Return to phase1.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 |
1.1 misho 1: /* 2: * Copyright (C) 2012 Martin Willi 3: * Copyright (C) 2012 revosec AG 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: /** 17: * @defgroup phase1 phase1 18: * @{ @ingroup ikev1 19: */ 20: 21: #ifndef PHASE1_H_ 22: #define PHASE1_H_ 23: 24: typedef struct phase1_t phase1_t; 25: 26: #include <sa/ike_sa.h> 27: #include <crypto/diffie_hellman.h> 28: 29: /** 30: * Common phase 1 helper for main and aggressive mode. 31: */ 32: struct phase1_t { 33: 34: /** 35: * Create keymat hasher. 36: * 37: * @return TRUE if hasher created 38: */ 39: bool (*create_hasher)(phase1_t *this); 40: 41: /** 42: * Create DH object using SA keymat. 43: * 44: * @param group negotiated DH group 45: * @return TRUE if group supported 46: */ 47: bool (*create_dh)(phase1_t *this, diffie_hellman_group_t group); 48: 49: /** 50: * Derive key material. 51: * 52: * @param peer_cfg peer config to look up shared key for, or NULL 53: * @param method negotiated authenticated method 54: * @return TRUE if successful 55: */ 56: bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg, 57: auth_method_t method); 58: /** 59: * Verify a HASH or SIG payload in message. 60: * 61: * @param method negotiated auth method 62: * @param message message containing HASH or SIG payload 63: * @param id_data encoded identity, including protocol/port fields 64: * @return TRUE if verified successfully 65: */ 66: bool (*verify_auth)(phase1_t *this, auth_method_t method, 67: message_t *message, chunk_t id_data); 68: 69: /** 70: * Build a HASH or SIG payload and add it to message. 71: * 72: * @param method negotiated auth method 73: * @param message message to add payload to 74: * @param id_data encoded identity, including protocol/port fields 75: * @return TRUE if built successfully 76: */ 77: bool (*build_auth)(phase1_t *this, auth_method_t method, 78: message_t *message, chunk_t id_data); 79: 80: /** 81: * Get the IKEv1 authentication method defined by peer config. 82: * 83: * @param peer_cfg peer config to get auth method from 84: * @return auth method, or AUTH_NONE 85: */ 86: auth_method_t (*get_auth_method)(phase1_t *this, peer_cfg_t *peer_cfg); 87: 88: /** 89: * Select a peer config as responder. 90: * 91: * If called after the first successful call the next alternative config 92: * is returned, if any. 93: * 94: * @param method used authentication method 95: * @param aggressive TRUE to get an aggressive mode config 96: * @param id initiator identity 97: * @return selected peer config, NULL if none found 98: */ 99: peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method, 100: bool aggressive, identification_t *id); 101: 102: /** 103: * Get configured identity from peer config. 104: * 105: * @param peer_cfg peer config to get identity from 106: * @param local TRUE to get own identity, FALSE for remote 107: * @return identity, pointing to internal config data 108: */ 109: identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local); 110: 111: /** 112: * Check if peer config has virtual IPs pool assigned. 113: * 114: * @param peer_cfg peer_config to check 115: * @return TRUE if peer config contains at least one pool 116: */ 117: bool (*has_pool)(phase1_t *this, peer_cfg_t *peer_cfg); 118: 119: /** 120: * Check if peer config has virtual IPs to request 121: * 122: * @param peer_cfg peer_config to check 123: * @return TRUE if peer config contains at least one virtual IP 124: */ 125: bool (*has_virtual_ip)(phase1_t *this, peer_cfg_t *peer_cfg); 126: 127: /** 128: * Extract and store SA payload bytes from encoded message. 129: * 130: * @param message message to extract SA payload bytes from 131: * @return TRUE if SA payload found 132: */ 133: bool (*save_sa_payload)(phase1_t *this, message_t *message); 134: 135: /** 136: * Add Nonce and KE payload to message. 137: * 138: * @param message message to add payloads 139: * @return TRUE if payloads added successfully 140: */ 141: bool (*add_nonce_ke)(phase1_t *this, message_t *message); 142: 143: /** 144: * Extract Nonce and KE payload from message. 145: * 146: * @param message message to get payloads from 147: * @return TRUE if payloads extracted successfully 148: */ 149: bool (*get_nonce_ke)(phase1_t *this, message_t *message); 150: 151: /** 152: * Destroy a phase1_t. 153: */ 154: void (*destroy)(phase1_t *this); 155: }; 156: 157: /** 158: * Create a phase1 instance. 159: * 160: * @param ike_sa IKE_SA to set up 161: * @param initiator TRUE if initiating actively 162: * @return Phase 1 helper 163: */ 164: phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator); 165: 166: #endif /** PHASE1_H_ @}*/