Annotation of embedaddon/strongswan/src/libstrongswan/crypto/proposal/proposal.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2009-2020 Tobias Brunner
3: * Copyright (C) 2006 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup proposal proposal
19: * @{ @ingroup crypto
20: */
21:
22: #ifndef PROPOSAL_H_
23: #define PROPOSAL_H_
24:
25: typedef enum protocol_id_t protocol_id_t;
26: typedef enum proposal_selection_flag_t proposal_selection_flag_t;
27: typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
28: typedef struct proposal_t proposal_t;
29:
30: #include <library.h>
31: #include <utils/identification.h>
32: #include <collections/linked_list.h>
33: #include <networking/host.h>
34: #include <crypto/transform.h>
35: #include <crypto/crypters/crypter.h>
36: #include <crypto/signers/signer.h>
37: #include <crypto/diffie_hellman.h>
38:
39: /**
40: * Protocol ID of a proposal.
41: */
42: enum protocol_id_t {
43: PROTO_NONE = 0,
44: PROTO_IKE = 1,
45: PROTO_AH = 2,
46: PROTO_ESP = 3,
47: PROTO_IPCOMP = 4, /* IKEv1 only */
48: };
49:
50: /**
51: * enum names for protocol_id_t
52: */
53: extern enum_name_t *protocol_id_names;
54:
55: /**
56: * Flags for selecting proposals.
57: */
58: enum proposal_selection_flag_t {
59: /** Whether to prefer configured (default) or supplied proposals. */
60: PROPOSAL_PREFER_SUPPLIED = (1<<0),
61: /** Whether to skip and ignore algorithms from a private range. */
62: PROPOSAL_SKIP_PRIVATE = (1<<1),
63: /** Whether to skip and ignore diffie hellman groups. */
64: PROPOSAL_SKIP_DH = (1<<2),
65: };
66:
67: /**
68: * Stores a set of algorithms used for an SA.
69: *
70: * A proposal stores algorithms for a specific protocol.
71: * Proposals with multiple protocols are not supported, as that's not specified
72: * in RFC 7296 anymore.
73: */
74: struct proposal_t {
75:
76: /**
77: * Add an algorithm to the proposal.
78: *
79: * The algorithms are stored by priority, first added is the most preferred.
80: * Key size is only needed for encryption algorithms with variable key
81: * size (such as AES). Must be set to zero if the key size is not specified.
82: *
83: * @param type kind of algorithm
84: * @param alg identifier for algorithm
85: * @param key_size key size to use
86: */
87: void (*add_algorithm) (proposal_t *this, transform_type_t type,
88: uint16_t alg, uint16_t key_size);
89:
90: /**
91: * Get an enumerator over algorithms for a specific transform type.
92: *
93: * @param type kind of algorithm
94: * @return enumerator over uint16_t alg, uint16_t key_size
95: */
96: enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
97:
98: /**
99: * Get the algorithm for a type to use.
100: *
101: * If there are multiple algorithms, only the first is returned.
102: *
103: * @param type kind of algorithm
104: * @param alg pointer which receives algorithm
105: * @param key_size pointer which receives the key size
106: * @return TRUE if algorithm of this kind available
107: */
108: bool (*get_algorithm) (proposal_t *this, transform_type_t type,
109: uint16_t *alg, uint16_t *key_size);
110:
111: /**
112: * Check if the proposal has a specific DH group.
113: *
114: * @param group group to check for
115: * @return TRUE if algorithm included
116: */
117: bool (*has_dh_group)(proposal_t *this, diffie_hellman_group_t group);
118:
119: /**
120: * Move the given DH group to the front of the list if it was contained in
121: * the proposal.
122: *
123: * @param group group to promote
124: * @return TRUE if algorithm included
125: */
126: bool (*promote_dh_group)(proposal_t *this, diffie_hellman_group_t group);
127:
128: /**
129: * Compare two proposals and select a matching subset.
130: *
131: * If the proposals are for the same protocols (AH/ESP), they are
132: * compared. If they have at least one algorithm of each type
133: * in common, a resulting proposal of this kind is created.
134: *
135: * Unless the flag PROPOSAL_PREFER_SUPPLIED is set, other is expected to be
136: * the remote proposal from which to copy SPI and proposal number to the
137: * result, otherwise copy from this proposal.
138: *
139: * @param other proposal to compare against
140: * @param flags flags to consider during proposal selection
141: * @return selected proposal, NULL if proposals don't match
142: */
143: proposal_t *(*select)(proposal_t *this, proposal_t *other,
144: proposal_selection_flag_t flags);
145:
146: /**
147: * Check if the given proposal matches this proposal.
148: *
149: * This is similar to select, but no resulting proposal is selected.
