Annotation of embedaddon/strongswan/src/libstrongswan/crypto/proposal/proposal.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009-2020 Tobias Brunner
! 3: * Copyright (C) 2006 Martin Willi
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup proposal proposal
! 19: * @{ @ingroup crypto
! 20: */
! 21:
! 22: #ifndef PROPOSAL_H_
! 23: #define PROPOSAL_H_
! 24:
! 25: typedef enum protocol_id_t protocol_id_t;
! 26: typedef enum proposal_selection_flag_t proposal_selection_flag_t;
! 27: typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
! 28: typedef struct proposal_t proposal_t;
! 29:
! 30: #include <library.h>
! 31: #include <utils/identification.h>
! 32: #include <collections/linked_list.h>
! 33: #include <networking/host.h>
! 34: #include <crypto/transform.h>
! 35: #include <crypto/crypters/crypter.h>
! 36: #include <crypto/signers/signer.h>
! 37: #include <crypto/diffie_hellman.h>
! 38:
! 39: /**
! 40: * Protocol ID of a proposal.
! 41: */
! 42: enum protocol_id_t {
! 43: PROTO_NONE = 0,
! 44: PROTO_IKE = 1,
! 45: PROTO_AH = 2,
! 46: PROTO_ESP = 3,
! 47: PROTO_IPCOMP = 4, /* IKEv1 only */
! 48: };
! 49:
! 50: /**
! 51: * enum names for protocol_id_t
! 52: */
! 53: extern enum_name_t *protocol_id_names;
! 54:
! 55: /**
! 56: * Flags for selecting proposals.
! 57: */
! 58: enum proposal_selection_flag_t {
! 59: /** Whether to prefer configured (default) or supplied proposals. */
! 60: PROPOSAL_PREFER_SUPPLIED = (1<<0),
! 61: /** Whether to skip and ignore algorithms from a private range. */
! 62: PROPOSAL_SKIP_PRIVATE = (1<<1),
! 63: /** Whether to skip and ignore diffie hellman groups. */
! 64: PROPOSAL_SKIP_DH = (1<<2),
! 65: };
! 66:
! 67: /**
! 68: * Stores a set of algorithms used for an SA.
! 69: *
! 70: * A proposal stores algorithms for a specific protocol.
! 71: * Proposals with multiple protocols are not supported, as that's not specified
! 72: * in RFC 7296 anymore.
! 73: */
! 74: struct proposal_t {
! 75:
! 76: /**
! 77: * Add an algorithm to the proposal.
! 78: *
! 79: * The algorithms are stored by priority, first added is the most preferred.
! 80: * Key size is only needed for encryption algorithms with variable key
! 81: * size (such as AES). Must be set to zero if the key size is not specified.
! 82: *
! 83: * @param type kind of algorithm
! 84: * @param alg identifier for algorithm
! 85: * @param key_size key size to use
! 86: */
! 87: void (*add_algorithm) (proposal_t *this, transform_type_t type,
! 88: uint16_t alg, uint16_t key_size);
! 89:
! 90: /**
! 91: * Get an enumerator over algorithms for a specific transform type.
! 92: *
! 93: * @param type kind of algorithm
! 94: * @return enumerator over uint16_t alg, uint16_t key_size
! 95: */
! 96: enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
! 97:
! 98: /**
! 99: * Get the algorithm for a type to use.
! 100: *
! 101: * If there are multiple algorithms, only the first is returned.
! 102: *
! 103: * @param type kind of algorithm
! 104: * @param alg pointer which receives algorithm
! 105: * @param key_size pointer which receives the key size
! 106: * @return TRUE if algorithm of this kind available
! 107: */
! 108: bool (*get_algorithm) (proposal_t *this, transform_type_t type,
! 109: uint16_t *alg, uint16_t *key_size);
! 110:
! 111: /**
! 112: * Check if the proposal has a specific DH group.
! 113: *
! 114: * @param group group to check for
! 115: * @return TRUE if algorithm included
! 116: */
! 117: bool (*has_dh_group)(proposal_t *this, diffie_hellman_group_t group);
! 118:
! 119: /**
! 120: * Move the given DH group to the front of the list if it was contained in
! 121: * the proposal.
! 122: *
! 123: * @param group group to promote
! 124: * @return TRUE if algorithm included
! 125: */
! 126: bool (*promote_dh_group)(proposal_t *this, diffie_hellman_group_t group);
! 127:
! 128: /**
! 129: * Compare two proposals and select a matching subset.
! 130: *
! 131: * If the proposals are for the same protocols (AH/ESP), they are
! 132: * compared. If they have at least one algorithm of each type
! 133: * in common, a resulting proposal of this kind is created.
! 134: *
! 135: * Unless the flag PROPOSAL_PREFER_SUPPLIED is set, other is expected to be
! 136: * the remote proposal from which to copy SPI and proposal number to the
! 137: * result, otherwise copy from this proposal.
! 138: *
! 139: * @param other proposal to compare against
! 140: * @param flags flags to consider during proposal selection
! 141: * @return selected proposal, NULL if proposals don't match
! 142: */
! 143: proposal_t *(*select)(proposal_t *this, proposal_t *other,
! 144: proposal_selection_flag_t flags);
! 145:
! 146: /**
! 147: * Check if the given proposal matches this proposal.
! 148: *
! 149: * This is similar to select, but no resulting proposal is selected.
