Fix parsing of IPv6 headers in ip_packet_t
[strongswan.git] / src / libipsec / esp_context.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup esp_context esp_context
20 * @{ @ingroup libipsec
21 */
22
23 #ifndef ESP_CONTEXT_H_
24 #define ESP_CONTEXT_H_
25
26 #include <library.h>
27 #include <crypto/crypters/crypter.h>
28 #include <crypto/signers/signer.h>
29
30 typedef struct esp_context_t esp_context_t;
31
32 /**
33 * ESP context, handles sequence numbers and maintains cryptographic primitives
34 */
35 struct esp_context_t {
36
37 /**
38 * Get the crypter.
39 *
40 * @return crypter
41 */
42 crypter_t *(*get_crypter)(esp_context_t *this);
43
44 /**
45 * Get the signer.
46 *
47 * @return signer
48 */
49 signer_t *(*get_signer)(esp_context_t *this);
50
51 /**
52 * Get the current outbound ESP sequence number or the highest authenticated
53 * inbound sequence number.
54 *
55 * @return current sequence number, in host byte order
56 */
57 u_int32_t (*get_seqno)(esp_context_t *this);
58
59 /**
60 * Allocate the next outbound ESP sequence number.
61 *
62 * @param seqno the sequence number, in host byte order
63 * @return FALSE if the sequence number cycled or inbound context
64 */
65 bool (*next_seqno)(esp_context_t *this, u_int32_t *seqno);
66
67 /**
68 * Verify an ESP sequence number. Checks whether a packet with this
69 * sequence number was already received, using the anti-replay window.
70 * This operation does not modify the internal state. After the sequence
71 * number is successfully verified and the ESP packet is authenticated,
72 * set_authenticated_seqno() should be called.
73 *
74 * @param seqno the sequence number to verify, in host byte order
75 * @return TRUE when sequence number is valid
76 */
77 bool (*verify_seqno)(esp_context_t *this, u_int32_t seqno);
78
79 /**
80 * Adds a sequence number that was successfully verified and
81 * authenticated. A user MUST call verify_seqno() immediately before
82 * calling this method.
83 *
84 * @param seqno verified and authenticated seq number in host byte order
85 */
86 void (*set_authenticated_seqno)(esp_context_t *this,
87 u_int32_t seqno);
88
89 /**
90 * Destroy an esp_context_t
91 */
92 void (*destroy)(esp_context_t *this);
93
94 };
95
96 /**
97 * Create an esp_context_t instance
98 *
99 * @param enc_alg encryption algorithm
100 * @param enc_key encryption key
101 * @param int_alg integrity protection algorithm
102 * @param int_key integrity protection key
103 * @param inbound TRUE to create an inbound ESP context
104 * @return ESP context instance, or NULL if creation fails
105 */
106 esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key, int int_alg,
107 chunk_t int_key, bool inbound);
108
109 #endif /** ESP_CONTEXT_H_ @}*/
110