updated Doxyfile
[strongswan.git] / src / charon / config / proposal.h
1 /*
2 * Copyright (C) 2006 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 /**
19 * @defgroup proposal proposal
20 * @{ @ingroup config
21 */
22
23 #ifndef PROPOSAL_H_
24 #define PROPOSAL_H_
25
26 typedef enum protocol_id_t protocol_id_t;
27 typedef enum transform_type_t transform_type_t;
28 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
29 typedef struct proposal_t proposal_t;
30
31 #include <library.h>
32 #include <utils/identification.h>
33 #include <utils/linked_list.h>
34 #include <utils/host.h>
35 #include <crypto/crypters/crypter.h>
36 #include <crypto/signers/signer.h>
37 #include <crypto/diffie_hellman.h>
38 #include <config/traffic_selector.h>
39
40 /**
41 * Protocol ID of a proposal.
42 */
43 enum protocol_id_t {
44 PROTO_NONE = 0,
45 PROTO_IKE = 1,
46 PROTO_AH = 2,
47 PROTO_ESP = 3,
48 };
49
50 /**
51 * enum names for protocol_id_t
52 */
53 extern enum_name_t *protocol_id_names;
54
55
56 /**
57 * Type of a transform, as in IKEv2 RFC 3.3.2.
58 */
59 enum transform_type_t {
60 UNDEFINED_TRANSFORM_TYPE = 241,
61 ENCRYPTION_ALGORITHM = 1,
62 PSEUDO_RANDOM_FUNCTION = 2,
63 INTEGRITY_ALGORITHM = 3,
64 DIFFIE_HELLMAN_GROUP = 4,
65 EXTENDED_SEQUENCE_NUMBERS = 5
66 };
67
68 /**
69 * enum names for transform_type_t.
70 */
71 extern enum_name_t *transform_type_names;
72
73
74 /**
75 * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
76 */
77 enum extended_sequence_numbers_t {
78 NO_EXT_SEQ_NUMBERS = 0,
79 EXT_SEQ_NUMBERS = 1
80 };
81
82 /**
83 * enum strings for extended_sequence_numbers_t.
84 */
85 extern enum_name_t *extended_sequence_numbers_names;
86
87 /**
88 * Stores a set of algorithms used for an SA.
89 *
90 * A proposal stores algorithms for a specific
91 * protocol. It can store algorithms for one protocol.
92 * Proposals with multiple protocols are not supported,
93 * as it's not specified in RFC4301 anymore.
94 */
95 struct proposal_t {
96
97 /**
98 * Add an algorithm to the proposal.
99 *
100 * The algorithms are stored by priority, first added
101 * is the most preferred.
102 * Key size is only needed for encryption algorithms
103 * with variable key size (such as AES). Must be set
104 * to zero if key size is not specified.
105 * The alg parameter accepts encryption_algorithm_t,
106 * integrity_algorithm_t, dh_group_number_t and
107 * extended_sequence_numbers_t.
108 *
109 * @param type kind of algorithm
110 * @param alg identifier for algorithm
111 * @param key_size key size to use
112 */
113 void (*add_algorithm) (proposal_t *this, transform_type_t type,
114 u_int16_t alg, u_int16_t key_size);
115
116 /**
117 * Get an enumerator over algorithms for a specifc algo type.
118 *
119 * @param type kind of algorithm
120 * @return enumerator over u_int16_t alg, u_int16_t key_size
121 */
122 enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
123
124 /**
125 * Get the algorithm for a type to use.
126 *
127 * If there are multiple algorithms, only the first is returned.
128 *
129 * @param type kind of algorithm
130 * @param alg pointer which receives algorithm
131 * @param key_size pointer which receives the key size
132 * @return TRUE if algorithm of this kind available
133 */
134 bool (*get_algorithm) (proposal_t *this, transform_type_t type,
135 u_int16_t *alg, u_int16_t *key_size);
136
137 /**
138 * Check if the proposal has a specific DH group.
139 *
140 * @param group group to check for
141 * @return TRUE if algorithm included
142 */
143 bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
144
145 /**
146 * Strip DH groups from proposal to use it without PFS.
147 */
148 void (*strip_dh)(proposal_t *this);
149
150 /**
151 * Compare two proposal, and select a matching subset.
152 *
153 * If the proposals are for the same protocols (AH/ESP), they are
154 * compared. If they have at least one algorithm of each type
155 * in common, a resulting proposal of this kind is created.
156 *
157 * @param other proposal to compair agains
158 * @return selected proposal, NULL if proposals don't match
159 */
160 proposal_t *(*select) (proposal_t *this, proposal_t *other);
161
162 /**
163 * Get the protocol ID of the proposal.
164 *
165 * @return protocol of the proposal
166 */
167 protocol_id_t (*get_protocol) (proposal_t *this);
168
169 /**
170 * Get the SPI of the proposal.
171 *
172 * @return spi for proto
173 */
174 u_int64_t (*get_spi) (proposal_t *this);
175
176 /**
177 * Set the SPI of the proposal.
178 *
179 * @param spi spi to set for proto
180 */
181 void (*set_spi) (proposal_t *this, u_int64_t spi);
182
183 /**
184 * Check for the eqality of two proposals.
185 *
186 * @param other other proposal to check for equality
187 * @return TRUE if other equal to this
188 */
189 bool (*equals)(proposal_t *this, proposal_t *other);
190
191 /**
192 * Clone a proposal.
193 *
194 * @return clone of proposal
195 */
196 proposal_t *(*clone) (proposal_t *this);
197
198 /**
199 * Destroys the proposal object.
200 */
201 void (*destroy) (proposal_t *this);
202 };
203
204 /**
205 * Create a child proposal for AH, ESP or IKE.
206 *
207 * @param protocol protocol, such as PROTO_ESP
208 * @return proposal_t object
209 */
210 proposal_t *proposal_create(protocol_id_t protocol);
211
212 /**
213 * Create a default proposal if nothing further specified.
214 *
215 * @param protocol protocol, such as PROTO_ESP
216 * @return proposal_t object
217 */
218 proposal_t *proposal_create_default(protocol_id_t protocol);
219
220 /**
221 * Create a proposal from a string identifying the algorithms.
222 *
223 * The string is in the same form as a in the ipsec.conf file.
224 * E.g.: aes128-sha2_256-modp2048
225 * 3des-md5
226 * An additional '!' at the end of the string forces this proposal,
227 * without it the peer may choose another algorithm we support.
228 *
229 * @param protocol protocol, such as PROTO_ESP
230 * @param algs algorithms as string
231 * @return proposal_t object
232 */
233 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
234
235 /**
236 * printf hook function for proposal_t.
237 *
238 * Arguments are:
239 * proposal_t *proposal
240 * With the #-specifier, arguments are:
241 * linked_list_t *list containing proposal_t*
242 */
243 int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
244 const void *const *args);
245
246 #endif /** PROPOSAL_H_ @}*/