libipsec: Properly initialize variables when creating AEAD wrapper
[strongswan.git] / src / libipsec / ipsec_sa.h
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Copyright (C) 2012 Giuliano Grassi
4 * Copyright (C) 2012 Ralf Sager
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup ipsec_sa ipsec_sa
20 * @{ @ingroup libipsec
21 */
22
23 #ifndef IPSEC_SA_H_
24 #define IPSEC_SA_H_
25
26 #include "esp_context.h"
27
28 #include <library.h>
29 #include <networking/host.h>
30 #include <selectors/traffic_selector.h>
31 #include <ipsec/ipsec_types.h>
32
33 typedef struct ipsec_sa_t ipsec_sa_t;
34
35 /**
36 * IPsec Security Association (SA)
37 */
38 struct ipsec_sa_t {
39
40 /**
41 * Get the source address for this SA
42 *
43 * @return source address of this SA
44 */
45 host_t *(*get_source)(ipsec_sa_t *this);
46
47 /**
48 * Get the destination address for this SA
49 *
50 * @return destination address of this SA
51 */
52 host_t *(*get_destination)(ipsec_sa_t *this);
53
54 /**
55 * Set the source address for this SA
56 *
57 * @param addr source address of this SA (gets cloned)
58 */
59 void (*set_source)(ipsec_sa_t *this, host_t *addr);
60
61 /**
62 * Set the destination address for this SA
63 *
64 * @param addr destination address of this SA (gets cloned)
65 */
66 void (*set_destination)(ipsec_sa_t *this, host_t *addr);
67
68 /**
69 * Get the SPI for this SA
70 *
71 * @return SPI of this SA
72 */
73 u_int32_t (*get_spi)(ipsec_sa_t *this);
74
75 /**
76 * Get the reqid of this SA
77 *
78 * @return reqid of this SA
79 */
80 u_int32_t (*get_reqid)(ipsec_sa_t *this);
81
82 /**
83 * Get the protocol (e.g. IPPROTO_ESP) of this SA
84 *
85 * @return protocol of this SA
86 */
87 u_int8_t (*get_protocol)(ipsec_sa_t *this);
88
89 /**
90 * Returns whether this SA is inbound or outbound
91 *
92 * @return TRUE if inbound, FALSE if outbound
93 */
94 bool (*is_inbound)(ipsec_sa_t *this);
95
96 /**
97 * Get the lifetime information for this SA
98 * Note that this information is always relative to the time when the
99 * SA was installed (i.e. it is not adjusted over time)
100 *
101 * @return lifetime of this SA
102 */
103 lifetime_cfg_t *(*get_lifetime)(ipsec_sa_t *this);
104
105 /**
106 * Get the ESP context for this SA
107 *
108 * @return ESP context of this SA
109 */
110 esp_context_t *(*get_esp_context)(ipsec_sa_t *this);
111
112 /**
113 * Check if this SA matches all given parameters
114 *
115 * @param spi SPI
116 * @param dst destination address
117 * @return TRUE if this SA matches all parameters, FALSE otherwise
118 */
119 bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst);
120
121 /**
122 * Check if this SA matches all given parameters
123 *
124 * @param spi SPI
125 * @param src source address
126 * @param dst destination address
127 * @return TRUE if this SA matches all parameters, FALSE otherwise
128 */
129 bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src,
130 host_t *dst);
131
132 /**
133 * Check if this SA matches all given parameters
134 *
135 * @param reqid reqid
136 * @param inbound TRUE for inbound SA, FALSE for outbound
137 * @return TRUE if this SA matches all parameters, FALSE otherwise
138 */
139 bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound);
140
141 /**
142 * Destroy an ipsec_sa_t
143 */
144 void (*destroy)(ipsec_sa_t *this);
145
146 };
147
148 /**
149 * Create an ipsec_sa_t instance
150 *
151 * @param spi SPI for this SA
152 * @param src source address for this SA (gets cloned)
153 * @param dst destination address for this SA (gets cloned)
154 * @param protocol protocol for this SA (only ESP is supported)
155 * @param reqid reqid for this SA
156 * @param mark mark for this SA (ignored)
157 * @param tfc Traffic Flow Confidentiality (currently not supported)
158 * @param lifetime lifetime for this SA
159 * @param enc_alg encryption algorithm for this SA
160 * @param enc_key encryption key for this SA
161 * @param int_alg integrity protection algorithm
162 * @param int_key integrity protection key
163 * @param mode mode for this SA (only tunnel mode is supported)
164 * @param ipcomp IPcomp transform (not supported, use IPCOMP_NONE)
165 * @param cpi CPI for IPcomp (ignored)
166 * @param encap enable UDP encapsulation (must be TRUE)
167 * @param esn Extended Sequence Numbers (currently not supported)
168 * @param inbound TRUE if this is an inbound SA, FALSE otherwise
169 * @param src_ts source traffic selector
170 * @param dst_ts destination traffic selector
171 * @return the IPsec SA, or NULL if the creation failed
172 */
173 ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst,
174 u_int8_t protocol, u_int32_t reqid, mark_t mark,
175 u_int32_t tfc, lifetime_cfg_t *lifetime,
176 u_int16_t enc_alg, chunk_t enc_key,
177 u_int16_t int_alg, chunk_t int_key,
178 ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
179 bool encap, bool esn, bool inbound,
180 traffic_selector_t *src_ts,
181 traffic_selector_t *dst_ts);
182
183 #endif /** IPSEC_SA_H_ @}*/