fixed CHILD_SA proposal selection when not using DH exchange
[strongswan.git] / src / charon / config / proposal.h
1 /**
2 * @file proposal.h
3 *
4 * @brief Interface of proposal_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef PROPOSAL_H_
24 #define PROPOSAL_H_
25
26 typedef enum protocol_id_t protocol_id_t;
27 typedef enum transform_type_t transform_type_t;
28 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
29 typedef struct algorithm_t algorithm_t;
30 typedef struct proposal_t proposal_t;
31
32 #include <library.h>
33 #include <utils/identification.h>
34 #include <utils/linked_list.h>
35 #include <utils/host.h>
36 #include <crypto/crypters/crypter.h>
37 #include <crypto/signers/signer.h>
38 #include <crypto/diffie_hellman.h>
39 #include <config/traffic_selector.h>
40
41 /**
42 * Protocol ID of a proposal.
43 *
44 * @ingroup config
45 */
46 enum protocol_id_t {
47 PROTO_NONE = 0,
48 PROTO_IKE = 1,
49 PROTO_AH = 2,
50 PROTO_ESP = 3,
51 };
52
53 /**
54 * enum names for protocol_id_t
55 *
56 * @ingroup config
57 */
58 extern enum_name_t *protocol_id_names;
59
60
61 /**
62 * Type of a transform, as in IKEv2 RFC 3.3.2.
63 *
64 * @ingroup config
65 */
66 enum transform_type_t {
67 UNDEFINED_TRANSFORM_TYPE = 241,
68 ENCRYPTION_ALGORITHM = 1,
69 PSEUDO_RANDOM_FUNCTION = 2,
70 INTEGRITY_ALGORITHM = 3,
71 DIFFIE_HELLMAN_GROUP = 4,
72 EXTENDED_SEQUENCE_NUMBERS = 5
73 };
74
75 /**
76 * enum names for transform_type_t.
77 *
78 * @ingroup config
79 */
80 extern enum_name_t *transform_type_names;
81
82
83 /**
84 * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
85 *
86 * @ingroup config
87 */
88 enum extended_sequence_numbers_t {
89 NO_EXT_SEQ_NUMBERS = 0,
90 EXT_SEQ_NUMBERS = 1
91 };
92
93 /**
94 * enum strings for extended_sequence_numbers_t.
95 *
96 * @ingroup config
97 */
98 extern enum_name_t *extended_sequence_numbers_names;
99
100
101
102 /**
103 * Struct used to store different kinds of algorithms. The internal
104 * lists of algorithms contain such structures.
105 *
106 * @ingroup config
107 */
108 struct algorithm_t {
109 /**
110 * Value from an encryption_algorithm_t/integrity_algorithm_t/...
111 */
112 u_int16_t algorithm;
113
114 /**
115 * the associated key size in bits, or zero if not needed
116 */
117 u_int16_t key_size;
118 };
119
120 /**
121 * @brief Stores a set of algorithms used for an SA.
122 *
123 * A proposal stores algorithms for a specific
124 * protocol. It can store algorithms for one protocol.
125 * Proposals with multiple protocols are not supported,
126 * as it's not specified in RFC4301 anymore.
127 *
128 * @b Constructors:
129 * - proposal_create()
130 *
131 * @ingroup config
132 */
133 struct proposal_t {
134
135 /**
136 * @brief Add an algorithm to the proposal.
137 *
138 * The algorithms are stored by priority, first added
139 * is the most preferred.
140 * Key size is only needed for encryption algorithms
141 * with variable key size (such as AES). Must be set
142 * to zero if key size is not specified.
143 * The alg parameter accepts encryption_algorithm_t,
144 * integrity_algorithm_t, dh_group_number_t and
145 * extended_sequence_numbers_t.
146 *
147 * @param this calling object
148 * @param type kind of algorithm
149 * @param alg identifier for algorithm
150 * @param key_size key size to use
151 */
152 void (*add_algorithm) (proposal_t *this, transform_type_t type, u_int16_t alg, size_t key_size);
153
154 /**
155 * @brief Get an iterator over algorithms for a specifc algo type.
156 *
157 * @param this calling object
158 * @param type kind of algorithm
159 * @return iterator over algorithm_t's
160 */
161 iterator_t *(*create_algorithm_iterator) (proposal_t *this, transform_type_t type);
162
163 /**
164 * @brief Get the algorithm for a type to use.
165 *
166 * If there are multiple algorithms, only the first is returned.
167 *
168 * @param this calling object
169 * @param type kind of algorithm
170 * @param[out] algo pointer which receives algorithm and key size
171 * @return TRUE if algorithm of this kind available
172 */
173 bool (*get_algorithm) (proposal_t *this, transform_type_t type, algorithm_t** algo);
174
175 /**
176 * @brief Check if the proposal has a specific DH group.
177 *
178 * @param this calling object
179 * @param group group to check for
180 * @return TRUE if algorithm included
181 */
182 bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
183
184 /**
185 * @brief Compare two proposal, and select a matching subset.
186 *
187 * If the proposals are for the same protocols (AH/ESP), they are
188 * compared. If they have at least one algorithm of each type
189 * in common, a resulting proposal of this kind is created.
190 *
191 * @param this calling object
192 * @param other proposal to compair agains
193 * @return
194 * - selected proposal, if possible
195 * - NULL, if proposals don't match
196 */
197 proposal_t *(*select) (proposal_t *this, proposal_t *other);
198
199 /**
200 * @brief Get the protocol ID of the proposal.
201 *
202 * @param this calling object
203 * @return protocol of the proposal
204 */
205 protocol_id_t (*get_protocol) (proposal_t *this);
206
207 /**
208 * @brief Get the SPI of the proposal.
209 *
210 * @param this calling object
211 * @return spi for proto
212 */
213 u_int64_t (*get_spi) (proposal_t *this);
214
215 /**
216 * @brief Set the SPI of the proposal.
217 *
218 * @param this calling object
219 * @param spi spi to set for proto
220 */
221 void (*set_spi) (proposal_t *this, u_int64_t spi);
222
223 /**
224 * @brief Clone a proposal.
225 *
226 * @param this proposal to clone
227 * @return clone of it
228 */
229 proposal_t *(*clone) (proposal_t *this);
230
231 /**
232 * @brief Destroys the proposal object.
233 *
234 * @param this calling object
235 */
236 void (*destroy) (proposal_t *this);
237 };
238
239 /**
240 * @brief Create a child proposal for AH, ESP or IKE.
241 *
242 * @param protocol protocol, such as PROTO_ESP
243 * @return proposal_t object
244 *
245 * @ingroup config
246 */
247 proposal_t *proposal_create(protocol_id_t protocol);
248
249 /**
250 * @brief Create a default proposal if nothing further specified.
251 *
252 * @param protocol protocol, such as PROTO_ESP
253 * @return proposal_t object
254 *
255 * @ingroup config
256 */
257 proposal_t *proposal_create_default(protocol_id_t protocol);
258
259 /**
260 * @brief Create a proposal from a string identifying the algorithms.
261 *
262 * The string is in the same form as a in the ipsec.conf file.
263 * E.g.: aes128-sha2_256-modp2048
264 * 3des-md5
265 * An additional '!' at the end of the string forces this proposal,
266 * without it the peer may choose another algorithm we support.
267 *
268 * @param protocol protocol, such as PROTO_ESP
269 * @param algs algorithms as string
270 * @return proposal_t object
271 *
272 * @ingroup config
273 */
274 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
275
276 #endif /* PROPOSAL_H_ */