Return to keymat_v1.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 |
1.1 misho 1: /* 2: * Copyright (C) 2011 Tobias Brunner 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup keymat_v1 keymat_v1 18: * @{ @ingroup ikev1 19: */ 20: 21: #ifndef KEYMAT_V1_H_ 22: #define KEYMAT_V1_H_ 23: 24: #include <sa/keymat.h> 25: #include <sa/authenticator.h> 26: 27: typedef struct keymat_v1_t keymat_v1_t; 28: 29: /** 30: * Derivation and management of sensitive keying material, IKEv1 variant. 31: */ 32: struct keymat_v1_t { 33: 34: /** 35: * Implements keymat_t. 36: */ 37: keymat_t keymat; 38: 39: /** 40: * Derive keys for the IKE_SA. 41: * 42: * These keys are not handed out, but are used by the associated signers, 43: * crypters and authentication functions. 44: * 45: * @param proposal selected algorithms 46: * @param dh diffie hellman key allocated by create_dh() 47: * @param dh_other public DH value from other peer 48: * @param nonce_i initiators nonce value 49: * @param nonce_r responders nonce value 50: * @param id IKE_SA identifier 51: * @param auth authentication method 52: * @param shared_key PSK in case of AUTH_CLASS_PSK, NULL otherwise 53: * @return TRUE on success 54: */ 55: bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal, 56: diffie_hellman_t *dh, chunk_t dh_other, 57: chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, 58: auth_method_t auth, shared_key_t *shared_key); 59: 60: /** 61: * Derive keys for the CHILD_SA. 62: * 63: * @param proposal selected algorithms 64: * @param dh diffie hellman key, NULL if none used 65: * @param spi_i SPI chosen by initiator 66: * @param spi_r SPI chosen by responder 67: * @param nonce_i quick mode initiator nonce 68: * @param nonce_r quick mode responder nonce 69: * @param encr_i allocated initiators encryption key 70: * @param integ_i allocated initiators integrity key 71: * @param encr_r allocated responders encryption key 72: * @param integ_r allocated responders integrity key 73: */ 74: bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal, 75: diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r, 76: chunk_t nonce_i, chunk_t nonce_r, 77: chunk_t *encr_i, chunk_t *integ_i, 78: chunk_t *encr_r, chunk_t *integ_r); 79: 80: /** 81: * Create the negotiated hasher. 82: * 83: * @param proposal selected algorithms 84: * @return TRUE, if creation was successful 85: */ 86: bool (*create_hasher)(keymat_v1_t *this, proposal_t *proposal); 87: 88: /** 89: * Get the negotiated hasher. 90: * 91: * @return allocated hasher or NULL 92: */ 93: hasher_t *(*get_hasher)(keymat_v1_t *this); 94: 95: /** 96: * Get HASH data for authentication. 97: * 98: * @param initiator TRUE to create HASH_I, FALSE for HASH_R 99: * @param dh public DH value of peer to create HASH for 100: * @param dh_other others public DH value 101: * @param ike_sa_id IKE_SA identifier 102: * @param sa_i encoded SA payload of initiator 103: * @param id encoded IDii payload for HASH_I (IDir for HASH_R) 104: * @param hash chunk receiving allocated HASH data 105: * @param scheme pointer to signature scheme in case it needs to be 106: * modified by the keymat implementation 107: * @return TRUE if hash allocated successfully 108: */ 109: bool (*get_hash)(keymat_v1_t *this, bool initiator, 110: chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id, 111: chunk_t sa_i, chunk_t id, chunk_t *hash, 112: signature_scheme_t *scheme); 113: 114: /** 115: * Get HASH data for integrity/authentication in Phase 2 exchanges. 116: * 117: * @param message message to generate the HASH data for 118: * @param hash chunk receiving allocated hash data 119: * @return TRUE if hash allocated successfully 120: */ 121: bool (*get_hash_phase2)(keymat_v1_t *this, message_t *message, chunk_t *hash); 122: 123: /** 124: * @see iv_manager_t.get_iv 125: */ 126: bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv); 127: 128: /** 129: * @see iv_manager_t.update_iv 130: */ 131: bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block); 132: 133: /** 134: * @see iv_manager_t.confirm_iv 135: */ 136: bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid); 137: }; 138: 139: /** 140: * Create a keymat instance. 141: * 142: * @param initiator TRUE if we are the initiator 143: * @return keymat instance 144: */ 145: keymat_v1_t *keymat_v1_create(bool initiator); 146: 147: #endif /** KEYMAT_V1_H_ @}*/