moved CHILD_SA key derivation to keymat_t
[strongswan.git] / src / charon / sa / child_sa.h
index 3e99986..3e13814 100644 (file)
@@ -155,23 +155,19 @@ struct child_sa_t {
        ipsec_mode_t (*get_mode)(child_sa_t *this);
        
        /**
-        * Get the IPsec encryption key.
+        * Get the used IPComp algorithm.
         *
-        * @param inbound       TRUE for inbound, FALSE for outbound key
-        * @param key           chunk where to write key pointer and length
-        * @return                      encryption algorithm
+        * @return                      IPComp compression algorithm.
         */
-       encryption_algorithm_t (*get_encryption)(child_sa_t *this, bool inbound,
-                                                                                        chunk_t *key);
+       ipcomp_transform_t (*get_ipcomp)(child_sa_t *this);
+       
        /**
-        * Get the IPsec integrity.
+        * Check if this CHILD_SA uses UDP encapsulation.
         *
-        * @param inbound       TRUE for inbound, FALSE for outbound key
-        * @param key           chunk where to write key pointer and length
-        * @return                      integrity algorithm
+        * @return                      TRUE if SA encapsulates ESP packets
         */
-       integrity_algorithm_t (*get_integrity)(child_sa_t *this, bool inbound,
-                                                                                  chunk_t *key);
+       bool (*has_encap)(child_sa_t *this);
+       
        /**
         * Get the lifetime of the CHILD_SA.
         *
@@ -206,12 +202,15 @@ struct child_sa_t {
         *
         * @param proposal      proposal for which SPIs are allocated
         * @param mode          mode for the CHILD_SA
-        * @param prf_plus      key material to use for key derivation
+        * @param integ_in      integrity key for inbound traffic
+        * @param integ_out     integrity key for outbound traffic
+        * @param encr_in       encryption key for inbound traffic
+        * @param enc_out       encryption key for outbound traffic
         * @return                      SUCCESS or FAILED
         */
        status_t (*add)(child_sa_t *this, proposal_t *proposal, ipsec_mode_t mode,
-                                       prf_plus_t *prf_plus);
-       
+                                       chunk_t integ_in, chunk_t integ_out,
+                                       chunk_t encr_in, chunk_t encr_out);
        /**
         * Install the kernel SAs for a proposal, after SPIs have been allocated.
         *
@@ -219,12 +218,22 @@ struct child_sa_t {
         *
         * @param proposal      proposal for which SPIs are allocated
         * @param mode          mode for the CHILD_SA
-        * @param prf_plus      key material to use for key derivation
+        * @param integ_in      integrity key for inbound traffic
+        * @param integ_out     integrity key for outbound traffic
+        * @param encr_in       encryption key for inbound traffic
+        * @param enc_out       encryption key for outbound traffic
         * @return                      SUCCESS or FAILED
         */
        status_t (*update)(child_sa_t *this, proposal_t *proposal, ipsec_mode_t mode,
-                                          prf_plus_t *prf_plus);
-
+                                          chunk_t integ_in, chunk_t integ_out,
+                                          chunk_t encr_in, chunk_t encr_out);
+       /**
+        * Get the selected proposal passed to add()/update().
+        *
+        * @return                      selected proposal
+        */
+       proposal_t* (*get_proposal)(child_sa_t *this);
+       
        /**
         * Update the hosts in the kernel SAs and policies.
         *