![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to phase1.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1|
Return to phase1.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / sa / ikev1 |
1.1 misho 1: /*
2: * Copyright (C) 2012 Martin Willi
3: * Copyright (C) 2012 revosec AG
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup phase1 phase1
18: * @{ @ingroup ikev1
19: */
20:
21: #ifndef PHASE1_H_
22: #define PHASE1_H_
23:
24: typedef struct phase1_t phase1_t;
25:
26: #include <sa/ike_sa.h>
27: #include <crypto/diffie_hellman.h>
28:
29: /**
30: * Common phase 1 helper for main and aggressive mode.
31: */
32: struct phase1_t {
33:
34: /**
35: * Create keymat hasher.
36: *
37: * @return TRUE if hasher created
38: */
39: bool (*create_hasher)(phase1_t *this);
40:
41: /**
42: * Create DH object using SA keymat.
43: *
44: * @param group negotiated DH group
45: * @return TRUE if group supported
46: */
47: bool (*create_dh)(phase1_t *this, diffie_hellman_group_t group);
48:
49: /**
50: * Derive key material.
51: *
52: * @param peer_cfg peer config to look up shared key for, or NULL
53: * @param method negotiated authenticated method
54: * @return TRUE if successful
55: */
56: bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg,
57: auth_method_t method);
58: /**
59: * Verify a HASH or SIG payload in message.
60: *
61: * @param method negotiated auth method
62: * @param message message containing HASH or SIG payload
63: * @param id_data encoded identity, including protocol/port fields
64: * @return TRUE if verified successfully
65: */
66: bool (*verify_auth)(phase1_t *this, auth_method_t method,
67: message_t *message, chunk_t id_data);
68:
69: /**
70: * Build a HASH or SIG payload and add it to message.
71: *
72: * @param method negotiated auth method
73: * @param message message to add payload to
74: * @param id_data encoded identity, including protocol/port fields
75: * @return TRUE if built successfully
76: */
77: bool (*build_auth)(phase1_t *this, auth_method_t method,
78: message_t *message, chunk_t id_data);
79:
80: /**
81: * Get the IKEv1 authentication method defined by peer config.
82: *
83: * @param peer_cfg peer config to get auth method from
84: * @return auth method, or AUTH_NONE
85: */
86: auth_method_t (*get_auth_method)(phase1_t *this, peer_cfg_t *peer_cfg);
87:
88: /**
89: * Select a peer config as responder.
90: *
91: * If called after the first successful call the next alternative config
92: * is returned, if any.
93: *
94: * @param method used authentication method
95: * @param aggressive TRUE to get an aggressive mode config
96: * @param id initiator identity
97: * @return selected peer config, NULL if none found
98: */
99: peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method,
100: bool aggressive, identification_t *id);
101:
102: /**
103: * Get configured identity from peer config.
104: *
105: * @param peer_cfg peer config to get identity from
106: * @param local TRUE to get own identity, FALSE for remote
107: * @return identity, pointing to internal config data
108: */
109: identification_t* (*get_id)(phase1_t *this, peer_cfg_t *peer_cfg, bool local);
110:
111: /**
112: * Check if peer config has virtual IPs pool assigned.
113: *
114: * @param peer_cfg peer_config to check
115: * @return TRUE if peer config contains at least one pool
116: */
117: bool (*has_pool)(phase1_t *this, peer_cfg_t *peer_cfg);
118:
119: /**
120: * Check if peer config has virtual IPs to request
121: *
122: * @param peer_cfg peer_config to check
123: * @return TRUE if peer config contains at least one virtual IP
124: */
125: bool (*has_virtual_ip)(phase1_t *this, peer_cfg_t *peer_cfg);
126:
127: /**
128: * Extract and store SA payload bytes from encoded message.
129: *
130: * @param message message to extract SA payload bytes from
131: * @return TRUE if SA payload found
132: */
133: bool (*save_sa_payload)(phase1_t *this, message_t *message);
134:
135: /**
136: * Add Nonce and KE payload to message.
137: *
138: * @param message message to add payloads
139: * @return TRUE if payloads added successfully
140: */
141: bool (*add_nonce_ke)(phase1_t *this, message_t *message);
142:
143: /**
144: * Extract Nonce and KE payload from message.
145: *
146: * @param message message to get payloads from
147: * @return TRUE if payloads extracted successfully
148: */
149: bool (*get_nonce_ke)(phase1_t *this, message_t *message);
150:
151: /**
152: * Destroy a phase1_t.
153: */
154: void (*destroy)(phase1_t *this);
155: };
156:
157: /**
158: * Create a phase1 instance.
159: *
160: * @param ike_sa IKE_SA to set up
161: * @param initiator TRUE if initiating actively
162: * @return Phase 1 helper
163: */
164: phase1_t *phase1_create(ike_sa_t *ike_sa, bool initiator);
165:
166: #endif /** PHASE1_H_ @}*/