proposal: correctly enumerate registered AEADs to build default IKE proposal
[strongswan.git] / src / libcharon / config / proposal.h
1 /*
2 * Copyright (C) 2006 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup proposal proposal
18 * @{ @ingroup config
19 */
20
21 #ifndef PROPOSAL_H_
22 #define PROPOSAL_H_
23
24 typedef enum protocol_id_t protocol_id_t;
25 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
26 typedef struct proposal_t proposal_t;
27
28 #include <library.h>
29 #include <utils/identification.h>
30 #include <collections/linked_list.h>
31 #include <networking/host.h>
32 #include <crypto/transform.h>
33 #include <crypto/crypters/crypter.h>
34 #include <crypto/signers/signer.h>
35 #include <crypto/diffie_hellman.h>
36 #include <selectors/traffic_selector.h>
37
38 /**
39 * Protocol ID of a proposal.
40 */
41 enum protocol_id_t {
42 PROTO_NONE = 0,
43 PROTO_IKE = 1,
44 PROTO_AH = 2,
45 PROTO_ESP = 3,
46 PROTO_IPCOMP = 4, /* IKEv1 only */
47 };
48
49 /**
50 * enum names for protocol_id_t
51 */
52 extern enum_name_t *protocol_id_names;
53
54 /**
55 * Stores a set of algorithms used for an SA.
56 *
57 * A proposal stores algorithms for a specific
58 * protocol. It can store algorithms for one protocol.
59 * Proposals with multiple protocols are not supported,
60 * as it's not specified in RFC4301 anymore.
61 */
62 struct proposal_t {
63
64 /**
65 * Add an algorithm to the proposal.
66 *
67 * The algorithms are stored by priority, first added
68 * is the most preferred.
69 * Key size is only needed for encryption algorithms
70 * with variable key size (such as AES). Must be set
71 * to zero if key size is not specified.
72 * The alg parameter accepts encryption_algorithm_t,
73 * integrity_algorithm_t, dh_group_number_t and
74 * extended_sequence_numbers_t.
75 *
76 * @param type kind of algorithm
77 * @param alg identifier for algorithm
78 * @param key_size key size to use
79 */
80 void (*add_algorithm) (proposal_t *this, transform_type_t type,
81 u_int16_t alg, u_int16_t key_size);
82
83 /**
84 * Get an enumerator over algorithms for a specifc algo type.
85 *
86 * @param type kind of algorithm
87 * @return enumerator over u_int16_t alg, u_int16_t key_size
88 */
89 enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
90
91 /**
92 * Get the algorithm for a type to use.
93 *
94 * If there are multiple algorithms, only the first is returned.
95 *
96 * @param type kind of algorithm
97 * @param alg pointer which receives algorithm
98 * @param key_size pointer which receives the key size
99 * @return TRUE if algorithm of this kind available
100 */
101 bool (*get_algorithm) (proposal_t *this, transform_type_t type,
102 u_int16_t *alg, u_int16_t *key_size);
103
104 /**
105 * Check if the proposal has a specific DH group.
106 *
107 * @param group group to check for
108 * @return TRUE if algorithm included
109 */
110 bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
111
112 /**
113 * Strip DH groups from proposal to use it without PFS.
114 *
115 * @param keep group to keep (MODP_NONE to remove all)
116 */
117 void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep);
118
119 /**
120 * Compare two proposal, and select a matching subset.
121 *
122 * If the proposals are for the same protocols (AH/ESP), they are
123 * compared. If they have at least one algorithm of each type
124 * in common, a resulting proposal of this kind is created.
125 *
126 * @param other proposal to compare against
127 * @param private accepts algorithms allocated in a private range
128 * @return selected proposal, NULL if proposals don't match
129 */
130 proposal_t *(*select) (proposal_t *this, proposal_t *other, bool private);
131
132 /**
133 * Get the protocol ID of the proposal.
134 *
135 * @return protocol of the proposal
136 */
137 protocol_id_t (*get_protocol) (proposal_t *this);
138
139 /**
140 * Get the SPI of the proposal.
141 *
142 * @return spi for proto
143 */
144 u_int64_t (*get_spi) (proposal_t *this);
145
146 /**
147 * Set the SPI of the proposal.
148 *
149 * @param spi spi to set for proto
150 */
151 void (*set_spi) (proposal_t *this, u_int64_t spi);
152
153 /**
154 * Get the proposal number, as encoded in SA payload
155 *
156 * @return proposal number
157 */
158 u_int (*get_number)(proposal_t *this);
159
160 /**
161 * Check for the eqality of two proposals.
162 *
163 * @param other other proposal to check for equality
164 * @return TRUE if other equal to this
165 */
166 bool (*equals)(proposal_t *this, proposal_t *other);
167
168 /**
169 * Clone a proposal.
170 *
171 * @return clone of proposal
172 */
173 proposal_t *(*clone) (proposal_t *this);
174
175 /**
176 * Destroys the proposal object.
177 */
178 void (*destroy) (proposal_t *this);
179 };
180
181 /**
182 * Create a child proposal for AH, ESP or IKE.
183 *
184 * @param protocol protocol, such as PROTO_ESP
185 * @param number proposal number, as encoded in SA payload
186 * @return proposal_t object
187 */
188 proposal_t *proposal_create(protocol_id_t protocol, u_int number);
189
190 /**
191 * Create a default proposal if nothing further specified.
192 *
193 * @param protocol protocol, such as PROTO_ESP
194 * @return proposal_t object
195 */
196 proposal_t *proposal_create_default(protocol_id_t protocol);
197
198 /**
199 * Create a proposal from a string identifying the algorithms.
200 *
201 * The string is in the same form as a in the ipsec.conf file.
202 * E.g.: aes128-sha2_256-modp2048
203 * 3des-md5
204 * An additional '!' at the end of the string forces this proposal,
205 * without it the peer may choose another algorithm we support.
206 *
207 * @param protocol protocol, such as PROTO_ESP
208 * @param algs algorithms as string
209 * @return proposal_t object
210 */
211 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
212
213 /**
214 * printf hook function for proposal_t.
215 *
216 * Arguments are:
217 * proposal_t *proposal
218 * With the #-specifier, arguments are:
219 * linked_list_t *list containing proposal_t*
220 */
221 int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
222 const void *const *args);
223
224 #endif /** PROPOSAL_H_ @}*/