Annotation of embedaddon/strongswan/src/libcharon/sa/keymat.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2008 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup keymat keymat
! 18: * @{ @ingroup sa
! 19: */
! 20:
! 21: #ifndef KEYMAT_H_
! 22: #define KEYMAT_H_
! 23:
! 24: typedef struct keymat_t keymat_t;
! 25:
! 26: #include <library.h>
! 27: #include <utils/identification.h>
! 28: #include <crypto/prfs/prf.h>
! 29: #include <crypto/aead.h>
! 30: #include <crypto/proposal/proposal.h>
! 31: #include <config/peer_cfg.h>
! 32: #include <sa/ike_sa_id.h>
! 33:
! 34: /**
! 35: * Constructor function for custom keymat implementations
! 36: *
! 37: * @param initiator TRUE if the keymat is used as initiator
! 38: * @return keymat_t implementation
! 39: */
! 40: typedef keymat_t* (*keymat_constructor_t)(bool initiator);
! 41:
! 42: /**
! 43: * Derivation an management of sensitive keying material.
! 44: */
! 45: struct keymat_t {
! 46:
! 47: /**
! 48: * Get IKE version of this keymat.
! 49: *
! 50: * @return IKEV1 for keymat_v1_t, IKEV2 for keymat_v2_t
! 51: */
! 52: ike_version_t (*get_version)(keymat_t *this);
! 53:
! 54: /**
! 55: * Create a diffie hellman object for key agreement.
! 56: *
! 57: * The diffie hellman is either for IKE negotiation/rekeying or
! 58: * CHILD_SA rekeying (using PFS). The resulting DH object must be passed
! 59: * to derive_keys or to derive_child_keys and destroyed after use.
! 60: *
! 61: * Only DH objects allocated through this method are passed to other
! 62: * keymat_t methods, allowing private DH implementations. In some cases
! 63: * (such as retrying with a COOKIE), a DH object allocated from a different
! 64: * keymat_t instance may be passed to other methods.
! 65: *
! 66: * @param group diffie hellman group
! 67: * @return DH object, NULL if group not supported
! 68: */
! 69: diffie_hellman_t* (*create_dh)(keymat_t *this,
! 70: diffie_hellman_group_t group);
! 71:
! 72: /**
! 73: * Create a nonce generator object.
! 74: *
! 75: * The nonce generator can be used to create nonces needed during IKE/CHILD
! 76: * SA establishment or rekeying.
! 77: *
! 78: * @return nonce generator object
! 79: */
! 80: nonce_gen_t* (*create_nonce_gen)(keymat_t *this);
! 81:
! 82: /**
! 83: * Get a AEAD transform to en-/decrypt and sign/verify IKE messages.
! 84: *
! 85: * @param in TRUE for inbound (decrypt), FALSE for outbound (encrypt)
! 86: * @return crypter
! 87: */
! 88: aead_t* (*get_aead)(keymat_t *this, bool in);
! 89:
! 90: /**
! 91: * Destroy a keymat_t.
! 92: */
! 93: void (*destroy)(keymat_t *this);
! 94: };
! 95:
! 96: /**
! 97: * Create the appropriate keymat_t implementation based on the IKE version.
! 98: *
! 99: * @param version requested IKE version
! 100: * @param initiator TRUE if we are initiator
! 101: * @return keymat_t implementation
! 102: */
! 103: keymat_t *keymat_create(ike_version_t version, bool initiator);
! 104:
! 105: /**
! 106: * Look up the key length of an encryption algorithm.
! 107: *
! 108: * @param alg algorithm to get key length for
! 109: * @return key length in bits
! 110: */
! 111: int keymat_get_keylen_encr(encryption_algorithm_t alg);
! 112:
! 113: /**
! 114: * Look up the key length of an integrity algorithm.
! 115: *
! 116: * @param alg algorithm to get key length for
! 117: * @return key length in bits
! 118: */
! 119: int keymat_get_keylen_integ(integrity_algorithm_t alg);
! 120:
! 121: /**
! 122: * Register keymat_t constructor for given IKE version.
! 123: *
! 124: * @param version IKE version of given keymat constructor
! 125: * @param create keymat constructor function, NULL to unregister
! 126: */
! 127: void keymat_register_constructor(ike_version_t version,
! 128: keymat_constructor_t create);
! 129:
! 130: #endif /** KEYMAT_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>