src/libcharon/config/ike_cfg.h

   1 /*
   2  * Copyright (C) 2012 Tobias Brunner
   3  * Copyright (C) 2005-2007 Martin Willi
   4  * Copyright (C) 2005 Jan Hutter
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15  * for more details.
  16  */
  17
  18 /**
  19  * @defgroup ike_cfg ike_cfg
  20  * @{ @ingroup config
  21  */
  22
  23 #ifndef IKE_CFG_H_
  24 #define IKE_CFG_H_
  25
  26 typedef enum ike_version_t ike_version_t;
  27 typedef enum fragmentation_t fragmentation_t;
  28 typedef struct ike_cfg_t ike_cfg_t;
  29
  30 #include <library.h>
  31 #include <networking/host.h>
  32 #include <collections/linked_list.h>
  33 #include <utils/identification.h>
  34 #include <config/proposal.h>
  35 #include <crypto/diffie_hellman.h>
  36
  37 /**
  38  * IKE version.
  39  */
  40 enum ike_version_t {
  41         /** any version */
  42         IKE_ANY = 0,
  43         /** IKE version 1 */
  44         IKEV1 = 1,
  45         /** IKE version 2 */
  46         IKEV2 = 2,
  47 };
  48
  49 /**
  50  * Proprietary IKEv1 fragmentation
  51  */
  52 enum fragmentation_t {
  53         /** disable fragmentation */
  54         FRAGMENTATION_NO,
  55         /** enable fragmentation if supported by peer */
  56         FRAGMENTATION_YES,
  57         /** force use of fragmentation (even for the first message) */
  58         FRAGMENTATION_FORCE,
  59 };
  60
  61 /**
  62  * enum strings fro ike_version_t
  63  */
  64 extern enum_name_t *ike_version_names;
  65
  66 /**
  67  * An ike_cfg_t defines the rules to set up an IKE_SA.
  68  *
  69  * @see peer_cfg_t to get an overview over the configurations.
  70  */
  71 struct ike_cfg_t {
  72
  73         /**
  74          * Get the IKE version to use with this configuration.
  75          *
  76          * @return                              IKE major version
  77          */
  78         ike_version_t (*get_version)(ike_cfg_t *this);
  79
  80         /**
  81          * Get own address.
  82          *
  83          * @param allow_any             allow any address to match
  84          * @return                              string of address/DNS name
  85          */
  86         char* (*get_my_addr) (ike_cfg_t *this, bool *allow_any);
  87
  88         /**
  89          * Get peer's address.
  90          *
  91          * @param allow_any             allow any address to match
  92          * @return                              string of address/DNS name
  93          */
  94         char* (*get_other_addr) (ike_cfg_t *this, bool *allow_any);
  95
  96         /**
  97          * Get the port to use as our source port.
  98          *
  99          * @return                              source address port, host order
 100          */
 101         u_int16_t (*get_my_port)(ike_cfg_t *this);
 102
 103         /**
 104          * Get the port to use as destination port.
 105          *
 106          * @return                              destination address, host order
 107          */
 108         u_int16_t (*get_other_port)(ike_cfg_t *this);
 109
 110         /**
 111          * Adds a proposal to the list.
 112          *
 113          * The first added proposal has the highest priority, the last
 114          * added the lowest.
 115          *
 116          * @param proposal              proposal to add
 117          */
 118         void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
 119
 120         /**
 121          * Returns a list of all supported proposals.
 122          *
 123          * Returned list and its proposals must be destroyed after use.
 124          *
 125          * @return                              list containing all the proposals
 126          */
 127         linked_list_t* (*get_proposals) (ike_cfg_t *this);
 128
 129         /**
 130          * Select a proposed from suggested proposals.
 131          *
 132          * Returned proposal must be destroyed after use.
 133          *
 134          * @param proposals             list of proposals to select from
 135          * @param private               accept algorithms from a private range
 136          * @return                              selected proposal, or NULL if none matches.
 137          */
 138         proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
 139                                                                         bool private);
 140
 141         /**
 142          * Should we send a certificate request in IKE_SA_INIT?
 143          *
 144          * @return                              certificate request sending policy
 145          */
 146         bool (*send_certreq) (ike_cfg_t *this);
 147
 148         /**
 149          * Enforce UDP encapsulation by faking NATD notifies?
 150          *
 151          * @return                              TRUE to enforce UDP encapsulation
 152          */
 153         bool (*force_encap) (ike_cfg_t *this);
 154
 155         /**
 156          * Use proprietary IKEv1 fragmentation
 157          *
 158          * @return                              TRUE to use fragmentation
 159          */
 160         fragmentation_t (*fragmentation) (ike_cfg_t *this);
 161
 162         /**
 163          * Get the DH group to use for IKE_SA setup.
 164          *
 165          * @return                              dh group to use for initialization
 166          */
 167         diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
 168
 169         /**
 170          * Check if two IKE configs are equal.
 171          *
 172          * @param other                 other to check for equality
 173          * @return                              TRUE if other equal to this
 174          */
 175         bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
 176
 177         /**
 178          * Increase reference count.
 179          *
 180          * @return                              reference to this
 181          */
 182         ike_cfg_t* (*get_ref) (ike_cfg_t *this);
 183
 184         /**
 185          * Destroys a ike_cfg_t object.
 186          *
 187          * Decrements the internal reference counter and
 188          * destroys the ike_cfg when it reaches zero.
 189          */
 190         void (*destroy) (ike_cfg_t *this);
 191 };
 192
 193 /**
 194  * Creates a ike_cfg_t object.
 195  *
 196  * Supplied hosts become owned by ike_cfg, the name gets cloned.
 197  *
 198  * @param version                       IKE major version to use for this config
 199  * @param certreq                       TRUE to send a certificate request
 200  * @param force_encap           enforce UDP encapsulation by faking NATD notify
 201  * @param me                            address/DNS name of local peer
 202  * @param my_allow_any          allow override of local address by any address
 203  * @param my_port                       IKE port to use as source, 500 uses IKEv2 port floating
 204  * @param other                         address/DNS name of remote peer
 205  * @param other_allow_any       allow override of remote address by any address
 206  * @param other_port            IKE port to use as dest, 500 uses IKEv2 port floating
 207  * @param fragmentation         use IKEv1 fragmentation
 208  * @return                                      ike_cfg_t object.
 209  */
 210 ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
 211                                                   char *me, bool my_allow_any, u_int16_t my_port,
 212                                                   char *other, bool other_allow_any, u_int16_t other_port,
 213                                                   fragmentation_t fragmentation);
 214
 215 #endif /** IKE_CFG_H_ @}*/