in section 2.15 of RFC using the
  50          * shared key associated with the identity in the ID payload
  51          * and the negotiated prf function
  52          */
  53         SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
  54
  55         /**
  56          * Computed as specified in section 2.15 of RFC using a
  57          * DSS private key over a SHA-1 hash.
  58          */
  59         DSS_DIGITAL_SIGNATURE = 3,
  60 };
  61
  62 /**
  63  * string mappings for auth method.
  64  *
  65  * @ingroup config
  66  */
  67 extern mapping_t auth_method_m[];
  68
  69
  70 typedef struct connection_t connection_t;
  71
  72 /**
  73  * @brief A connection_t defines the rules to set up an IKE_SA.
  74  *
  75  *
  76  * @b Constructors:
  77  *  - connection_create()
  78  *
  79  * @ingroup config
  80  */
  81 struct connection_t {
  82
  83         /**
  84          * @brief Get my ID for this connection.
  85          *
  86          * Object is NOT getting cloned.
  87          *
  88          * @param this  calling object
  89          * @return              host information as identification_t object
  90          */
  91         identification_t *(*get_my_id) (connection_t *this);
  92
  93         /**
  94          * @brief Get others ID for this connection.
  95          *
  96          * Object is NOT getting cloned.
  97          *
  98          * @param this  calling object
  99          * @return              host information as identification_t object
 100          */
 101         identification_t *(*get_other_id) (connection_t *this);
 102
 103         /**
 104          * @brief Get my address as host_t object.
 105          *
 106          * Object is NOT getting cloned.
 107          *
 108          * @param this  calling object
 109          * @return              host information as host_t object
 110          */
 111         host_t *(*get_my_host) (connection_t *this);
 112
 113         /**
 114          * @brief Get others address as host_t object.
 115          *
 116          * Object is NOT getting cloned.
 117          *
 118          * @param this  calling object
 119          * @return              host information as host_t object
 120          */
 121         host_t *(*get_other_host) (connection_t *this);
 122
 123         /**
 124          * @brief Update address of my host.
 125          *
 126          * It may be necessary to uptdate own address, as it
 127          * is set to the default route (0.0.0.0) in some cases.
 128          * Old host is destroyed, new one NOT cloned.
 129          *
 130          * @param this          calling object
 131          * @param my_host       new host to set as my_host
 132          */
 133         void (*update_my_host) (connection_t *this, host_t *my_host);
 134
 135         /**
 136          * @brief Update address of remote host.
 137          *
 138          * It may be necessary to uptdate remote address, as a
 139          * connection may define %any (0.0.0.0) or a subnet.
 140          * Old host is destroyed, new one NOT cloned.
 141          *
 142          * @param this          calling object
 143          * @param my_host       new host to set as other_host
 144          */
 145         void (*update_other_host) (connection_t *this, host_t *other_host);
 146
 147         /**
 148          * @brief Update own ID.
 149          *
 150          * It may be necessary to uptdate own ID, as it
 151          * is set to %any or to e.g. *@strongswan.org in
 152          * some cases.
 153          * Old ID is destroyed, new one NOT cloned.
 154          *
 155          * @param this          calling object
 156          * @param my_id         new ID to set as my_id
 157          */
 158         void (*update_my_id) (connection_t *this, identification_t *my_id);
 159
 160         /**
 161          * @brief Update others ID.
 162          *
 163          * It may be necessary to uptdate others ID, as it
 164          * is set to %any or to e.g. *@strongswan.org in
 165          * some cases.
 166          * Old ID is destroyed, new one NOT cloned.
 167          *
 168          * @param this          calling object
 169          * @param other_id      new ID to set as other_id
 170          */
 171         void (*update_other_id) (connection_t *this, identification_t *other_id);
 172
 173         /**
 174          * @brief Returns a list of all supported proposals.
 175          *
 176          * Returned list is still owned by connection and MUST NOT
 177          * modified or destroyed.