150: *
151: * @param other proposal to compare against
152: * @param flags flags to consider during proposal selection
153: * @return TRUE if the proposals match
154: */
155: bool (*matches)(proposal_t *this, proposal_t *other,
156: proposal_selection_flag_t flags);
157:
158: /**
159: * Get the protocol ID of the proposal.
160: *
161: * @return protocol of the proposal
162: */
163: protocol_id_t (*get_protocol) (proposal_t *this);
164:
165: /**
166: * Get the SPI of the proposal.
167: *
168: * @return SPI of the proposal
169: */
170: uint64_t (*get_spi) (proposal_t *this);
171:
172: /**
173: * Set the SPI of the proposal.
174: *
175: * @param spi SPI to set for proposal
176: */
177: void (*set_spi) (proposal_t *this, uint64_t spi);
178:
179: /**
180: * Get the proposal number, as encoded in the SA payload.
181: *
182: * @return proposal number
183: */
184: uint8_t (*get_number)(proposal_t *this);
185:
186: /**
187: * Get number of the transform on which this proposal is based (IKEv1 only)
188: *
189: * @return transform number (or 0)
190: */
191: uint8_t (*get_transform_number)(proposal_t *this);
192:
193: /**
194: * Check for the equality of two proposals.
195: *
196: * @param other other proposal to check for equality
197: * @return TRUE if proposals are equal
198: */
199: bool (*equals)(proposal_t *this, proposal_t *other);
200:
201: /**
202: * Clone a proposal.
203: *
204: * @param flags flags to consider during cloning
205: * @return clone of proposal
206: */
207: proposal_t *(*clone)(proposal_t *this, proposal_selection_flag_t flags);
208:
209: /**
210: * Destroys the proposal object.
211: */
212: void (*destroy) (proposal_t *this);
213: };
214:
215: /**
216: * Create a proposal for IKE, ESP or AH.
217: *
218: * @param protocol protocol, such as PROTO_ESP
219: * @param number proposal number, as encoded in SA payload
220: * @return proposal_t object
221: */
222: proposal_t *proposal_create(protocol_id_t protocol, uint8_t number);
223:
224: /**
225: * Create a proposal for IKE, ESP or AH that includes a transform number.
226: *
227: * @param protocol protocol, such as PROTO_ESP
228: * @param number proposal number, as encoded in SA payload
229: * @param transform transform number, as encoded in payload
230: * @return proposal_t object
231: */
232: proposal_t *proposal_create_v1(protocol_id_t protocol, uint8_t number,
233: uint8_t transform);
234:
235: /**
236: * Create a default proposal.
237: *
238: * @param protocol protocol, such as PROTO_ESP
239: * @return proposal_t object
240: */
241: proposal_t *proposal_create_default(protocol_id_t protocol);
242:
243: /**
244: * Create a default proposal for supported AEAD algorithms.
245: *
246: * @param protocol protocol, such as PROTO_ESP
247: * @return proposal_t object, NULL if none supported
248: */
249: proposal_t *proposal_create_default_aead(protocol_id_t protocol);
250:
251: /**
252: * Create a proposal from a string identifying the algorithms.
253: *
254: * Each algorithm identifier is separated with a '-' character e.g.
255: * aes256-sha2-curve25519. Multiple algorithms of the same transform type can be
256: * given (they don't have to be grouped together), the order is preserved e.g.
257: * curve25519-sha2-aes256-sha1-modp3072-aes128 is the same as
258: * aes256-aes128-sha2-sha1-curve25519-modp3072.
259: *
260: * The proposal is validated (e.g. PROTO_IKE proposals must contain a key
261: * exchange method, AEAD algorithms can't be combined with classic encryption
262: * algorithms etc.) and in some cases modified (e.g. by adding missing PRFs for
263: * PROTO_IKE, or by adding noesn in PROTO_ESP/AH proposals if neither esn, nor
264: * noesn is contained in the string etc.).
265: *
266: * @param protocol protocol, such as PROTO_ESP
267: * @param algs algorithms as string
268: * @return proposal_t object, NULL if invalid
269: */
270: proposal_t *proposal_create_from_string(protocol_id_t protocol,
271: const char *algs);
272:
273: /**
274: * Select a common proposal from the given lists of proposals.
275: *
276: * @param configured list of configured/local proposals
277: * @param supplied list of supplied/remote proposals
278: * @param flags flags to consider during proposal selection
279: * @return selected proposal, or NULL (allocated)
280: */
281: proposal_t *proposal_select(linked_list_t *configured, linked_list_t *supplied,
282: proposal_selection_flag_t flags);
283:
284: /**
285: * printf hook function for proposal_t.
286: *
287: * Arguments are:
288: * proposal_t*
289: * With the #-specifier, arguments are:
290: * linked_list_t* (containing proposal_t*)
291: */
292: int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
293: const void *const *args);
294:
295: #endif /** PROPOSAL_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to proposal.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / crypto / proposal