Return to iv_manager.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 |
1.1 misho 1: /* 2: * Copyright (C) 2011-2016 Tobias Brunner 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup iv_manager iv_manager 18: * @{ @ingroup ikev1 19: */ 20: 21: #ifndef IV_MANAGER_H_ 22: #define IV_MANAGER_H_ 23: 24: #include <utils/chunk.h> 25: #include <crypto/hashers/hasher.h> 26: 27: typedef struct iv_manager_t iv_manager_t; 28: 29: /** 30: * IV and QM managing instance for IKEv1. Keeps track of phase 2 exchanges 31: * and IV, as well as the phase 1 IV. 32: */ 33: struct iv_manager_t { 34: 35: /** 36: * Set the value of the first phase1 IV. 37: * 38: * @param data input to calc initial IV from (g^xi | g^xr) 39: * @param hasher hasher to be used for IV calculation 40: * (shared with keymat, must not be destroyed here) 41: * @param block_size cipher block size of aead 42: * @return TRUE for success, FALSE otherwise 43: */ 44: bool (*init_iv_chain)(iv_manager_t *this, chunk_t data, hasher_t *hasher, 45: size_t block_size); 46: 47: /** 48: * Returns the IV for a message with the given message ID. 49: * 50: * The return chunk contains internal data and is valid until the next 51: * get_iv/udpate_iv/confirm_iv() call. 52: * 53: * @param mid message ID 54: * @param iv chunk receiving IV, internal data 55: * @return TRUE if IV allocated successfully 56: */ 57: bool (*get_iv)(iv_manager_t *this, uint32_t mid, chunk_t *iv); 58: 59: /** 60: * Updates the IV for the next message with the given message ID. 61: * 62: * A call of confirm_iv() is required in order to actually make the IV 63: * available. This is needed for the inbound case where we store the last 64: * block of the encrypted message but want to update the IV only after 65: * verification of the decrypted message. 66: * 67: * @param mid message ID 68: * @param last_block last block of encrypted message (gets cloned) 69: * @return TRUE if IV updated successfully 70: */ 71: bool (*update_iv)(iv_manager_t *this, uint32_t mid, chunk_t last_block); 72: 73: /** 74: * Confirms the updated IV for the given message ID. 75: * 76: * To actually make the new IV available via get_iv() this method has to 77: * be called after update_iv(). 78: * 79: * @param mid message ID 80: * @return TRUE if IV confirmed successfully 81: */ 82: bool (*confirm_iv)(iv_manager_t *this, uint32_t mid); 83: 84: /** 85: * Try to find a QM for the given message ID, if not found, generate it. 86: * The nonces shall be assigned by the caller if they are not set yet. 87: * 88: * @param mid message ID 89: * @param n_i chunk pointer to contain Ni_b (Nonce from first 90: * message) 91: * @param n_r chunk pointer to contain Nr_b (Nonce from second 92: * message) 93: */ 94: void (*lookup_quick_mode)(iv_manager_t *this, uint32_t mid, chunk_t **n_i, 95: chunk_t **n_r); 96: 97: /** 98: * Remove the QM for the given message ID. 99: * 100: * @param mid message ID 101: */ 102: void (*remove_quick_mode)(iv_manager_t *this, uint32_t mid); 103: 104: /* 105: * Destroy a iv_manager_t. 106: */ 107: void (*destroy)(iv_manager_t *this); 108: }; 109: 110: /** 111: * Create an IV and QM manager which is able to store up to max_exchanges 112: * initialization vectors and quick modes. 113: * 114: * @param max_exchanges maximum number of IVs and QMs to be stored, set 115: * to 0 to use default (3, or as configured) 116: * @return IV and QM manager instance 117: */ 118: iv_manager_t *iv_manager_create(int max_exchanges); 119: 120: #endif /** IV_MANAGER_H_ @}*/