eb07e3a0c5e81195de443c08da1883bc64fcb9a4
[strongswan.git] / src / libcharon / sa / keymat_v1.h
1 /*
2 * Copyright (C) 2011 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup keymat_v1 keymat_v1
18 * @{ @ingroup sa
19 */
20
21 #ifndef KEYMAT_V1_H_
22 #define KEYMAT_V1_H_
23
24 #include <sa/keymat.h>
25
26 typedef struct keymat_v1_t keymat_v1_t;
27
28 /**
29 * Derivation and management of sensitive keying material, IKEv1 variant.
30 */
31 struct keymat_v1_t {
32
33 /**
34 * Implements keymat_t.
35 */
36 keymat_t keymat;
37
38 /**
39 * Derive keys for the IKE_SA.
40 *
41 * These keys are not handed out, but are used by the associated signers,
42 * crypters and authentication functions.
43 *
44 * @param proposal selected algorithms
45 * @param dh diffie hellman key allocated by create_dh()
46 * @param dh_other public DH value from other peer
47 * @param nonce_i initiators nonce value
48 * @param nonce_r responders nonce value
49 * @param id IKE_SA identifier
50 * @param auth authentication method
51 * @param shared_key PSK in case of AUTH_CLASS_PSK, NULL otherwise
52 * @return TRUE on success
53 */
54 bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
55 diffie_hellman_t *dh, chunk_t dh_other,
56 chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
57 auth_class_t auth, shared_key_t *shared_key);
58
59 /**
60 * Derive keys for the CHILD_SA.
61 *
62 * @param proposal selected algorithms
63 * @param dh diffie hellman key, NULL if none used
64 * @param spi_i SPI chosen by initiatior
65 * @param spi_r SPI chosen by responder
66 * @param nonce_i quick mode initiator nonce
67 * @param nonce_r quick mode responder nonce
68 * @param encr_i allocated initiators encryption key
69 * @param integ_i allocated initiators integrity key
70 * @param encr_r allocated responders encryption key
71 * @param integ_r allocated responders integrity key
72 */
73 bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal,
74 diffie_hellman_t *dh, u_int32_t spi_i, u_int32_t spi_r,
75 chunk_t nonce_i, chunk_t nonce_r,
76 chunk_t *encr_i, chunk_t *integ_i,
77 chunk_t *encr_r, chunk_t *integ_r);
78
79 /**
80 * Get HASH data for authentication.
81 *
82 * @param initiatior TRUE to create HASH_I, FALSE for HASH_R
83 * @param dh public DH value of peer to create HASH for
84 * @param dh_other others public DH value
85 * @param ike_sa_id IKE_SA identifier
86 * @param sa_i encoded SA payload of initiator
87 * @param id ID of peer to create hash for
88 * @return allocated HASH data
89 */
90 chunk_t (*get_hash)(keymat_v1_t *this, bool initiator,
91 chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
92 chunk_t sa_i, identification_t *id);
93
94 /**
95 * Get HASH data for integrity/authentication in Phase 2 exchanges.
96 *
97 * @param message message to generate the HASH data for
98 * @return allocated HASH data
99 */
100 chunk_t (*get_hash_phase2)(keymat_v1_t *this, message_t *message);
101
102
103 /**
104 * Returns the IV for a message with the given message ID.
105 *
106 * @param mid message ID
107 * @return IV (needs to be freed)
108 */
109 chunk_t (*get_iv)(keymat_v1_t *this, u_int32_t mid);
110
111 /**
112 * Updates the IV for the next message with the given message ID.
113 *
114 * A call of confirm_iv() is required in order to actually make the IV
115 * available. This is needed for the inbound case where we store the last
116 * block of the encrypted message but want to update the IV only after
117 * verification of the decrypted message.
118 *
119 * @param mid message ID
120 * @param last_block last block of encrypted message (gets cloned)
121 */
122 void (*update_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t last_block);
123
124 /**
125 * Confirms the updated IV for the given message ID.
126 *
127 * To actually make the new IV available via get_iv this method has to
128 * be called after update_iv.
129 *
130 * @param mid message ID
131 */
132 void (*confirm_iv)(keymat_v1_t *this, u_int32_t mid);
133
134 };
135
136 /**
137 * Create a keymat instance.
138 *
139 * @param initiator TRUE if we are the initiator
140 * @return keymat instance
141 */
142 keymat_v1_t *keymat_v1_create(bool initiator);
143
144 #endif /** KEYMAT_V1_H_ @}*/