Annotation of embedaddon/strongswan/src/libipsec/esp_context.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2012-2013 Tobias Brunner
3: * Copyright (C) 2012 Giuliano Grassi
4: * Copyright (C) 2012 Ralf Sager
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup esp_context esp_context
20: * @{ @ingroup libipsec
21: */
22:
23: #ifndef ESP_CONTEXT_H_
24: #define ESP_CONTEXT_H_
25:
26: #include <library.h>
27: #include <crypto/aead.h>
28:
29: typedef struct esp_context_t esp_context_t;
30:
31: /**
32: * ESP context, handles sequence numbers and maintains cryptographic primitives
33: */
34: struct esp_context_t {
35:
36: /**
37: * Get AEAD wrapper or method to encrypt/decrypt/authenticate ESP packets.
38: *
39: * @return AEAD wrapper of method
40: */
41: aead_t *(*get_aead)(esp_context_t *this);
42:
43: /**
44: * Get the current outbound ESP sequence number or the highest authenticated
45: * inbound sequence number.
46: *
47: * @return current sequence number, in host byte order
48: */
49: uint32_t (*get_seqno)(esp_context_t *this);
50:
51: /**
52: * Allocate the next outbound ESP sequence number.
53: *
54: * @param seqno the sequence number, in host byte order
55: * @return FALSE if the sequence number cycled or inbound context
56: */
57: bool (*next_seqno)(esp_context_t *this, uint32_t *seqno);
58:
59: /**
60: * Verify an ESP sequence number. Checks whether a packet with this
61: * sequence number was already received, using the anti-replay window.
62: * This operation does not modify the internal state. After the sequence
63: * number is successfully verified and the ESP packet is authenticated,
64: * set_authenticated_seqno() should be called.
65: *
66: * @param seqno the sequence number to verify, in host byte order
67: * @return TRUE when sequence number is valid
68: */
69: bool (*verify_seqno)(esp_context_t *this, uint32_t seqno);
70:
71: /**
72: * Adds a sequence number that was successfully verified and
73: * authenticated. A user MUST call verify_seqno() immediately before
74: * calling this method.
75: *
76: * @param seqno verified and authenticated seq number in host byte order
77: */
78: void (*set_authenticated_seqno)(esp_context_t *this,
79: uint32_t seqno);
80:
81: /**
82: * Destroy an esp_context_t
83: */
84: void (*destroy)(esp_context_t *this);
85:
86: };
87:
88: /**
89: * Create an esp_context_t instance
90: *
91: * @param enc_alg encryption algorithm
92: * @param enc_key encryption key
93: * @param int_alg integrity protection algorithm
94: * @param int_key integrity protection key
95: * @param inbound TRUE to create an inbound ESP context
96: * @return ESP context instance, or NULL if creation fails
97: */
98: esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key, int int_alg,
99: chunk_t int_key, bool inbound);
100:
101: #endif /** ESP_CONTEXT_H_ @}*/
102:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to esp_context.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libipsec