Annotation of embedaddon/strongswan/src/libcharon/sa/ikev1/keymat_v1.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011 Tobias Brunner
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup keymat_v1 keymat_v1
! 18: * @{ @ingroup ikev1
! 19: */
! 20:
! 21: #ifndef KEYMAT_V1_H_
! 22: #define KEYMAT_V1_H_
! 23:
! 24: #include <sa/keymat.h>
! 25: #include <sa/authenticator.h>
! 26:
! 27: typedef struct keymat_v1_t keymat_v1_t;
! 28:
! 29: /**
! 30: * Derivation and management of sensitive keying material, IKEv1 variant.
! 31: */
! 32: struct keymat_v1_t {
! 33:
! 34: /**
! 35: * Implements keymat_t.
! 36: */
! 37: keymat_t keymat;
! 38:
! 39: /**
! 40: * Derive keys for the IKE_SA.
! 41: *
! 42: * These keys are not handed out, but are used by the associated signers,
! 43: * crypters and authentication functions.
! 44: *
! 45: * @param proposal selected algorithms
! 46: * @param dh diffie hellman key allocated by create_dh()
! 47: * @param dh_other public DH value from other peer
! 48: * @param nonce_i initiators nonce value
! 49: * @param nonce_r responders nonce value
! 50: * @param id IKE_SA identifier
! 51: * @param auth authentication method
! 52: * @param shared_key PSK in case of AUTH_CLASS_PSK, NULL otherwise
! 53: * @return TRUE on success
! 54: */
! 55: bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
! 56: diffie_hellman_t *dh, chunk_t dh_other,
! 57: chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
! 58: auth_method_t auth, shared_key_t *shared_key);
! 59:
! 60: /**
! 61: * Derive keys for the CHILD_SA.
! 62: *
! 63: * @param proposal selected algorithms
! 64: * @param dh diffie hellman key, NULL if none used
! 65: * @param spi_i SPI chosen by initiator
! 66: * @param spi_r SPI chosen by responder
! 67: * @param nonce_i quick mode initiator nonce
! 68: * @param nonce_r quick mode responder nonce
! 69: * @param encr_i allocated initiators encryption key
! 70: * @param integ_i allocated initiators integrity key
! 71: * @param encr_r allocated responders encryption key
! 72: * @param integ_r allocated responders integrity key
! 73: */
! 74: bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal,
! 75: diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r,
! 76: chunk_t nonce_i, chunk_t nonce_r,
! 77: chunk_t *encr_i, chunk_t *integ_i,
! 78: chunk_t *encr_r, chunk_t *integ_r);
! 79:
! 80: /**
! 81: * Create the negotiated hasher.
! 82: *
! 83: * @param proposal selected algorithms
! 84: * @return TRUE, if creation was successful
! 85: */
! 86: bool (*create_hasher)(keymat_v1_t *this, proposal_t *proposal);
! 87:
! 88: /**
! 89: * Get the negotiated hasher.
! 90: *
! 91: * @return allocated hasher or NULL
! 92: */
! 93: hasher_t *(*get_hasher)(keymat_v1_t *this);
! 94:
! 95: /**
! 96: * Get HASH data for authentication.
! 97: *
! 98: * @param initiator TRUE to create HASH_I, FALSE for HASH_R
! 99: * @param dh public DH value of peer to create HASH for
! 100: * @param dh_other others public DH value
! 101: * @param ike_sa_id IKE_SA identifier
! 102: * @param sa_i encoded SA payload of initiator
! 103: * @param id encoded IDii payload for HASH_I (IDir for HASH_R)
! 104: * @param hash chunk receiving allocated HASH data
! 105: * @param scheme pointer to signature scheme in case it needs to be
! 106: * modified by the keymat implementation
! 107: * @return TRUE if hash allocated successfully
! 108: */
! 109: bool (*get_hash)(keymat_v1_t *this, bool initiator,
! 110: chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
! 111: chunk_t sa_i, chunk_t id, chunk_t *hash,
! 112: signature_scheme_t *scheme);
! 113:
! 114: /**
! 115: * Get HASH data for integrity/authentication in Phase 2 exchanges.
! 116: *
! 117: * @param message message to generate the HASH data for
! 118: * @param hash chunk receiving allocated hash data
! 119: * @return TRUE if hash allocated successfully
! 120: */
! 121: bool (*get_hash_phase2)(keymat_v1_t *this, message_t *message, chunk_t *hash);
! 122:
! 123: /**
! 124: * @see iv_manager_t.get_iv
! 125: */
! 126: bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv);
! 127:
! 128: /**
! 129: * @see iv_manager_t.update_iv
! 130: */
! 131: bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block);
! 132:
! 133: /**
! 134: * @see iv_manager_t.confirm_iv
! 135: */
! 136: bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid);
! 137: };
! 138:
! 139: /**
! 140: * Create a keymat instance.
! 141: *
! 142: * @param initiator TRUE if we are the initiator
! 143: * @return keymat instance
! 144: */
! 145: keymat_v1_t *keymat_v1_create(bool initiator);
! 146:
! 147: #endif /** KEYMAT_V1_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>