0f3559012b879ac54c39cc3ff51aa08d465b0591
[strongswan.git] / src / charon / config / proposal.h
1 /*
2 * Copyright (C) 2006 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 /**
19 * @defgroup proposal proposal
20 * @{ @ingroup config
21 */
22
23 #ifndef PROPOSAL_H_
24 #define PROPOSAL_H_
25
26 typedef enum protocol_id_t protocol_id_t;
27 typedef enum transform_type_t transform_type_t;
28 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
29 typedef struct algorithm_t algorithm_t;
30 typedef struct proposal_t proposal_t;
31
32 #include <library.h>
33 #include <utils/identification.h>
34 #include <utils/linked_list.h>
35 #include <utils/host.h>
36 #include <crypto/crypters/crypter.h>
37 #include <crypto/signers/signer.h>
38 #include <crypto/diffie_hellman.h>
39 #include <config/traffic_selector.h>
40
41 /**
42 * Protocol ID of a proposal.
43 */
44 enum protocol_id_t {
45 PROTO_NONE = 0,
46 PROTO_IKE = 1,
47 PROTO_AH = 2,
48 PROTO_ESP = 3,
49 };
50
51 /**
52 * enum names for protocol_id_t
53 */
54 extern enum_name_t *protocol_id_names;
55
56
57 /**
58 * Type of a transform, as in IKEv2 RFC 3.3.2.
59 */
60 enum transform_type_t {
61 UNDEFINED_TRANSFORM_TYPE = 241,
62 ENCRYPTION_ALGORITHM = 1,
63 PSEUDO_RANDOM_FUNCTION = 2,
64 INTEGRITY_ALGORITHM = 3,
65 DIFFIE_HELLMAN_GROUP = 4,
66 EXTENDED_SEQUENCE_NUMBERS = 5
67 };
68
69 /**
70 * enum names for transform_type_t.
71 */
72 extern enum_name_t *transform_type_names;
73
74
75 /**
76 * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
77 */
78 enum extended_sequence_numbers_t {
79 NO_EXT_SEQ_NUMBERS = 0,
80 EXT_SEQ_NUMBERS = 1
81 };
82
83 /**
84 * enum strings for extended_sequence_numbers_t.
85 */
86 extern enum_name_t *extended_sequence_numbers_names;
87
88
89
90 /**
91 * Struct used to store different kinds of algorithms. The internal
92 * lists of algorithms contain such structures.
93 */
94 struct algorithm_t {
95 /**
96 * Value from an encryption_algorithm_t/integrity_algorithm_t/...
97 */
98 u_int16_t algorithm;
99
100 /**
101 * the associated key size in bits, or zero if not needed
102 */
103 u_int16_t key_size;
104 };
105
106 /**
107 * Stores a set of algorithms used for an SA.
108 *
109 * A proposal stores algorithms for a specific
110 * protocol. It can store algorithms for one protocol.
111 * Proposals with multiple protocols are not supported,
112 * as it's not specified in RFC4301 anymore.
113 */
114 struct proposal_t {
115
116 /**
117 * Add an algorithm to the proposal.
118 *
119 * The algorithms are stored by priority, first added
120 * is the most preferred.
121 * Key size is only needed for encryption algorithms
122 * with variable key size (such as AES). Must be set
123 * to zero if key size is not specified.
124 * The alg parameter accepts encryption_algorithm_t,
125 * integrity_algorithm_t, dh_group_number_t and
126 * extended_sequence_numbers_t.
127 *
128 * @param type kind of algorithm
129 * @param alg identifier for algorithm
130 * @param key_size key size to use
131 */
132 void (*add_algorithm) (proposal_t *this, transform_type_t type, u_int16_t alg, size_t key_size);
133
134 /**
135 * Get an iterator over algorithms for a specifc algo type.
136 *
137 * @param type kind of algorithm
138 * @return iterator over algorithm_t's
139 */
140 iterator_t *(*create_algorithm_iterator) (proposal_t *this, transform_type_t type);
141
142 /**
143 * Get the algorithm for a type to use.
144 *
145 * If there are multiple algorithms, only the first is returned.
146 *
147 * @param type kind of algorithm
148 * @param algo pointer which receives algorithm and key size
149 * @return TRUE if algorithm of this kind available
150 */
151 bool (*get_algorithm) (proposal_t *this, transform_type_t type, algorithm_t** algo);
152
153 /**
154 * Check if the proposal has a specific DH group.
155 *
156 * @param group group to check for
157 * @return TRUE if algorithm included
158 */
159 bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
160
161 /**
162 * Compare two proposal, and select a matching subset.
163 *
164 * If the proposals are for the same protocols (AH/ESP), they are
165 * compared. If they have at least one algorithm of each type
166 * in common, a resulting proposal of this kind is created.
167 *
168 * @param other proposal to compair agains
169 * @return selected proposal, NULL if proposals don't match
170 */
171 proposal_t *(*select) (proposal_t *this, proposal_t *other);
172
173 /**
174 * Get the protocol ID of the proposal.
175 *
176 * @return protocol of the proposal
177 */
178 protocol_id_t (*get_protocol) (proposal_t *this);
179
180 /**
181 * Get the SPI of the proposal.
182 *
183 * @return spi for proto
184 */
185 u_int64_t (*get_spi) (proposal_t *this);
186
187 /**
188 * Set the SPI of the proposal.
189 *
190 * @param spi spi to set for proto
191 */
192 void (*set_spi) (proposal_t *this, u_int64_t spi);
193
194 /**
195 * Clone a proposal.
196 *
197 * @return clone of proposal
198 */
199 proposal_t *(*clone) (proposal_t *this);
200
201 /**
202 * Destroys the proposal object.
203 */
204 void (*destroy) (proposal_t *this);
205 };
206
207 /**
208 * Create a child proposal for AH, ESP or IKE.
209 *
210 * @param protocol protocol, such as PROTO_ESP
211 * @return proposal_t object
212 */
213 proposal_t *proposal_create(protocol_id_t protocol);
214
215 /**
216 * Create a default proposal if nothing further specified.
217 *
218 * @param protocol protocol, such as PROTO_ESP
219 * @return proposal_t object
220 */
221 proposal_t *proposal_create_default(protocol_id_t protocol);
222
223 /**
224 * Create a proposal from a string identifying the algorithms.
225 *
226 * The string is in the same form as a in the ipsec.conf file.
227 * E.g.: aes128-sha2_256-modp2048
228 * 3des-md5
229 * An additional '!' at the end of the string forces this proposal,
230 * without it the peer may choose another algorithm we support.
231 *
232 * @param protocol protocol, such as PROTO_ESP
233 * @param algs algorithms as string
234 * @return proposal_t object
235 */
236 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
237
238 #endif /* PROPOSAL_H_ @} */