Annotation of embedaddon/strongswan/src/libcharon/sa/ikev1/iv_manager.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2011-2016 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup iv_manager iv_manager
18: * @{ @ingroup ikev1
19: */
20:
21: #ifndef IV_MANAGER_H_
22: #define IV_MANAGER_H_
23:
24: #include <utils/chunk.h>
25: #include <crypto/hashers/hasher.h>
26:
27: typedef struct iv_manager_t iv_manager_t;
28:
29: /**
30: * IV and QM managing instance for IKEv1. Keeps track of phase 2 exchanges
31: * and IV, as well as the phase 1 IV.
32: */
33: struct iv_manager_t {
34:
35: /**
36: * Set the value of the first phase1 IV.
37: *
38: * @param data input to calc initial IV from (g^xi | g^xr)
39: * @param hasher hasher to be used for IV calculation
40: * (shared with keymat, must not be destroyed here)
41: * @param block_size cipher block size of aead
42: * @return TRUE for success, FALSE otherwise
43: */
44: bool (*init_iv_chain)(iv_manager_t *this, chunk_t data, hasher_t *hasher,
45: size_t block_size);
46:
47: /**
48: * Returns the IV for a message with the given message ID.
49: *
50: * The return chunk contains internal data and is valid until the next
51: * get_iv/udpate_iv/confirm_iv() call.
52: *
53: * @param mid message ID
54: * @param iv chunk receiving IV, internal data
55: * @return TRUE if IV allocated successfully
56: */
57: bool (*get_iv)(iv_manager_t *this, uint32_t mid, chunk_t *iv);
58:
59: /**
60: * Updates the IV for the next message with the given message ID.
61: *
62: * A call of confirm_iv() is required in order to actually make the IV
63: * available. This is needed for the inbound case where we store the last
64: * block of the encrypted message but want to update the IV only after
65: * verification of the decrypted message.
66: *
67: * @param mid message ID
68: * @param last_block last block of encrypted message (gets cloned)
69: * @return TRUE if IV updated successfully
70: */
71: bool (*update_iv)(iv_manager_t *this, uint32_t mid, chunk_t last_block);
72:
73: /**
74: * Confirms the updated IV for the given message ID.
75: *
76: * To actually make the new IV available via get_iv() this method has to
77: * be called after update_iv().
78: *
79: * @param mid message ID
80: * @return TRUE if IV confirmed successfully
81: */
82: bool (*confirm_iv)(iv_manager_t *this, uint32_t mid);
83:
84: /**
85: * Try to find a QM for the given message ID, if not found, generate it.
86: * The nonces shall be assigned by the caller if they are not set yet.
87: *
88: * @param mid message ID
89: * @param n_i chunk pointer to contain Ni_b (Nonce from first
90: * message)
91: * @param n_r chunk pointer to contain Nr_b (Nonce from second
92: * message)
93: */
94: void (*lookup_quick_mode)(iv_manager_t *this, uint32_t mid, chunk_t **n_i,
95: chunk_t **n_r);
96:
97: /**
98: * Remove the QM for the given message ID.
99: *
100: * @param mid message ID
101: */
102: void (*remove_quick_mode)(iv_manager_t *this, uint32_t mid);
103:
104: /*
105: * Destroy a iv_manager_t.
106: */
107: void (*destroy)(iv_manager_t *this);
108: };
109:
110: /**
111: * Create an IV and QM manager which is able to store up to max_exchanges
112: * initialization vectors and quick modes.
113: *
114: * @param max_exchanges maximum number of IVs and QMs to be stored, set
115: * to 0 to use default (3, or as configured)
116: * @return IV and QM manager instance
117: */
118: iv_manager_t *iv_manager_create(int max_exchanges);
119:
120: #endif /** IV_MANAGER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>