Annotation of embedaddon/strongswan/src/libcharon/sa/ikev1/phase1.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2012 Martin Willi
! 3: * Copyright (C) 2012 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup phase1 phase1
! 18: * @{ @ingroup ikev1
! 19: */
! 20:
! 21: #ifndef PHASE1_H_
! 22: #define PHASE1_H_
! 23:
! 24: typedef struct phase1_t phase1_t;
! 25:
! 26: #include <sa/ike_sa.h>
! 27: #include <crypto/diffie_hellman.h>
! 28:
! 29: /**
! 30: * Common phase 1 helper for main and aggressive mode.
! 31: */
! 32: struct phase1_t {
! 33:
! 34: /**
! 35: * Create keymat hasher.
! 36: *
! 37: * @return TRUE if hasher created
! 38: */
! 39: bool (*create_hasher)(phase1_t *this);
! 40:
! 41: /**
! 42: * Create DH object using SA keymat.
! 43: *
! 44: * @param group negotiated DH group
! 45: * @return TRUE if group supported
! 46: */
! 47: bool (*create_dh)(phase1_t *this, diffie_hellman_group_t group);
! 48:
! 49: /**
! 50: * Derive key material.
! 51: *
! 52: * @param peer_cfg peer config to look up shared key for, or NULL
! 53: * @param method negotiated authenticated method
! 54: * @return TRUE if successful
! 55: */
! 56: bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg,
! 57: auth_method_t method);
! 58: /**
! 59: * Verify a HASH or SIG payload in message.
! 60: *
! 61: * @param method negotiated auth method
! 62: * @param message message containing HASH or SIG payload
! 63: * @param id_data encoded identity, including protocol/port fields
! 64: * @return TRUE if verified successfully
! 65: */
! 66: bool (*verify_auth)(phase1_t *this, auth_method_t method,
! 67: message_t *message, chunk_t id_data);
! 68:
! 69: /**
! 70: * Build a HASH or SIG payload and add it to message.
! 71: *
! 72: * @param method negotiated auth method
! 73: * @param message message to add payload to
! 74: * @param id_data encoded identity, including protocol/port fields
! 75: * @return TRUE if built successfully
! 76: */
! 77: bool (*build_auth)(phase1_t *this, auth_method_t method,
! 78: message_t *message, chunk_t id_data);
! 79:
! 80: /**
! 81: * Get the IKEv1 authentication method defined by peer config.
! 82: *
! 83: * @param peer_cfg peer config to get auth method from
! 84: * @return auth method, or AUTH_NONE
! 85: */
! 86: auth_method_t (*get_auth_method)(phase1_t *this, peer_cfg_t *peer_cfg);
! 87:
! 88: /**
! 89: * Select a peer config as responder.
! 90: *
! 91: * If called after the first successful call the next alternative config
! 92: * is returned, if any.
! 93: *
! 94: * @param method used authentication method
! 95: * @param aggressive TRUE to get an aggressive mode config
! 96: * @param id initiator identity
! 97: * @return selected peer config, NULL if none found
! 98: */
! 99: peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method,
! 100: bool aggressive, identification_t *id);
! 101:
! 102: /**
! 103: * Get configured identity from peer config.
! 104: *
! 105: * @param peer_cfg peer config to get identity from
! 106: * @param local TRUE to get own identity, FALSE for remote
! 107: * @return identity, pointing to internal config data
! 108: */
! 109: identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local);
! 110:
! 111: /**
! 112: * Check if peer config has virtual IPs pool assigned.
! 113: *
! 114: * @param peer_cfg peer_config to check
! 115: * @return TRUE if peer config contains at least one pool
! 116: */
! 117: bool (*has_pool)(phase1_t *this, peer_cfg_t *peer_cfg);
! 118:
! 119: /**
! 120: * Check if peer config has virtual IPs to request
! 121: *
! 122: * @param peer_cfg peer_config to check
! 123: * @return TRUE if peer config contains at least one virtual IP
! 124: */
! 125: bool (*has_virtual_ip)(phase1_t *this, peer_cfg_t *peer_cfg);
! 126:
! 127: /**
! 128: * Extract and store SA payload bytes from encoded message.
! 129: *
! 130: * @param message message to extract SA payload bytes from
! 131: * @return TRUE if SA payload found
! 132: */
! 133: bool (*save_sa_payload)(phase1_t *this, message_t *message);
! 134:
! 135: /**
! 136: * Add Nonce and KE payload to message.
! 137: *
! 138: * @param message message to add payloads
! 139: * @return TRUE if payloads added successfully
! 140: */
! 141: bool (*add_nonce_ke)(phase1_t *this, message_t *message);
! 142:
! 143: /**
! 144: * Extract Nonce and KE payload from message.
! 145: *
! 146: * @param message message to get payloads from
! 147: * @return TRUE if payloads extracted successfully
! 148: */
! 149: bool (*get_nonce_ke)(phase1_t *this, message_t *message);
! 150:
! 151: /**
! 152: * Destroy a phase1_t.
! 153: */
! 154: void (*destroy)(phase1_t *this);
! 155: };
! 156:
! 157: /**
! 158: * Create a phase1 instance.
! 159: *
! 160: * @param ike_sa IKE_SA to set up
! 161: * @param initiator TRUE if initiating actively
! 162: * @return Phase 1 helper
! 163: */
! 164: phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator);
! 165:
! 166: #endif /** PHASE1_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>