task-manager-v1: Clear retransmit alert on request retransmit
[strongswan.git] / src / libcharon / sa / ikev1 / keymat_v1.h
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup keymat_v1 keymat_v1
18 * @{ @ingroup ikev1
19 */
20
21 #ifndef KEYMAT_V1_H_
22 #define KEYMAT_V1_H_
23
24 #include <sa/keymat.h>
25 #include <sa/authenticator.h>
26
27 typedef struct keymat_v1_t keymat_v1_t;
28
29 /**
30 * Derivation and management of sensitive keying material, IKEv1 variant.
31 */
32 struct keymat_v1_t {
33
34 /**
35 * Implements keymat_t.
36 */
37 keymat_t keymat;
38
39 /**
40 * Derive keys for the IKE_SA.
41 *
42 * These keys are not handed out, but are used by the associated signers,
43 * crypters and authentication functions.
44 *
45 * @param proposal selected algorithms
46 * @param dh diffie hellman key allocated by create_dh()
47 * @param dh_other public DH value from other peer
48 * @param nonce_i initiators nonce value
49 * @param nonce_r responders nonce value
50 * @param id IKE_SA identifier
51 * @param auth authentication method
52 * @param shared_key PSK in case of AUTH_CLASS_PSK, NULL otherwise
53 * @return TRUE on success
54 */
55 bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
56 diffie_hellman_t *dh, chunk_t dh_other,
57 chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
58 auth_method_t auth, shared_key_t *shared_key);
59
60 /**
61 * Derive keys for the CHILD_SA.
62 *
63 * @param proposal selected algorithms
64 * @param dh diffie hellman key, NULL if none used
65 * @param spi_i SPI chosen by initiatior
66 * @param spi_r SPI chosen by responder
67 * @param nonce_i quick mode initiator nonce
68 * @param nonce_r quick mode responder nonce
69 * @param encr_i allocated initiators encryption key
70 * @param integ_i allocated initiators integrity key
71 * @param encr_r allocated responders encryption key
72 * @param integ_r allocated responders integrity key
73 */
74 bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal,
75 diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r,
76 chunk_t nonce_i, chunk_t nonce_r,
77 chunk_t *encr_i, chunk_t *integ_i,
78 chunk_t *encr_r, chunk_t *integ_r);
79
80 /**
81 * Create the negotiated hasher.
82 *
83 * @param proposal selected algorithms
84 * @return TRUE, if creation was successful
85 */
86 bool (*create_hasher)(keymat_v1_t *this, proposal_t *proposal);
87
88 /**
89 * Get the negotiated hasher.
90 *
91 * @return allocated hasher or NULL
92 */
93 hasher_t *(*get_hasher)(keymat_v1_t *this);
94
95 /**
96 * Get HASH data for authentication.
97 *
98 * @param initiatior TRUE to create HASH_I, FALSE for HASH_R
99 * @param dh public DH value of peer to create HASH for
100 * @param dh_other others public DH value
101 * @param ike_sa_id IKE_SA identifier
102 * @param sa_i encoded SA payload of initiator
103 * @param id encoded IDii payload for HASH_I (IDir for HASH_R)
104 * @param hash chunk receiving allocated HASH data
105 * @param scheme pointer to signature scheme in case it needs to be
106 * modified by the keymat implementation
107 * @return TRUE if hash allocated successfully
108 */
109 bool (*get_hash)(keymat_v1_t *this, bool initiator,
110 chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
111 chunk_t sa_i, chunk_t id, chunk_t *hash,
112 signature_scheme_t *scheme);
113
114 /**
115 * Get HASH data for integrity/authentication in Phase 2 exchanges.
116 *
117 * @param message message to generate the HASH data for
118 * @param hash chunk receiving allocated hash data
119 * @return TRUE if hash allocated successfully
120 */
121 bool (*get_hash_phase2)(keymat_v1_t *this, message_t *message, chunk_t *hash);
122
123 /**
124 * @see iv_manager_t.get_iv
125 */
126 bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv);
127
128 /**
129 * @see iv_manager_t.update_iv
130 */
131 bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block);
132
133 /**
134 * @see iv_manager_t.confirm_iv
135 */
136 bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid);
137 };
138
139 /**
140 * Create a keymat instance.
141 *
142 * @param initiator TRUE if we are the initiator
143 * @return keymat instance
144 */
145 keymat_v1_t *keymat_v1_create(bool initiator);
146
147 #endif /** KEYMAT_V1_H_ @}*/