Added a keymat_t version to cast it safely
[strongswan.git] / src / libcharon / sa / keymat.h
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup keymat keymat
18 * @{ @ingroup sa
19 */
20
21 #ifndef KEYMAT_H_
22 #define KEYMAT_H_
23
24 typedef struct keymat_t keymat_t;
25
26 #include <library.h>
27 #include <utils/identification.h>
28 #include <crypto/prfs/prf.h>
29 #include <crypto/aead.h>
30 #include <config/proposal.h>
31 #include <config/peer_cfg.h>
32 #include <sa/ike_sa_id.h>
33
34 /**
35 * Derivation an management of sensitive keying material.
36 */
37 struct keymat_t {
38
39 /**
40 * Get IKE version of this keymat.
41 *
42 * @return IKEV1 for keymat_v1_t, IKEV2 for keymat_v2_t
43 */
44 ike_version_t (*get_version)(keymat_t *this);
45
46 /**
47 * Create a diffie hellman object for key agreement.
48 *
49 * The diffie hellman is either for IKE negotiation/rekeying or
50 * CHILD_SA rekeying (using PFS). The resulting DH object must be passed
51 * to derive_keys or to derive_child_keys and destroyed after use
52 *
53 * @param group diffie hellman group
54 * @return DH object, NULL if group not supported
55 */
56 diffie_hellman_t* (*create_dh)(keymat_t *this,
57 diffie_hellman_group_t group);
58
59 /*
60 * Get a AEAD transform to en-/decrypt and sign/verify IKE messages.
61 *
62 * @param in TRUE for inbound (decrypt), FALSE for outbound (encrypt)
63 * @return crypter
64 */
65 aead_t* (*get_aead)(keymat_t *this, bool in);
66
67 /**
68 * Destroy a keymat_t.
69 */
70 void (*destroy)(keymat_t *this);
71 };
72
73 /**
74 * Create the appropriate keymat_t implementation based on the IKE version.
75 *
76 * @param version requested IKE version
77 * @param initiator TRUE if we are initiator
78 * @return keymat_t implmenetation
79 */
80 keymat_t *keymat_create(ike_version_t version, bool initiator);
81
82 /**
83 * Look up the key length of an encryption algorithm.
84 *
85 * @param alg algorithm to get key length for
86 * @return key length in bits
87 */
88 int keymat_get_keylen_encr(encryption_algorithm_t alg);
89
90 /**
91 * Look up the key length of an integrity algorithm.
92 *
93 * @param alg algorithm to get key length for
94 * @return key length in bits
95 */
96 int keymat_get_keylen_integ(integrity_algorithm_t alg);
97
98 #endif /** KEYMAT_H_ @}*/