 178          *
 179          * @param this                          calling object
 180          * @return                                      list containing all the proposals
 181          */
 182         linked_list_t *(*get_proposals) (connection_t *this);
 183
 184         /**
 185          * @brief Adds a proposal to the list.
 186          *
 187          * The first added proposal has the highest priority, the last
 188          * added the lowest.
 189          *
 190          * @param this                          calling object
 191          * @param proposal                      proposal to add
 192          */
 193         void (*add_proposal) (connection_t *this, proposal_t *proposal);
 194
 195         /**
 196          * @brief Select a proposed from suggested proposals.
 197          *
 198          * Returned proposal must be destroyed after usage.
 199          *
 200          * @param this                                  calling object
 201          * @param proposals                             list of proposals to select from
 202          * @return                                              selected proposal, or NULL if none matches.
 203          */
 204         proposal_t *(*select_proposal) (connection_t *this, linked_list_t *proposals);
 205
 206         /**
 207          * @brief Get the authentication method to use
 208          *
 209          * @param this                  calling object
 210          * @return                              authentication method
 211          */
 212         auth_method_t (*get_auth_method) (connection_t *this);
 213
 214         /**
 215          * @brief Get the connection name.
 216          *
 217          * Name must not be freed, since it points to
 218          * internal data.
 219          *
 220          * @param this                  calling object
 221          * @return                              name of the connection
 222          */
 223         char* (*get_name) (connection_t *this);
 224
 225         /**
 226          * @brief Check if the connection is marked as an IKEv2 connection.
 227          *
 228          * Since all connections (IKEv1+2) are loaded, but charon handles
 229          * only those marked with IKEv2, this flag can tell us if we must
 230          * ignore a connection on initiaton. Then pluto will do it for us.
 231          *
 232          * @param this                                  calling object
 233          * @return                                              - TRUE, if this is an IKEv2 connection
 234          */
 235         bool (*is_ikev2) (connection_t *this);
 236
 237         /**
 238          * @brief Get the DH group to use for connection initialization.
 239          *
 240          * @param this                                  calling object
 241          * @return                                              dh group to use for initialization
 242          */
 243         diffie_hellman_group_t (*get_dh_group) (connection_t *this);
 244
 245         /**
 246          * @brief Check if a suggested dh group is acceptable.
 247          *
 248          * If we guess a wrong DH group for IKE_SA_INIT, the other
 249          * peer will send us a offer. But is this acceptable for us?
 250          *
 251          * @param this                                  calling object
 252          * @return                                              TRUE if group acceptable
 253          */
 254         bool (*check_dh_group) (connection_t *this, diffie_hellman_group_t dh_group);
 255
 256         /**
 257          * @brief Clone a connection_t object.
 258          *
 259          * @param this  connection to clone
 260          * @return              clone of it
 261          */
 262         connection_t *(*clone) (connection_t *this);
 263
 264         /**
 265          * @brief Destroys a connection_t object.
 266          *
 267          * @param this  calling object
 268          */
 269         void (*destroy) (connection_t *this);
 270 };
 271
 272 /**
 273  * @brief Creates a connection_t object.
 274  *
 275  * Supplied hosts/IDs become owned by connection, so
 276  * do not modify or destroy them after a call to
 277  * connection_create(). Name gets cloned internally.
 278  *
 279  * @param name                  connection identifier
 280  * @param ikev2                 TRUE if this is an IKEv2 connection
 281  * @param my_host               host_t representing local address
 282  * @param other_host    host_t representing remote address
 283  * @param my_id                 identification_t for me
 284  * @param other_id              identification_t for other
 285  * @param auth_method   Authentication method to use for our(!) auth data
 286  * @return                              connection_t object.
 287  *
 288  * @ingroup config
 289  */
 290 connection_t * connection_create(char *name,
 291                                                                  bool ikev2,
 292                                                                  host_t *my_host, host_t *other_host,
 293                                                                  identification_t *my_id,
 294                                                                  identification_t *other_id,
 295                                                                  auth_method_t auth_method);
 296
 297 #endif /* CONNECTION_H_ */