Fixed scheduling of IKEv2 init tasks in a second keyingtry
[strongswan.git] / src / libcharon / sa / ikev2 / keymat_v2.h
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup keymat_v2 keymat_v2
18 * @{ @ingroup sa
19 */
20
21 #ifndef KEYMAT_V2_H_
22 #define KEYMAT_V2_H_
23
24 #include <sa/keymat.h>
25
26 typedef struct keymat_v2_t keymat_v2_t;
27
28 /**
29 * Derivation and management of sensitive keying material, IKEv2 variant.
30 */
31 struct keymat_v2_t {
32
33 /**
34 * Implements keymat_t.
35 */
36 keymat_t keymat;
37
38 /**
39 * Derive keys for the IKE_SA.
40 *
41 * These keys are not handed out, but are used by the associated signers,
42 * crypters and authentication functions.
43 *
44 * @param proposal selected algorithms
45 * @param dh diffie hellman key allocated by create_dh()
46 * @param nonce_i initiators nonce value
47 * @param nonce_r responders nonce value
48 * @param id IKE_SA identifier
49 * @param rekey_prf PRF of old SA if rekeying, PRF_UNDEFINED otherwise
50 * @param rekey_sdk SKd of old SA if rekeying
51 * @return TRUE on success
52 */
53 bool (*derive_ike_keys)(keymat_v2_t *this, proposal_t *proposal,
54 diffie_hellman_t *dh, chunk_t nonce_i,
55 chunk_t nonce_r, ike_sa_id_t *id,
56 pseudo_random_function_t rekey_function,
57 chunk_t rekey_skd);
58
59 /**
60 * Derive keys for a CHILD_SA.
61 *
62 * The keys for the CHILD_SA are allocated in the integ and encr chunks.
63 * An implementation might hand out encrypted keys only, which are
64 * decrypted in the kernel before use.
65 * If no PFS is used for the CHILD_SA, dh can be NULL.
66 *
67 * @param proposal selected algorithms
68 * @param dh diffie hellman key allocated by create_dh(), or NULL
69 * @param nonce_i initiators nonce value
70 * @param nonce_r responders nonce value
71 * @param encr_i chunk to write initiators encryption key to
72 * @param integ_i chunk to write initiators integrity key to
73 * @param encr_r chunk to write responders encryption key to
74 * @param integ_r chunk to write responders integrity key to
75 * @return TRUE on success
76 */
77 bool (*derive_child_keys)(keymat_v2_t *this,
78 proposal_t *proposal, diffie_hellman_t *dh,
79 chunk_t nonce_i, chunk_t nonce_r,
80 chunk_t *encr_i, chunk_t *integ_i,
81 chunk_t *encr_r, chunk_t *integ_r);
82 /**
83 * Get SKd to pass to derive_ikey_keys() during rekeying.
84 *
85 * @param skd chunk to write SKd to (internal data)
86 * @return PRF function to derive keymat
87 */
88 pseudo_random_function_t (*get_skd)(keymat_v2_t *this, chunk_t *skd);
89
90 /**
91 * Generate octets to use for authentication procedure (RFC4306 2.15).
92 *
93 * This method creates the plain octets and is usually signed by a private
94 * key. PSK and EAP authentication include a secret into the data, use
95 * the get_psk_sig() method instead.
96 *
97 * @param verify TRUE to create for verfification, FALSE to sign
98 * @param ike_sa_init encoded ike_sa_init message
99 * @param nonce nonce value
100 * @param id identity
101 * @param reserved reserved bytes of id_payload
102 * @return authentication octets
103 */
104 chunk_t (*get_auth_octets)(keymat_v2_t *this, bool verify,
105 chunk_t ike_sa_init, chunk_t nonce,
106 identification_t *id, char reserved[3]);
107 /**
108 * Build the shared secret signature used for PSK and EAP authentication.
109 *
110 * This method wraps the get_auth_octets() method and additionally
111 * includes the secret into the signature. If no secret is given, SK_p is
112 * used as secret (used for EAP methods without MSK).
113 *
114 * @param verify TRUE to create for verfification, FALSE to sign
115 * @param ike_sa_init encoded ike_sa_init message
116 * @param nonce nonce value
117 * @param secret optional secret to include into signature
118 * @param id identity
119 * @param reserved reserved bytes of id_payload
120 * @return signature octets
121 */
122 chunk_t (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
123 chunk_t nonce, chunk_t secret,
124 identification_t *id, char reserved[3]);
125 };
126
127 /**
128 * Create a keymat instance.
129 *
130 * @param initiator TRUE if we are the initiator
131 * @return keymat instance
132 */
133 keymat_v2_t *keymat_v2_create(bool initiator);
134
135 #endif /** KEYMAT_V2_H_ @}*/