payload: Use common prefixes for all payload type identifiers
[strongswan.git] / src / libcharon / sa / ikev2 / keymat_v2.h
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup keymat_v2 keymat_v2
18 * @{ @ingroup ikev2
19 */
20
21 #ifndef KEYMAT_V2_H_
22 #define KEYMAT_V2_H_
23
24 #include <sa/keymat.h>
25
26 typedef struct keymat_v2_t keymat_v2_t;
27
28 /**
29 * Derivation and management of sensitive keying material, IKEv2 variant.
30 */
31 struct keymat_v2_t {
32
33 /**
34 * Implements keymat_t.
35 */
36 keymat_t keymat;
37
38 /**
39 * Derive keys for the IKE_SA.
40 *
41 * These keys are not handed out, but are used by the associated signers,
42 * crypters and authentication functions.
43 *
44 * @param proposal selected algorithms
45 * @param dh diffie hellman key allocated by create_dh()
46 * @param nonce_i initiators nonce value
47 * @param nonce_r responders nonce value
48 * @param id IKE_SA identifier
49 * @param rekey_prf PRF of old SA if rekeying, PRF_UNDEFINED otherwise
50 * @param rekey_sdk SKd of old SA if rekeying
51 * @return TRUE on success
52 */
53 bool (*derive_ike_keys)(keymat_v2_t *this, proposal_t *proposal,
54 diffie_hellman_t *dh, chunk_t nonce_i,
55 chunk_t nonce_r, ike_sa_id_t *id,
56 pseudo_random_function_t rekey_function,
57 chunk_t rekey_skd);
58
59 /**
60 * Derive keys for a CHILD_SA.
61 *
62 * The keys for the CHILD_SA are allocated in the integ and encr chunks.
63 * An implementation might hand out encrypted keys only, which are
64 * decrypted in the kernel before use.
65 * If no PFS is used for the CHILD_SA, dh can be NULL.
66 *
67 * @param proposal selected algorithms
68 * @param dh diffie hellman key allocated by create_dh(), or NULL
69 * @param nonce_i initiators nonce value
70 * @param nonce_r responders nonce value
71 * @param encr_i chunk to write initiators encryption key to
72 * @param integ_i chunk to write initiators integrity key to
73 * @param encr_r chunk to write responders encryption key to
74 * @param integ_r chunk to write responders integrity key to
75 * @return TRUE on success
76 */
77 bool (*derive_child_keys)(keymat_v2_t *this,
78 proposal_t *proposal, diffie_hellman_t *dh,
79 chunk_t nonce_i, chunk_t nonce_r,
80 chunk_t *encr_i, chunk_t *integ_i,
81 chunk_t *encr_r, chunk_t *integ_r);
82 /**
83 * Get SKd to pass to derive_ikey_keys() during rekeying.
84 *
85 * @param skd chunk to write SKd to (internal data)
86 * @return PRF function to derive keymat
87 */
88 pseudo_random_function_t (*get_skd)(keymat_v2_t *this, chunk_t *skd);
89
90 /**
91 * Generate octets to use for authentication procedure (RFC4306 2.15).
92 *
93 * This method creates the plain octets and is usually signed by a private
94 * key. PSK and EAP authentication include a secret into the data, use
95 * the get_psk_sig() method instead.
96 *
97 * @param verify TRUE to create for verfification, FALSE to sign
98 * @param ike_sa_init encoded ike_sa_init message
99 * @param nonce nonce value
100 * @param id identity
101 * @param reserved reserved bytes of id_payload
102 * @param octests chunk receiving allocated auth octets
103 * @return TRUE if octets created successfully
104 */
105 bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
106 chunk_t nonce, identification_t *id,
107 char reserved[3], chunk_t *octets);
108 /**
109 * Build the shared secret signature used for PSK and EAP authentication.
110 *
111 * This method wraps the get_auth_octets() method and additionally
112 * includes the secret into the signature. If no secret is given, SK_p is
113 * used as secret (used for EAP methods without MSK).
114 *
115 * @param verify TRUE to create for verfification, FALSE to sign
116 * @param ike_sa_init encoded ike_sa_init message
117 * @param nonce nonce value
118 * @param secret optional secret to include into signature
119 * @param id identity
120 * @param reserved reserved bytes of id_payload
121 * @param sign chunk receiving allocated signature octets
122 * @return TRUE if signature created successfully
123 */
124 bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
125 chunk_t nonce, chunk_t secret,
126 identification_t *id, char reserved[3], chunk_t *sig);
127 };
128
129 /**
130 * Create a keymat instance.
131 *
132 * @param initiator TRUE if we are the initiator
133 * @return keymat instance
134 */
135 keymat_v2_t *keymat_v2_create(bool initiator);
136
137 #endif /** KEYMAT_V2_H_ @}*/