fixed CHILD_SA proposal selection when not using DH exchange
[strongswan.git] / src / charon / config / ike_cfg.h
1 /**
2 * @file ike_cfg.h
3 *
4 * @brief Interface of ike_cfg_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2007 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef IKE_CFG_H_
25 #define IKE_CFG_H_
26
27 typedef struct ike_cfg_t ike_cfg_t;
28
29 #include <library.h>
30 #include <utils/host.h>
31 #include <utils/linked_list.h>
32 #include <utils/identification.h>
33 #include <config/proposal.h>
34 #include <crypto/diffie_hellman.h>
35
36 /**
37 * @brief An ike_cfg_t defines the rules to set up an IKE_SA.
38 *
39 * @see peer_cfg_t to get an overview over the configurations.
40 *
41 * @b Constructors:
42 * - ike_cfg_create()
43 *
44 * @ingroup config
45 */
46 struct ike_cfg_t {
47
48 /**
49 * @brief Get own address.
50 *
51 * @param this calling object
52 * @return host information as host_t object
53 */
54 host_t* (*get_my_host) (ike_cfg_t *this);
55
56 /**
57 * @brief Get peers address.
58 *
59 * @param this calling object
60 * @return host information as host_t object
61 */
62 host_t* (*get_other_host) (ike_cfg_t *this);
63
64 /**
65 * @brief Adds a proposal to the list.
66 *
67 * The first added proposal has the highest priority, the last
68 * added the lowest.
69 *
70 * @param this calling object
71 * @param proposal proposal to add
72 */
73 void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
74
75 /**
76 * @brief Returns a list of all supported proposals.
77 *
78 * Returned list and its proposals must be destroyed after use.
79 *
80 * @param this calling object
81 * @return list containing all the proposals
82 */
83 linked_list_t* (*get_proposals) (ike_cfg_t *this);
84
85 /**
86 * @brief Select a proposed from suggested proposals.
87 *
88 * Returned proposal must be destroyed after use.
89 *
90 * @param this calling object
91 * @param proposals list of proposals to select from
92 * @return selected proposal, or NULL if none matches.
93 */
94 proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals);
95
96 /**
97 * @brief Should we send a certificate request in IKE_SA_INIT?
98 *
99 * @param this calling object
100 * @return certificate request sending policy
101 */
102 bool (*send_certreq) (ike_cfg_t *this);
103
104 /**
105 * @brief Get the DH group to use for IKE_SA setup.
106 *
107 * @param this calling object
108 * @return dh group to use for initialization
109 */
110 diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
111
112 /**
113 * @brief Get a new reference to this ike_cfg.
114 *
115 * Get a new reference to this ike_cfg by increasing
116 * it's internal reference counter.
117 * Do not call get_ref or any other function until you
118 * already have a reference. Otherwise the object may get
119 * destroyed while calling get_ref(),
120 *
121 * @param this calling object
122 */
123 void (*get_ref) (ike_cfg_t *this);
124
125 /**
126 * @brief Destroys a ike_cfg_t object.
127 *
128 * Decrements the internal reference counter and
129 * destroys the ike_cfg when it reaches zero.
130 *
131 * @param this calling object
132 */
133 void (*destroy) (ike_cfg_t *this);
134 };
135
136 /**
137 * @brief Creates a ike_cfg_t object.
138 *
139 * Supplied hosts become owned by ike_cfg, the name gets cloned.
140 *
141 * @param name ike_cfg identifier
142 * @param certreq TRUE to send a certificate request
143 * @param my_host host_t representing local address
144 * @param other_host host_t representing remote address
145 * @return ike_cfg_t object.
146 *
147 * @ingroup config
148 */
149 ike_cfg_t *ike_cfg_create(bool certreq, host_t *my_host, host_t *other_host);
150
151 #endif /* IKE_CFG_H_ */