! 150: *
! 151: * @param other proposal to compare against
! 152: * @param flags flags to consider during proposal selection
! 153: * @return TRUE if the proposals match
! 154: */
! 155: bool (*matches)(proposal_t *this, proposal_t *other,
! 156: proposal_selection_flag_t flags);
! 157:
! 158: /**
! 159: * Get the protocol ID of the proposal.
! 160: *
! 161: * @return protocol of the proposal
! 162: */
! 163: protocol_id_t (*get_protocol) (proposal_t *this);
! 164:
! 165: /**
! 166: * Get the SPI of the proposal.
! 167: *
! 168: * @return SPI of the proposal
! 169: */
! 170: uint64_t (*get_spi) (proposal_t *this);
! 171:
! 172: /**
! 173: * Set the SPI of the proposal.
! 174: *
! 175: * @param spi SPI to set for proposal
! 176: */
! 177: void (*set_spi) (proposal_t *this, uint64_t spi);
! 178:
! 179: /**
! 180: * Get the proposal number, as encoded in the SA payload.
! 181: *
! 182: * @return proposal number
! 183: */
! 184: uint8_t (*get_number)(proposal_t *this);
! 185:
! 186: /**
! 187: * Get number of the transform on which this proposal is based (IKEv1 only)
! 188: *
! 189: * @return transform number (or 0)
! 190: */
! 191: uint8_t (*get_transform_number)(proposal_t *this);
! 192:
! 193: /**
! 194: * Check for the equality of two proposals.
! 195: *
! 196: * @param other other proposal to check for equality
! 197: * @return TRUE if proposals are equal
! 198: */
! 199: bool (*equals)(proposal_t *this, proposal_t *other);
! 200:
! 201: /**
! 202: * Clone a proposal.
! 203: *
! 204: * @param flags flags to consider during cloning
! 205: * @return clone of proposal
! 206: */
! 207: proposal_t *(*clone)(proposal_t *this, proposal_selection_flag_t flags);
! 208:
! 209: /**
! 210: * Destroys the proposal object.
! 211: */
! 212: void (*destroy) (proposal_t *this);
! 213: };
! 214:
! 215: /**
! 216: * Create a proposal for IKE, ESP or AH.
! 217: *
! 218: * @param protocol protocol, such as PROTO_ESP
! 219: * @param number proposal number, as encoded in SA payload
! 220: * @return proposal_t object
! 221: */
! 222: proposal_t *proposal_create(protocol_id_t protocol, uint8_t number);
! 223:
! 224: /**
! 225: * Create a proposal for IKE, ESP or AH that includes a transform number.
! 226: *
! 227: * @param protocol protocol, such as PROTO_ESP
! 228: * @param number proposal number, as encoded in SA payload
! 229: * @param transform transform number, as encoded in payload
! 230: * @return proposal_t object
! 231: */
! 232: proposal_t *proposal_create_v1(protocol_id_t protocol, uint8_t number,
! 233: uint8_t transform);
! 234:
! 235: /**
! 236: * Create a default proposal.
! 237: *
! 238: * @param protocol protocol, such as PROTO_ESP
! 239: * @return proposal_t object
! 240: */
! 241: proposal_t *proposal_create_default(protocol_id_t protocol);
! 242:
! 243: /**
! 244: * Create a default proposal for supported AEAD algorithms.
! 245: *
! 246: * @param protocol protocol, such as PROTO_ESP
! 247: * @return proposal_t object, NULL if none supported
! 248: */
! 249: proposal_t *proposal_create_default_aead(protocol_id_t protocol);
! 250:
! 251: /**
! 252: * Create a proposal from a string identifying the algorithms.
! 253: *
! 254: * Each algorithm identifier is separated with a '-' character e.g.
! 255: * aes256-sha2-curve25519. Multiple algorithms of the same transform type can be
! 256: * given (they don't have to be grouped together), the order is preserved e.g.
! 257: * curve25519-sha2-aes256-sha1-modp3072-aes128 is the same as
! 258: * aes256-aes128-sha2-sha1-curve25519-modp3072.
! 259: *
! 260: * The proposal is validated (e.g. PROTO_IKE proposals must contain a key
! 261: * exchange method, AEAD algorithms can't be combined with classic encryption
! 262: * algorithms etc.) and in some cases modified (e.g. by adding missing PRFs for
! 263: * PROTO_IKE, or by adding noesn in PROTO_ESP/AH proposals if neither esn, nor
! 264: * noesn is contained in the string etc.).
! 265: *
! 266: * @param protocol protocol, such as PROTO_ESP
! 267: * @param algs algorithms as string
! 268: * @return proposal_t object, NULL if invalid
! 269: */
! 270: proposal_t *proposal_create_from_string(protocol_id_t protocol,
! 271: const char *algs);
! 272:
! 273: /**
! 274: * Select a common proposal from the given lists of proposals.
! 275: *
! 276: * @param configured list of configured/local proposals
! 277: * @param supplied list of supplied/remote proposals
! 278: * @param flags flags to consider during proposal selection
! 279: * @return selected proposal, or NULL (allocated)
! 280: */
! 281: proposal_t *proposal_select(linked_list_t *configured, linked_list_t *supplied,
! 282: proposal_selection_flag_t flags);
! 283:
! 284: /**
! 285: * printf hook function for proposal_t.
! 286: *
! 287: * Arguments are:
! 288: * proposal_t*
! 289: * With the #-specifier, arguments are:
! 290: * linked_list_t* (containing proposal_t*)
! 291: */
! 292: int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
! 293: const void *const *args);
! 294:
! 295: #endif /** PROPOSAL_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to proposal.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / crypto / proposal