f1e95d88c9ed40f59c6de61accd2c530a20da8fd
[strongswan.git] / src / libcharon / sa / ikev1 / phase1.h
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup phase1 phase1
18 * @{ @ingroup ikev1
19 */
20
21 #ifndef PHASE1_H_
22 #define PHASE1_H_
23
24 typedef struct phase1_t phase1_t;
25
26 #include <sa/ike_sa.h>
27 #include <crypto/diffie_hellman.h>
28
29 /**
30 * Common phase 1 helper for main and aggressive mode.
31 */
32 struct phase1_t {
33
34 /**
35 * Create keymat hasher.
36 *
37 * @return TRUE if hasher created
38 */
39 bool (*create_hasher)(phase1_t *this);
40
41 /**
42 * Create DH object using SA keymat.
43 *
44 * @param group negotiated DH group
45 * @return TRUE if group supported
46 */
47 bool (*create_dh)(phase1_t *this, diffie_hellman_group_t group);
48
49 /**
50 * Derive key material.
51 *
52 * @param peer_cfg peer config to look up shared key for, or NULL
53 * @param method negotiated authenticated method
54 * @return TRUE if successful
55 */
56 bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg,
57 auth_method_t method);
58 /**
59 * Verify a HASH or SIG payload in message.
60 *
61 * @param method negotiated auth method
62 * @param message message containing HASH or SIG payload
63 * @param id_data encoded identity, including protocol/port fields
64 * @return TRUE if verified successfully
65 */
66 bool (*verify_auth)(phase1_t *this, auth_method_t method,
67 message_t *message, chunk_t id_data);
68
69 /**
70 * Build a HASH or SIG payload and add it to message.
71 *
72 * @param method negotiated auth method
73 * @param message message to add payload to
74 * @param id_data encoded identity, including protocol/port fields
75 * @return TRUE if built successfully
76 */
77 bool (*build_auth)(phase1_t *this, auth_method_t method,
78 message_t *message, chunk_t id_data);
79
80 /**
81 * Get the IKEv1 authentication method defined by peer config.
82 *
83 * @param peer_cfg peer config to get auth method from
84 * @return auth method, or AUTH_NONE
85 */
86 auth_method_t (*get_auth_method)(phase1_t *this, peer_cfg_t *peer_cfg);
87
88 /**
89 * Select a peer config as responder.
90 *
91 * If called after the first successful call the next alternative config
92 * is returned, if any.
93 *
94 * @param method used authentication method
95 * @param aggressive TRUE to get an aggressive mode config
96 * @param id initiator identity
97 * @return selected peer config, NULL if none found
98 */
99 peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method,
100 bool aggressive, identification_t *id);
101
102 /**
103 * Get configured identity from peer config.
104 *
105 * @param peer_cfg peer config to get identity from
106 * @param local TRUE to get own identity, FALSE for remote
107 * @return identity, pointing to internal config data
108 */
109 identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local);
110
111 /**
112 * Extract and store SA payload bytes from encoded message.
113 *
114 * @param message message to extract SA payload bytes from
115 * @return TRUE if SA payload found
116 */
117 bool (*save_sa_payload)(phase1_t *this, message_t *message);
118
119 /**
120 * Add Nonce and KE payload to message.
121 *
122 * @param message message to add payloads
123 * @return TRUE if payloads added successfully
124 */
125 bool (*add_nonce_ke)(phase1_t *this, message_t *message);
126
127 /**
128 * Extract Nonce and KE payload from message.
129 *
130 * @param message message to get payloads from
131 * @return TRUE if payloads extracted successfully
132 */
133 bool (*get_nonce_ke)(phase1_t *this, message_t *message);
134
135 /**
136 * Destroy a phase1_t.
137 */
138 void (*destroy)(phase1_t *this);
139 };
140
141 /**
142 * Create a phase1 instance.
143 *
144 * @param ike_sa IKE_SA to set up
145 * @param initiator TRUE if initiating actively
146 * @return Phase 1 helper
147 */
148 phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator);
149
150 #endif /** PHASE1_H_ @}*/