![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to keymat_v1.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1|
Return to keymat_v1.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 |
1.1 misho 1: /*
2: * Copyright (C) 2011 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup keymat_v1 keymat_v1
18: * @{ @ingroup ikev1
19: */
20:
21: #ifndef KEYMAT_V1_H_
22: #define KEYMAT_V1_H_
23:
24: #include <sa/keymat.h>
25: #include <sa/authenticator.h>
26:
27: typedef struct keymat_v1_t keymat_v1_t;
28:
29: /**
30: * Derivation and management of sensitive keying material, IKEv1 variant.
31: */
32: struct keymat_v1_t {
33:
34: /**
35: * Implements keymat_t.
36: */
37: keymat_t keymat;
38:
39: /**
40: * Derive keys for the IKE_SA.
41: *
42: * These keys are not handed out, but are used by the associated signers,
43: * crypters and authentication functions.
44: *
45: * @param proposal selected algorithms
46: * @param dh diffie hellman key allocated by create_dh()
47: * @param dh_other public DH value from other peer
48: * @param nonce_i initiators nonce value
49: * @param nonce_r responders nonce value
50: * @param id IKE_SA identifier
51: * @param auth authentication method
52: * @param shared_key PSK in case of AUTH_CLASS_PSK, NULL otherwise
53: * @return TRUE on success
54: */
55: bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
56: diffie_hellman_t *dh, chunk_t dh_other,
57: chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
58: auth_method_t auth, shared_key_t *shared_key);
59:
60: /**
61: * Derive keys for the CHILD_SA.
62: *
63: * @param proposal selected algorithms
64: * @param dh diffie hellman key, NULL if none used
65: * @param spi_i SPI chosen by initiator
66: * @param spi_r SPI chosen by responder
67: * @param nonce_i quick mode initiator nonce
68: * @param nonce_r quick mode responder nonce
69: * @param encr_i allocated initiators encryption key
70: * @param integ_i allocated initiators integrity key
71: * @param encr_r allocated responders encryption key
72: * @param integ_r allocated responders integrity key
73: */
74: bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal,
75: diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r,
76: chunk_t nonce_i, chunk_t nonce_r,
77: chunk_t *encr_i, chunk_t *integ_i,
78: chunk_t *encr_r, chunk_t *integ_r);
79:
80: /**
81: * Create the negotiated hasher.
82: *
83: * @param proposal selected algorithms
84: * @return TRUE, if creation was successful
85: */
86: bool (*create_hasher)(keymat_v1_t *this, proposal_t *proposal);
87:
88: /**
89: * Get the negotiated hasher.
90: *
91: * @return allocated hasher or NULL
92: */
93: hasher_t *(*get_hasher)(keymat_v1_t *this);
94:
95: /**
96: * Get HASH data for authentication.
97: *
98: * @param initiator TRUE to create HASH_I, FALSE for HASH_R
99: * @param dh public DH value of peer to create HASH for
100: * @param dh_other others public DH value
101: * @param ike_sa_id IKE_SA identifier
102: * @param sa_i encoded SA payload of initiator
103: * @param id encoded IDii payload for HASH_I (IDir for HASH_R)
104: * @param hash chunk receiving allocated HASH data
105: * @param scheme pointer to signature scheme in case it needs to be
106: * modified by the keymat implementation
107: * @return TRUE if hash allocated successfully
108: */
109: bool (*get_hash)(keymat_v1_t *this, bool initiator,
110: chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
111: chunk_t sa_i, chunk_t id, chunk_t *hash,
112: signature_scheme_t *scheme);
113:
114: /**
115: * Get HASH data for integrity/authentication in Phase 2 exchanges.
116: *
117: * @param message message to generate the HASH data for
118: * @param hash chunk receiving allocated hash data
119: * @return TRUE if hash allocated successfully
120: */
121: bool (*get_hash_phase2)(keymat_v1_t *this, message_t *message, chunk_t *hash);
122:
123: /**
124: * @see iv_manager_t.get_iv
125: */
126: bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv);
127:
128: /**
129: * @see iv_manager_t.update_iv
130: */
131: bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block);
132:
133: /**
134: * @see iv_manager_t.confirm_iv
135: */
136: bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid);
137: };
138:
139: /**
140: * Create a keymat instance.
141: *
142: * @param initiator TRUE if we are the initiator
143: * @return keymat instance
144: */
145: keymat_v1_t *keymat_v1_create(bool initiator);
146:
147: #endif /** KEYMAT_V1_H_ @}*/